Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 

Your Check Point Weekly Updates & Threat Intelligence -- 02/19/2021

Aaron_Rose
Employee
Employee
0 0 573

Newsletter_Social.jpg

 

ANNOUNCEMENTS & UPCOMING EVENTS

  • CheckMates Live: Virtual Edition – “Let’s get SASE!”
    Join us for a virtual cyber security community event with your fellow Mid-Atlantic and Federal Check Point customers on Thursday, February 18th at 11am (EST)! At this virtual CheckMates Live event, we'll show you best practices for providing secure remote access to your users with Check Point. Topics include:
    --Remote Access Objectives
    --Deployment Options, both traditional and SASE-based
    --Licensing and Performance

    We guarantee that you'll leave this event having learned something new that you can use to improve your security posture. In addition, this event provides an opportunity to meet other Check Point engineers in the region.
    Register Here

  • Webinar: Tips & Tricks #3 “R81 Management & Features”
    Join us on February 26, 2021 when Security Engineer Bryce Halkerston will give you Tips and Tricks on the new R81 Management & Features. Topics will include:
    --Infinity Threat Prevention
    --SmartConsole Web UI
    --Supported Appliances & the upgrade process
    When: Friday, February 26th @ 9am EST
    Register Here


  • Check Point CPX 360 – “Security Challenges in a Post-Pandemic World”
    CPX360 is going virtual on Feb. 23-24, 2021 -- At CPX 360 2021, you’ll get the tools to help you adapt to the new post-pandemic security landscape. Innovative keynotes from renowned experts will help you defend against the latest security challenges your organization faces today.  You’ll also discover a wide array of breakout sessions, best practice workshops, and exciting new specialized tracks. These sessions will give you the opportunity to learn about the latest advances in cloud, remote access, and network security. Finally, you don’t want to miss the Check Point 2021 product roadmap presentation, an attendee favorite of all customers and partners
    Detailed Agenda & Registration


VULNERABILITIES AND PATCHES

  • Microsoft has patched some 56 vulnerabilities, among them three critical flaws that might lead to remote code execution. The flaws reside in the .NET 5 and .NET Core applications, and exploit takes place when parsing certain types of graphics files on systems running MacOS or Linux. A local privilege escalation flaw in Windows 10 and Windows Server, assigned CVE-2021-1732, was patched as well, and had already been exploited in the wild.  Check Point IPS provides protection against this threat (Microsoft Win32k Elevation of Privilege (CVE-2021-1732))
  • New Command Injection vulnerability has been discovered in D-Link DAP-1860 firmware Wi-Fi extenders. The flaw, assigned CVE-2020-27864, allows unauthenticated network-adjacent attackers to execute arbitrary code on vulnerable firmware versions.
  • Adobe has addressed security vulnerabilities in Adobe Acrobat, Reader, Illustrator, Photoshop and more. The flaw assigned CVE-2021-21017 is a heap-based buffer overflow zero-day vulnerability in Adobe Acrobat and Reader and is already being exploited in the wild. Check Point IPS provides protection against this threat (Adobe Acrobat and Reader Heap-based Buffer Overflow (APSB21-09: CVE-2021-21017))
  • SAP has released updates addressing 7 security flaws, among them a critical remote code execution vulnerability assigned CVE-2021-21477 in SAP Commerce and several critical flaws in SAP Business Warehouse.
  • CISA has released some 23 security advisories warning against attack vectors and exploitable flaws in industrial control systems, including a vulnerability in Wibu-Systems AG’s CodeMeter.

 

TOP ATTACKS AND BREACHES

  • Russian Internet and e-Commerce giant Yandex has suffered a breach that led to the exposure of almost 5,000 customer accounts. The breach was enabled by a system admin that sold unauthorized access to customer mailboxes.
  • Threat actors have gained access to the industrial control system at a US drinking water treatment facility and leveraged the software to sabotage the water treatment process and increase the amount of sodium hydroxide. According to the FBI, the attackers’ vector of access is still unknown.
  • UAE government agencies have been targeted by a campaign most likely carried out by the Iranian espionage group Static Kitten. The campaign features phishing emails using Israeli geopolitics and Ministry of Foreign Affairs references. 
  • CD Projekt Red, a Poland-based video game developer, has disclosed that it suffered a ransomware attack in which source code for several games, some of them unreleased yet, has been stolen. Although the attackers have threatened to sell the stolen data, the company refused to pay the ransom.  
  • Researchers have uncovered two Android spyware, dubbed Hornbill and SunBird, most likely distributed by the Confucius APT, a state-sponsored group that promotes Indian agenda and targets mainly Pakistani and other South Asian targets.
  • Discount Car and Truck Rentals, a popular Canadian company, has been hit by the DarkSide ransomware, resulting in disruptions to the company’s rental service portal and possibly in the theft of some 120GB of data. Check Point SandBlast and Anti-Virus provide protection against this threat (Ransomware.Linux.DarkSide)
  • Singaporean Telecom giant Singtel has fallen victim to an attack originating from a security flaw in a third-party file-transfer appliance. An Australian medical research institution has also suffered a similar attack. The software leveraged for the attack is Accellion, a legacy file-transfer platform.



THREAT INTELLIGENCE REPORTS

  • A researcher has developed a novel supply-chain attack technique and used it to access 35 high-profile organizations including Netflix, Apple, PayPal and Tesla. Called dependency confusion, the technique relies on the fact that software could include components from both private and public sources.
  • A report reviews supply-chain risks to US election systems, focusing on how hardware and software components can provide potential backdoors.
  • Journalists have published a long-term investigation concluding that Chinese intelligence services have planted backdoors in chips sold by California-based hardware maker Super Micro Computer Inc. that were later distributed across military networks and global technology companies.

 

BOOKMARKS

  • CheckMates Video Series: Check Point for Beginners
    If you’re new to Check Point, or would like to brush up on your CP skillset, this is an excellent video series to get you started!  
  • CheckMates “TechTalk” Webinar Recordings
    In case you missed our previous TechTalks, checkout this page for a list of recordings of all the TechTalk webinar series.  Including Management API Best Practices, Migrate to R8x.xx, IPS Ease of Use in R81, & more.

 

 

If you'd like to have this newsletter delivered to your inbox weekly, click here to subscribe.