| 28-07-2025 |
Chaos Ransomware Targets U.S. with Sophisticated Attacks |
Cybersecurity |
The Chaos ransomware group, a new ransomware-as-a-service threat, is launching aggressive double extortion attacks, primarily targeting U.S. organizations, with additional victims in the U.K., India, and New Zealand. Using voice phishing and remote management tools, Chaos employs rapid, selective encryption to disrupt networks and demands ransoms up to $300,000. Symantec’s VMware Carbon Black solutions effectively detect and block these threats, offering robust protection through advanced malware policies and machine learning. Organizations are urged to strengthen cybersecurity measures to counter this evolving threat. |
|
| 14-07-2025 |
Symantec Bolsters Defense Against SafePay Ransomware |
Cybersecurity |
Symantec, a Broadcom division, offers robust protection against SafePay ransomware, a variant compromising over 200 victims since 2024 by exploiting RDP and VPN access points. Utilizing adaptive and machine learning-based detection, Symantec identifies and blocks SafePay’s malicious activities, including data encryption and double extortion tactics. Carbon Black products enhance security by preventing malware execution and leveraging cloud reputation services. For optimal protection, users should enable Symantec’s comprehensive policies to safeguard networks and data. |
|
| 04-07-2025 |
Remcos Malware Targets Systems via Tar Archive Malspam |
Feature |
A new Remcos malware campaign uses phishing emails with .tar archive attachments containing malicious .lnk files to deploy the Remcos payload via PowerShell. Once executed, the malware ensures persistence and grants attackers full system control, posing significant risks to organizations. Symantec’s advanced threat protection, including VMware Carbon Black, effectively detects and blocks these attacks using adaptive and machine learning-based methods. Businesses are encouraged to implement robust security policies to mitigate this threat. |
|
| 02-07-2025 |
Symantec IPS Signatures Bolster Ransomware Defense |
Cybersecurity |
Symantec’s Intrusion Prevention System (IPS) Audit Signatures offer a proactive shield against ransomware by monitoring Remote Monitoring and Management (RMM) tools for suspicious activity. These signatures detect unauthorized RMM usage, providing early warnings without disrupting legitimate IT operations. Security teams gain actionable insights through detailed alerts, enabling rapid threat response and enhanced network protection. Learn more about enabling Symantec IPS to fortify your cybersecurity strategy. |
|
| 01-07-2025 |
Broadcom’s Symantec IPS Detects 856.6M Attacks |
Cybersecurity |
Broadcom’s Symantec Intrusion Prevention System (IPS), a leading deep packet inspection engine, safeguarded 2.1 million endpoints by detecting 856.6 million attacks in June 2025, including 276.8 million attempts targeting Windows OS vulnerabilities and 58.2 million ransomware-related threats. IPS audit signatures monitor suspicious network traffic, such as malware and red team tools, allowing administrators to review logs and enable blocking for enhanced security. The system protects desktops and servers for Fortune 500 companies and consumers alike. Administrators are encouraged to enable IPS and configure audit signatures to block threats based on local environment logs |
|
| 26-06-2025 |
Prometei Botnet Evolves with Stealthy Linux Variants |
Cybersecurity |
The Prometei botnet has resurfaced with advanced Linux variants (v3 and v4), focusing on Monero mining and credential theft, as reported by Palo Alto Networks’ Unit 42. These variants employ self-updating mechanisms and domain generation algorithms (DGA) for resilient command-and-control connectivity, using UPX packing for obfuscation. Symantec’s protection, including VMware Carbon Black and WebPulse, effectively detects and blocks associated malicious indicators. Learn more about safeguarding your systems at Broadcom’s Security Center. |
|
| 23-06-2025 |
Shadow Vector Campaign Targets Colombians with SVG Phishing |
Cybersecurity |
The Shadow Vector campaign uses SVG smuggling to deliver AsyncRAT and RemcosRAT malware to Colombian users via phishing emails disguised as court notifications. These emails contain malicious SVG files that, when opened, redirect victims to password-protected archives hosted on platforms like Dropbox and Bitbucket. The infection chain employs advanced techniques like DLL side-loading and process injection, enabling credential theft and potential ransomware deployment. Symantec’s industry-leading protection detects and blocks these threats effectively. |
|
| 20-06-2025 |
Symantec Blocks Modified XWorm RAT in Trojanized MSI |
Cybersecurity |
Broadcom’s Symantec Security Center has identified and neutralized a China-linked threat actor distributing a modified XWorm Remote Access Trojan (RAT) via a trojanized MSI installer disguised as a WhatsApp setup. Targeting users in East and Southeast Asia, the attack uses encrypted shellcode in image files and PowerShell scripts for persistence, with the RAT enhanced to detect Telegram installations and report via Telegram. Symantec’s adaptive, file-based, and machine learning protections, alongside VMware Carbon Black policies, effectively block this malware. Visit Broadcom’s protection bulletin for details on safeguarding your systems. |
