| 28-07-2025 |
Chaos Ransomware Targets U.S. with Sophisticated Attacks |
Cybersecurity |
The Chaos ransomware group, a new ransomware-as-a-service threat, is launching aggressive double extortion attacks, primarily targeting U.S. organizations, with additional victims in the U.K., India, and New Zealand. Using voice phishing and remote management tools, Chaos employs rapid, selective encryption to disrupt networks and demands ransoms up to $300,000. Symantec’s VMware Carbon Black solutions effectively detect and block these threats, offering robust protection through advanced malware policies and machine learning. Organizations are urged to strengthen cybersecurity measures to counter this evolving threat. |
|
| 14-07-2025 |
Symantec Bolsters Defense Against SafePay Ransomware |
Cybersecurity |
Symantec, a Broadcom division, offers robust protection against SafePay ransomware, a variant compromising over 200 victims since 2024 by exploiting RDP and VPN access points. Utilizing adaptive and machine learning-based detection, Symantec identifies and blocks SafePay’s malicious activities, including data encryption and double extortion tactics. Carbon Black products enhance security by preventing malware execution and leveraging cloud reputation services. For optimal protection, users should enable Symantec’s comprehensive policies to safeguard networks and data. |
|
| 04-07-2025 |
Remcos Malware Targets Systems via Tar Archive Malspam |
Feature |
A new Remcos malware campaign uses phishing emails with .tar archive attachments containing malicious .lnk files to deploy the Remcos payload via PowerShell. Once executed, the malware ensures persistence and grants attackers full system control, posing significant risks to organizations. Symantec’s advanced threat protection, including VMware Carbon Black, effectively detects and blocks these attacks using adaptive and machine learning-based methods. Businesses are encouraged to implement robust security policies to mitigate this threat. |
|
| 02-07-2025 |
Symantec IPS Signatures Bolster Ransomware Defense |
Cybersecurity |
Symantec’s Intrusion Prevention System (IPS) Audit Signatures offer a proactive shield against ransomware by monitoring Remote Monitoring and Management (RMM) tools for suspicious activity. These signatures detect unauthorized RMM usage, providing early warnings without disrupting legitimate IT operations. Security teams gain actionable insights through detailed alerts, enabling rapid threat response and enhanced network protection. Learn more about enabling Symantec IPS to fortify your cybersecurity strategy. |
|
| 01-07-2025 |
Broadcom’s Symantec IPS Detects 856.6M Attacks |
Cybersecurity |
Broadcom’s Symantec Intrusion Prevention System (IPS), a leading deep packet inspection engine, safeguarded 2.1 million endpoints by detecting 856.6 million attacks in June 2025, including 276.8 million attempts targeting Windows OS vulnerabilities and 58.2 million ransomware-related threats. IPS audit signatures monitor suspicious network traffic, such as malware and red team tools, allowing administrators to review logs and enable blocking for enhanced security. The system protects desktops and servers for Fortune 500 companies and consumers alike. Administrators are encouraged to enable IPS and configure audit signatures to block threats based on local environment logs |
|
| 26-06-2025 |
Prometei Botnet Evolves with Stealthy Linux Variants |
Cybersecurity |
The Prometei botnet has resurfaced with advanced Linux variants (v3 and v4), focusing on Monero mining and credential theft, as reported by Palo Alto Networks’ Unit 42. These variants employ self-updating mechanisms and domain generation algorithms (DGA) for resilient command-and-control connectivity, using UPX packing for obfuscation. Symantec’s protection, including VMware Carbon Black and WebPulse, effectively detects and blocks associated malicious indicators. Learn more about safeguarding your systems at Broadcom’s Security Center. |
|
| 23-06-2025 |
Shadow Vector Campaign Targets Colombians with SVG Phishing |
Cybersecurity |
The Shadow Vector campaign uses SVG smuggling to deliver AsyncRAT and RemcosRAT malware to Colombian users via phishing emails disguised as court notifications. These emails contain malicious SVG files that, when opened, redirect victims to password-protected archives hosted on platforms like Dropbox and Bitbucket. The infection chain employs advanced techniques like DLL side-loading and process injection, enabling credential theft and potential ransomware deployment. Symantec’s industry-leading protection detects and blocks these threats effectively. |
|
| 20-06-2025 |
Symantec Blocks Modified XWorm RAT in Trojanized MSI |
Cybersecurity |
Broadcom’s Symantec Security Center has identified and neutralized a China-linked threat actor distributing a modified XWorm Remote Access Trojan (RAT) via a trojanized MSI installer disguised as a WhatsApp setup. Targeting users in East and Southeast Asia, the attack uses encrypted shellcode in image files and PowerShell scripts for persistence, with the RAT enhanced to detect Telegram installations and report via Telegram. Symantec’s adaptive, file-based, and machine learning protections, alongside VMware Carbon Black policies, effectively block this malware. Visit Broadcom’s protection bulletin for details on safeguarding your systems. |
|
| 13-06-2025 |
Broadcom Addresses Grafana Vulnerability with Robust Protection |
Cybersecurity |
