Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 

Your Check Point Weekly Updates & Threat Intelligence -- 07/06/2020

Aaron_Rose
Employee
Employee
2 0 634

Newsletter_Social.jpg

 

ANNOUNCEMENTS & UPCOMING EVENTS

  • Webinar – “Ask me anything” with Check Point’s Vice President of Products, Dorit Dor
    When: Wednesday, July 8th 11am EST
    Register Here

  • Webinar: Check Point Introduces Infinity SOC
    On July 7, we will introduce Infinity SOC to address these challenges. Check Point Infinity SOC, a cloud-based platform enables security teams to expose, investigate, and shut down attacks faster, and with 99.9% precision.
    Learn how Infinity SOC:
    --Exposes and shuts down only real attacks with 99.9 precision
    --Accelerates and deepens investigations with the industry’s most powerful threat intelligence
    --Eliminates deployment, integration and privacy issues.
    When: Tuesday, July 7th 1pm EST
    Register Here

  • CheckMates Live: Identity Awareness
    At this CheckMates Live Virtual Event, we will discuss how to provide application and access control through the creation of accurate, identity-based policies using the Check Point Identity Awareness Software Blade. Topics include:
    --Benefits of identity based security
    --Design principals
    --Identity Sources
    --Live Demo of Identity Collector
    --Q&A
    When: Tuesday, July 7th 2pm EST
    Register Here

  • New Podcast: Beyond the Perimeter “Coffee Talks”
    Join your favorite radio voice, Brian Linder, and co-host, Aaron Rose on our new bi-weekly “Coffee Talks” podcast.  Each episode we explore the latest in Advanced Threats and discuss the latest cyber security trends, technologies & best practices with our guests.  Just 14 minutes each episode, it’s the perfect way to start your day by staying in the loop as we all emerge into a post-COVID world.
    iTunes
    Spotify
  • Join our BrightTalk Channel!
    Check Point has teamed up with BrightTalk to give you a one-stop-shop for our webinars.  It features both upcoming live webinars, as well as past webinars - that are available for replay - on topics including Quantum Security Gateways and Endpoint Security.
    Check out our channel here

VULNERABILITIES AND PATCHES

  • Critical Vulnerability: The US Cyber Command has issued a critical severity alert for all customers using Palo Alto Networks’ products.  CVE-2020-2021: A critical vulnerability has been found in the PAN-OS operating system of all Palo Alto next-generation firewalls, this vulnerability could allow unauthenticated network-based attackers to bypass authentication. 
    Resources that are vulnerable to this attack include:
    --GlobalProtect Gateway
    --GlobalProtect Portal
    --GlobalProtect Clientless VPN
    --Authentication & Captive Portal
    --PAN-OS next-generation firewalls (including PA & VM Series) and Panorama web interfaces
    --Prisma access
    For those of you keeping track, that makes 50x vulnerabilities in the first half of 2020 for Palo Alto Networks, compared with 48x vulnerabilities in 2019 total (average time-to-patch: 69 days).  2020 hasn’t been the best year for PAN-OS developers.  For reference, Check Point Software Technologies had a total of 6x vulnerabilities in 2019, and 3x in the first half of 2020 (average time-to-patch: 12 days).
  • Check Point researchers have found that Apache Guacamole, a popular infrastructure for remote work, is vulnerable to several critical Reverse RDP vulnerabilities.
    Check Point IPS blade provides protection against this threat (Apache Guacamole Remote Code Execution)
  • F5 has released a security advisory to address a remote code execution (RCE) vulnerability (CVE-2020-5902) in the BIG-IP Traffic Management User Interface (TMUI). An attacker could exploit this vulnerability to take control of an affected system.
    Check Point IPS blade provides protection against this threat (F5 BIG-IP Remote Code Execution (CVE-2020-5902))
  • Mozilla has released security updates to address vulnerabilities in Firefox, Firefox ESR, and Thunderbird. An attacker could exploit some of these vulnerabilities to take control of an affected system.
  • Netgear has released security patches to address ten vulnerabilities affecting nearly 80 of its product, including issues discovered at the Pwn2Own contest.
  • Microsoft has released two out-of-band emergency security updates through Windows app store addressing two remote code execution (RCE) vulnerabilities in its Windows Codecs (CVE-2020-1425, CVE-2020-1457).
  • Samba Team has released security updates to address vulnerabilities in multiple versions of Samba. An attacker could exploit some of these vulnerabilities to take control of an affected system.

 

TOP ATTACKS AND BREACHES

  • Roblox, a multiplayer game platform, has suffered a data breach in which more than 1,800 user profiles were defaced with messages in support of Donald Trump’s reelection campaign, and their avatars’ clothes were changed to look like the President’s. The Roblox credentials were published on Pastebin and social media.
  • MongoDB databases have been hit by ransomware attacks using GDPR as extortion leverage. The attacker used an automated script to wipe all content and left a note demanding a bitcoin ransom equivalent to $140, to be paid within two days. The attack hit 23,000 databases, almost 50% of the databases exposed online without a password.
  • Xerox Corporation, based in the US and present in at least 160 countries, has suffered a Maze ransomware attack. The attackers threaten to publish over 100GB of company data.
    Check Point SandBlast and Anti-Bot blades provide protection against this threat (Ransomware.Win32.Maze)
  • EvilQuest, a macOS ransomware is now also stealing key logs and cryptocurrency wallets. It is being spread through a fake Google Software Update package and through pirated versions of different software.
    Check Point SandBlast and Anti-Bot blades provide protection against this threat (Ransomware.OSX.EvilQuest)
  • FakeSpy Android infostealer is spreading via an SMS phishing campaign associated with the Roaming Mantis threat group. The malware, which is disguised as legitimate global postal-service apps, steals SMS messages, financial data, and more from the victims’ devices.
    Check Point SandBlast Mobile provides protection against this threat
  • A new variant of Try2Cry ransomware implements wormable capabilities to infect other Windows systems using USB flash drives and Windows shortcuts (LNK files).
    Check Point SandBlast and Anti-Bot blades provide protection against this threat (Ransomware.Win32.Try2Cry)

 

THREAT INTELLIGENCE REPORTS

  • Researchers have discovered almost 250,000 sets of personally identifiable information of users from the UK, Australia, South Africa, the US, Singapore and other countries exposed in a multi-stage bitcoin scam.
  • The University of Delhi has suffered from a data breach in its admit card download portal, which is a part of the official University website, causing the exposure of personal details of all student.   
  • Fitness firm V Shred has exposes 606GB worth of sensitive customer data. The breach occurred due to a misconfigured Amazon Web Service (AW). The data included personally identifiable information (PII) of 100,000 customers and trainers, including before and after body images, health condition and more.  

 

BOOKMARKS

  • CheckMates Video Series: Check Point for Beginners
    If you’re new to Check Point, or would like to brush up on your CP skillset, this is an excellent video series to get you started!  
  • The “Ultimate” Collection of Check Point Links
    This is a personal favorite compiled by Valerie Loukine, a Cyber Security Evangelist here at Check Point.  The document includes 50+ links to helpful articles, secure knowledge (SK’s), best practice guides, videos & more.  I highly recommend you bookmark this one!
  • CheckMates “TechTalk” Webinar Recordings
    In case you missed our previous TechTalks, checkout this page for a list of recordings of all the TechTalk webinar series.  Including Management API Best Practices, Migrate to R80.20, IPS Ease of Use in R80.20, & more.

Want to receive this newsletter in your inbox each week? click here to subscribe.