Businesses should disable pcAnywhere, says Symantec

Users of Symantec’s pcAnywhere are at increased risk as a result of a recent source code theft, the company advised

The company confirmed that a segment of its source code had been stolen by a hacking group in 2006 that made pcAnywhere vulnerable.

However, Symantec said it had since taken steps to prevent a similar incident from occurring again, and that there were no indications that customer information had been impacted or exposed.

“Our investigation continues to indicate that the theft is limited to only the code for the 2006 versions of Norton Antivirus Corporate Edition; Norton Internet Security; Norton SystemWorks (Norton Utilities and Norton GoBack); and pcAnywhere,” the company said.

News of the source code theft emerged earlier this month when hacking group Lords of Dharmaraja threatened to post it online.

Symantec initially said there was no risk to users as the stolen code was six years old, advising them simply to make sure the most recent version of the products had been downloaded.

The company has reiterated that advice, but has now warned that users of Symantec’s pcAnywhere do have increased risk as a result of the source code theft.

“Our current analysis shows that all pcAnywhere 12.0, 12.1 and 12.5 customers are at increased risk, as well as customers using prior versions of the product,” the company said.

Symantec has published security guidelines, which recommend disabling the product until the firm releases a final set of software updates that resolve currently known vulnerability risks.

For customers that require pcAnywhere for business-critical purposes, it is recommended they understand the current risks, ensure pcAnywhere 12.5 is installed, apply all relevant patches as they are released, and follow the general security best practices in the guidelines.

“Customers that are not following general security best practices are also susceptible to man-in-the-middle attacks which can reveal authentication and session information. General security best practices include endpoint, network, remote access, and physical security, as well as configuring pcAnywhere in a way that minimizes potential risks,” the company said.

This story was first published by Computer Weekly

Businesses should disable pcAnywhere, says Symantec

You may also like

Symantec Scales Down with Launch of Norton Small Business

Was stolen Symantec source code behind the RSA SecurID attacks?

Symantec develops pooled high-end cyberthreat analysis service

Source code for Symantec's pcAnywhere published after failed extortion attempt

Symantec teams up with LifeLock to expand offline

What’s hot on Infosecurity Magazine?

Alarming Decline in Cybersecurity Job Postings in the US

Quishing Attacks Jump Tenfold, Attachment Payloads Halve

Akira Ransomware Group Rakes in $42m, 250 Organizations Impacted

North Korean Group Kimsuky Exploits DMARC and Web Beacons

New Cyber-Threat MadMxShell Exploits Typosquatting and Google Ads

Russia's Sandworm Upgraded to APT44 by Google's Mandiant

Cybersecurity Pros Urge US Congress to Help NIST Restore NVD Operation

North Korean Group Kimsuky Exploits DMARC and Web Beacons

Report Suggests 93% of Breaches Lead to Downtime and Data Loss

US Government and OpenSSF Partner on New SBOM Management Tool

Russia and Ukraine Top Inaugural World Cybercrime Index

FBI Warns of Massive Toll Services Smishing Scam

Incident Response: Four Key Cybersecurity Measures to Protect Your Business

Is MFA Enough? Strategies for Next-Level Identity Security in 2024

Disinformation Defense: Protecting Businesses from the New Wave of AI-Powered Cyber Threats

Navigating the Evolving Cybersecurity Compliance Landscape in 2024

Adapting to Tomorrow's Threat Landscape: AI's Role in Cybersecurity and Security Operations in 2024

Untangling the Web: Navigating Third-Party Risk in a Hyperconnected World

Infosecurity Magazine Spring Online Summit 2024: Day One

Infosecurity Magazine Spring Online Summit 2024: Day Two

Russia’s Midnight Blizzard Accesses Microsoft Source Code

I-Soon GitHub Leak: What Cyber Experts Learned About Chinese Cyber Espionage

LockBit Takedown: What You Need to Know about Operation Cronos

Women in Cybersecurity at Infosecurity Europe 2024