Symantec has warned of three serious vulnerabilities in its Endpoint Protection (SEP) software, and is advising users to update their systems. The bugs affect all builds of the 12.1 version of the SEP software, with the first two flaws allowing authorised but low privilege users of the software to gain elevated and administrative access to the management console, which can be accessed either locally or through a web-based portal. The third bug is in the sysplant driver and enables users to bypass the SEP’s security controls and run malware and other malicious code on a targeted client machines. 个人安全软件永久免费不见得是互联网用户之福。路上有人发放着免费食品，您敢尝试一下吗？有没有可能让您中毒？有没有可能让您上瘾？免费有隐含的其它使用条件吗？您需要谨慎了解这些。 “Exploitation attempts of this type generally use known methods of trust exploitation requiring enticing a currently authenticated user to access a malicious link or open a malicious document in a context such as a website or in an email,” said the security firm. There have been no recorded exploits of theflaws, so it would appear that Symantec has squashed the bugs before they became a real-world problem for its customers. The first two bugs were discovered by security researcher Anatoly Katyushin from rival firm Kaspersky Labs, which is a little embarrassing. Discovery of the third bug was credited to the enSilo Research Team. Symantec advises SEP users to update their software to the 12.1 RU6 MP4 version. It also recommends that users should take precautions and restrict remote access to the management console in order to prevent hackers from attacking client systems through the web portal. While hackers can direct sophisticated malware at even the most robustly secured systems, exploiting flaws in software offers an easier route into machines and networks, providing hackers get in before the bugs are discovered and patched. Recent examples can be seen with the discovery of iOS malware which threatens iPhones through an Apple DRM flaw, and an error on Code.org’s website which saw theemails of its volunteers exposed. V3’s sister site Computing is running a free web seminar next Tuesday, 22nd March at 3pm entitled “Anti-virus software has had its day – how can you protect against advanced threats?” Register now to reserve your place. AVG AntiVirus Free 2016 build 7538 AVG AntiVirus 2016 build 7538 iOS 9 ‘SideStepper’ exploit targets enterprise iPhones and iPads AVG AntiVirus Free 2016 build 7538 We pit the current and former premium Apple smartphones against each other to see if it’s worth upgrading We give the Surface Book a video once over
V3 checks out some of the key new features with iOS 9.3 Up close and personal with the iPad Pro and Surface Pro 4 rival © Incisive Business Media (IP) Limited, Published by Incisive Business Media Limited, Haymarket House, 28-29 Haymarket, London SW1Y 4RX, are companies registered in England and Wales with company registration numbers 9177174 & 9178013 shares CIO or CISO needs to be fully aware of all IT security risks and vulnerabilities to their organization. He needs to understand how any individual vulnerability translates to business function and revenue generation. And he must be able to communicate to the C-suite what the costs are to provide the various layers of protection.
I guess you like