Create a Post
Showing results for 
Search instead for 
Did you mean: 

Carolina's Check Point: Weekly Updates & Threat Intelligence -- 04/20/2020

0 0 339K




  • Free Jump Start Training!! – New Course Added
    Check Point’s Education Services Team has expanded our course offerings on Udemy to include a Jumpstart Course for our Hyperscale Network Security solution, Maestro!  This two part course for the Maestro Orchestrator includes initial installation, creation and configuration of security group via the web user interface and SmartConsole features. 
    Access the Training Here
  • Tips & Tricks #7 - “Endpoint Anti-Ransomware & Forensics”
    Check Point’s Advanced Threat Prevention Subject Matter Expert, Scot Kight, will be discussing the powerful Anti-Ransomware & forensic capabilities of Check Point’s Endpoint Security Solution, SandBlast Agent.
    • Interface Updates
    • Understanding common attacks and how to protect your endpoints
    • Automatic Remediation of Ransomware
    • Forensics & the MITRE Attack Framework (sample Ryuk report)
      When: Friday, April 24th 9am (EST)
      Register Here

Interested in learning more about SandBlast Agent?  Check out this video playlist from Check Point Endpoint Solution Architect, Dan Schneppenheim.

  • Virtual Lunch & Learn- “Leading Cloud Security with Check Point CloudGuard Dome9”
    AccessIT & Check Point have teamed up for a cloud security webinar.  Attendees will receive a $30 GrubHub gift card for attending.  During our virtual Lunch & Learn, Growth Technologies Evangelist and host of the TalkingCloud podcast, Grant Asplund, will present on the benefits from the combined forces of Check Point and Dome9.
    You’ll learn how to:
    • Prevent fatal misconfiguration mistakes
    • Protect workloads and cloud services from modern attacks
    • Get full access control & visibility with simplified management and continuous compliance
    • Enable your cloud to stay agile and elastic
    • When: Friday, April 28th 1pm (EST)
      Register Here
  • New Security Gateway Line: “A Quantum Leap for Network Security”
    When: Tuesday, April 21st 12pm (EST)
    Register for the webinar announcement here

  • We are here to keep you safe - Complimentary remote security to enable business continuity in times of uncertainty due to the coronavirus. 
    As your trusted cyber security partner, we offer you a 60-day complimentary license to ensure secure connectivity for remote employees.  Security Gateway evaluations (hardware or virtual) are available to support your remote access infrastructure.  This license will include:
    • Remote Access VPN – Enterprise-grade remote access. Simple, safe and secure connectivity to your email, calendar, contacts and corporate applications.
    • Mobile Security – Protect your personal mobile device from viruses and other types of malware.
    • Endpoint Security – Protect your laptop and PC against viruses, spyware and ransomware.
      Learn more

Find a comprehensive list of all Check Point Webinars & Events here, and upcoming CheckMates Events here.


  • Oracle has released patches that address 405 new security vulnerabilities in multiple products.
  • A new security vulnerability has been found in Slack. The vulnerability allows an attacker to send a message to any workspace, regardless of their membership, thus facilitating phishing attacks.
  • Intel has addressed 9 security vulnerabilities in the April 2020 Platform Update, all of them being high and medium severity security flaws impacting multiple software products, firmware, and platforms.
  • Microsoft has released its April 2020 Patch Tuesday security updates. The release addressed 113 vulnerabilities, 19 of which rated as critical and 94 rated as important. Four of the vulnerabilities are being exploited in the wild.
    Check Point IPS provides protection against these threats (CVE-2020-0888; CVE-2020-0957; CVE-2020-0956; CVE-2020-0958; CVE-2020-0938; CVE-2020-0968; CVE-2020-1020; CVE-2020-1027; CVE-2020-1004; CVE-2020-0784)


  • Threat actors have employed the previously-unknown PoetRAT Trojan in a coronavirus-themed campaign aimed at the Azerbaijan government and utility companies. Delivered via phishing, the malware infected ICS and SCADA systems used to control the wind turbines within the renewable energy sector. Check Point Anti-Virus provides protection against this threat (PoetRAT.TC)
  • Portugal electric company, Energias de Portugal (EDP), has been hit by Ragnar Locker ransomware. The attackers demand 1,580 bitcoin amounting to $10.9 million to retrieve 10 TB of stolen data. To prove they poses the company’s data, the threat actors leaked data from EDP’s KeePass password manager, which contains the login credentials, accounts, URLs and notes of employees.  Check Point SandBlast Agent provides protection against this threat
  • Cognizant, IT managed services company based in the US, had suffered from a ransomware attack, allegedly Maze ransomware. Check Point SandBlast and Anti-Bot provide protection against this threat (Ransomware.Win32.Maze)
  • Aptoide, a third-party app store for Android application has suffered a data breach. The data, which was published on a well-known hacking forum, is part of a large batch of 39 million personal identifiable information records stolen between July 21, 2016 and January 28, 2018.
  • Taxpayers have been targeted by a new variant of the NetWire RAT in a malspam campaign that makes use of an improved keylogger and credential-collecting feature delivered by an Excel 4.0 macro.  Check Point SandBlast, Anti-Bot and Anti-virus provide protection against this threat (Trojan.Win32.NetWire)
  • A new Ursnif/ISFB campaign is targeting Italian organizations. The dropper has adopted new techniques using XML macros, and two different C2, one of which is in charge of tracking each infection with a unique victim ID. Check Point SandBlast and Anti-Bot provides protection against this threat (Banking.Win32.Ursnif)



  • Check Point Research have shown how ransomware are blurring the line between traditional ransomware attacks and traditional data breaches, both encrypting files and threatening to publish confidential data if ransom is not paid. 
    Check Point SandBlast Agent provides protection against this threat.
  • Check Point Research have shown that threat actors are leveraging the economic stimulus declared in the US in their phishing campaigns, sending out emails with malicious attachments titled “COVID-19 Payment” or links to phishing websites.
  • Google has removed 49 Chrome extensions from the Web Store that posed as legitimate cryptocurrency wallet apps like Ledger, MyEtherWaller, Trezor, Electrum, and others. The extensions contained malicious code able to steal crypto-wallet private keys, mnemonic phrases, and other raw secrets.
  • Researchers have found clipboard hijacking in 725 Ruby libraries. The malicious packages were uploaded to the official RubyGems repository between February 16 and 25 and replaced cryptocurrency addresses copied to the clipboard with the attacker's address. All libraries were copies of legitimate libraries, worked as intended, but also contained the malicious files.
  • A new AgentTesla variant steals WiFi credentials. The popular infostealer  is a .Net-based infostealer that obtains the capability to steal data from different applications on victim machines, such as browsers, FTP clients, and file downloaders recently added a new feature that can steal WiFi usernames and passwords. 
    Check Point SandBlast and Anti-Bot provides protection against this threat (Trojan.Win32.AgentTesla)


  • CheckMates Video Series: Check Point for Beginners
    If you’re new to Check Point, or would like to brush up on your CP skillset, this is an excellent video series to get you started!
  • The “Ultimate” Collection of Check Point Links
    This is a personal favorite compiled by Valerie Loukine, a Cyber Security Evangelist here at Check Point.  The document includes 50+ links to helpful articles, secure knowledge (SK’s), best practice guides, videos & more.  I highly recommend you bookmark this one!
  • CheckMates “TechTalk” Webinar Recordings
    In case you missed our previous TechTalks, checkout this page for a list of recordings of all the TechTalk webinar series.  Including Management API Best Practices, Migrate to R80.20, IPS Ease of Use in R80.20, & more.