| 02-05-2025 |
Symantec Blocks MintsLoader in TAG-124 Cyber Attacks |
Service |
Symantec counters MintsLoader, a loader used by TAG-124 to target industrial, legal, and energy sectors with phishing and malicious payloads. Its obfuscated scripts and anti-VM tactics are thwarted by Symantec’s adaptive and machine learning protections. |
|
| 01-05-2025 |
Symantec IPS Audit Signatures Detect Over 811 Million Threats in April 2025 |
Feature |
Symantec’s Intrusion Prevention System (IPS) audit signatures identified 811.5 million attacks across 2.1 million endpoints in April 2025, targeting vulnerabilities in web servers, Windows OS, and ransomware tools. These signatures monitor suspicious network traffic without blocking by default, allowing administrators to review logs and enable blocking for enhanced protection. Key detections included 311.7 million Windows OS vulnerability scans and 34.6 million ransomware-related attacks. |
|
| 01-05-2025 |
Iranian APT Targets Middle Eastern Critical Infrastructure with Sophisticated Malware |
Company News |
An Iranian advanced persistent threat (APT) actor attacked critical Middle Eastern infrastructure, using backdoors, web shells, and living-off-the-land binaries (lolbins) to establish persistence and execute operations. Fortinet’s investigation revealed the attacker’s tactics, while Symantec’s adaptive and machine learning-based protections, including SONAR and Carbon Black, effectively block these threats. The campaign underscores the growing cyber risks to regional infrastructure. |
|
| 30-04-2025 |
Symantec Thwarts TypeLib Hijacking in Microsoft Teams Phishing Campaign |
Company News |
Symantec has identified and neutralized a sophisticated Microsoft Teams phishing campaign by the Storm-1811 threat actor, deploying a PowerShell backdoor via TypeLib hijacking. The attack uses social engineering, posing as IT support to trick employees into enabling Windows Quick Assist for malware deployment. Symantec’s adaptive, file-based, and machine learning protections, including VMware Carbon Black, block associated malicious indicators. |
|
| 30-04-2025 |
Symantec Blocks Hannibal Infostealer Targeting Browsers and Crypto Wallets |
Service |
Symantec has detected and neutralized Hannibal Infostealer, a C#-based malware rebranded from Sharp and TX stealers, actively sold on dark web forums. It targets Chromium and Gecko-based browsers, cryptocurrency wallets, FTP clients, and VPNs, using a crypto clipper to hijack transactions. Symantec’s adaptive, behavior, and network-based protections, including VMware Carbon Black, effectively block this threat. |
|
| 30-04-2025 |
Symantec Neutralizes Pentagon Stealer Malware Targeting Crypto and App Credentials |
Cybersecurity |
Symantec has identified and blocked Pentagon Stealer, a new Python and Golang-based malware, also known as Acab and BLX Stealer, spreading through typosquatting campaigns. It targets browser credentials, cookies, cryptocurrency wallets, and app tokens from platforms like Discord and Telegram, using HTTP requests for stealthy data exfiltration. Symantec’s adaptive, behavior, and machine learning-based protections, including VMware Carbon Black, effectively counter this threat. |
|
| 30-04-2025 |
Symantec Thwarts Spear Phishing Attack on World Uyghur Congress Using Trojanized Text Editor |
Company News |
A sophisticated spear phishing campaign targeted World Uyghur Congress members with a trojanized Uyghur text editor, deploying surveillance malware via spoofed domains. Symantec’s advanced protection, including SONAR, Carbon Black, and machine learning, effectively detects and blocks this threat. The attack highlights the growing risk of culturally tailored cyberattacks. |
|
| 29-04-2025 |
Symantec Endpoint Protection Blocks Millions of Web Threats with Browser Extensions |
Company News |
Symantec's Endpoint Protection (SEP) browser extensions for Google Chrome and Microsoft Edge have successfully blocked 7.3 million cyberattacks across 164,700 endpoints in the last week. Using advanced URL reputation and Browser Intrusion Prevention, SEP protected users from phishing, malware, and other online threats. Ensure your protection by enabling SEP browser extensions today to safeguard against evolving cyber risks. |
|
| 29-04-2025 |
Symantec Thwarts Konni APT’s Multi-Stage Malware Targeting South Korean Entities |
Company News |
