The Verge: WhatsApp and Telegram media files aren’t so secure after they reach your phone

The Verge: WhatsApp and Telegram media files aren’t so secure after they reach your phone. “While they’re known for strongly encrypting messages in transit, apps like WhatsApp and Telegram may not always be able to keep files safe after they’re on your phone. Today, researchers from Symantec explain how hackers could use a malicious app to subtly alter media files sent through the services.”

The Register: Dr Symantec offers quick and painless checkup for VPNFilter menace on routers

The Register: Dr Symantec offers quick and painless checkup for VPNFilter menace on routers. “Clean-up efforts to respond to the VPNFilter malware have accelerated with the release of a free check-up tool. Even though the utility from Symantec only looks to see if traffic has been manipulated, rather than confirming an infection, third-party experts have nonetheless welcomed its release.”

Los Angeles Times: Symantec stock dives 33% as mystery investigation has people imagining the worst

Los Angeles Times: Symantec stock dives 33% as mystery investigation has people imagining the worst. “For the last few years, Symantec Corp. seemed to have been doing everything right. The world’s top maker of cybersecurity software started selling more to corporations — chasing growth and balancing out its consumer-centric business. It made acquisitions and brought in a new chief executive. Its shares were rising. So Wall Street was blindsided when the Mountain View, Calif., company disclosed that it is conducting an internal investigation that will delay the filing of its annual report and could potentially lead to a restatement of earnings. The news was tucked into the quarterly results late Thursday, and when analysts started asking questions, they were shut down. The company cut short the post-earnings conference call and canceled its scheduled callbacks later in the evening. That left analysts to fill in the blanks. And they imagined the […]

The Register: Google to kill Symantec certs in Chrome 66, due in early 2018

The Register: Google to kill Symantec certs in Chrome 66, due in early 2018 . “Google has detailed its plan to deprecate Symantec-issued certificates in Chrome. The decision to end-of-life its trust for Symantec certificates was the outcome of a long tussle over dodgy certificates, which came to a head when certs for example.com and various permutations of test.com escaped into the wild.”

CBR: Symantec dealt major blow as Google loses trust in security certificates

CBR: Symantec dealt major blow as Google loses trust in security certificates. “Google are aiming to boost the confidence of Chrome users with engineers announcing plans to reduce trust in Symantec certificates. This gradual shift is set to reach a point in early 2018 when Chrome 64 will only trust certificates that are issued from Symantec for 279 days or less. The scale of the misissuance by Symantec has exploded from an initial 127 certificates under scrutiny, to a figure noted as at least 30,000.”

Google Researcher Bodyslams Symantec for Product Insecurities

A Google researcher has ripped multiple strips off Symantec for the insecurity of its products. “Researcher Tavis Ormandy has spotted numerous vulnerabilities in 25 Norton and Symantec products that are “as bad as it gets,” he says. ‘Just emailing a file to a victim or sending them a link to an exploit is enough to trigger it — the victim does not need to open the file or interact with it in any way.’ Symantec has already published fixes for the exploits, so users would do well to install them immediately.”

Use Norton/Symantec Antivirus Products? Prepare to Patch

Looks like Symantec antivirus products might have a nasty security bug. “British white hat hacker and Google Project Zero chap Tavis Ormandy is making life miserable for Symantec again: the bug-hunter has turned up an exploitable overflow in ‘the core Symantec Antivirus Engine used in most Symantec and Norton branded Antivirus products’. Described here, the problem is in how the antivirus products handle executables compressed using an early version of the Aspack compression tool.”

Google to Symantec Root Certificates: Step Off

Google is formally banning/distrusting Symantec root certificates. “Over the course of the coming weeks, Google will be moving to distrust the ‘Class 3 Public Primary CA’ root certificate operated by Symantec Corporation, across Chrome, Android, and Google products. We are taking this action in response to a notification by Symantec Corporation that, as of December 1, 2015, Symantec has decided that this root will no longer comply with the CA/Browser Forum’s Baseline Requirements. As these requirements reflect industry best practice and are the foundation for publicly trusted certificates, the failure to comply with these represents an unacceptable risk to users of Google products.”

Google Gets Sharp With Symantec

Google is getting tough with Symantec. “Google is evidentially not very pleased about security firm Symantec’s recent performance when it comes to issuing secure Web certificates and has outlined a list of demands to prevent the same mistakes from happening again. In September, Symantec fired a number of employees following glaring mistakes in issuing transport layer security (TLS) certificates. “