• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Advanced

Kudos0

Netflix Log In Credentials Being Sold on the Black Market

Attackers are setting their sights on stealing users’ Netflix credentials in order to sell them on the black market, providing access to the streaming service for less expensive prices. Netflix’s popularity has grown a great deal since its launch in 1997. The company recently launched its streaming service globally, and it is now available in more than 190 regions around the world. As a result, this has attracted the attention of cybercriminals.   Attackers are using two methods to try to gain user credentials: Malware disguised as Netflix This malware campaign involves attackers using...
Read More
Kudos0

Super Patch Tuesday- Microsoft and Adobe Release a Slew of Patches for Various Vulnerabilities

Patch Tuesday is an unofficial term used in the technology industry, which is when software companies regularly release security patches for their products. This week, both Adobe and Microsoft released a larger than usual amount of patches. Microsoft released a total of 13 patches that address a multitude of issues. The most notable addressed the following issues: Remote Code Execution: Remote code execution is when an attacker gains access to someone else's device, and then executes commands of their choice on the compromised device. Elevation of Privilege: Also known as privilege...
Read More
Kudos1 Stats

Variant of Android Ransomware Uses Shady Tactics to Trick Users Into Giving Away Administrator Rights

Symantec has found a variant of Android ransomware that uses clickjacking tactics to try and trick users into giving the malware device administrator rights.. As well as encrypting files found on the compromised device, if administrator rights are obtained, the malware can then lock the device, change the device PIN, and even delete all user data through a factory reset. Ransomware Extortion Methods Ransomware has a number of means to extort victims. In most common cases, once a user has downloaded and installed a fake or “Trojanized” app, the malware then locks the screen, encrypts the ...
Read More
Kudos0

Thousands of Websites Have Been Compromised With Malicious Code

Symantec has recently identified thousands of websites that have been compromised with malicious code, which is used to redirect users to a compromised website. Of the compromised websites, 75 percent were located in the U.S. An injection attack relies on injecting data into a website in order to execute malicious code. It is then triggered when a user browses to the compromised website. Luckily, Symantec did not identify any malware associated with this attack. The websites injected with this threat can be of any type and target a variety of organizations, including the following: Bu...
Read More
Kudos0

iOS Device Users Should Update to 9.2.1 Now!

iOS device users- update your software now! Apple released an update to iOS 9 this week, which fixes a three-year old cookie theft bug. Cookies are small files that contain various types of data that remember a user, and are placed on your computer or mobile device by websites you visit. This flaw can allow hackers to impersonate users and steal sensitive information by creating a malicious public Wi-Fi network. The hackers then wait for a compromised user to join the network and redirect them to a malicious website designed to steal user credentials. From there, the hacker would be able t...
Read More
Kudos2 Stats

Cyber Security Top Tips for 2016

2015 was a banner year for cybercriminals. We reported on 53 events that made it into the headlines, however that was just what we reported. There were many more than that occurred. We took a look at what was trending to try to predict the next “big things” in cyber security to be on the lookout for in 2016. Ransomware: Ransomware is the big topic this year. The first noticeable case of ransomware popped up in 2013, and hackers have latched on to this tactic, refining it over the years. In 2015 we reported on six major ransomware campaigns, which ranged from Mac to Android. Since ran...
Read More
Kudos0

Microsoft to End Support for IE versions 7, 8, 9 and 10, January 12th 2016

Microsoft will be discontinuing support for Internet Explorer versions 7, 8, 9 and 10. While these products may still remain functional on your computer, security fixes will no longer be available for them after January 12th, 2016. 

Read More
Kudos0

13 Million MacKeeper User Accounts Exposed

Earlier this week, white hat hacker Chris Vickery announced that he was able to gain access to over 13 million MacKeeper user accounts. A vulnerability was exploited in the company’s servers, which exposed the usernames, email addresses and other personal information of 13 million customers.

Read More
Kudos1 Stats

Massive Ransomware Campaign Using TeslaCrypt Discovered

​It has been discovered that attack groups behind the ransomware known as TeslaCrypt (Trojan.Cryptolocker.N) have ramped up activity in the past two weeks, sending out massive volumes of spam emails containing the hidden malware.

Read More
Kudos3 Stats

A Cold Calling Scammer - a Personal Experience

I was sitting in my home office when my home phone line rang. It was late. 10:30pm to be exact, but I often use this quiet time, after my kids have gone to bed, to catch up on email.

Read More
Kudos1 Stats

Sneaky Android Adware Variant Tricks Users Into Thinking a Different App is Malware

A new, sneaky variant of Android.Mobilespy has been discovered. This malware steals information, and displays advertisements, however it executes it in a different way than most malware.