Broadcom's Symantec Security Center has issued a bulletin for CVE-2025-4123, a high-severity Grafana vulnerability enabling open redirects and potential server-side request forgery (SSRF) or account takeover via Cross-Site Scripting (XSS). Symantec’s network-based and policy-based protections, including Data Center Security (DCS), safeguard systems by blocking malicious exploits and securing underlying OS resources. The Grafana vendor has released patches to fix this issue. For enhanced security, ensure systems are updated and leverage Symantec’s industry-leading solutions. |
|
| 13-06-2025 |
Symantec Counters CyberEye RAT with Multi-Layered Protection |
Cybersecurity |
Broadcom’s Symantec Security Center has identified CyberEye, a modular Remote Access Trojan (RAT) using Telegram for command-and-control, capable of cryptocurrency hijacking and data exfiltration. Symantec’s adaptive, behavior, and machine learning-based defenses, including VMware Carbon Black, effectively detect and block this versatile threat. The solutions prevent malware execution and leverage cloud reputation services for enhanced security. Organizations are advised to implement Symantec’s robust protection policies to safeguard sensitive data. |
|
| 12-06-2025 |
Symantec Uncovers Fog Ransomware’s Unique Attack Tools |
Cybersecurity |
Symantec’s Threat Hunter Team identified a May 2025 Fog ransomware attack on an Asian financial institution, utilizing unusual tools like Syteca employee monitoring software and open-source pentesting tools (GC2, Adaptix, Stowaway). The attackers established network persistence post-ransomware deployment, suggesting potential espionage motives. Symantec’s advanced detection capabilities, including VMware Carbon Black, effectively counter this sophisticated threat. Businesses are urged to update protections to mitigate similar attacks. |
|
| 09-06-2025 |
Symantec Counters NodeSnake RAT from Interlock Ransomware |
Cybersecurity |
Symantec’s security solutions effectively protect against NodeSnake, a new Remote Access Trojan (RAT) deployed by the Interlock ransomware group targeting educational institutions. Delivered through phishing emails, NodeSnake uses JavaScript and NodeJS to disguise itself as a legitimate Chrome process, enabling stealthy reconnaissance and data theft. Symantec’s behavior-based, file-based, machine learning, and web-based detection systems block this threat comprehensively. Users are advised to enable robust malware protection policies in VMware Carbon Black products for maximum security. Visit Broadcom’s Security Center for detailed protection guidance. |
|
| 08-06-2025 |
Symantec Blocks Fake Government App Targeting Indian Android Users |
Cybersecurity |
Symantec’s security solutions have identified and neutralized a malicious Android app posing as a government application targeting users in India. This malware employs multi-stage downloads and anti-analysis techniques to steal personal information and SMS data, requiring user interaction to enable its malicious functions. Symantec detects this threat as Android.Reputation.2 and AppRisk:Generisk, ensuring robust protection for affected devices. Android users are urged to verify app authenticity and enable Symantec’s mobile security features. Visit Broadcom’s Security Center for more details. |
|
| 08-06-2025 |
Symantec Shields Gamers from Blitz Malware in Cheats |
Cybersecurity |
Symantec’s security solutions detect and block Blitz, a multi-stage malware hidden in backdoored video game cheat applications, targeting unsuspecting gamers. The malware, comprising downloader and botnet components, is delivered when users run compromised cheats, enabling further malicious downloads. Symantec identifies this threat through adaptive, file-based, machine learning, and web-based detections, including Backdoor.Trojan and Miner.XMRig. Gamers are advised to avoid unverified cheat software and enable Symantec’s protection policies. Visit Broadcom’s Security Center for setup guidance. |
|
| 08-06-2025 |
Symantec Thwarts APT41’s TOUGHPROGRESS Malware Exploiting Google Calendar |
Cybersecurity |
Symantec’s advanced security solutions neutralize TOUGHPROGRESS, a custom malware deployed by the APT41 threat group, which uses Google Calendar events as a covert command-and-control channel. Delivered via spear-phishing emails with malicious ZIP files, the malware employs a three-stage, in-memory infection process to evade detection. Symantec detects this threat through adaptive, email, file, machine learning, and web-based protections, including Scr.Mallnk!gen2 and Heur.AdvML.A. Users are encouraged to enable Symantec’s email security and VMware Carbon Black policies for robust defense. Visit Broadcom’s Security Center for detailed protection steps. |
|
| 05-06-2025 |
Symantec Reveals HTTP Data Leaks in Chrome Extensions |
Cybersecurity |
Symantec’s recent findings expose critical security flaws in popular Chrome extensions like SEMRush Rank and Browsec VPN, leaking data via unencrypted HTTP connections. These extensions, used by millions, transmit browsing domains, machine IDs, and usage analytics in plaintext, vulnerable to interception by attackers. DualSafe Password Manager has since adopted HTTPS to secure its telemetry. |
|
| 02-06-2025 |
EddieStealer Malware Targets Users via ClickFix, Symantec Responds |
Cybersecurity |
