Articles about Symantec

A new study from Symantec's Threat Hunter team looks at how upstream supply chain issues can make their way into mobile apps, making them vulnerable.

Issues identified include mobile app developers unknowingly using vulnerable external software libraries and SDKs, as well as companies outsourcing the development of their mobile apps then ending up with vulnerabilities that put them at risk.

Continue reading →

While the Russian security firm has fallen out of favor in recent months, Kaspersky has announced that it has managed to crack the Yanluowang ransomware.

Yanluowang was discovered by Symantec last year, and now Kaspersky has identified a vulnerability in the encryption algorithm it uses. This has enabled the company to develop a free decryption tool which can be used by ransomware victims to get their data back without having to pay a cent.

Continue reading →

Endpoints are generally the part of any network that is most vulnerable to attack, but as the number and diversity of devices expands, defending the endpoint effectively is a major challenge.

Symantec is aiming to make life easier with the launch of Endpoint Security Complete, offering organizations a single solution for protection, detection and response, as well as new attack surface reduction and breach assessment and prevention capabilities.

Continue reading →

The China-based Thrip group was first exposed in 2018 and has carried out attacks across South East Asia, mainly targeting military organizations and satellite communications operators.

New research from Symantec shows that since June 2018 Thrip has attacked 12 targets located in Hong Kong, Macau, Indonesia, Malaysia, the Philippines, and Vietnam. Analysis of the attacks shows close links to another long-established espionage group called Billbug making it likely the two are the same.

Continue reading →

Increasing volumes of business network traffic are now directed at the cloud and companies need a cost effective way to secure them.

Symantec is announcing updates and innovations across its portfolio of products, giving enterprises the ability to enforce zero trust security policies across SaaS applications, corporate applications hosted in the cloud, email and the internet.

Continue reading →

Security firm Symantec was attacked by a hacker back in February, but the company did not reveal details of the incident.

The attack has been brought to light by Guardian Australia which has seen some of the data extracted by hackers. This comprises not only passwords, but what is thought to be a list of Symantec clients -- including government agencies. But Symantec is downplaying the data breach, dismissing it as a "minor incident".

Continue reading →

The latest Symantec Annual Threat Report reveals that cybercriminals are continuing to follow the money, but as ransomware and cryptojacking show falling returns they are turning to other techniques.

One of these is formjacking -- essentially virtual ATM skimming -- where cybercriminals inject malicious code into retailers' websites to steal shoppers' payment card details.

Continue reading →

Sophisticated attackers are increasingly taking advantage of the complexity of endpoint environments to exploit gaps and discover new paths to lucrative targets.

Symantec is announcing enhancements to its endpoint security portfolio designed to defend against the most sophisticated cyberattacks as well as improving application discovery and risk assessment.

Continue reading →

Operational technology is critical in areas like energy, oil and gas, manufacturing, and transportation, but it's often be based on legacy systems which can be difficult to keep secure, with updates often needing to be carried out using USB devices.

The threat of attacks is very real though and the consequences especially disastrous, yet many control systems are running outdated software, leaving them vulnerable to attack.

Continue reading →

Companies increasingly rely on cloud applications and infrastructure for their critical systems. Protecting these is vital and to help businesses do so, Symantec  is launching an expansion to its cloud security portfolio.

Symantec’s Cyber Defense Platform offers a broad range of protection, providing visibility and control for virtually any cloud app and integrations with CloudSOC CASB, Cloud Workload Protection (CWP) and Data Loss Protection (DLP).

Continue reading →

Protecting data in the cloud and ensuring compliance with rules and regulations is a complex task. The adoption off SaaS applications like Office 365 makes it even more so.

Symantec is launching an enhanced version of its Data Loss Prevention technology to protect data in Office 365 and allow users to safely share it internally as well as with partners and contractors.

Continue reading →

Security firm Symantec has announced that it will no longer offer discounts on its products to members of the National Rifle Association.

Following the school shooting in Parkland, Florida last week, the gun debate is very much back on the table. There has been pressure on numerous companies to sever ties with the NRA, and Symantec is the first big name in tech to make the move.

Continue reading →

One of the UK’s leading security experts has called for a major shake-up in the way businesses train their employees in online safety.

Symantec CTO Darren Thomson said that workers can effectively be an extra layer of protection for companies looking to prevent themselves falling victim to cyber-attack.

Continue reading →

Chrome will stop trusting any security certificates issued by Symantec, Google has confirmed.

In a blog post, Chrome Security's Devon O’Brien, Ryan Sleevi and Andrew Whalley say that certificates from the security firm will be "distrusted," starting with version Chrome 66. This affects all certificates issued before June 1, 2016.

Continue reading →

Researchers at Symantec have warned that a "sophisticated attack group" is targeting the energy sector in Europe and North America, and has been doing so for some time. A group known as Dragonfly has been detected carrying out attacks since 2011, and the campaign of attacks was recently stepped up a gear.

Dubbed the Dragonfly 2.0 campaign, the attacks included disruption to the Ukrainian power system in 2015 and 2016. After a quiet period, the group's activities have started up again, with targets hit in US, Turkey and Switzerland. On the hit list are energy facilities -- something that could have devastating consequences.

Continue reading →