Read More
Kudos1 Stats

Up To 5 Million VTech User Accounts of Parents and Children May Have Been Compromised in Data Breach

This week, VTech, a global company that manufactures Internet connected learning products for young children announced that they have been involved in a massive data breach. The company’s learning devices, such as a smartwatch and smartphone, allow kids to take and send photos, send text and voice messages and download apps via VTech’s Learning Lodge.

Read More
Kudos2 Stats

Some Dell Computers Found Vulnerable to Man-in-the-middle Attacks Due to Root Certificate Vulnerability

It has been recently discovered that some Dell computers are vulnerable to man-in-the-middle attacks because of an issue with a root certification authority. 

Read More
Kudos2 Stats

OS X Is Not Immune to Crypto Ransomware as Researchers Uncover Proof-Of-Concept

A proof-of-concept (PoC) discovery means that this is not an actual outbreak, but that it has been created in a lab by researchers simply to see prove if it is possible. The researchers that perform these tasks are considered white hat hackers. Some white hat hackers are usually paid employees or researchers working for companies as security specialists that attempt to find security vulnerabilities. The point of this type of research is to try to get one step ahead of the bad guys and to produce early detection and software patches for possible future outbreaks. Brazilian cybersecurity ...
Read More
Kudos2 Stats

Why Smartphones and Tablets Need Security Software

You install Internet security software on your computer, but what about your smartphone or tablet? If you think the mobile devices don’t require security software, well, you’d be wrong. Treating your smartphone or tablet in the same manner you do your laptop is crucial, as these devices are actually just smaller, powerful computers. According to Symantec’s 2015 Internet Security Threat Report, it was discovered that 17 percent of all Android apps (nearly one million total) are actually malware in disguise. This includes 46 new families of Android malware in 2014. If those statistics do...
Read More
Kudos1 Stats

Apple Pulls Over 200 Apps From App Store Due to Privacy Violations

You may have read about Apple pulling over 250 iOS apps from the App Store for various privacy violations.

Read More
Kudos0

Law Enforcement in the UK and US Take Down Dridex Botnet

A key figure behind an online banking scam dubbed “Dridex,” which has been stealing millions of dollars from online bank accounts, was recently arrested. After a coordinated effort between the FBI and National Crime Agency, with support from authorities across Europe, this effort helped cyber security experts and law enforcement cut off thousands of compromised computers from the botnet’s control. Norton and Symantec researchers have been following Dridex for time and develop protections against this threat for users of Norton and Symantec security solutions. “Dridex” is an exceptionally ...
Read More
Kudos1 Stats

New Variant of Android Ransomware Takes Advantage of the Lockscreen's User Interface

A new variant of Android ransomware has been discovered, which is displayed on the lockscreen’s user interface (UI). This threat, Android.Lockdroid.E, creates a lockscreen that appears more sophisticated and official by displaying fraudulent legal notices coupled with personal information gathered from the device. By using the information collected the ransom notice appears personally tailored to the victim. The malware also uses this flaw to display the personal data that it collects through an easy-to-access, official looking menu. These elements help the ransomware intimidate the victi...
Read More
Kudos1 Stats

Newly Discovered Flaw in Apple's Gatekeeper Could Allow Malware Onto Macs

Researcher Patrick Wardle has discovered a security weakness in Apple’s Mac OS X Gatekeeper technology that could allow attackers to run unverified, and possibly malicious applications.   What is Gatekeeper? Gatekeeper is an anti-malware feature designed to keep untrusted and malicious applications from reaching Macs. Gatekeeper’s default settings are to only allow applications downloaded from the Mac App Store onto a Mac. However, users have the option to change these settings to allow apps to run no matter where they are downloaded from. Unverified applications are apps that have not ...
Read More
Kudos2 Stats

Just Because It's Posted on the Internet Doesn't Mean It's True

You may have seen one of those posts floating around on your newsfeeds recently, about Facebook charging you to keep your private information private. The post looks something akin to this: However, the truth of the matter lies in Facebook’s Privacy Policy: "You own all of the content and information you post on Facebook, and you can control how it is shared through your privacy and application settings." Unfortunately, these messages are copied and pasted rather than shared from the original source; therefore it is difficult to figure out where exactly these messages originate from. ...
Read More
Kudos0

Norton Halt Able to Detect Unpatched Stagefright Vulnerabilities in Android Devices

Since its discovery, Google has released several patches to address the Stagefright vulnerability before these bugs can be exploited in the wild, with the most recent patch issued in early October. These patches were rolled out to new builds of Android 5.1.1, Nexus devices and shared with Android manufacturers.

