Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 

Carolina's Check Point: Weekly Updates & Threat Intelligence -- 04/28/2020

Aaron_Rose
Employee
Employee
0 0 607

Newsletter_Social.jpg

 



ANNOUNCEMENTS & UPCOMING EVENTS

  • Webinar- “COVID-19 Threat Intelligence Update”
    RMSource and Check Point’s Global Head of Incident Response, Dan Wiley, will give an in-depth review of the Threat Landscape we’re facing in the wake of COVID-19.  Dan’s engaging presentation will offer real-world statistics and insights from Check Point's IR intelligence team followed by a live Q&A.  
    When: Wednesday, April 29th 2:30pm (EST)
    Register Here

  • Tips and Tricks 2020 #8“Customizing the Compliance Blade”
    The Compliance Software Blade continuously monitors your security infrastructure, gateways, technologies, policies and configuration settings in real time.  It checks against 300+ best practices recommended by Check Point and streamlines your audits by translating thousands of regulatory requirements into actionable security best practices.   Join Check Point’s Subject Matter Expert on all things compliance, Shams Haason, for an overview & demonstration on how to best configure the compliance software blade to suit your needs.
    When: Friday, May 8th 9am (EST)
    Register Here

  • Free Jump Start Training!! – New Course Added
    Check Point’s Education Services Team has expanded our course offerings on Udemy to include a Jumpstart Course for our Hyperscale Network Security solution, Maestro!  This two part course for the Maestro Orchestrator includes initial installation, creation and configuration of security group via the web user interface and SmartConsole features. 
    Access the Training Here

VULNERABILITIES AND PATCHES

  • Two critical vulnerabilities have been discovered in the default mailing app installed on iPhones and iPads, and might have been exploited for two years by attackers targeting high-profile victims. The flaws can be exploited by sending a crafted email message, which may allow the attacker to take control over the device.
    Check Point CloudGuard SaaS provides protection against this threat
  •  IBM Data Risk Manager has been found vulnerable to four Zero-Day exploits which, when chained together, may allow an unauthenticated attacker to execute code as root. A Proof-of-Concept exploit was published.
    Check Point IPS blade provides protection against this threat (IBM Data Risk Manager Command Injection)
  • Unpatchable hardware vulnerability in FPGA chips may allow an attacker to break bitstream encryption, modify functionality and even implant hardware Trojans.
  • Researchers have discovered a method to abuse anti-virus software to execute a malicious file with high-level permissions. The flaw resides in the small timeframe between the anti-virus’s initial file scan and the cleanup operation. An attacker can initiate a race condition to disable the anti-virus software during this timeframe.

TOP ATTACKS AND BREACHES

  • Check Point has investigated a Business Email Compromise attack targeting a financial organization and their business partner. The attacking group, the Florentine Banker, manipulated four transactions of over 1 million GBP into their own bank accounts using advanced phishing tactics to target the mail accounts of key individuals inside the victim companies and manipulating email correspondences.
    Check Point CloudGuard SaaS provides protection against this threat
  • Hackers have abused the login system of Nintendo, resulting in the leakage of 160,000 user accounts. The breach was discovered after a number of users complained of their accounts being accessed; many of the hacked accounts were abused to purchase features and virtual coins.
  • A database containing 400,000 payment card records belonging to South Korean and US banks and financial companies has been uploaded to a hacking forum. The source of the data remains unknown.
  • SeaChange, an international supplier of video delivery software solutions, has been hit by the Sodinokibi ransomware. The attackers apparently exploited an unpatched Pulse Secure VPN server using CVE-2019-11510 and stole documents from the company prior to deploying the ransomware.
    Check Point Anti-Bot and IPS blades provide protection against these threats (Ransomware.Win32.Sodinokibi, Pulse Connect Secure File Disclosure (CVE-2019-11510))
  • A data dump containing 25,000 email credentials allegedly belonging to National Institutes of Health, World Health Organization, Gates Foundation and other organizations has been discovered. The leaked credentials appear to be an aggregation of previously-breached usernames and passwords.
  • The city of Torrance, California, has suffered a DoppelPaymer ransomware attack. The attackers stole 200GB of data prior to deploying the ransomware, and demanded $689,000 in ransom.
    Check Point SandBlast provides protection against this threat (Ransomware.Win32.Doppelpaymer)
  • Over 309 million Facebook profiles are being offered for sale on the dark web. The data, which did not include passwords, was collected by illegal scraping activity abusing Facebook’s API.

THREAT INTELLIGENCE REPORTS

  • The FBI has issued a warning for US health organizations against Covid-19-related phishing attempts. According to the FBI and other official agencies, threat actors are actively attempting to send phishing attempts over email, containing malicious Microsoft Word Documents, 7-Zip compressed files, Microsoft VBS files, Java and Executables.
  • A malware botnet comprising over 35,000 compromised Windows machines has been taken down after being active since May 2019. The botnet, which was named “Victory Gate”, was mainly operated for the purpose of mining Monero cryptocurrency, with victims in public and private organizations, mostly from Latin America.  Victory Gate propagates via removable devices such as USB drives, which install a malicious payload into the system.
    Check Point Anti-Bot blade provides protection against this threat (Botnet.Win32.VictoryGate)
  • China-linked APT Winnti has targeted a South Korean video gaming company called Gravity as well as a German chemical company in recent campaigns. The group, typically motivated by espionage and financial gain, has deployed a malware containing a unique C2 communication method that abuses the iodine source code, an open-source software used for tunneling IPv4 data through a DNS server.
    Check Point Anti-Bot blade provides protection against this threat (Backdoor.Win32.Winnti)

BOOKMARKS

  • CheckMates Video Series: Check Point for Beginners
    If you’re new to Check Point, or would like to brush up on your CP skillset, this is an excellent video series to get you started!
  • The “Ultimate” Collection of Check Point Links
    This is a personal favorite compiled by Valerie Loukine, a Cyber Security Evangelist here at Check Point.  The document includes 50+ links to helpful articles, secure knowledge (SK’s), best practice guides, videos & more.  I highly recommend you bookmark this one!
  • CheckMates “TechTalk” Webinar Recordings
    In case you missed our previous TechTalks, checkout this page for a list of recordings of all the TechTalk webinar series.  Including Management API Best Practices, Migrate to R80.20, IPS Ease of Use in R80.20, & more.