SecurityBrief New Zealand logo
New Zealand's leading source of cybersecurity and cyber-attack news
Story image

Security hole in Symantec antivirus exposes Windows, Linux and Macs

By Patrick Pilcher
Wed 18 May 2016
FYI, this story is more than a year old

A major security vulnerability has been uncovered by UK white hat hacker and Google Project Zero developer, Tavis Ormandy. The vulnerability applies to the Symantec Antivirus Engine used in most Symantec and Norton branded Antivirus products and could see Linux, Mac and Windows PCs compromised.

An identical security hole spanning Windows, Linux and Mac operating systems is a very rare thing indeed. Thankfully it is difficult to trigger as it turns out that users need an early version of the Aspack compression tool. Symantec’s Antivirus must be installed on the same PC in order to be at risk.

The news isn't that good for those who have both apps installed. It turns out that it's a relatively easy exploit. An emailed file which is scanned by the Symantec Antivirus app will trigger an attack that compromises the operating system.

Sources indicate that Symantec has moved swiftly to remedy this vulnerability. A spokesperson said that Symantec AV users “should already have received an updated version installing updates for this issue.”

Symantec recommend that the following practices are followed to minimise the risk of any exposure to this vulnerability:

  • Restrict access to administrative or management systems to authorised privileged users
  • Restrict remote access, if required, to trusted/authorised systems only
  • Run under the principle of least privilege where possible to limit the impact of potential exploit
  • Keep all operating systems and applications up-to-date with vendor patches
  • Follow a multi-layered approach to security. At a minimum, run both firewall and anti-malware applications to provide multiple points of detection and protection to both inbound and outbound threats
  • Deploy network- and host-based intrusion detection systems to monitor network traffic for signs of anomalous or suspicious activity. This may aid in the detection of attacks or malicious activity related to the exploitation of latent vulnerabilities.
  • Related stories
    Top stories
    Story image
    Employment
    Tech job moves - Forcepoint, Malwarebytes, SolarWinds & VMware
    We round up all job appointments from May 13-20, 2022, in one place to keep you updated with the latest from across the tech industries.
    Story image
    Migration
    Let’s clear the cloud visibility haze with app awareness
    Increasingly, organisations are heading for the cloud, initiating new born-in-the-cloud architectures and migrating existing applications via ‘lift and shift’ or refactoring.
    Story image
    Remote Working
    Successful digital transformation in the hybrid work era is about embracing shifting goalposts
    As organisations embraced remote working, many discovered they lacked the infrastructure needed to support history’s first global load test of remote work capabilities.
    Story image
    Vectra AI
    Understanding the weight on security leader’s shoulders, and how to shift it
    Millions of dollars of government funding and internal budgets are being funnelled into cybersecurity to build resilience against sophisticated threats, indicating how serious this issue has become.
    Story image
    Artificial Intelligence
    Updates from Google Workspace set to ease hybrid working troubles
    Google Workspace has announced a variety of new features which will utilise Google AI capabilities to help make hybrid working situations more efficient and effective.
    Story image
    Nozomi Networks
    Nozomi Networks, Siemens reveal software integration
    Nozomi Networks and Siemens have extended their partnership by embedding Nozomi Networks’ software into the Siemens Scalance LPE local processing engine.
    Story image
    Ransomware
    Alarming surge in Conti Ransomware Group activity - report
    A new report has identified a 7.6 per cent increase in the number of vulnerabilities tied to ransomware in Q1 2022.
    Story image
    Apricorn
    Data backup plans inadequate, data still at risk - study
    The Apricorn 2022 Global IT Security Survey revealed that while the majority organisations have data backup plans in place, data for many are at risk.
    Story image
    Cybersecurity
    CyberArk launches $30M investment fund to advance security
    CyberArk has announced the launch of CyberArk Ventures, a $30 million global investment fund dedicated to advancing the next generation of security disruptors.
    Story image
    Cybersecurity
    A10 Networks finds over 15 million DDoS weapons in 2021
    A10 Networks notes that in the 2H 2021 reporting period, its security research team tracked more than 15.4 million Distributed Denial-of-Service (DDoS) weapons.
    Story image
    SaaS
    Absolute Software expands Secure Access product offering
    Absolute Software is enhancing its Secure Access product portfolio, enabling minimised risk exposure and optimised user experiences in the hybrid working environment.
    Story image
    Malware
    New vulnerabilities found in Nuspire’s Q1 2022 Threat Report
    “Threat actors are quickly adjusting their tactics and these exploits tend to get industry attention, but the threat posed by older and attacks still persists."
    Story image
    Artificial Intelligence
    How to ensure ethical deployment of AI implementations
    The increase in automation and machine technology such as AI and machine learning has unlocked a whole new level of scale and service to organisations. 
    Story image
    Cybersecurity
    BlackBerry offers Kaspersky replacement cybersecurity for the channel
    BlackBerry advises that users of Kaspersky software in Australia and New Zealand undertake a rigorous risk analysis of their current security posture.
    Story image
    Remote Working
    How zero trust and SD-WANs can support productive remote working
    The way people connect with applications and data has changed, users are remotely accessing resources that could be stored anywhere from a corporate data center to the cloud.
    Booster
    Booster Innovation Fund. A fund of Kiwi ingenuity – for Kiwi investors.
    Link image
    Story image
    Ransomware
    Ingram Micro Cloud adds Bitdefender solutions to marketplace
    Ingram Micro Cloud has announced the expanded availability of Bitdefender solutions on the Ingram Micro Cloud Marketplace.
    Story image
    Cloud Security