Read More
Kudos1 Stats

iOS Malware, XcodeGhost, Infects Millions Of Apple Store Customers

iOS apps popular mainly in China have been infected with a piece of malware that can steal your data, and even get you to reveal things like usernames and passwords via phishing. The malware, called XcodeGhost, was discovered by Chinese iOS developers, after it was able to find its way into legitimate Apple Store apps, including WeChat, a popular IM application. What does XcodeGhost do? Once the user downloads the infected app, this particular piece of malicious code uploads the device and app information to its command and control (C2) server. The attacker can send commands through th...
Read More
Kudos0

Bug in Apple’s iOS and OSX AirDrop Could Allow Malware to be Installed Silently

A vulnerability in Apple’s AirDrop feature has been discovered by Australian security researcher Mark Dowd.  AirDrop is an “over-the-air” file sharing service that uses Bluetooth and WiFi, and is built into iOS and Mac OS X products. AirDrop automatically detects supported devices, and the devices need to be close enough to establish a good Wi-Fi connection in order to exchange files. The bug could allow someone within the range of an AirDrop user to silently install a malicious app on a target Apple device by sending the file via AirDrop. The vulnerability affects iOS versions supporting...
Read More
Kudos1 Stats

New Adult-themed Android Ransomware Variant Discovered

Researchers have discovered a new type of Android ransomware that takes advantage of a potentially embarrassing situation to extort the user into paying a ransom. 

Read More
Kudos1 Stats

New Android Ransomware Variant of Simplocker Infects Tens of Thousands of Devices

Tens of thousands of Android devices have potentially been affected by a new variant of the Simplocker ransomware

Read More
Kudos3 Stats

Over 225,000 Apple ID Credentials Stolen From Jailbroken iOS Devices

Cybercriminals have reportedly stolen over 225,000 Apple ID account credentials from jailbroken iOS devices, using a type of malware called, “Keyraider”.  The criminals have been using the stolen credentials to make in-app purchases with user accounts. Keyraider poses as a downloadable app, but once it’s on the user’s phone, it steals the user’s account login credentials, device GUID (globally unique identifier), Apple push notification service certificates and private keys, and iTunes purchase receipts. These attacks happened mainly in China, but jailbreaking is not exclusive to China. Ja...
Read More
Kudos1 Stats

Scammers Take Advantage Of Ashley Madison Breach

Scammers are taking advantage of the latest big data breach of the online dating site, Ashley Madison. Find out how to stay protected and how Norton has you covered.

Read More
Kudos1 Stats

New Internet Explorer Vulnerability Found - Update Your Version Now

Microsoft has issued a critical security update for their web browser, Internet Explorer. This bug has already been seen in attacks involving the Evangelical Lutheran Church of Hong Kong’s website. 

Read More
Kudos2 Stats

Two New Vulnerabilities Found In Mac OS X

Symantec has confirmed the existence of two new vulnerabilities, which are security holes in software, in Mac OS X operating systems originally discovered by an Italian researcher.

Read More
Kudos2 Stats

Watch Out for “Free” Movie and Television Scams During Big Events

One of the many wonderful gifts the Internet has given us is the ability to stream television, movies and sporting events, virtually anywhere and at any time. The onset of streaming media has opened up a world of legitimate video content providers, which is great, however, you need to be sure that you are obtaining your content from the right sites.

Read More
Kudos3 Stats

How To Safely and Securely Use USB Memory Sticks

A malicious USB drive can install malware such as backdoor Trojans, information stealers and much more...

Read More
Kudos2 Stats

Update Your Version of Firefox Now!

A new bug discovered in the Firefox web browser could allow attackers to gain access to files stored on a computer through malicious code injected into the browser’s built-in PDF viewer. Researchers first discovered attackers exploiting the weak spot in Firefox through a malicious advertisement on a news site in Russia that searched for sensitive user files and uploaded them to a remote server As news of the vulnerability in Firefox spreads, it is likely that other attackers will now try to take advantage of it before users download a patch. Luckily, Mozilla has already released a patch...
Read More
Kudos2 Stats

Critical New Vulnerability Discovered on MacBooks

A critical new vulnerability that can be used to forcibly install software on MacBooks without the users’ consent or administrator password has been discovered on MacBooks running OS X Yosemite, version 10.10. To exploit this bug, attackers create malware that masquerades as adware. When the “adware” is installed, the malware modifies a file in the OS that controls whether you need a password for certain commands, such as installing new software programs. Doing so allows a malicious program to run as though it is the administrator of the computer. How is it spread? Victims are tricked ...
Read More
Kudos2 Stats

