The "security" application Symantec Endpoint Protection has been hacked

Not one but three zero-day vulnerabilities were discovered in the suite Symantec Endpoint Protection during a security audit to a financial services company that used the software.

The evaluation was carried out by a group of its experts Offensive Security, a company known to develop and support the Kali Linux Penetration Tool.

Symantec Endpoint Protection

The researchers found that the software that was responsible for protecting the company was the cause of its violation.

One of the exploits allows a potential attacker to gain complete control over the server that is "protected" by the security suite. The researchers even published a video proving their success. However, no further details of the weaknesses have been provided for obvious reasons.

Hackers report that they have discovered many vulnerabilities in Symantec Endpoint Protection. Some of these are considered zero-day and reported in CERTs (computer emergency response teams).

By gaining access to a server's resources through the "security" application, an attacker could perform unauthorized actions as a system administrator which as you understand could lead to its complete destruction. The privileged user is able to delete files, view personal information, and install new software.

  Thunderbolt 2. Officially from Intel for 4K view and transfer video simultaneously

For those who do not know, Symantec Endpoint Protection is designed to secure servers and work systems in corporate environments.

Watch the video

Of course, we expect Symantec's response that besides excuses should include the immediate release of a patch that will correct all the vulnerabilities detected by Offensive Security.

Follow us on Google News at Google news

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published.

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).

9 + 1 =