Articles on this Page
- 10/06/16--13:57: _Symantec Receives P...
- 10/07/16--05:58: _Latest Intelligence...
- 10/09/16--13:30: _ITMS Linux Agent wi...
- 10/10/16--21:34: _2016 年 9 月の最新インテリジェンス
- 10/10/16--21:41: _2016年9月最新情报
- 10/11/16--05:59: _Odinaff: New Trojan...
- 10/11/16--11:28: _Microsoft Patch Tue...
- 10/11/16--23:22: _微软“周二补丁日” — 2016年10月
- 10/12/16--00:14: _Odinaff：高水平金融攻击中使用的新木马
- 10/12/16--18:05: _Surge of email atta...
- 10/12/16--20:56: _マイクロソフト月例パッチ（Micros...
- 10/13/16--01:37: _Odinaff: 金融機関を狙う高度な...
- 10/13/16--05:57: _Beware of the stude...
- 10/13/16--10:33: _How to receive proa...
- 10/13/16--14:56: _STOP. THINK. CONNEC...
- 10/14/16--01:37: _悪質な WSF ファイルを添付したメー...
- 10/15/16--10:22: _FAQ: Global English...
- 10/15/16--11:44: _Exploit Prevention ...
- 10/16/16--17:12: _使用恶意WSF附件的电邮攻击在数量上大幅上升
- 10/16/16--17:25: _小心有关助学贷款减免方案的垃圾邮件诈骗
- 10/06/16--13:57: Symantec Receives Prestigious Award for IoT
- 10/07/16--05:58: Latest Intelligence for September 2016
- 10/09/16--13:30: ITMS Linux Agent with Systemd
- 10/10/16--21:34: 2016 年 9 月の最新インテリジェンス
- 10/10/16--21:41: 2016年9月最新情报
- 10/11/16--05:59: Odinaff: New Trojan used in high level financial attacks
- 10/11/16--11:28: Microsoft Patch Tuesday – October 2016
- 10/11/16--23:22: 微软“周二补丁日” — 2016年10月
- 10/12/16--00:14: Odinaff：高水平金融攻击中使用的新木马
- 10/12/16--18:05: Surge of email attacks using malicious WSF attachments
- 10/12/16--20:56: マイクロソフト月例パッチ（Microsoft Patch Tuesday）- 2016 年 10 月
- 10/13/16--01:37: Odinaff: 金融機関を狙う高度な攻撃に登場した新しいトロイの木馬
- 10/13/16--05:57: Beware of the student loan forgiveness scam spam
- 10/13/16--10:33: How to receive proactive product alerts and articles update
- 10/13/16--14:56: STOP. THINK. CONNECT.: The Basic Steps to Online Safety and Security
- 10/14/16--01:37: 悪質な WSF ファイルを添付したメール攻撃が急増中
- Single website for up-to-date content
- Easy access to authenticated partner content
- Quick navigation to key partner assets from product pages
- See relevant updated news and events at a glance
- Global English Only
Non-English users will not be impacted by this release. Global languages support will be included in future months.
- Scope of content: You can search for general program overview content and partner-only product assets on Symantec.com. For other materials such as your specific program details, training, licensing and renewals, please visit PartnerNet.
- Additional Secure One programs content, such as competency and tier information, will be migrated to Symantec.com at a later date.
- My Products, My Sites and customized Home page will no longer be available
As part of an analytics review, it was identified that these features were not highly used; in future releases this will be replaced by new functionality.
- Distributors ordering and reporting will remain on the existing PartnerNet site
Additional content will be migrated to Symantec.com at a later date.
- 10/15/16--11:44: Exploit Prevention - Don’t Leave Home Without It
Heap Spray, for example, fills the memory of an application with a specific pattern. This pattern not only induces the application to return control to the malware controlled memory, but also can be executed. The Symantec mitigates a heap spray by identifying the locations in memory these patterns point to, then inserting code to generate an exception and return control to our endpoint protection product.
Java exploits work using logic flaws. The malware causes the interpreter to mistake one call for another that can provide the opportunity to disable the Security Manager, after that the attacker can do anything the user would normally do on the machine. In this cause the best mitigation is to make sure the Security Manager cannot be turned off.
It compliments other technologies such as Intrusion Prevention Systems, antimalware, and reputation analysis that protect against high volume attacks based on monitoring network packets, signatures, and reputation.
It is essential even if you have Application Control that allows you to identify a whitelist of applications.As we have discussed, it is many of these “legitimate” applications that contain vulnerabilities.
It can provide protection that other next-gen technologies cannot because they rely on having a file written to disk or executing to identify a threat.Always ensure your endpoint protection solution has both machine learning and exploit prevention.
It protects you regardless of how the attack originates (ex. maldvertisement, an infected file off a USB stick, etc.).
