While the first Dragonfly campaigns appear to have been a more reconnaissance phase, the Dragonfly 2.0 campaign seems to have destructive purposes. Symantec has spotted a new wave of cyber attacks against firms in the energy sector powered by the notorious Dragonfly group. The Dragonfly group, also known as Energetic Bear, has been active since at least 2011

In the early days of the internet, one of the first functional problems users faced was how to verify that entities on the other end of a connection were who they said they were. At first, the nebulous nature of online transactions inhibited e-commerce, since buyers feared that their payment information might be hijacked. This lack of trust precipitated the

In February 2017, authorities in the United Kingdom arrested a 29-year-old U.K. man on suspicion of knocking more than 900,000 Germans offline in an attack tied to Mirai, a malware strain that enslaves Internet of Things (IoT) devices like security cameras and Internet routers for use in large-scale cyberattacks. Investigators haven’t yet released the

A new strain of ransomware dubbed “Petya” is worming its way around the world with alarming speed. The malware is spreading using a vulnerability in Microsoft Windows that the software giant patched in March 2017 — the same bug that was exploited by the recent and prolific WannaCry ransomware strain. The ransom note that gets displayed on s

Last week, KrebsOnSecurity received an email from eBay. The company wanted me to switch from using a hardware key fob when logging into eBay to receiving a one-time code sent via text message. I found it remarkable that eBay, which at one time was well ahead of most e-commerce companies in providing more robust online authentication options, is now essential

reader comments 43 Share this story A security researcher has unearthed evidence showing that three browser-trusted certificate authorities (CAs) owned and operated by Symantec improperly issued more than 100 unvalidated transport layer security certificates. In some cases, those certificates made it possible to spoof HTTPS-protected w

Symantec has fixed dozens of critical vulnerabilities affecting its solutions that can be exploited by remote attackers for arbitrary code execution. The popular Google Project Zero hacker Tavis Ormandy last month reported a number of critical security issues in Symantec solutions, and this is the good news. The bad news is that Symantec promptly fixed one o

Much of the product line from security firm Symantec contains a raft of vulnerabilities that expose millions of consumers, small businesses, and large organizations to self-replicating attacks that take complete control of their computers, a researcher warned Tuesday."These vulnerabilities are as bad as it gets," Tavis Ormandy, a researcher with Google's Pro

Symantec’s surprise announcement this week that it had agreed to acquire Blue Coat Systems for a whopping $4.65 billion in cash led to much discussion about how the purchase will affect the beleaguered antivirus giant, which has experienced well-documented struggles and setbacks in recent years. But there’s been much less focus on Blue Coat ̵

Spammers are abusing ill-configured U.S. dot-gov domains and link shorteners to promote spammy sites that are hidden behind short links ending in”usa.gov”. Spam purveyors are taking advantage of so-called “open redirects” on several U.S. state Web sites to hide the true destination to which users will be taken if they click the link.

Google has given Symantec an offer it can't refuse: give a thorough accounting of its ailing certificate authority process or risk having the world's most popular browser—Chrome—issue scary warnings when end users visit HTTPS-protected websites that use Symantec credentials.The ultimatum, made in a blog post published Wednesday afternoon, came five weeks aft

Researchers at Symantec uncovered bad actors that have been using a backdoor Trojan dubbed Duuzer to target organizations in South Korea and elsewhere. According to Symantec, threat actors have been using a data stealer Trojan dubbed Duuzer to target organizations mainly located in South Korea. The bad actors conducted targete

Researchers have identified a new Trojan that targets mobile banking apps with customized phishing pages in an attempt to steal users’ login credentials.According to a blog post recently published by security firm Symantec, the Trojan, which has been named “Android.Fakelogin”, is targeting primarily Russian mobile users. The malware comes i

Symantec recently discovered a new strain of malware, dubbed “Linux.Wifatch,” which has already infected more than 10,000 IoT devices. The malware’s author says Linux.Wifatch is actually beneficial because it removes a malicious backdoor and encourages users to update weak passwords.Do the ends of vigilante-style malware and beneficial botnets li

A new strain of malware identified by Symantec as the Vigilante malware, aka Wifatch, has infected tens of thousands of IoT devices across the world. Who is infecting thousands of IoT devices across the world, and why? A new strain of malware, identified by Symantec as Linux.Wifatch has infected tens of thousands of IoT device