Researchers Create Thunderstrike 2- The Firmware Worm That Attacks Macs

Two researchers have designed a worm that can spread itself via the firmware of Apple OS X computers and peripherals, without the aid of connecting to the Internet. Firmware is software that resides on a chip in your device, and provides instructions to the hardware on how to power up properly and then load the operating system. The researchers found five vulnerabilities, originally discovered in the firmware of PCs that can cross over to Mac OS X. This is also the first instance where a vulnerability on a Mac can be spread without an Internet connection. Instead, it is transferred via th...
Read More
Kudos4 Stats

Windows 10 Ransomware Email Scam

Recently, a Windows 10 ransomware scam has been discovered in the form of phishing emails impersonating Microsoft. With new product releases come a slew of scams, vulnerabilities and anything else cybercriminals can use to capitalize on the buzz. Windows 10, the latest version of Microsoft’s operating system, upgrades are slowly rolling out to users in phases, which means some users are looking for ways to skip the virtual line to get their copies sooner rather than later, and scammers have taken notice. With this latest email scam, instead of getting to download the highly anticipated ne...
Read More
Kudos4 Stats

Newly Discovered bug "Stagefright" Can Secretly Sneak Onto Android Phones Via MMS Text Messages

​A new, extremely dangerous flaw dubbed Stagefright, has been discovered within the Multimedia Text Message (MMS) capabilities on Android phones running OS 2.2 and later. This appears to affect about 95 percent of android phones. What Does Stagefright Do? If you have Auto Download capabilities enabled on your text messaging application on your Android phone, an attacker can send an MMS, which can be a photo, video or other piece of media to the device containing malicious code, allowing the exploit to be executed without the users’ knowledge. Stagefright can then bypass the permissions ...
Read More
Kudos3 Stats

Researchers at Norton Discover a Number of “Porn Clicker” Malware Apps on the Google Play Store

The mobile threat landscape is rapidly evolving due to the fact that mobile phones are increasingly becoming an attractive and abundant target to cybercriminals. It seems that there are new threats evolving on a daily basis, and it is vital to be proactive in our defenses against them.

Read More
Kudos1 Stats

UCLA Health Suffers Possible Medical Breach

Healthcare is Big Business for Cyber Criminals The healthcare industry is a prime target for attackers because healthcare data is a treasure trove to cybercriminals. By targeting a hospital’s records rather than just a credit card number or financial data, an attacker can easily gather additional personal information from these sources, especially if their goal is identity theft. As a result, medical records are much more valuable to attackers than single credit card numbers. While a credit card can be canceled or changed, a person’s Social Security number, health history and other things...
Read More
Kudos2 Stats

Popular Photo Printing Website Suffers Possible Credit Card Data Breach

A popular photo printing website has announced that customer credit card data collected by a third party vendor may have been breached. As a precautionary measure, the company has temporarily disabled their website while the investigation into the breach is still pending. At this point, it is still unknown how many customers were impacted by the breach or what was information was accessed.Data breaches within major companies are becoming all too commonplace these days. Luckily, there are steps you can take to protect your identity if you suspect you have fallen victim to one. Keep a clos...
Read More
Kudos5 Stats

Third Adobe Flash Exploit Found in Hacking Team Data Dump

Last week, the cyber attack against the hackers-for-hire firm Hacking Team, led to a theft of 400gb of data that exposed two Adobe Flash Player vulnerabilities.  In addition to those two vulnerabilities, another bug was exposed, making this the third Adobe Flash  exploit to come from the stolen data. This vulnerability (CVE-2015-5123) emerged late last week and Adobe quickly released a security bulletin over the weekend, that stated a patch will follow this week.  It is always best to update any software that has updates available as soon as possible, as software patches address these ty...
Read More
Kudos2 Stats

New Vulnerability in OpenSSL Could Allow Attackers to Intercept Secure Communications

A new weakness in OpenSSL could allow attackers to hijack secure communications by tricking a targeted computer into accepting invalid and untrusted SSL certificates as valid certificates. This could help facilitate man-in-the-middle (MITM) attacks, where attackers eavesdrop on connections with secure websites such as online banking, ecommerce or email. This means that any data that a user sends to a website can be intercepted by the eavesdropping attacker- including user login credentials. The purpose of SSL certificates is to verify that the website is what it claims to be. They also si...
Read More
Kudos2 Stats

