Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 

Your Check Point Weekly Updates & Threat Intelligence -- 06/08/2021

Aaron_Rose
Employee
Employee
0 0 353

Newsletter_Social.jpg

 

ANNOUNCEMENTS & UPCOMING EVENTS

  • Webinar: “<SECURE> Hybrid Data Center”
    Securing the modern enterprise data center and network requires the flexibility of a hybrid cloud security architecture that scales threat prevention on demand, on premise, and in the cloud with a unified management system. 

    In this virtual event, you will hear from hybrid data center security analysts, customers, architects and technologists, as they give their insights and perspectives. Learn about security best practices and innovations for the hybrid data center including enabling the data center to perform like the cloud while also leveraging cloud services to support remote workers with fast and secure access anytime, anywhere.

    When: Wednesday, June 9th @ 12pm EST
    Register Here

  • CheckMates Live: “What’s New in R81”
    This event will include exclusive community updates and an overview of R81 new features, including:
    • Automatic optimization of gateway performance aka Dynamic Workflows
    • Accelerated Policy Installation
    • HTTPS Inspection improvements: TLS 1.3 support and HTTPSi Policy Layer
    • NAT Policy Improvements
    • Infinity Threat Prevention
    • Change Reports
    • License and Upgrades Management through SmartConsole

When: Tuesday, June 15th @ 2pm EST
Register Here

  • Podcast: “CISO Secrets”

“CISO's Secrets” promises clear talk on cybersecurity’s burning topics, but not only; A series of 40 minutes weekly podcast hosting Telco industry CIOs and CISO’s, from global and leading companies. Podcast will share true stories, reveal real-life scenarios, and more. The host will lead discussions about Security trends, best practices, cloud, networks, data, employees, habits, and secrets while drifting between personal and professional life.

Listen Here

VULNERABILITIES AND PATCHES

  • Researchers have disclosed ten critical vulnerabilities impacting CODESYS automation software that could be exploited for remote code execution on programmable logic industrial controllers and in denial of service attacks (CVE-2021-30186 – CVE-2021-30195). 
  • Apple has released a software update for AirTags following concerns that they could be used to monitor users’ real-time location.
  • Cisco has fixed multiple vulnerabilities including high-severity flaws in Webex player, SD-WAN software, and ASR 5000 series software.
  • A cross-site-scripting (XSS) vulnerability has been found in a popular HTML editor used by over 30,000 websites. The security flaw (CVE-2021-28114) is found in the way HTML sanitizing is performed.
  • Researchers have found multiple flaws in the Realtek RTL8170C Wi-Fi module that could be exploited to elevate privileges and hijack wireless communications.

 

TOP ATTACKS AND BREACHES

  • Check Point Research has identified a new cyber espionage weapon called SharpPanda being used by a Chinese threat group, in an ongoing surveillance operation targeting a Southeast Asian government. The attack starts with spear phishing emails leveraging old Microsoft vulnerabilities.
    Check Point Threat Emulation provides protection against this threat
  • JBS, the United States-based meat processing giant, has been hit by a ransomware attack affecting its North American and Australian operations. The FBI has attributed the attack to the REvil ransomware.
     Check Point Harmony Endpoint and Threat Emulation provide protection against this threat (Ransomware.Win32.Revil)
  • University of Florida Health has suffered a ransomware attack forcing two hospitals to operate by pen and paper after shutting down a portion of their IT network.
    Check Point Harmony Endpoint provides protection against this threat
  • Japanese multinational conglomerate Fujifilm has been hit by a ransomware attack forcing the company to take down portions of its network worldwide. According to some reports, Fujifilm had been infected with Qbot Trojan, which might have pulled the ransomware payload.
    Check Point Harmony Endpoint, Threat Emulation and Anti-Bot provide protection against this threat (Trojan-Downloader.WIN32.Qbot)
  • Nucleus Software, an Indian company providing financial software to banks and retail stores, has been hit by new ransomware named “BlackCocaine”. The attack crippled some of the company’s internal network and encrypted sensitive business information.
    Check Point Harmony Endpoint provides protection against this threat
  • Mobile County in Alabama, US, and Comune di Porto Sant’Elpidio, Italy, are the latest victims of the Grief ransomware group. The attack on Mobile County servers exposed nearly 7GB of government documents.
    Check Point Harmony Endpoint provides protection against this threat
  • AMT Games mobile game Battle for the Galaxy has suffered a data leak affecting 6 million users. Researchers found over 1 terabyte of unencrypted user data including emails and purchase information on an unprotected server.
  • The Tokyo Olympics organizing committee has suffered a data breach leaking the personal information of 170 people from 90 organizations involved in hosting the Olympics. The breach was sourced to a cyber-attack against a Japanese government contractor’s data-sharing tool.

 

THREAT INTELLIGENCE REPORTS

  • Threat actors are actively scanning for internet-exposed VMware vCenter servers vulnerable to the recently-patched critical remote code execution vulnerability impacting all vCenter deployments (CVE-2021-21985).
  • A critical zero-day vulnerability (CVE-2021-24370) in Fancy Product Designer, a WordPress plugin installed on over 17,000 sites, has been actively exploited to upload malware onto vulnerable sites.
  • Researchers have discovered new features in the Necro Python-based bot, targeting Linux and Windows machines. Necro, first revealed by Check Point Research in a campaign dubbed “FreakOut”, added exploits for vulnerabilities in SMB protocol and in VMware vSphere, SCO OpenServer, and the Vesta Control Panel.
    Check Point IPS and Anti-Bot provide protection against this threat
  • New Phishing campaign is abusing the recent ransomware attack on the colonial pipeline with well-crafted emails tailored as an urgent notification from their helpdesk to download and install a fake system update that would defend against the latest ransomware strain. The payload is in fact Cobalt Strike.

 

BOOKMARKS

  • CheckMates Video Series: Check Point for Beginners
    If you’re new to Check Point, or would like to brush up on your CP skillset, this is an excellent video series to get you started!  
  • CheckMates “TechTalk” Webinar Recordings
    In case you missed our previous TechTalks, checkout this page for a list of recordings of all the TechTalk webinar series.  Including Management API Best Practices, Migrate to R8x.xx, IPS Ease of Use in R81, & more.

 

 

If you were forwarded this email, click here to subscribe.