ANNOUNCEMENTS & UPCOMING EVENTS
- Webinar: “Native Cloud Security Deep Dive”
If you want to start managing your public cloud security like a pro, this Deep Dive webinar is exactly what you need! You will learn how to:
--Use the main features of posture management (you will know in minutes if your environment is aligned with GDPR/PCI DSS and other regulations).
--Get a clear visualization of how and what traffic passes/is blocked to/from your assets, identify malicious traffic, and automatically block it.
--Secure your cloud identities, explore events, configure alerts, and more.
When: Tuesday, March 16th @ 11am EST
Register Here
- Webinar: “Advanced investigation & remediation using Harmony Endpoint”
Hunting cyber threats is a complex task. When under attack, an effective investigation and timely remediation are crucial to minimize the damage and keep your business safe.
Join our TechTalk where you will learn:
-- Critical aspects and best practices of practical endpoint security
--How to efficiently investigate & remediate real world attacks on endpoints
When: Wednesday, March 24th @ 11am EST
Register Here
- Podcast: “CISO Secrets”
“CISO's Secrets” promises clear talk on cybersecurity’s burning topics, but not only; A series of 40 minutes weekly podcast hosting Telco industry CIOs and CISO’s, from global and leading companies. Podcast will share true stories, reveal real-life scenarios, and more. The host will lead discussions about Security trends, best practices, cloud, networks, data, employees, habits, and secrets while drifting between personal and professional life.
Listen Here
VULNERABILITIES AND PATCHES
- Microsoft has released an emergency patch for Exchange email server vulnerabilities recently exploited in the wild by Hafnium, a Chinese state-sponsored hacking group. The group has reportedly hacked over 30,000 organizations, trying to steal their corporate emails.
Check Point IPS and SandBlast Agent provide protection against this threat (relevant protections)
- Cisco has warned about a vulnerability (CVE-2021-1285) in its Snort detection engine, which exposes several of its products to denial-of-service (DoS) attacks.
- Samsung has released a security update addressing 37 vulnerabilities, including a patch for a critical flaw in the system component tracked as CVE-2021-0397.
- Researchers have found two flaws in Apple’s Find My feature. The flaws in the crowdsourced Bluetooth location tracking system can lead to a location correlation attack and unauthorized access to the location history of the past seven days.
TOP ATTACKS AND BREACHES
- SITA, a communications and IT vendor for 90 percent of the world’s airlines, has been breached in a massive supply-chain attack, compromising frequent-flyer data across many carriers such as United, Singapore Airlines, Lufthansa, and more.
- Spirit Airlines has suffered a data breach by “Nefilim” ransomware. A first batch of customer data has been released on the dark web, exposing over 40GB of data including credit card numbers and personal information.
Check Point SandBlast Agent provides protection against this threat
- Maza, an elite Russian forum where reputable cybercriminals can connect to collaborate in malicious operations, has been under attack, leaving members worried that their identities would be revealed.
- JFC International, a major wholesaler and distributor of Asian food products in the US, has been hit by a ransomware attack disrupting its IT systems. Check Point SandBlast Agent provides protection against this threat
- CompuCom, US managed service provider, has been hit by malware, potentially DarkSide ransomware. The attack led to service outages and to customers disconnecting from the MSP’s network to prevent the spread of malware.
Check Point SandBlast Agent provides protection against this threat
- Williams Formula One team has suffered a breach to their augmented reality mobile app, meant to be used in to launch their new car model, forcing them to remove it from Google Play and Apple App Store.
- Qualys, a Cybersecurity firm, was the latest victim to have suffered a data breach published by Clop ransomware gang after a zero-day vulnerability in Accellion FTA server was exploited to steal hosted files.
THREAT INTELLIGENCE REPORTS
- New malware families used in the SolarWinds attack, suspected to be affiliated with a Russian APT group, have been revealed. “GoldMax”, “Sibot” and “GoldFinder” are executed in late stages of the attack, after lateral movement from the SolarWinds server, and use reputable domains for their C2 communication. Check Point Anti-Bot provides protection against this threat (Backdoor.WIN32.SUNSHUTTLE)
- Researchers have spotted a new ransomware called “Hog”. The ransomware encrypts users’ devices and only decrypts them if they join the developers’ Discord server. Check Point SandBlast Agent provides protection against this threat
- Researches have reported a campaign by Ursnif banking Trojan, targeting at least 100 banks in Italy. The operators behind the attack have successfully stolen financial data and credentials.
Check Point SandBlast and Anti-Bot provide protection against this threat (Trojan.WIN32.Ursnif.*)
- The US Financial Industry Regulatory Authority (FINRA) has issued a regulatory notice warning US brokerage firms and brokers of an ongoing phishing campaign using fake compliance audit alerts to harvest information.
BOOKMARKS
- CheckMates Video Series: Check Point for Beginners
If you’re new to Check Point, or would like to brush up on your CP skillset, this is an excellent video series to get you started!
- CheckMates “TechTalk” Webinar Recordings
In case you missed our previous TechTalks, checkout this page for a list of recordings of all the TechTalk webinar series. Including Management API Best Practices, Migrate to R8x.xx, IPS Ease of Use in R81, & more.
If you were forwarded this email, click here to subscribe.