Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 

Your Check Point Weekly Updates & Threat Intelligence -- 04/02/2021

Aaron_Rose
Employee
Employee
0 0 536

Newsletter_Social.jpg

 

  • Webinar: “Tips & Tricks #6: Remote Access Compliance Using the Secure Configuration Verification (SCV) File”
    Join us on April 9, 2021 when our Security Engineer Logan Reese will give you Tips and Tricks on Remote Access Compliance Using the Secure Configuration Verification (SCV) File. We will cover items like:
    --SCV Checks
    --Verifying the SCV Policy
    When: Friday, April 9th @ 9am EST
    Register Here

  • Podcast: “CISO Secrets”

“CISO's Secrets” promises clear talk on cybersecurity’s burning topics, but not only; A series of 40 minutes weekly podcast hosting Telco industry CIOs and CISO’s, from global and leading companies. Podcast will share true stories, reveal real-life scenarios, and more. The host will lead discussions about Security trends, best practices, cloud, networks, data, employees, habits, and secrets while drifting between personal and professional life.

Listen Here


VULNERABILITIES AND PATCHES

  • SolarWinds has released security updates that address multiple vulnerabilities affecting the Orion platform.
  • Apple has released new out-of-band updates for iOS, iPadOs, macOS and watchOS to address a zero-day flaw actively exploited in the wild, tracked as CVE-2021-1879.
  • A new vulnerability in the 5G core network allows data extraction and Dos attacks between network slices on a mobile operator leaving enterprise customers exposed to malicious cyberattack. 
  • Google has fixed a zero-day Android vulnerability affecting devices that use Qualcomm chips, which is actively exploited in the wild (CVE-2020-11261).

 

TOP ATTACKS AND BREACHES

  • The official PHP Git server has been compromised in a potential attempt to plant a backdoor in the PHP source code, used by 80% of the websites on the internet. The threat was mitigated within a few hours, and the project migrated to GitHub to better control and prevent similar attacks in the future.
  • Web shells deployed by the Black Kingdom ransomware operation group have been discovered on approximately 1,500 Exchange servers vulnerable to ProxyLogon attacks, mostly in the US. In some cases, the web shells were later used to install the ransomware.
    Check Point Harmony Endpoint provides protection against this threat       
  • US-based insurance company CAN has been hit by a new variant of Phoenix CryptoLocker ransomware, possibly linked to the Evil Corp threat group. The attack caused a network disruption and impacted certain CAN systems including corporate email.
    Check Point Harmony Endpoint provides protection against this threat       
  • Several members of the German Parliament have been hit by a targeted spear-phishing attack allegedly launched by the Russia-linked Ghostwriter threat group.
  • Solarius Aviation, a US-based private aviation services provider, has announced that private data of some of its customers and employees was accessed by an unknown party. The data was breached when stored on the Microsoft Azure cloud environment of a third party vendor – Avianis.
  • Sierra Wireless, a Canadian multinational manufacturer of Internet of Things devices, has suffered a ransomware attack disrupting internal operations and production facilities for several days.
  • Guns.com has suffered a data breach following an attack that took place in January. The data posted this week on a popular darkweb forum contains substantial gun buyer information, including user ID, email addresses, hashed passwords, and physical addresses.

THREAT INTELLIGENCE REPORTS

  • Check Point Research has analyzed a new trend of forged negative COVID-19 test results and fake vaccine certificates offered on the Darknet and various hacking forums for people seeking to board flights, cross borders, attend events or start new jobs.
  • The Federal Bureau of Investigation (FBI) has issued an alert to warn that the Mamba ransomware is abusing the DiskCryptor open-source tool to encrypt entire drives.
    Check Point Harmony Endpoint and Threat Emulation provide protection against this threat (Ransomware.Win32.Mamba)
  • Researches have spotted a new advanced Android spyware that implements exfiltration capabilities and surveillance features, including recording audio and phone calls and taking pictures, posing as “System Update”.
    Check Point Harmony Mobile provides protection against this threat
  • Clop ransomware operators have been using a new technique to encourage their victims to pay the ransom – the hackers are now sending emails to victims’ customers, telling them they have access to their private information and asking them to demand the victim to pay the ransom, thus putting more pressure on the victim to pay.
    Check Point Harmony Endpoint and Threat Emulation provide protection against this threat (Ransomware.Win32.Clop)
  • Purple Fox malware, targeting Windows machines through phishing and exploit kits, has been supplemented with worm capabilities, propagating through SMB password brute-forcing.

 

BOOKMARKS

  • CheckMates Video Series: Check Point for Beginners
    If you’re new to Check Point, or would like to brush up on your CP skillset, this is an excellent video series to get you started!  
  • CheckMates “TechTalk” Webinar Recordings
    In case you missed our previous TechTalks, checkout this page for a list of recordings of all the TechTalk webinar series.  Including Management API Best Practices, Migrate to R8x.xx, IPS Ease of Use in R81, & more.

 

 

If you were forwarded this email, click here to subscribe.

 

Note: This email is typically sent once per week, I create this myself based on content I believe will be most relevant to our customers, partners & peers.  However, if you wish to unsubscribe, use the unsubscribe link or reply and I will remove you from my distribution list.