|
| 13-06-2025 |
Broadcom Addresses Grafana Vulnerability with Robust Protection |
Cybersecurity |
Broadcom's Symantec Security Center has issued a bulletin for CVE-2025-4123, a high-severity Grafana vulnerability enabling open redirects and potential server-side request forgery (SSRF) or account takeover via Cross-Site Scripting (XSS). Symantec’s network-based and policy-based protections, including Data Center Security (DCS), safeguard systems by blocking malicious exploits and securing underlying OS resources. The Grafana vendor has released patches to fix this issue. For enhanced security, ensure systems are updated and leverage Symantec’s industry-leading solutions. |
|
| 13-06-2025 |
Symantec Counters CyberEye RAT with Multi-Layered Protection |
Cybersecurity |
Broadcom’s Symantec Security Center has identified CyberEye, a modular Remote Access Trojan (RAT) using Telegram for command-and-control, capable of cryptocurrency hijacking and data exfiltration. Symantec’s adaptive, behavior, and machine learning-based defenses, including VMware Carbon Black, effectively detect and block this versatile threat. The solutions prevent malware execution and leverage cloud reputation services for enhanced security. Organizations are advised to implement Symantec’s robust protection policies to safeguard sensitive data. |
|
| 12-06-2025 |
Symantec Uncovers Fog Ransomware’s Unique Attack Tools |
Cybersecurity |
Symantec’s Threat Hunter Team identified a May 2025 Fog ransomware attack on an Asian financial institution, utilizing unusual tools like Syteca employee monitoring software and open-source pentesting tools (GC2, Adaptix, Stowaway). The attackers established network persistence post-ransomware deployment, suggesting potential espionage motives. Symantec’s advanced detection capabilities, including VMware Carbon Black, effectively counter this sophisticated threat. Businesses are urged to update protections to mitigate similar attacks. |
|
| 09-06-2025 |
Symantec Counters NodeSnake RAT from Interlock Ransomware |
Cybersecurity |
Symantec’s security solutions effectively protect against NodeSnake, a new Remote Access Trojan (RAT) deployed by the Interlock ransomware group targeting educational institutions. Delivered through phishing emails, NodeSnake uses JavaScript and NodeJS to disguise itself as a legitimate Chrome process, enabling stealthy reconnaissance and data theft. Symantec’s behavior-based, file-based, machine learning, and web-based detection systems block this threat comprehensively. Users are advised to enable robust malware protection policies in VMware Carbon Black products for maximum security. Visit Broadcom’s Security Center for detailed protection guidance. |
|
| 08-06-2025 |
Symantec Blocks Fake Government App Targeting Indian Android Users |
Cybersecurity |
Symantec’s security solutions have identified and neutralized a malicious Android app posing as a government application targeting users in India. This malware employs multi-stage downloads and anti-analysis techniques to steal personal information and SMS data, requiring user interaction to enable its malicious functions. Symantec detects this threat as Android.Reputation.2 and AppRisk:Generisk, ensuring robust protection for affected devices. Android users are urged to verify app authenticity and enable Symantec’s mobile security features. Visit Broadcom’s Security Center for more details. |
|
| 08-06-2025 |
Symantec Shields Gamers from Blitz Malware in Cheats |
Cybersecurity |
Symantec’s security solutions detect and block Blitz, a multi-stage malware hidden in backdoored video game cheat applications, targeting unsuspecting gamers. The malware, comprising downloader and botnet components, is delivered when users run compromised cheats, enabling further malicious downloads. Symantec identifies this threat through adaptive, file-based, machine learning, and web-based detections, including Backdoor.Trojan and Miner.XMRig. Gamers are advised to avoid unverified cheat software and enable Symantec’s protection policies. Visit Broadcom’s Security Center for setup guidance. |
|
| 08-06-2025 |
Symantec Thwarts APT41’s TOUGHPROGRESS Malware Exploiting Google Calendar |
Cybersecurity |
Symantec’s advanced security solutions neutralize TOUGHPROGRESS, a custom malware deployed by the APT41 threat group, which uses Google Calendar events as a covert command-and-control channel. Delivered via spear-phishing emails with malicious ZIP files, the malware employs a three-stage, in-memory infection process to evade detection. Symantec detects this threat through adaptive, email, file, machine learning, and web-based protections, including Scr.Mallnk!gen2 and Heur.AdvML.A. Users are encouraged to enable Symantec’s email security and VMware Carbon Black policies for robust defense. Visit Broadcom’s Security Center for detailed protection steps. |
|
| 05-06-2025 |
Symantec Reveals HTTP Data Leaks in Chrome Extensions |
Cybersecurity |
Symantec’s recent findings expose critical security flaws in popular Chrome extensions like SEMRush Rank and Browsec VPN, leaking data via unencrypted HTTP connections. These extensions, used by millions, transmit browsing domains, machine IDs, and usage analytics in plaintext, vulnerable to interception by attackers. DualSafe Password Manager has since adopted HTTPS to secure its telemetry. |
|