EddieStealer, a Rust-based information stealer, is spreading through ClickFix campaigns, tricking users with fake CAPTCHAs to execute malicious commands. This premium subscription threat collects sensitive data from cryptowallets, password managers, and browsers, posing a significant risk. Symantec counters EddieStealer with robust, multi-layered protection, including adaptive, behavior, file, and machine learning-based detections for the best rates of security. Learn how Symantec and VMware Carbon Black safeguard systems and explore industry insights to stay protected. |
|
| 02-06-2025 |
Symantec IPS Blocks 51.8M Attacks in Week 22, 2025 |
Cybersecurity |
Symantec's Intrusion Prevention System (IPS), a best-in-class deep packet inspection engine, safeguarded 318,000 endpoints last week, blocking 51.8 million attacks, with 82.8% stopped pre-infection. Key protections included 23.4 million web server vulnerability scans and 5.9 million Windows OS exploit attempts, ensuring robust security for desktops and servers. This premium subscription tool also thwarted 8.2 million malware C&C attempts and 653,900 coin mining efforts, delivering industry insights for comprehensive threat defense. Enable Symantec IPS on your devices for the best rates of protection against evolving cyber threats. |
|
| 02-06-2025 |
SEP Web Extension Blocks 7.4M Attacks in Week 22, 2025 |
Cybersecurity |
Symantec Endpoint Protection (SEP) Web Extension, a premium subscription tool, shielded 163,400 endpoints last week, blocking 7.4 million web-borne attacks. Leveraging URL reputation, it stopped 7.1 million threats, while Browser Intrusion Prevention halted 242,500 redirection attempts and 100,900 scam and cryptojacking attacks. Backed by Symantec Threat Intelligence, this solution delivers industry insights for robust browser protection on Chrome and Edge. Enable SEP Web Extension for the best rates of defense against phishing, malware, and scams. |
|
| 02-06-2025 |
Symantec IPS Shields 33.3K Servers, Blocks 27.9M Attacks |
Cybersecurity |
Symantec's Intrusion Prevention System (IPS), a best-in-class deep packet inspection engine, protected 33,300 servers last month, blocking 27.9 million attacks, with 90.5% stopped pre-infection. Key defenses included halting 12.4 million web server vulnerability scans and 3.8 million Windows OS exploit attempts, ensuring robust security. This premium subscription tool also blocked 857,100 coin mining and 1.5 million malware C&C attempts, delivering industry insights for server safety. Enable Symantec IPS and the Server Performance Tuning feature for the best rates of protection in high-throughput scenarios. |
|
| 30-05-2025 |
Lyrix Ransomware Emerges, Targets Files with Python Code |
Cybersecurity |
Lyrix, a new Python-based ransomware, has surfaced in underground forums, aiming for file encryption and data theft for financial gain. This malware, detailed by Broadcom, employs anti-analysis and evasion tactics to bypass defenses, while deleting Volume Shadow Copies to block system recovery. VMware Carbon Black products, backed by premium subscription policies, effectively detect and block Lyrix and related threats. For the best rates of protection, ensure robust malware-blocking settings are active. |
|
| 30-05-2025 |
PureHVNC RAT Campaigns Target Systems with Multi-Stage Attacks |
Cybersecurity |
New PureHVNC RAT campaigns are deploying malicious .lnk files, PowerShell, and JavaScript, using lures like fake job offers from fashion brands. This threat, detailed by Broadcom, grants attackers system access to upload additional payloads, risking data and endpoint security. Symantec, backed by VMware Carbon Black, offers premium subscription protection, blocking and detecting these threats effectively. Industry insights highlight the need for robust, adaptive policies to counter such attacks. |
|
| 29-05-2025 |
Symantec Counters Fancy Bear’s SpyPress Spearphishing Attacks |
Cybersecurity |
Broadcom’s Symantec has detailed its defense against Fancy Bear, a Russian threat group using spearphishing to deliver SpyPress malware via a zero-day XSS flaw, CVE-2024-11182. Targeting government and defense sectors in Africa, the EU, and South America, the campaign exploits webmail vulnerabilities to steal sensitive email data. Symantec’s robust protection, including VMware Carbon Black and Email Threat Isolation, effectively blocks this cyber threat. Learn how Symantec secures your systems against Fancy Bear’s attacks. |
|
| 29-05-2025 |
Symantec Thwarts AsyncRAT Malware in Malspam Campaigns |
Cybersecurity |
Broadcom’s Symantec has identified a malspam campaign delivering AsyncRAT malware through deceptive emails posing as construction project quotation requests. The attack involves multiple downloads starting from box.com, ultimately dropping a malicious DLL to deploy the payload. Symantec’s comprehensive protection, including Email Threat Isolation and VMware Carbon Black, effectively blocks this threat. Safeguard your systems by exploring Symantec’s robust defense strategies against AsyncRAT. |
|
| 29-05-2025 |
Symantec Blocks Zanubis Mobile Malware Targeting Finances |
Cybersecurity |
Broadcom’s Symantec has updated its defenses against Zanubis, an Android banking malware active since 2022, now targeting virtual cards and cryptocurrency in South America. The 2025 variant features new code, improved C2 commands, and better app filtering while posing as legitimate institutions. Symantec’s mobile and web-based protections effectively detect and block this evolving threat. Learn how Symantec can secure your Android devices from Zanubis malware attacks. |
|
