Security firm Symantec is advising customers of its pcAnywhere to deactivate the remote desk software after individuals from the Anonymous hacker group allegedly stole the source code of the software.
While the actual theft took place in , Symantec only took the action this week to alert customers after an Anonymous-connected hacker located in India tweeted the release of the Norton Utilities source code Jan.
FTC site still down after Anonymous hack; anti-piracy fallout spreads. Duqu attacks Windows via fonts; fix could harm display. Symantec is advising users to not to activate the tool until a comprehensive fix is released. The company has already released a pcAnywhere Hot Fix, which takes care of a handful of issues that hackers could theoretically exploit with the stolen code.
However, Symantec stated that this one fix will not patch all the issues related to the now-vulnerable encryption protocol in the software.
Speaking on the severity of this security breach, Alex Horan, product manager at Core Security, said that due to the nature of the pcAnywhere software, hackers that successfully exploit the code will have unrestricted access to a user's entire computer. However, unlike pcAnywhere, which is still using the similar code stolen in , the other products have gone through major overhauls since the builds from six years ago.
For enterprise users, Symantec is recommending blocking ports associated with the remote client: "Customers should block pcAnywhere assigned ports , on Internet facing network connections, or shut off port forwarding of these ports," wrote Symantec, in a white paper.
A timetable for the release of a comprehensive fix was not given. When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer.
Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc. For more information about the First and Third Party Cookies used please follow this link.
You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www. Symantec seems to have done the right thing by investigating what occurred, and openly sharing with its users what it discovered about a security breach from years before.
The company says that it is expecting source code to be published for other Symantec products: We also anticipate that at some point, they will post the code for the versions of Norton Antivirus Corporate Edition and Norton Internet Security.
As we have already stated publicly, this is old code and Symantec and Norton customers will not be at an increased risk as a result of any further disclosure related to these products. Security experts have spotted drive-by malware attacks exploiting a critical security hole in Windows that Microsoft recently addressed with a software patch.
Separately, Symantec is warning users of its pcAnywhere remote administration tool to either update or remove the program, citing a recent data breach at the security firm that the company said could help attackers find holes in the aging software title.
On Thursday, Trend Micro said it had encountered malware that leverages a vulnerability in the way Windows handles certain media files. This is a browse-and-get-owned flaw for Windows XP , Windows Vista , Windows Server and users, meaning these folks can infect their machines merely by browsing to a hacked or malicious site hosting a specially crafted media file.
Trend Micro competitor Symantec also issued a warning this week — about threats to its own software. The Lords of Dharmaraja previously released code snippets as proof of their hack, which Symantec initially blamed on a "third party" before admitting that older versions of its security software had been swiped from its own servers in a previously undetected hack dating back to The US Federal Communications Commission is considering imposing stricter rules requiring telecommunications carriers to report data breaches to customers and law enforcement more quickly.
At the moment, companies have to wait seven business days before they can disclose a data breach to their customers. Under the new plan, the waiting period will be scrapped altogether so people can be notified sooner. Two serious security vulnerabilities were recently found in AWS services, but because they were responsibly reported and the cloud biz responded quickly, no harm appears to have been done.
On Thursday, Orca Security published details about Superglue and BreakingFormation , vulnerabilities in AWS Glue and AWS Cloud Formation that allowed attackers to access data for other customers and to access files and make server-side requests to internal web services infrastructure. AWS Glue is a serverless data integration service for preparing data for subsequent processing. But thanks to an internal misconfiguration, Orca Security researchers were able to obtain more information than should have been allowed.
Although the companies faced the highest attrition rates in three years and were forced to raise hiring targets, increasing use of technology during the pandemic has given a wide range of verticals a reason to shift from data centres to the cloud. In turn, the pandemic's subsequent digitisation race has presented the IT consulting companies with a thriving market. Taiwan Semiconductor Manufacturing Company TSMC will hike capital spending by a nearly third in to build out production capacity in the expectation that demand for chips keeps flooding in.
The top line was driven by demand for semiconductors manufactured with TSMC's 5nm process technology. This contributed to 23 per cent of TSMC's total wafer revenue in the quarter, while those made using its 7nm process accounted for a further 27 per cent.
These advanced technologies therefore made up half of TSMC's total wafer revenue during the quarter. It appears that today's victim of the Chocolate Factory axeman is legacy Google Voice for personal accounts. To be fair, and despite Google's apparent delight at killing off services , this one has been on the cards for a while, certainly since the company overhauled the user interface in with its "modern experience.
However, some users have stuck with the legacy web version of Voice despite warnings that bits of it would stop working in In July, the company said in a not-at-all-threatening manner:. Ukrainian police have arrested five people on suspicion of operating a ransomware gang, including a husband-and-wife team, following tipoffs from UK law enforcement.
0コメント