Cyber Espionage Group Butterfly Targeting Major Corporations

Corporate espionage group Butterfly has compromised a series of major corporations over the past three years, targeting confidential information and intellectual property. Symantec has been monitoring this group and working with its victims to track the attackers over the past two years. While tracking the group, Symantec found that Butterfly compromised high-profile companies operating in the Internet, IT software, pharmaceutical and commodities sectors. Twitter, Facebook, Apple, and Microsoft are among the companies who have publicly acknowledged the attacks. Stolen Information This ...
Read More
Kudos6 Stats

HackingTeam Data Dump Leads to Adobe Zero Day Discovery

A new zero-day vulnerability in Adobe Flash Player was discovered via a cyberattack against the hackers-for-hire firm Hacking Team. A large amount of internal information leaked by the attackers contained data on the exploit, which could crash a computer and allow a remote attacker to then take control of the machine. Now that the details of the vulnerability are publicly available, there is a good chance attackers will jump on this bug quickly to exploit it before a patch is issued. Symantec has confirmed the existence of this vulnerability by recreating the exploit on the most recent, f...
Read More
Kudos1 Stats

Team GhostShell Hacking Group is Back

A group of hackers known as Team GhostShell, claims to have hacked a multitude of organizations, including financial institutions, government agencies, political groups, law enforcement entities, and universities. Using a Twitter account, these cybercriminals are dumping the data that was allegedly gathered from the data breaches, and posting links to the data dumps on Twitter. These data dumps include emails, user names, addresses, telephone numbers, Skype names, dates of birth, and other personally identifiable information. This is not the first time we have seen activity from this group...
Read More
Kudos2 Stats

Dyre Straits? Dangerous Financial Trojan That Steals Banking Credentials Gains Ground

Customers of over 1,000 banks and other financial institutions around the world have recently fallen victim to a malicious piece of software, called the Dyre financial Trojan. Over the past year, Dyre has become a powerful tool for cybercriminals, enabling them to commit financial fraud, particularly in the US and UK, where the largest numbers of targeted banks are located.

Read More
Kudos1 Stats

New Bugs Found In Apple’s iOS and Mac Operating Systems Could Result In Stolen Passwords

Researchers from the University of Indiana discovered a bug in Apple’s operating system that could allow cybercriminals new ways to use apps to hijack passwords. 

For now, nobody has seen these flaws exploited in this way, but researchers at Symantec believe that, now that this bug has been exposed, it’s only a matter of time before cybercriminals start using it...

Read More
Kudos0

A New Vulnerability in Apple's iOS Could Help Scammers Capture iCloud Passwords

Researchers discovered a new vulnerability in Apple’s mobile iOS platform that has the potential to trick users into divulging their passwords to scammers. A bug lurking in Apple’s iOS mail app on both iPhone and iPad, involved in handling HTML code will allow scammers to send a phishing email that will prompt a popup dialogue box asking for the user’s iCloud password. This popup mimics the iCloud login window, prompting users to re-enter their password. An easy way to spot the fake is that the login window can be cleared by pressing the home button, whereas the legitimate iOS popups won...
Read More
Kudos1 Stats

New Mac Flaw Can Allow Attackers Access Once It Goes Into Sleep Mode

An independent security researcher recently discovered that some Apple Macs older than a year are susceptible to a nasty bug that would allow attackers to gain access to a computer once it wakes from “Sleep mode”. The bug affects Mac's sleep-mode energy conservation application, which can leave the computer vulnerable after it wakes up from being put into sleep mode. While this attack is very hard to execute and there are no reports of this bug being used by attackers in the wild, it is still important to be aware of this vulnerability and know how to stay safe. Is My Computer Vulnerab...
Read More
Kudos2 Stats

Stolen Funds From Starbucks Customers Another Reminder to Use Unique Passwords

It’s all over the news: headlines claiming that Starbucks was hacked or that hackers broke into the Starbucks mobile app. What is true is that cybercriminals are targeting Starbucks accounts, but not because of a breach. We suspect that these accounts are being targeted because of weak customer passwords or user credentials obtained from other data breaches. We know that password reuse is common, which presents a challenge when it comes to securing your online accounts. When a data breach happens on another website or service, cybercriminals will try to use those stolen credentials to gai...
Read More
Kudos2 Stats

Be Still My Bleeding Heart: The Latest OpenSSL Vulnerability Is Nothing To Worry About

On March 19th, 2015, website developers who use OpenSSL learned of several bugs, including a severe bug that could allow hackers to render a webserver or website unavailable to users. What is OpenSSL? The “Open” in OpenSSL means that any developers can work on the code in the project. The SSL refers to secure sockets layer, which is a form of security built into a web browser that is used to encrypt and decrypt data being sent across the web. How does this affect me? Luckily, this exploit has not been seen in the wild, however, if the vulnerability is exploited, it can take down b...
Read More