Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 

Your Check Point Weekly Updates & Threat Intelligence -- 01/07/2022

Aaron_Rose
Employee
Employee
0 0 791

Newsletter.jpg

 

ANNOUNCEMENTS & UPCOMING EVENTS  

  • (Virtual) CPX 2022 Jan 26 - 27, 2022
    CPX 360 2022 features an exclusive lineup of keynotes and in-depth sessions from industry visionaries and global experts who are helping to shape the future of cyber security. Here are some of the exciting features we have planned for you:
    • Industry and technology issues and trends
    • A special preview of Check Point’s 2022 product roadmap
    • Best practices and operations of Check Point solutions
    • The latest solutions from our Technology Partners
    • Hands-on labs and demos with our latest products
    • In-depth info on advances in cloud, zero trust, and endpoint security
      Additional Details, Agenda & Registration Here

  • New YouTube Channels: 
    • Check Point Architects
      This channel, managed by architects Dan Taney & Aaron Rose will serve as a repository for demo videos, reports for forensic analysis, and technical training for our customers.
    • Tips & Tricks
      Did you miss an episode of Tips & Tricks?  Or do you want to replay a specific topic?  Here you’ll find all the videos for past & future Tips & Tricks. 

 

  • Podcast: “CISO Secrets”

“CISO's Secrets” promises clear talk on cybersecurity’s burning topics, but not only; A series of 40 minutes weekly podcast hosting Telco industry CIOs and CISO’s, from global and leading companies. Podcast will share true stories, reveal real-life scenarios, and more. The host will lead discussions about Security trends, best practices, cloud, networks, data, employees, habits, and secrets while drifting between personal and professional life.

Listen Here

TOP ATTACKS AND BREACHES

  • The Vietnamese trading platform ONUS was victim of a ransomware attack leveraging the Log4j flaw on its payment system. Cyber criminals demanded a $5 million ransom in a double extortion scheme. ONUS refused to pay, so threat actors published for sale records of 2 million ONUS costumers.

Check Point IPS provides protection against this threat (Apache Log4j Remote Code Execution (CVE-2021-44228))

  • Photography Company Shutterfly was victim of a Conti ransomware attack. Four thousands devices were encrypted as well as 120 VMware ESXI servers. The stolen data includes legal agreements, bank account information, login credentials, spreadsheets and customer credit cards info. 

Check Point Harmony Endpoint provides protection against this threat (Ransomware.Win32.Conti)

  • QNAP network-attached storage (NAS) devices are being hit with eCh0raix ransomware (aka QNAPcrypt) in a current wave of attacks. While the initial infection vector is unknown, hackers aim at encrypting pictures and documents before extorting the victims.

Check Point Anti-Virus provides protection against this threat (Ransomware.Win32.Ech0raix)

  • T-Mobile was victim of a data breach. Although affecting less customers than the previous breach in August, the latest attack may have resulted in SIM swapping for several phone owners, in addition to the compromise of phone call data, including call logs.
  • PulseTV e-commerce website has disclosed a data breach affecting 200,000 customers. The company announced that names, addresses, emails and credit card details were compromised.
  • BlackTech advanced persistent threat group that specializes in cyber espionage campaigns has been targeting Japanese organizations with new malware dubbed “Flagpro” for network reconnaissance. Their techniques include socially engineered phishing emails carrying a compressed file containing Excel documents with malicious macros.

Check Point Threat Emulation and Threat Extraction provide protection against this threat

 

VULNERABILITIES AND PATCHES

  • Apache has released version 2.17.1 of Log4j to address an arbitrary code execution flaw tracked as CVE-2021-44832, with a lower severity than the original Log4Shell (CVE-2021-44228).

Check Point IPS provides protection against this threat (Apache Log4j Remote Code Execution (CVE-2021-44832))

  • Microsoft has fixed a flaw that caused disruptions to mail delivery on on-premise Exchange servers, triggered as the year changed to 2022. The bug was a result of MS Exchange checking the version of its antivirus engine, which is now larger than its maximum storage, causing the engine to crash.
  • Researchers have revealed 6 unpatched vulnerabilities in the Netgear Nighthawk R6700v3 router version 1.0.4.120, which could let an attacker take control of the device. Users were advised to change their credentials.

THREAT INTELLIGENCE REPORTS

  • More than four years after the Shadow Brokers' Lost In Translation leak, Check Point Research shares new insights on DoubleFeature, the logging component leveraged inside DanderSpritz, Equation Group's post-exploitation framework.
  • Apple AirTags are suspected to be used to track and steal cars. These heists appear to be the work of sophisticated groups who have the resources to reprogram car keys as they are located. High-end car models are the primary choice for these scheme.
  • Vice Society ransomware gang has claimed responsibility for UK Spar wholesaler James Hall & Co. early December and is also being linked to a recent attack on the Norwegian media company Amedia AS, which forced the company to shut off some of its presses.
  • AvosLocker ransomware operators provided a free decryptor and apologized after realizing they hit a US police department. The gang places the responsibility on their affiliates who seem to have locked the network without the operators’ prior review.

Check Point Harmony Endpoint provides protection against this threat (Ransomware.Win32.AvosLocker)

 

 

 

BOOKMARKS

  • CheckMates Video Series: Check Point for Beginners
    If you’re new to Check Point, or would like to brush up on your CP skillset, this is an excellent video series to get you started!  
  • CheckMates “TechTalk” Webinar Recordings
    In case you missed our previous TechTalks, checkout this page for a list of recordings of all the TechTalk webinar series.  Including Management API Best Practices, Migrate to R8x.xx, IPS Ease of Use in R81, & more.

 

 

If you were forwarded this email, click here to subscribe.