    Aqua Security createa unified scanner for cloud native security
    “By integrating more cloud native scanning targets into Trivy, such as Kubernetes, we are simplifying cloud native security."
    Story image
    Ivanti
    Ivanti and Lookout bring zero trust security to hybrid work
    Ivanti and Lookout have joined forces to help organisations accelerate cloud adoption and mature their zero trust security posture in the everywhere workplace.
    Story image
    ChildFund
    ChildFund launches new campaign to protect children online
    ChildFund says WEB Safe & Wise aims to protect children from sexual exploitation and abuse online while also empowering them to become digitally savvy. 
    Story image
    Amazon Web Services / AWS
    RedShield leverages AWS to scale cybersecurity services
    "Working with AWS gives RedShield the ability to mitigate significant application layer DDoS attacks, helping leaders adopt best practices and security architectures."
    Story image
    Application Security
    What are the DDoS attack trend predictions for 2022?
    Mitigation and recovery are vital to ensuring brand reputation remains solid in the face of a Distributed Denial of Service (DDoS) attack and that business growth and innovation can continue.
    Story image
    VPN
    Palo Alto Networks says ZTNA 1.0 not secure enough
    Palo Alto Networks is urging the industry to move to Zero Trust Network Access 2.0 because previous versions have major gaps in security protection.
    Story image
    Ransomware
    A third of companies paying ransom don’t recover data - report
    Veeam's report finds 76% of businesses who are victims of cyberattacks paid the ransom to recover data, but a third were still unable to get their information back.
    Story image
    Workato
    Workato unveils enhancements to enterprise automation platform
    "The extra layer of protection with EKM, zero-logging, and hourly key rotation gives customers a lot more visibility and control over more sensitive data."
    Story image
    Digital Transformation
    Physical security systems guide the hybrid workplace to new heights
    Organisations are reviewing how data gathered from their physical security systems can optimise, protect and enhance their business operations in unique ways.
    Story image
    Cybersecurity
    The 'A-B-C' of effective application security
    Software applications have been a key tool for businesses for decades, but the way they are designed and operated has changed during the past few years.
    Story image
    BeyondTrust
    BeyondTrust integrates Password Safe solution with SailPoint
    BeyondTrust has announced the integration of BeyondTrust Password Safe with SailPoint identity security offerings.
    Story image
    Ransomware
    Cybersecurity starts with education
    In 2021, 80% of Australian organisations responding to the Sophos State of Ransomware study reported being hit by ransomware. 
    Story image
    Artificial Intelligence
    ForgeRock releases Autonomous Access solution powered by AI
    ForgeRock has officially introduced ForgeRock Autonomous Access, a new solution that uses AI to prevent identity-based cyber attacks and fraud.
    Story image
    Digital Transformation
    How to modernise legacy apps without compromising security
    At a time when digital transformation has become central to business, even the most important applications come with a ‘use-by’ date.
    Story image
    Customer experience
    Gartner recognises Okta for abilities in Access Management
    Okta has announced it has been recognised as a Customers' Choice for the fourth time in a row in the Gartner Peer Insights "Voice of the Customer" report.
    Story image
    Phishing
    Google reveals new safety and security measures for users
    Google's new measures include automatic two step verification, virtual cards and making it easier to remove contact information on Google Search results.
    Story image
    Cybersecurity
    NCSC advisory highlights poor security configurations
    The GCSB's National Cyber Security Centre (NCSC) has released a cyber security advisory identifying commonly exploited controls and practices.
    Story image
    Cybersecurity
    Managed service providers: effective scoping to avoid costly vendor pitfalls
    Managed security services are outsourced services focusing on the security and resilience of business networks.
    Story image
    Microsoft
    PwC NZ unveils new Cloud Security Operations Center
    PwC New Zealand has unveiled its new Cloud Security Operations Center for the entire Microsoft technology stack.
    Darktrace
    Threat actors are exploiting weaknesses in interconnected IT/OT ecosystems. Darktrace illuminates your entire business and takes targeted action to stop emerging attacks.
    Link image
    Story image
    Qualys
    Qualys updates Cloud Platform solution with rapid remediation
    The new update is designed to enable organisations to fix asset misconfigurations, patch OS and third-party applications, and deploy custom software.
    Story image
    Data Protection
    Barracuda launches new capabilities for API Protection
    "Every business needs this type of critical protection against API vulnerabilities and automated bot attacks," Barracuda says.
    Story image
    Tech job moves
    Tech job moves - Datacom, Micro Focus, SnapLogic and VMware
    We round up all job appointments from May 6-12, 2022, in one place to keep you updated with the latest from across the tech industries.
    Story image
    Sift
    Sift shares crucial advice for preventing serious ATO breaches
    Are you or your business struggling with Account Takeover Fraud (ATO)? One of the latest ebooks from Sift can provide readers with the tools and expertise to help launch them into the new era of account security.
    Story image
    Cybersecurity
    Noname Security partners with Netpoleon to target API issues
    Specialist API security firm Noname Security has appointed Netpoleon as its distributor in Australia and New Zealand.
    Story image
    Cybersecurity
    Hard numbers: Why ambiguity in cybersecurity no longer adds up
    As cybersecurity costs and risks continue to escalate, CEOs continue to struggle with what their investment in cyber protection buys. Getting rid of ambiguity becomes necessary.
    Story image
    Artificial Intelligence
    AI-based email security platform Abnormal Security valued at $4B
    "A new breed of cybersecurity solutions that leverage AI is required to change the game and stop the rising threat of sophisticated and targeted email attacks."