Strategic shift at Symantec leads to 80 layoffs
Cupertino, Calif.-based Symantec Corp. has decided to draw down its investment in network and gateway security appliances and let 80 of its 15,500 employees go as part of the strategic shift. Symantec informed its workforce of the changes late last week, according to published reports.
The company said it will stop making hardware for Symantec Gateway Security (SGS), Symantec Network Security (SNS) 7100, and the SGS Advanced Manager 3.0 products, though it will still develop the software used in these appliances. The company will now turn to partners to build the hardware.
Appliances currently in the market will continue to be sold and supported. The new strategy does not affect all appliances. Symantec Mail Security (SMS), Symantec Security Information Manager (SSIM) and Symantec Network Access Control Enforcer are among the products that won't be affected.
New flaws and exploits surface for Internet Explorer
Attackers could bypass security restrictions and launch malicious commands by exploiting two new flaws in Microsoft Internet Explorer (IE), vulnerability researcher Plebo Aesdi Nael said in an analysis published on the Full Disclosure message board hosted by Danish vulnerability clearinghouse Secunia.
In its advisory on the flaws, the French Security Incident Response Team (FrSIRT) described the vulnerabilities as:
FrSIRT noted that proof-of-concept exploits have been published.
These new IE flaw reports come only days after Microsoft and Symantec warned of flaws and exploits targeting Microsoft's Remote Access Connection Manager (RASMAN), which was patched in the MS06-025 security bulletin June 13; and Windows Live Messenger, the instant messaging client formerly called MSN Messenger.
Apple fixes Mac OS X flaws
Apple Computer Inc. has released Mac OS X version 10.4.7 to address multiple security holes in the operating system.
The update addresses the following problems:
The flaws do not affect Mac OS X versions prior to 10.4.0
New data security bill filed
Sen. Bob Bennett, R-Utah, and Sen. Tom Carper, D-Del., have added to the growing list of data security measures now pending before Congress. The proposed Data Security Act of 2006 would create a national data protection and breach notification standard, Computerworld reported.
"This bill would require all financial institutions, retailers and government agencies to maintain strong internal safety protections for the data they hold," Carper said in a statement. It would also require them to "quickly investigate" security breaches and to notify law enforcement, regulators and customers when there is a real risk of harm, he said.
The proposed bill would expand the reach of current laws that require only financial institutions to protect the security and confidentiality of customer information, Bennett said in a separate statement.
The Bennett-Carper legislation is modeled after the Gramm-Leach-Bliley Act and will require federal and state regulators to enforce compliance with the law and to make sure that data security procedures are uniformly applied, Computerworld noted.
F-Secure patches flaw in its antivirus products
Finnish antivirus firm F-Secure Corp. has addressed flaws that could allow attackers to push malware past the sensors of several antivirus products.
"Antivirus products for Windows client and server systems fail to detect malware under certain circumstances," F-Secure said in an advisory. "Failures of this kind may lead to malware infections on protected systems."
Linux, mobile and Windows-based gateway products are not affected by the vulnerability, F-Secure said.
The advisory and issued hotfixes address two separate scenarios that both can lead to malware bypass:
Both scenarios may lead to system infection as the real-time scanner may grant permission to execute program files even if they are infected. But the vulnerability cannot, to F-Secure's knowledge, be used for privilege escalation attacks or to gain remote access to affected systems.