- 10/16/16--17:12: 使用恶意WSF附件的电邮攻击在数量上大幅上升
- 10/16/16--17:25: 小心有关助学贷款减免方案的垃圾邮件诈骗
Recently, I was lucky enough to be one of the honored recipients of the 2016 North America Frost & Sullivan Award for Embedded Security for Industrial Internet of Things (IIoT) Customer Value Leadership. Held at a banquet in Santa Clara, California, I was surrounded by elegance and excitement, the event brought together top executives to celebrate their achievements.
Each year, Frost & Sullivan presents this award to the company that has demonstrated excellence in implementing strategies that proactively create value for its customers with a focus on enhancing the return on the investment that customers make in its services or products. The award recognises the company's inordinate focus on enhancing the value that its customers receive, beyond simply good customer service, leading to improved customer retention and ultimately customer base expansion. We were praised for our IoT portfolio, our traction in the market and of course our strength as a security company and the scale at which we already operate in enterprise security.
This award is particularly significant because it comes from Frost & Sullivan, a firm that possesses deep relationships and insights into the Enterprise IoT world. The companies that were recognized at the event were not just security or software companies. I had the pleasure of meeting a wide range of individuals who are working on some exciting tools, from creating new connected medical devices or industrial sensors to companies that provide services that determine the location of these connected devices.
This was a great event and I am honored to be part of Symantec and recognized by Frost & Sullivan. I believe that IoT is still in its infancy and we have a lot to do but events like this not only give us a chance to get together but also provide us with an opportunity to learn, collaborate and make a difference.
The RIG exploit kit was the most active web attack toolkit in September and the number of new malware variants reached its highest point of the last year.
For Linux environments that use Systemd, you may encounter issues with the ITMS Linux Agent on boot.
The reason for this is that ITMS installs '/etc/init.d/altiris' as the control script for the Agent.
This control script is not aware of Systemd dependency mechanisms.
In the event that the Local file system is not mounted, particularly '/opt', the 'altiris' service will fail to start.
This is because the default location of the install is '/opt' and there is no guarantee that this partition will be mounted before our service.
The following procedure will guarantee that the '/opt' partition is mounted.
1) Remove the symbolic link '/etc/init.d/altiris'. This prevents Systemd from generating a unit.
2) Create the file '/etc/systemd/system/altiris.service' with the following contents:
3) Run the command: systemctl enable altiris
4) Run the command: systemctl start altiris
5) Run the command: systemctl status altiris
9 月には、RIG 悪用ツールキットが Web 攻撃では最も活発となり、新しいマルウェアの亜種は過去 1 年間で最多を記録しました。
Multiple banks attacked by Carbanak-linked group.
This month the vendor is releasing 10 bulletins, five of which are rated Critical.
Ransomware attack groups among the most frequent users of new tactic.
今月は、10 個のセキュリティ情報がリリースされており、そのうち 5 件が「緊急」レベルです。
Trojan.Ascesso has been observed trying to send out thousands of student loan forgiveness scam emails.
Symantec's subscription service allows you to subscribe to knowledge base articles and receive email notifications when an article changes. You can also subscribe to proactive product alerts to be notified when any article is published to a specific channel in the knoweldge base, such as the Alerts channel.
Following article descibes more details steps:
Proactive product alerts and article subscriptions
To receive an update whenever new SEP release comes out, kindly subscibe to the following article:
Download the latest version of Symantec Endpoint Protection
Last April, Symantec launched a publication #iamtech that explores the diverse faces of Symantec’s employees and partners, where we are creating a community of writers and readers sharing their challenges and accomplishments as underrepresented individuals in the tech industry.
In honor of National Cybersecurity Awareness Month (NCSAM), this month we are featuring a series of articles connecting #iamtech’s voices to the discussion of cybersecurity and online safety.
Our first story centers on Patrick Roserie, who has transitioned from securing our world physically – as a guard – to protecting our world online as a cybersecurity professional. Roserie shares his inspiring story of following his interests and passions to become a participant and now graduate of Symantec’s Cyber Career Connection (SC3) training program, and then to his current role as a security analyst at the most storied news publication in the U.S., The New York Times.
Launched two years ago, SC3 addresses the global cybersecurity workforce gap by training and certifying young adults and veterans in cybersecurity and assisting them in landing meaningful internships and jobs. To date SC3 has achieved an 82% graduation rate and 63% of graduates have been placed in full-time positions or accepted into a four-year college program. 72% of graduates are people of color and 24% of graduates are female.
In Roserie’s article “STOP. THINK. CONNECT.: The Basic Steps to Online Safety and Security” he discusses his journey to where he is now, the role that cybersecurity plays in his professional and personal life, and critical tips for staying safe online.
