ANNOUNCEMENTS & UPCOMING EVENTS
- Webinar: “Tips and Tricks 2020 #12 - Conditional VPN Access using SandBlast Agent”
When: Friday, July 17th 9am EST
Register Here
- CheckMates Live - Mid-Atlantic & Federal: Performance Optimization
At this CheckMates Live Virtual Edition event, we will talk about Performance Optimization Best Practices. Our agenda includes:
-- Introduction and terminology
-- Technological solutions to improve performance
-- SecureXL
-- CoreXL
-- Multi-Queue
-- Dynamic Split
-- ClusterXL as a performance tool
-- Analyzing Security Gateway Performance
When: Tuesday, August 4th 11am EST
Register Here
- Podcast: Beyond the Perimeter “Coffee Talks”
Join your favorite radio voice, Brian Linder, and co-host, Aaron Rose on our new bi-weekly “Coffee Talks” podcast. Each episode we explore the latest in Advanced Threats and discuss the latest cyber security trends, technologies & best practices with our guests. Just 14 minutes each episode, it’s the perfect way to start your day by staying in the loop as we all emerge into a post-COVID world.
iTunes
Spotify
VULNERABILITIES AND PATCHES
- Palo Alto Networks has disclosed and patched a critical 10.0 CVSS vulnerability (CVE-2020-2021) in its firewall and enterprise VPN appliances which enables an unauthenticated network-based attacker to access protected resources. US Cyber Command urged all affected users to patch affected devices immediately.
- Citrix has issued security patches for eleven flaws in several of its products. Four of the vulnerabilities can be exploited by a remote unauthenticated user. Threat actors are actively scanning in search of exposed unpatched Citrix platforms.
- A zero-day vulnerability has been discovered in Zoom for windows, which could allow RCE on systems running Windows 7 and earlier. The vulnerability, which requires user interaction to be exploited, has been patched by Zoom.
- Adobe has ended support for the Magento 1 e-commerce platform. Over 100,000 online stores who still run outdated versions expose their clients to Magecart and other types of attacks and are out of compliance with the PCI DSS security standard for handling credit cards.
TOP ATTACKS AND BREACHES
- Check Point Research has reported eleven malicious applications on Google Store, infected with the Joker infostealer and ad clicker. Joker, first detected in 2017, has used various obfuscation techniques and “in-between” versions to elude detection by Google, who removed the apps following the report. Check Point SandBlast Mobile protect against this threat
- Check Point Research reports of increased activity of the Phorpiex botnet, delivering the Avaddon ransomware, a new Ransomware-as-a-Service (RaaS) variant that emerged in early June, via malspam emails.
Check Point Anti-Bot blade provides protection against this threat (Worm.Win32.Phorpiex)
- A campaign targeting Spanish users has distributed the Cerberus banking Trojan disguised as an Android currency converter on Google Store. The app avoided detection by Google and reached 10,000 downloads by operating in stages, waiting weeks before an update included a dropper module and still more time before downloading its final payload, Cerberus. Check Point SandBlast Mobile protect against this threat
- For a second time this year, affordable mobile phones sold under the US Federal Communications Commission’s Lifeline program, have been found pre-installed with malware. The ANL UL40 devices come preinstalled with the Android Wotby downloader, later used to install variants of HiddenAds. Check Point SandBlast Mobile provides protection against this threat
- The North Korean affiliated APT group Lazarus has diversified its operations to include Magecart style credit card skimming. Researchers reported Lazarus infrastructure has been used since at least May 2019 to skim US and European online shoppers' paycard details on compromised sites, including international fashion chain Claire’s, a modeling agency from Milan, a vintage music store from Tehran and more.
THREAT INTELLIGENCE REPORTS
- Researchers have discovered almost 250,000 sets of personally identifiable information of users from the UK, Australia, South Africa, the US, Singapore and other countries exposed in a multi-stage bitcoin scam.
- The University of Delhi has suffered from a data breach in its admit card download portal, which is a part of the official University website, causing the exposure of personal details of all student.
- Fitness firm V Shred has exposes 606GB worth of sensitive customer data. The breach occurred due to a misconfigured Amazon Web Service (AW). The data included personally identifiable information (PII) of 100,000 customers and trainers, including before and after body images, health condition and more.
BOOKMARKS
- CheckMates Video Series: Check Point for Beginners
If you’re new to Check Point, or would like to brush up on your CP skillset, this is an excellent video series to get you started!
- The “Ultimate” Collection of Check Point Links
This is a personal favorite compiled by Valerie Loukine, a Cyber Security Evangelist here at Check Point. The document includes 50+ links to helpful articles, secure knowledge (SK’s), best practice guides, videos & more. I highly recommend you bookmark this one!
- CheckMates “TechTalk” Webinar Recordings
In case you missed our previous TechTalks, checkout this page for a list of recordings of all the TechTalk webinar series. Including Management API Best Practices, Migrate to R80.20, IPS Ease of Use in R80.20, & more.
Want to receive this newsletter in your inbox each week? click here to subscribe.