Top IT Security Bloggers

Symantec Security Response Blogs
  • Android ransomware requires victim to speak unlock code

    Symantec Security Response Blogs
    Latest Android.Lockdroid.E variant uses speech recognition instead of typing for unlock code input.



    Blog Feature Image: 


    EB-Header-image109.jpeg



    Publish to Facebook: 


    No






    Twitter Card Style: 
    summary


    Being a good listener is normally considered an admirable quality in a person; however, it isn’t a quality you necessarily want to find in a piece of malware. The latest variant of the Android ransomware threat Android.Lockdroid.E is a great listener.

    Click to Tweet: 


    Android.Lockdroid.E variant uses speech recognition APIs for passcode input



    Click to Tweet Acct: 


    @threatintel


    read more
  • Symantec and other industry leaders announce expanded Cyber Threat Alliance

    Symantec Security Response Blogs
    Cybersecurity consortium formally establishes rapid security intelligence sharing system to combat cybercrime and advanced attacks.



    Blog Feature Image: 


    EB-Stats-02.jpeg






    Twitter Card Style: 
    summary


    Symantec is one of the six founding members of the Cyber Threat Alliance (CTA) which yesterday announced its formal incorporation as a not-for-profit entity. The organization also announced the appointment of former Cybersecurity Coordinator for the White House, Michael Daniel, as its first president.

    Click to Tweet: 


    Symantec ramps up pressure on global cybercrime and APT attacks by forming Cyber Threat Alliance



    Click to Tweet Acct: 


    @threatintel


    read more
  • Sage 2.0 ransomware delivered by Pandex spambot, mimics Cerber routines

    Symantec Security Response Blogs
    New variants of Sage ransomware sport Cerber-like behavior, although no definitive link was found between the two families.






    Twitter Card Style: 
    summary


    Symantec Security Response has recently discovered the Sage 2.0 ransomware (Ransom.Cry) being delivered by the Trojan.Pandex spambot, which we have previously seen sending JS downloaders with spambots, banki

    Click to Tweet: 


    Sage 2.0 ransomware appears to be mimicking Cerber's routines



    Additional Authors: 


    Patrick Nguyen

    Xinlei Cai


    read more
  • Attackers target dozens of global banks with new malware

    Symantec Security Response Blogs
    Watering hole attacks attempt to infect more than 100 organizations in 31 different countries.



    Blog Feature Image: 


    virtual_abstraction.jpg






    Twitter Card Style: 
    summary


    Organizations in 31 countries have been targeted in a new wave of attacks which has been underway since at least October 2016. The attackers used compromised websites or “watering holes” to infect pre-selected targets with previously unknown malware. There has been no evidence found yet that funds have been stolen from any infected banks.

    Click to Tweet: 


    Malware used in watering hole attacks on Polish banks has tentative links to #Lazarus group


    read more
  • Latest Intelligence for January 2017

    Symantec Security Response Blogs
    The email malware rate drops due to Necurs botnet inactivity and the Angler exploit kit makes a surprise comeback.






    Twitter Card Style: 
    summary


    Some of the key takeaways from January’s Latest Intelligence, and the threat landscape in general, include a lull in activity from the Necurs botnet affecting the email malware rate, the return of the Angler exploit kit, and the discovery of a cyberespionage group with possible links to the
    read more
  • Android ransomware repurposes old dropper techniques

    Symantec Security Response Blogs
    Android ransomware is now using dropper techniques to drop malware on rooted devices as well as an inefficient 2D barcode ransom demand.






    Twitter Card Style: 
    summary


    Android.Lockdroid.E has been seen using a dropper technique to drop a version of itself on rooted Android devices. While this is not an uncommon technique, this is the first time we've seen it used to deliver ransomware to Android devices.
    read more
  • Android Ad Malware on Google Play Combines Three Deception Techniques

    Symantec Security Response Blogs
    Three apps on Google Play use delayed attacks, self-naming tricks, and an attack list dictated by a command and control server to click on ads in the background without the user's knowledge.



    Blog Feature Image: 


    EB-generic-tablet.jpeg






    Twitter Card Style: 
    summary


    Contributor: Martin Zhang
    Summary: Three apps on Google Play use delayed attacks, self-naming tricks, and an attack list dictated by a command and control server to click on ads in the background without the user's knowledge.
    read more
  • Greenbug cyberespionage group targeting Middle East, possible links to Shamoon

    Symantec Security Response Blogs
    Greenbug may answer the question of how Shamoon obtains the stolen credentials needed to carry out its disk-wiping attacks.






    Twitter Card Style: 
    summary


    Symantec is currently investigating reports of yet another new attack in the Middle East involving the destructive disk-wiping malware used by the Shamoon group (W32.Disttrack, W32.Disttrack.B).

    Click to Tweet: 


    Is there a link between Greenbug and the disk-wiping Shamoon attacks?



    Click to Tweet Acct: 


    @threatintel


    read more
  • Microsoft Patch Tuesday – January 2017

    Symantec Security Response Blogs
    This month the vendor has released 4 bulletins, two of which are rated Critical.






    Twitter Card Style: 
    summary



    Hello, welcome to this month's blog on the Microsoft patch release. This month the vendor has released 4 bulletins, two of which are rated Critical.
    As always, customers are advised to follow these security best practices:
    read more
  • Airport boarding gate display leaks booking codes, puts passenger data at risk

    Symantec Security Response Blogs
    Attackers could gain full control over passenger bookings, cancel flights, and steal sensitive information with leaked booking codes.






    Twitter Card Style: 
    summary


    While waiting for my flight to begin boarding at a European airport recently, I noticed that one of the screens at the gate showed a timed-out web browser window. Being curious and more than a little bored, I opened the IP address displayed on the screen on my smartphone expecting it to be unreachable from the internet.
    read more

Editor's Recommendations

Solution Centres

Events

View all events Submit your own security event

Latest Videos

More videos

Blog Posts

Media Release

More media release

Market Place