“Even though I spend a lot of time looking at tiny pieces of code, I feel like I’m part of a bigger picture.
At the bank, it was helping to keep people’s money safe.
At the Times, I feel like I’m supporting the mission of the newspaper and its reporters. It’s like they’re in the Wild West as they travel around the world. It’s a fun challenge, keeping them cyber secure as they report their stories. In my own way, I’m helping get the paper out every day.”
We hope you will join us for this month’s NCSAM series on #iamtech, as a reader, encouraging others in your network to follow us, sharing our stories, and by joining the discussion through comments on our articles.
#iamtech is a publication for YOU and we want you all to be a part of our conversation!
 Stats as of April 2016
FAQ: All you need to know about the new changes to your online partner experience on Symantec PartnerNet and symantec.com
Why are you changing PartnerNet?
In an ongoing effort to provide a great online experience from our partners, we've collected feedback from partners around the globe and are working to redesign PartnerNet to better meet your business needs as you work with Symantec via our partner portal.
Where do I see changes to PartnerNet and symantec.com?
For all global English countries (Canada, UK & Ireland, India, Hong Kong, Singapore, Asia Pacific), look for programs overview information and key assets in the Products section of Symantec.com, including upcoming events, training links, sales presentations, demo scripts, guides, FAQs etc.
We've launched our initial content to global english countries; we’ll deliver incremental improvements on an ongoing basis over the next months. PartnerNet content will continue to be transitioned into the Symantec.com web site, providing our partners with a single point of information for all content.
Additional benefits of this launch include:
What are the impacts to my navigation?
For this phase, partners transition between the two sites, with programs overview content and all products information located on Symantec.com. For all remaining information and tasks, please continue to leverage the existing PartnerNet site.
Where can I find additional information?
Read the blog post.
Who can I contact for additional information?
Please feel free to send questions or feedback to A L Johnson or Kimberley via the Connect contact form.
Every software application has vulnerabilities. Many are addressed immediately, but some even the developers themselves are not aware of. Cyber criminals, however, are incented to discover these vulnerabilities – and exploit them. In fact it’s a growing business – according to the Symantec Internet Security Threat Report zero-day vulnerabilities grew 125% in 2015.
Source: Symantec Internet Threat Report April 2016
If you thought the most common and often used applications were the least likely to have vulnerabilities you’d be wrong. Common operating systems, end-user browsers, and enterprise applications are all at risk - that’s all layers of your software stack in your organization. We’ve seen in the recent past vendors releasing patches for 200 or 300 vulnerabilities in their software suites, many remotely exploitable, and of the highest severity – or a common operating system that had a 20 year old vulnerability sitting in plain sight.
From an attackers standpoint exploiting a browser vulnerability means they have a large foot in the door of an organization. Gaining access through the operating system means they can infect one machine and use that as a watering hole to infect other machines, moving laterally within an organization. And finally, by compromising an enterprise application there is the possibility of gaining access to mission critical information, an ERP system, or customer data.
What’s really scary is the rapid weaponization of zero-day vulnerabilities. From the Symantec Internet Security Threat Report we know that within hours exploits go from being disclosed underground, to being available in very sophisticated exploit kits. For example, the Angler Exploit kit, which has launched hundreds of thousands of attacks provides exploits that are able to download and execute malware from memory without writing any files to disk – avoiding detection by many traditional protection methods and next-gen methods that rely on files. In the not too distant past, these exploits would show up in a localized fashion. Today, they are very quickly being rolled out at scale around the world.
Criminals know that even after an exploit has launched it takes weeks in some cases for a vendor to release a patch – then it could be months before you can update your endpoints. That’s a large window of opportunity to continue to exploit the vulnerability, steal your sensitive data, and disrupt your organization.
You may be asking yourself about now, what’s the best way to handle these types of exploits. Memory exploits cannot be blocked by signatures or identified by machine learning, the new silver bullet of endpoint protection. What’s needed is a unique technology – Exploit Prevention. Symantec Endpoint Protection (SEP) exploit prevention is called Memory Exploit Mitigation. It is signature-less, instead using an understanding of exploit behavior to pre-emptively block zero-day exploits. Once installed it will protect your endpoints from memory exploits regardless of the behavior or technique used to exploit the flaw, bug, or vulnerability.
Let’s take a look at a couple of different types of behaviors:
As you can see each exploit is unique and requires a well thought out strategy to mitigate it. It should be noted that a behavior can be addressed using different strategies and some are more effective than others.
Exploit prevention is targeted for a very specific use, but plays an important role in helping to provide comprehensive next generation endpoint protection in a layered solution.
Once available on your device, exploit prevention will mitigate memory attacks wherever you roam – don’t leave home without it.
Find out more about Symantec Endpoint Protection here