| App: ActivateTBKS |
This Android app, pre-installed in The Creative Life (TCL) devices, can steal device and user data. It can also silently install and uninstall Android Application Packages (APK). |
Track down the endpoint by using the available details and uninstall the application. |
| IPTV: Abandoned platform |
Endpoint is an abandoned Chinese-based IPTV platform. |
Track down the IPTV system by using the available details and disable the insecure application. |
| IPTV: LiveTV add-on |
Endpoint is a software media center with abandoned Live TV add-on. |
Track down the IPTV system by using the available details and disable the insecure application. |
| Mobile debug firmware: IMEI: 123XXX |
Mobile endpoint contains firmware with rootkit capabilities disguised as a debug tool, and should not be communicating. |
Use the available details about the device to track down the source, and then update or disable access to personally identifiable information and confidential data on the device. Ensure the device receives a thorough security review. |
| Proxy auto-discovery configuration |
Endpoint is using an abandoned domain for proxy configuration. |
Track down the system using the proxy by using the available details, and then disable or update the remote proxy auto-configuration setting. |
| Service: SMB |
Endpoint is reaching out to Windows Netbios network via an abandoned domain. |
Track down the system accessing the SMB service by using the available details, and then reconfigure or disable the destination access. Reevaluate your systems contacting remote services. For additional security, block the SMB ports on company edge network infrastructure. If NetBIOS connectivity is required, tunnel any connections through a secure Virtual Private Network (VPN) connection. Implement strong passwords and either strong password handling protocols or a key authentication system. |
| IPTV: Swarmcast |
Endpoint is using abandoned “Swarmcast” internet television services. |
Track down the IPTV system by using the available details and disable the insecure application. |
| Remote management: Symantec patches |
Corporate endpoints are contacting abandoned domains from Symantec patch management solution (Altiris). |
Track down the endpoint system by using the available details, and then reinstall or remove the related insecure application. |
| Remote management: McAfee ePolicy |
Corporate endpoints are contacting abandoned domains from McAfee ePolicy Orchestrator (McAfee ePO). |
Track down the endpoint system by using the available details, and then reinstall or remove the related insecure application. |
| Remote management: Symantec EPM |
Corporate endpoints are contacting abandoned domains from Symantec Endpoint Protection Manager. |
Track down the endpoint system by using the available details, and then reinstall or remove the related insecure application. |
| Remote management: mydlink |
DLink routers are using abandoned service domains from “My DLink” portal. |
Track down the endpoint system by using the available details, and then reinstall or remove the related insecure application. |
| Remote management: TR-069 CPE |
Customer-premises equipment (CPE) devices are using the TR-069 protocol for remote management on abandoned domain names. |
Track down the endpoint system by using the available details, and then reinstall or remove the related insecure application. |
| Remote management: Citrix PN Agent |
Devices are using Citrix Received PN Agent over abandoned domains. |
Track down the endpoint system by using the available details, and then reinstall or remove the related insecure application. |
