https://community.checkpoint.com/t5/General-Topics/Check-Point-Response-to-FireEye-Red-Team-Tools-Leak/m-p/104767#M20123 <P>On December 8, 2020, <A href="https://www.fireeye.com/blog/products-and-services/2020/12/fireeye-shares-details-of-recent-cyber-attack-actions-to-protect-community.html" target="_self">FireEye shared details on a breach which also had access to their red team tools.</A>&nbsp;</P> <P><SPAN>Check Point covers&nbsp;</SPAN><A href="https://github.com/fireeye/red_team_tool_countermeasures/blob/master/CVEs_red_team_tools.md" target="_blank" rel="noopener">vulnerabilities</A><SPAN>&nbsp;reported by FireEye with the following Threat Prevention protections:</SPAN></P> <OL> <LI>Pulse Connect Secure File Disclosure (CVE-2019-11510)</LI> <LI>Microsoft Netlogon Elevation of Privilege (CVE-2020-1472)</LI> <LI>Fortinet FortiOS SSL VPN Directory Traversal (CVE-2018-13379)</LI> <LI>Adobe ColdFusion Remote Code Execution (CVE-2018-15961)</LI> <LI>Microsoft SharePoint Remote Code Execution (CVE-2019-0604)</LI> <LI>Microsoft Remote Desktop Services Remote Code Execution (CVE-2019-0708)</LI> <LI>Atlassian Crowd Remote Code Execution (CVE-2019-11580)</LI> <LI>Citrix Multiple Products Directory Traversal (CVE-2019-19781)</LI> <LI>Zoho ManageEngine Remote Code Execution (CVE-2020-10189)</LI> <LI>Microsoft Group Policy Preferences Password Elevation of Privilege (MS14-025: CVE-2014-1812)</LI> <LI>Atlassian Confluence Directory Traversal (CVE-2019-3398)</LI> <LI>Microsoft Exchange Server Remote Code Execution (CVE-2020-0688)</LI> <LI>Microsoft Outlook Security Feature Bypass (CVE-2017-11774)</LI> <LI>Microsoft Exchange Server Privilege Escalation (CVE-2018-8581)&nbsp;</LI> </OL> <P><SPAN>In addition, Threat Emulation covers CVE-2016-0167 with the protections Trojan.Wins.Generic.F and Trojan.Wins.Generic.B.</SPAN></P> <P><SPAN>Source:&nbsp;<A href="https://supportcenter.us.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk170918" target="_self">sk170918</A></SPAN></P> Wed, 09 Dec 2020 13:03:16 GMT _Val_ 2020-12-09T13:03:16Z https://community.checkpoint.com/t5/General-Topics/Check-Point-Response-to-FireEye-Red-Team-Tools-Leak/m-p/104767#M20123 <P>On December 8, 2020, <A href="https://www.fireeye.com/blog/products-and-services/2020/12/fireeye-shares-details-of-recent-cyber-attack-actions-to-protect-community.html" target="_self">FireEye shared details on a breach which also had access to their red team tools.</A>&nbsp;</P> <P><SPAN>Check Point covers&nbsp;</SPAN><A href="https://github.com/fireeye/red_team_tool_countermeasures/blob/master/CVEs_red_team_tools.md" target="_blank" rel="noopener">vulnerabilities</A><SPAN>&nbsp;reported by FireEye with the following Threat Prevention protections:</SPAN></P> <OL> <LI>Pulse Connect Secure File Disclosure (CVE-2019-11510)</LI> <LI>Microsoft Netlogon Elevation of Privilege (CVE-2020-1472)</LI> <LI>Fortinet FortiOS SSL VPN Directory Traversal (CVE-2018-13379)</LI> <LI>Adobe ColdFusion Remote Code Execution (CVE-2018-15961)</LI> <LI>Microsoft SharePoint Remote Code Execution (CVE-2019-0604)</LI> <LI>Microsoft Remote Desktop Services Remote Code Execution (CVE-2019-0708)</LI> <LI>Atlassian Crowd Remote Code Execution (CVE-2019-11580)</LI> <LI>Citrix Multiple Products Directory Traversal (CVE-2019-19781)</LI> <LI>Zoho ManageEngine Remote Code Execution (CVE-2020-10189)</LI> <LI>Microsoft Group Policy Preferences Password Elevation of Privilege (MS14-025: CVE-2014-1812)</LI> <LI>Atlassian Confluence Directory Traversal (CVE-2019-3398)</LI> <LI>Microsoft Exchange Server Remote Code Execution (CVE-2020-0688)</LI> <LI>Microsoft Outlook Security Feature Bypass (CVE-2017-11774)</LI> <LI>Microsoft Exchange Server Privilege Escalation (CVE-2018-8581)&nbsp;</LI> </OL> <P><SPAN>In addition, Threat Emulation covers CVE-2016-0167 with the protections Trojan.Wins.Generic.F and Trojan.Wins.Generic.B.</SPAN></P> <P><SPAN>Source:&nbsp;<A href="https://supportcenter.us.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk170918" target="_self">sk170918</A></SPAN></P> Wed, 09 Dec 2020 13:03:16 GMT https://community.checkpoint.com/t5/General-Topics/Check-Point-Response-to-FireEye-Red-Team-Tools-Leak/m-p/104767#M20123 _Val_ 2020-12-09T13:03:16Z