
Good
Well deserved.
Greg Clark, CEO and president of Symantec, has "stepped down" suddenly and with no permanent replacement lined up, just as his predecessor did. The beleaguered security house said Clark's departure was "effective immediately" and it named semiconductor veteran and current Symantec director Richard Hill as interim boss. "As we …
Someone claims three US-based AV companies (that they won't identify) have been breached and your first suspicion is they shot the CEO as guilty?
No way, it doesn't make sense. If Symantec was hit by this and the Board's plan was to spit out the CEO as a result, then they would pin it on the CEO so the blame leaves with them. They wouldn't try to hide it and then eject the CEO for other reasons. Not logical.
Honestly I used to despise Symantec Endpoint Protection back in the day when it was just AV client and it caused endless blue screens and horrific upgrade procedures. I never came across it for years. Previous companies had Sophos amongst others. Now I find myself at a place that has SEP again...and it isn't 'horrible'! Upgrades seem fine. Seems less bloated. We haven't been blown off face of earth by ransomware. However reading this it seems that the company is doomed and I am always thinking there are more modern alternatives that offer more such as Palo Alto traps, Carbon Black etc etc. So my question is, what are people using as an alternative?
So SEP is doing its job for you, and you want to know which competitor to jump to? Pretty sure you can find a few tech tales of woe on El Reg about 'If it ain't broke, don't fix it'.
Or maybe you have some extra time & extra budget so you are looking at alternatives. Not in most IT shops I have seen. But if you really do have extra time & money, you should hire a BOFH to help you allocate it properly. LOL!
its not all it claims, there are 2 well known exploits rampant in all SEP enterprise, from 12.x to 14.x they cant seem to fix it, they have been at it long enough (pre mp6 v12) but they are still open. Sadly I have to deplo we trialled Webroot Corp, for a while and was suitable impressed, but we went SEP.
its a bag of poop, just not as bloated as it once was, a more streamlined bag of poop now :)
Microsoft is extending the Defender brand with a version aimed at families and individuals.
"Defender" has been the company's name of choice for its anti-malware platform for years. Microsoft Defender for individuals, available for Microsoft 365 Personal and Family subscribers, is a cross-platform application, encompassing macOS, iOS, and Android devices and extending "the protection already built into Windows Security beyond your PC."
The system comprises a dashboard showing the status of linked devices as well as alerts and suggestions.
While enterprises are still waiting for Microsoft to issue a fix for the critical "Follina" vulnerability in Windows, yet more malware operators are moving in to exploit it.
Microsoft late last month acknowledged the remote code execution (RCE) vulnerability – tracked as CVE-2022-30190 – but has yet to deliver a patch for it. The company has outlined workarounds that can be used until a fix becomes available.
In the meantime, reports of active exploits of the flaw continue to surface. Analysts with Proofpoint's Threat Insight team earlier this month tweeted about a phishing campaign, possibly aligned with a nation-state targeting US and European Union agencies, which uses Follina. The Proofpoint researchers said the malicious spam messages were sent to fewer than 10 Proofpoint product users.
Analyst firms S&P Global Market Intelligence and Gartner have both offered negative evaluations of Broadcom's takeover of VMware.
S&P surveyed VMware customers and found 44 percent feel neutral about the deal, and 40 percent expressed negative sentiments.
But when the analyst crunched the numbers for current customers of both VMware and Broadcom, 56 percent expressed negative sentiments. More than a quarter rated their response to the deal as "extremely negative".
A crew using malware that performs cryptomining and clipboard-hacking operations have made off with at least $1.7 million in stolen cryptocurrency.
The malware, dubbed Trojan.Clipminer, leverages the compute power of compromised systems to mine for cryptocurrency as well as identify crypto-wallet addresses in clipboard text and replace it to redirect transactions, according to researchers with Symantec's Threat Intelligence Team.
