Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 

Carolina's Check Point: Weekly Updates & Threat Intelligence -- 05/08/2020

Aaron_Rose
Employee
Employee
1 0 623

Newsletter_Social.jpg

 

 

ANNOUNCEMENTS & UPCOMING EVENTS

  • Beyond the Perimeter “Coffee Talks” Podcast
    Tune in to Check Point's Coffee Talk, sponsored by your Check Point "Beyond the Perimeter" Team, 14 minutes before your virtual day gets away from you, to get you in the loop while you get that first cup of coffee down, your perfect companion on your COMMUTE TO NOWHERE in COVID times brought to you by Check Point's Beyond The Perimeter Team!  Grab your coffee, quarantine yourself in your home office, and dial us up. Join your host Brian Linder and a different guest expert each episode for a spirited and sometimes quirky look at the CyberSecurity state-of-the-state, COVID, evolving, and emerging threats and challenges facing all of us in all matters of Cybersecurity. Be a little smarter before the day gets away from you, and be entered to win Amazon eGift Cards on every episode.
    When: Every Tuesday – 8:45-9:05am (EST)
    Register Here

  • Webinar- “COVID-19 Threat Intelligence Update”
    RMSource and Check Point’s Global Head of Incident Response, Dan Wiley, will give an in-depth review of the Threat Landscape we’re facing in the wake of COVID-19.  Dan’s engaging presentation will offer real-world statistics and insights from Check Point's IR intelligence team followed by a live Q&A. 
    When: Wednesday, May 13th 2:30pm (EST)
    Register Here

  • Join our BrightTalk Channel!
    Check Point has teamed up with BrightTalk to give you a one-stop-shop for our webinars.  It features both upcoming live webinars, as well as past webinars - that are available for replay - on topics including Quantum Security Gateways and Endpoint Security.
    Check out our channel here

  • Free Jump Start Training!! – New Course Added
    Check Point’s Education Services Team has expanded our course offerings on Udemy to include a Jumpstart Course for our Hyperscale Network Security solution, Maestro!  This two part course for the Maestro Orchestrator includes initial installation, creation and configuration of security group via the web user interface and SmartConsole features. 
    Access the Training Here

 

VULNERABILITIES AND PATCHES

  • Check Point Research has reported multiple vulnerabilities in WordPress eLearning platforms, currently in use by thousands of educational institutions and websites. Researchers found vulnerabilities ranging from Privilege Escalation up to full Remote Code Execution, which can allow attackers to gain sensitive information, edit personal records or even take control of the platforms. Check Point IPS blade provides protection against these threats (WordPress LearnDash Plugin SQL Injection (CVE-2020-6009); WordPress LearnPress Plugin Privilege Escalation; WordPress LearnPress Plugin SQL Injection; WordPress LifterLMS Plugin Arbitrary File Write (CVE-2020-6008))
  • Researchers have discovered a worm-like vulnerability in Microsoft Teams platform that could allow attackers to take over an entire list of an organization’s accounts by sending links to image files. The vulnerability, affecting both desktop and web versions of the platform, has been patched by Microsoft.
  • Adobe has released emergency updates for three of its widely used products that patch dozens of newly discovered critical vulnerabilities. Affected software includes Adobe Illustrator, Adobe Bridge, and Magento e-commerce platform.
  • Sophos has published an emergency security update to fix an SQL injection vulnerability in its firewall product that is being actively exploited in the wild. Following successful exploitation, attackers employed a malware called Asnarok to steal usernames and other data used for remote access to the device.

 

TOP ATTACKS AND BREACHES

  • Check Point Research has discovered a targeted attack on a multinational conglomerate, where the company’s Mobile Device Manager (MDM) server has been compromised and used to install Cerberus banking Trojan on employees’ mobile devices centrally. This new variant of Cerberus has enhanced RAT capabilities and allows to exfiltrate extensive data including credentials, SMS messages (along with 2FA SMS codes) and more.  Check Point SandBlast Mobile provides protection against this threat
  • Black Rose Lucy, a MaaS botnet and dropper for Android devices first revealed by Check Point in 2018, has acquired ransomware capabilities. In attacks detected by Check Point Research, Lucy utilizes Android’s accessibility service to gain administrator privileges, encrypts files and demands ransom and credit-card details from its victims. Check Point SandBlast Mobile provides protection against this threat
  • Estonian Internal Security Service (KaPo) has reported that state-sponsored hackers exploited a zero-day vulnerability to hack into the Estonian email provider Mail.ee and hijacked a small number of accounts of high-profile users. The KaPo attributed the attack to Russian and Iranian linked APT groups.
  • A misconfigured Elasticsearch server of the French newspaper Le Figaro has exposed over 8TB of data containing 7.4 billion records with PII of reporters, employees and at least 42,000 users.
  • Maze ransomware operators claim to have stolen 11 million credit card credentials from the state-owned Bank of Costa Rica Banco BCR. The Maze group, infamous for its recent double-extortion routine, explained it did not encrypt the bank’s documents due to the world pandemic Check Point SandBlast and Anti-Bot provide protection against this threat (Ransomware.Win32.Maze)
  • Over 150 companies around the world have been victims of a successful phishing attack leveraging Microsoft file-sharing services including Sway, SharePoint, and OneNote to target high ranking executives. 

 

THREAT INTELLIGENCE REPORTS

  • The operators of the Shade ransomware, active since 2014, have announced the termination of their activity and published more than 750K decryption keys to be used by past victims. While the reasons for the termination are unclear, the decryption keys are authentic and functioning and a decryption tool has been published.
  • Researchers report of a sharp increase in the number of RDP brute-force attacks since mid-March due to remote working during the COVID-19 pandemic. This aligns with a Shodan report from earlier this month showing a 40% increase in exposed RDP endpoints.
  • Researchers have discovered a new Android info stealer dubbed EventBot that targets banks and financial services across Europe. EventBot is designed to read SMS messages and targets over 200 different financial applications mostly in the US and Europe.

BOOKMARKS

  • CheckMates Video Series: Check Point for Beginners
    If you’re new to Check Point, or would like to brush up on your CP skillset, this is an excellent video series to get you started!  
  • The “Ultimate” Collection of Check Point Links
    This is a personal favorite compiled by Valerie Loukine, a Cyber Security Evangelist here at Check Point.  The document includes 50+ links to helpful articles, secure knowledge (SK’s), best practice guides, videos & more.  I highly recommend you bookmark this one!
  • CheckMates “TechTalk” Webinar Recordings
    In case you missed our previous TechTalks, checkout this page for a list of recordings of all the TechTalk webinar series.  Including Management API Best Practices, Migrate to R80.20, IPS Ease of Use in R80.20, & more.

click here to subscribe to our newsletter, delivered each week to your inbox.