Symantec Enterprise Software Has a Big Security Hole

May 30, 2006 Timothy Prickett Morgan

We don’t normally worry too much about what is going on with the security of Windows desktops–well, at least not editorially in this newsletter. But as users of Windows desktops and laptops, as most of you are, we get a little concerned about security holes and the potential havoc they can wreak in the data center and on the desktops.

With that in mind, we just wanted you to be aware that Symantec has issued a statement that there is a stack overflow vulnerability in its Symantec Client Security 3.1 and Symantec AntiVirus Corporate Edition 10.1 software. The vulnerability is such that it can allow someone local or remote to potentially take over the machine and execute code on your machine. The hole does not require a hacker to authenticate on your machine or for you to do anything at all, so it is a good thing that there is not an exploit available for this security hole. Basically, the antivirus portion of the program is an open door right now as I write this. Apparently, the low-end desktop products do not have this vulnerability, which is a bit peculiar.

eEye Security, a security software firm that sells complimentary products for managing network security, put out a statement on May 24 saying it had discovered the vulnerability. On May 25, Symantec’s software engineers verified that this vulnerability exists and released a statement itself. Symantec has released intrusion detection system (IDS) signatures to help security officers detect when this vulnerability is being exploited, and further advises everyone to be careful opening attachments and surfing the Web, since code can just run if it sniffs you out. Symantec is working on a patch for this hole. The tricky bit is that as soon as a patch is released, hackers will be able to craft an exploit instantly. So keep your Symantec software up to date.

Tags: Tags: mtfh_rc, Volume 15, Number 22 -- May 30, 2006

CYBER-ATTACKS ON THE RISE. PROTECT WITH THE TRIPLE PLAY.

COVID-19 has not only caused a global pandemic, but has sparked a “cyber pandemic” as well.

“Cybersecurity experts predict that in 2021, there will be a cyber-attack incident every 11 seconds. This is nearly twice what it was in 2019 (every 19 seconds), and four times the rate five years ago (every 40 seconds in 2016). It is expected that cybercrime will cost the global economy $6.1 trillion annually, making it the third-largest economy in the world, right behind those of the United States and China.”1

Protecting an organization’s data is not a single-faceted approach, and companies need to do everything they can to both proactively prevent an attempted attack and reactively respond to a successful attack.

UCG Technologies’ VAULT400 subscription defends IBM i and Intel systems against cyber-attacks through comprehensive protection with the Triple Play Protection – Cloud Backup, DRaaS, & Enterprise Cybersecurity Training.

Cyber-attacks become more sophisticated every day. The dramatic rise of the remote workforce has accelerated this trend as cyber criminals aggressively target company employees with online social engineering attacks. It is crucial that employees have proper training on what NOT to click on. Cyber threats and social engineering are constantly evolving and UCG’s Enterprise Cybersecurity Training (powered by KnowBe4) is designed to educate employees on the current cutting-edge cyber-attacks and how to reduce and eliminate them.

A company is only as strong as its weakest link and prevention is just part of the story. Organizations need to have a quick response and actionable plan to implement should their data become compromised. This is the role of cloud backup and disaster-recovery-as-a-service (DRaaS).

Data is a company’s most valuable asset. UCG’s VAULT400 Cloud Backup provides 256-bit encrypted backups to two (2) remote locations for safe retrieval should a cyber-attack occur. This is a necessary component of any protection strategy. Whether a single click on a malicious link brings down the Windows environment or an infected SQL server feeds the IBM i, once the data is compromised, there is no going back unless you have your data readily available.

Recovery is not a trivial task, especially when you factor in the time sensitive nature of restoring from an active attack. This leads to the third play of the Triple Play Protection – DRaaS. Companies have myriad concerns once an attack is realized and a managed service disaster recovery allows employees to keep focus on running the business in a crisis state.

The combination of training employees with secure backup and disaster recovery offers companies the best chance at avoiding financial disruption in an age of stronger, more frequent cyber-attacks.

Reach out to UCG Technologies to discuss your company’s security needs and develop a data protection plan that fits you best.

ucgtechnologies.com/triple-play

800.211.8798 | info@ucgtechnologies.com

https://theconversation.com/cyberattacks-are-on-the-rise-amid-work-from-home-how-to-protect-your-business-151268

Admin Alert: Setting Up Unattended i5 Server IPLs The Inside Stories of the Innovation Award Winners

This Issue Sponsored By

Table of Contents

Content archive

Recent Posts

Subscribe

Pages

Search