The first samples of the Windows malware appeared in January 2021 and began to accelerate in their spread the following month, the Symantec researchers wrote in a blog post this week. They also observed that there are several design similarities between Clipminer and KryptoCibule – another cryptomining trojan that, a few months before Clipminer hit the scene, was detected and written about by ESET analysts.
North Korea's Lazarus cybercrime gang is now breaking into chemical sector companies' networks to spy on them, according to Symantec's threat intel team.
While the Korean crew's recent, and highly profitable, thefts of cryptocurrency have been in the headlines, the group still keeps its spying hand in. Fresh evidence has been found linking a recent espionage campaign against South Korean targets to file hashes, file names, and tools previously used by Lazarus, according to Symantec.
The security shop says the spy operation is likely a continuation of the state-sponsored snoops' Operation Dream Job, which started back in August 2020. This scheme involved using phony job offers to trick job seekers into clicking on links or opening malicious attachments, which then allowed the criminals to install spyware on the victims' computers.
Microsoft has made a standalone version of Microsoft Defender for Business generally available, aimed at customers not keen on paying for one of its subscriptions.
The product is already bundled with Microsoft 365 Business Premium (for businesses with up to 300 employees) but can now be picked up as a standalone product for $3 per user per month, as we reported from Ignite late last year.
Microsoft currently has four tiers of 365 subscriptions, starting at Business Basic (which includes the web versions of the company's productivity apps) for $6, going up to the full-fat premium version for $22 per user per month, with desktop versions of Office apps.
A Russian-linked threat group that has almost exclusively targeted Ukraine since it first appeared on the scene in 2014 is deploying multiple variants of its malware payload on systems within the country.
The Shuckworm gang – also known as Armageddon and Gamaredon – is using at least four distinct variants of its Pterodo backdoor that are designed to perform similar tasks but communicate with different command-and-control (C2) servers, according to Symantec's Threat Hunter Team.
"The most likely reason for using multiple variants is that it may provide a rudimentary way of maintaining persistence on an infected computer," the researchers wrote in a blog post Wednesday. "If one payload or [C2] server is detected and blocked, the attackers can fall back on one of the others and roll out more new variants to compensate."
Internet fiends are using a relatively new piece of a malicious code dubbed Verblecon to install cryptominers on infected computers.
The mutating malware attempts to evade detection by antivirus tools and similar defenses, meaning bad news all round if the software was used to deploy more destructive payloads — and that the crooks using Verblecon may not realize the power of the loader's full potential.
"The activity we have seen carried out using this sophisticated loader indicates that it is being wielded by an individual who may not realize the capabilities of the malware they are using," Symantec's threat hunting team warned today.
Kaspersky has found a vulnerability in the Yanluowang ransomware encryption algorithm and, as a result, released a free decryptor tool to help victims of this software nasty recover their files.
Yanluowang, named after a Chinese deity and underworld judge, is a type of ransomware that has been used against financial institutions and other firms in America, Brazil, and Turkey as well as a smaller number of organizations in Sweden and China, Kaspersky said yesterday. The Russian security shop said it found a fatal flaw in the ransomware's encryption system and those afflicted can get a free fix to restore their scrambled data.
Symantec's threat hunters uncovered this Windows ransomware strain in the fall and said unknown fiends have been using it to infect US corporations since at least August 2021.
A China-backed crew is said to be running a global espionage campaign against governments, religious groups, and non-governmental organizations (NGOs) by, in some cases, possibly exploiting a vulnerability in Microsoft Exchange servers.
+Symantec's Threat Hunter Team said the campaign, which aims to spy on targeted victims and steal information, likely started in mid-2021, with the most recent activity detected in February. It may still be going on, the researchers observed in a report this week.
The Threat Hunter Team team is attributing the attacks to Cicada, also known as APT10 – a group that has been operating for more than a decade and that intelligence agencies in the US have linked to China's Ministry of State Security. The researchers are pointing at Cicada because a custom loader and custom malware that have been used exclusively by the group were found in victims' networks.
Biting the hand that feeds IT © 1998–2022