ANNOUNCEMENTS & UPCOMING EVENTS
- Webinar: “Advanced Posture Management – the Sequel”
Cloud Security Architect Gus Coronel will give you Tips and Tricks on Advanced Posture Management – THE SEQUEL! This is a follow up to his CPX talk (viewing first session not required).
When: Friday, March 26th @ 9am EST
Register Here
- Webinar: “Advanced investigation & remediation using Harmony Endpoint”
Hunting cyber threats is a complex task. When under attack, an effective investigation and timely remediation are crucial to minimize the damage and keep your business safe.
Join our TechTalk where you will learn:
-- Critical aspects and best practices of practical endpoint security
--How to efficiently investigate & remediate real world attacks on endpoints
When: Wednesday, March 24th @ 11am EST
Register Here
- Podcast: “CISO Secrets”
“CISO's Secrets” promises clear talk on cybersecurity’s burning topics, but not only; A series of 40 minutes weekly podcast hosting Telco industry CIOs and CISO’s, from global and leading companies. Podcast will share true stories, reveal real-life scenarios, and more. The host will lead discussions about Security trends, best practices, cloud, networks, data, employees, habits, and secrets while drifting between personal and professional life.
Listen Here
VULNERABILITIES AND PATCHES
- Adobe has patched vulnerabilities in its FrameMaker, Animate, Photoshop, Creative Cloud Desktop and Connect products. Some 9 vulnerabilities are rated critical, among them an arbitrary code execution flaw in FrameMaker assigned CVE-2021-21056.
- Microsoft has issued a security update to address 89 flaws, among them 14 critical vulnerabilities. Among those is an Internet Explorer vulnerability assigned CVE-2021-26411, which has been actively exploited by attackers and enables an actor to run a chosen file by causing the victim to view a compromised webpage. Check Point IPS provides protection against these threats (e.g., Microsoft Internet Explorer Memory Corruption (CVE-2021-26411))
- Researchers have discovered three 15-year-old vulnerabilities in the Linux kernel component SCSI – Small Computer System Interface. The flaws, found in the component since its development, might allow an attacker with basic privileges to gain root privileges.
TOP ATTACKS AND BREACHES
- Security footage and live feed data of some 150,000 surveillance cameras has been accessed by a hacker collective. The data was managed by Verkada, a Silicon Valley startup. Breached cameras were located in hospitals, schools, state departments and companies including Tesla and Cloudflare.
- New spam campaign that delivers the NanoCore RAT has been distributing a malicious Adobe icon file to lure the victim into downloading a malicious RAR file, which downloads the RAT when it is unzipped.
Check Point IPS and Anti-Bot provide protection against this threat (RAT.Win32.NanoCore)
- Ransomware groups are exploiting the recently revealed Microsoft Exchange server vulnerabilities to compromise Exchange servers and download a new ransomware called ‘DearCry’. The Norway parliament has suffered a data breach leveraging those flaws leading to data theft. Check Point Research has published statistics of the current exploit attempts on organizations by country and vertical.
Check Point IPS and SandBlast Agent provide protection against these threats (relevant protections)
- Molson Coors, a multinational brewing company based in Milwaukee, has admitted it has undergone a cyber attack, most likely ransomware, which has crippled the company’s beer production and delayed shipments.
- New DDoS Botnet dubbed ‘ZHtrap’ has been collecting devices such as routers, DVRs and UPnP network devices and transforming them into honeypots in order to track new potential bots for infection.
- New variant of the XCSSET malware for Mac machines has been observed, compiled for the new Apple Silicone chips. The malware allows data theft from popular applications such as Telegram, Skype and Notes, and features ransomware encryption capabilities.
THREAT INTELLIGENCE REPORTS
- Check Point Research has uncovered a new dropper dubbed ‘Clast82’, designed to avoid Google Play Store Protect detection. The malware is spread via the 9 applications found on Google Play, and delivers AlienBot, a mobile banker and remote access Trojan distributed in a malware-as-a-service model.
Check Point Harmony Mobile provides protection against this threat
- Check Point Research has reviewed in-depth the Dynamically Generated Image feature of the Windows Sandbox, including components and execution flow.
- Check Point Research has released its monthly global review of the prominent malware for February. The Trickbot malware, a Banker and Infostealer, has integrated new techniques into its arsenal and is currently at the top of the rank.
- The FBI has issued a warning stating that threat actors are likely to integrate synthetic content, relying on image, audio and video deepfake technologies, into campaigns aimed at influencing public and leadership opinions.
- Researchers have concluded that the Chinese threat group ‘SPIRAL’ is responsible for the distribution of the SUPERNOVA web shell, a backdoor found on public-facing SolarWinds server on two incident, exploiting a flaw in SolarWinds Orion.
Check Point IPS provides protection against this threat (SolarWinds SUPERNOVA .NET Webshell Traffic)
BOOKMARKS
- CheckMates Video Series: Check Point for Beginners
If you’re new to Check Point, or would like to brush up on your CP skillset, this is an excellent video series to get you started!
- CheckMates “TechTalk” Webinar Recordings
In case you missed our previous TechTalks, checkout this page for a list of recordings of all the TechTalk webinar series. Including Management API Best Practices, Migrate to R8x.xx, IPS Ease of Use in R81, & more.
If you were forwarded this email, click here to subscribe.
Note: This email is typically sent once per week, I create this myself based on content I believe will be most relevant to our customers, partners & peers. However, if you wish to unsubscribe, use the unsubscribe link or reply and I will remove you from my distribution list.