A sophisticated multi-stage malware campaign, potentially linked to North Korea’s Konni APT, targets South Korean organizations using a disguised .lnk shortcut to deploy a Remote Access Trojan (RAT). Symantec’s advanced protections, including SONAR, Carbon Black, and Email Threat Isolation, effectively block and detect the threat. The RAT enables persistent access and data exfiltration to a compromised C2 server. |
|
| 29-04-2025 |
Symantec Blocks ELENOR-corp, New Mimic Ransomware Targeting Healthcare |
Cybersecurity |
ELENOR-corp, a new Mimic ransomware variant, is targeting the healthcare sector with advanced capabilities like anti-forensic measures and data exfiltration, preceded by Clipper malware and Python-based infostealers. Symantec’s robust protections, including VMware Carbon Black and machine learning-based detection, effectively neutralize this threat. The ransomware employs registry persistence and deletes backups to hinder recovery. |
|
| 29-04-2025 |
Symantec Blocks CVE-2025-24054 NTLM Vulnerability Exploits in Windows |
Cybersecurity |
Symantec’s advanced security solutions, including VMware Carbon Black and Data Center Security, effectively counter CVE-2025-24054, a Windows NTLM hash disclosure vulnerability exploited since March 19, 2025, recently added to CISA’s Known Exploited Vulnerabilities Catalog. This flaw, triggered by malicious .library-ms files, risks leaking user credentials through spoofing attacks. Symantec’s policies block malicious files, prevent unauthorized network connections, and stop data exfiltration. |
|
| 29-04-2025 |
Symantec Mitigates Commvault Web Server Vulnerability CVE-2025-3928 Exploits |
Cybersecurity |
Symantec’s Data Center Security (DCS) offers robust protection against CVE-2025-3928, a high-severity Commvault Web Server vulnerability enabling authenticated attackers to deploy webshells, recently added to CISA’s Known Exploited Vulnerabilities Catalog. The flaw, actively exploited in the wild, is patched in Commvault versions 11.36.46, 11.32.89, 11.28.141, and 11.20.217. Symantec’s custom sandbox policy prevents attack techniques, ensuring system security. Learn more about safeguarding your systems at broadcom.com |
|
| 29-04-2025 |
Symantec DCS prevents PowerShell-Based LOTL Cyberattacks with Zero-Day Protection |
Feature |
Symantec Data Center Security (DCS) offers robust zero-day protection against Living Off the Land (LOTL) attacks exploiting PowerShell, a tool often abused by cybercriminals for ransomware and data theft. Its default Intrusion Prevention policy for Windows and Linux servers blocks suspicious processes and file modifications, preventing privilege escalation and remote code execution. This defense-in-depth approach safeguards critical infrastructure without relying on signature updates. |
|
| 29-04-2025 |
Symantec Neutralizes Gremlin Stealer Malware Targeting Sensitive Data |
Cybersecurity |
Symantec’s security solutions, including VMware Carbon Black and WebPulse, effectively block Gremlin Stealer, a new C#-based malware sold on Telegram that steals clipboard data, browser credentials, and cryptocurrency wallet information. This malware, identified on April 29, 2025, compresses stolen data into .zip files for exfiltration via Telegram APIs. Symantec’s machine learning and file-based defenses detect and prevent these attacks. |
|
| 28-04-2025 |
RevolverRAT Targeting Users with Malicious Emails – Stay Protected |
Cybersecurity |
RevolverRAT, a Remote Access Trojan, spreads through targeted emails posing as copyright claims, leading to dangerous DLL side-loading attacks. Symantec’s email security products, including Email Threat Isolation, protect users from this and other malicious threats. Learn how to safeguard your devices with Symantec’s advanced protection against RevolverRAT and other evolving cyber risks. Stay secure by activating Symantec's defense solutions today. |
|
| 25-04-2025 |
Symantec Email Threat Isolation Shields Norinchukin Bank Users from Phishing Attacks |
Company News |
Symantec Email Threat Isolation technology protects Norinchukin Bank users from a phishing campaign using fake login pages to steal credentials. The scam targets online banking customers with fraudulent emails mimicking JA Net Bank notifications. Symantec’s web and email security solutions block malicious links and domains, ensuring user safety. |
|
| 25-04-2025 |
Symantec Endpoint Protection Stops Ammyy Admin and PetitPotato in MS-SQL Server Attacks |
Feature |
