The "security" application Symantec Endpoint Protection has been hacked

Not one but three zero-day vulnerabilities were discovered in the suite Symantec Protection during control s to a financial services company that used the software.

The assessment was carried out by a its experts Offensive Security, a company known for developing and supporting the penetration tool .

Symantec Endpoint Protection

The researchers found that the software that was responsible for protecting the company was the cause of its violation.

One of the exploits allows a potential attacker to gain complete control over the server that is "protected" by the security suite. The researchers even published a video proving their success. However, no further details of the weaknesses have been provided for obvious reasons.

Hackers report that they have discovered many vulnerabilities in Symantec Endpoint Protection. Some of these are considered zero-day and reported in CERTs (computer emergency response teams).

By gaining access to a server's resources through the "security" application, an attacker could perform unauthorized actions as a system administrator which as you understand could lead to its complete destruction. The privileged user is able to delete files, view personal information, and install new software.

For those who don't know, Symantec Endpoint Protection is designed to secure and work systems in corporate environments.

Watch this

Of course, we expect Symantec's response that besides excuses should include the immediate release of a patch that will correct all the vulnerabilities detected by Offensive Security.

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.100 registrants.

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).