Symantec Endpoint Protection safeguards businesses from a new cyberattack targeting weak MS-SQL servers with Ammyy Admin and PetitPotato malware. Attackers exploit vulnerabilities to gain remote access and escalate privileges, but Symantec’s advanced file, web, and machine learning defenses block these threats. The solution ensures secure server environments by detecting and preventing malicious activities. |
|
| 25-04-2025 |
Symantec Endpoint Protection Blocks AsyncRAT Malware Spread via Cloudflare Tunnels |
Feature |
Symantec Endpoint Protection counters a new malware campaign using Cloudflare tunnels to deliver AsyncRAT through phishing emails and malicious scripts. The attack deploys multi-stage payloads hidden in files to gain remote access, but Symantec’s adaptive, file, and web-based defenses stop it effectively. This protection ensures businesses remain secure against sophisticated cyber threats. |
|
| 25-04-2025 |
Symantec Email Threat Isolation Blocks Fake DVLA Phishing Emails |
Feature |
Symantec Email Threat Isolation safeguards users from phishing emails mimicking the UK’s Driver and Vehicle Licensing Agency (DVLA), which trick recipients into updating payment details. These fraudulent emails lead to credential-stealing webpages, but Symantec’s email and web security solutions effectively block the malicious URLs. The protection ensures safe online interactions for DVLA account holders. |
|
| 25-04-2025 |
Symantec Endpoint Protection Stops DslogdRAT Malware Targeting Japanese Organizations |
Feature |
Symantec Endpoint Protection blocks the DslogdRAT malware campaign exploiting Ivanti Connect Secure vulnerabilities to target organizations in Japan. The malware enables remote command execution and data theft, but Symantec’s file, network, and web-based defenses prevent its spread. This robust security ensures safe endpoints and servers. |
|
| 24-04-2025 |
Alpine Quest App Hides Spyware Targeting Russian Military, Blocked by Symantec |
Company News |
A tampered version of the Alpine Quest navigation app was found carrying spyware that steals sensitive data like contacts, locations, and documents from Russian military devices. The malware sends stolen information to a Telegram bot and remote server, updating with every user movement. Symantec’s security solutions, including Android.Reputation.2 detection, protect users by identifying and neutralizing this threat. |
|
| 24-04-2025 |
Symantec Shields Against Proton66 Malware Campaigns with VMware Carbon Black |
Cybersecurity |
Proton66’s infrastructure is fueling phishing and malware attacks, including GootLoader, SpyNote, and XWorm, targeting Android users and Korean-speaking communities. Symantec’s VMware Carbon Black and WebPulse technologies block these threats, detecting malicious activities like compromised WordPress sites and WeaXor ransomware. The solutions use advanced machine learning and email security to protect users. |
|
| 24-04-2025 |
Symantec Counters PE32 Ransomware with VMware Carbon Black Protection |
Feature |
PE32 ransomware, a Telegram-controlled malware, uses a dual-extortion approach, demanding separate payments for file decryption and data privacy. Despite its simple code, it threatens systems with weak security, but Symantec’s VMware Carbon Black blocks it effectively. The solution employs behavior-based and machine learning detection to stop malicious activities. |
|
| 23-04-2025 |
Symantec Responds to New FormBook Malware Threat with Advanced Protection Tools |
Feature |
A new FormBook malware campaign has been detected spreading in the wild, targeting systems with data-stealing capabilities. Symantec has issued updated threat protection to help users defend against this growing cyber risk. The malware uses stealthy techniques to bypass defenses, making timely protection essential. Learn how Symantec’s solutions help safeguard sensitive data from emerging threats. |
|
| 23-04-2025 |
Symantec Blocks ToyMaker and Cactus Ransomware Threat with VMware Carbon Black |
Feature |
Cisco Talos researchers uncovered ToyMaker, an Initial Access Broker using the LAGTOY implant to enable Cactus ransomware attacks. Symantec’s VMware Carbon Black detects and blocks this threat, protecting users from malware execution and data breaches. The solution uses advanced machine learning and web-based security to neutralize malicious activities. Visit Broadcom’s Security Center to learn how VMware Carbon Black safeguards against ToyMaker and Cactus ransomware |
|
