Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 

Your Check Point Weekly Updates & Threat Intelligence -- 08/12/2021

Aaron_Rose
Employee
Employee
0 0 1,261

Newsletter_Social.jpg

 

ANNOUNCEMENTS & UPCOMING EVENTS  

  • Tips & Tricks #13: “Lights Out Management – What’s Next?
    When: Thursday, August 26th @ 9am EST
    Register Here

  • Ransomware, Solved. -- Check Point is offering extended, 90-day evaluations of our Anti-Ransomware technology for all organizations.  
    In an effort to protect all users from the ongoing global Cyber Pandemic, including targeted ransomware, Check Point offers AI-based behavioral algorithms, file restoration, and deep forensics analysis to ensure you are able to:
    • Prevent: Attacks are automatically and fully quarantined based on anti-ransomware’s behavioral analysis
    • Contain: Infections are contained and terminated on the system, preventing lateral movement
    • Remediate: The system is automatically reverted to a pre-infection state without reliance on Windows Shadow Copy
      Check out our video demonstration against multiple ransomware variants & request your evaluation here.

 

  • New YouTube Channels: 
    • Check Point Architects
      This channel, managed by architects Dan Taney & Aaron Rose will serve as a repository for demo videos, reports for forensic analysis, and technical training for our customers.
    • Tips & Tricks
      Did you miss an episode of Tips & Tricks?  Or do you want to replay a specific topic?  Here you’ll find all the videos for past & future Tips & Tricks. 

 

  • Check Point <SECURE> Users & Access
    In this virtual event, you will hear from security analysts, customers, architects, technologists, and a cybercrime psychology expert, as they give their insights and perspectives on securing the "everywhere employee" in the new hyper-distributed workspace. Learn about security best practices and innovations, including Secure Access Service Edge (SASE), Zero Trust Network Access (ZTNA), in-browser protection, Endpoint Protection (EPP) and EDR, cloud email & collaboration apps security, and Mobile Threat Defense (MTD).
    When: Wednesday, August 25th @ 11am EST
    Register Here

  • Podcast: “CISO Secrets”
    “CISO's Secrets” promises clear talk on cybersecurity’s burning topics, but not only; A series of 40 minutes weekly podcast hosting Telco industry CIOs and CISO’s, from global and leading companies. Podcast will share true stories, reveal real-life scenarios, and more. The host will lead discussions about Security trends, best practices, cloud, networks, data, employees, habits, and secrets while drifting between personal and professional life.
    Listen Here

 

VULNERABILITIES AND PATCHES

  • Check Point Research has found vulnerabilities in Amazon Kindle, the world’s most used e-reader device. By opening a malicious e-book, hackers would have been able to take full control of the victim’s device and acquire sensitive information. Patches were subsequently installed on all Kindle devices by Amazon.
  • Dynamic DNS data from millions of endpoints globally, including governments and Fortune 500 companies, could have been exposed through a newly found vulnerability.
  • Researchers have exposed nine vulnerabilities, labeled PwnedPiper, in Swisslog’s Translogic Pneumatic Tube System (PTS). PTS is used in thousands of hospitals globally, including 80% of the major hospitals in the US. The vulnerabilities have not yet been exploited, and 8 of them have been fixed.
  • A new unofficial patch for PrintNightmare zero-day vulnerabilities has been issued, implementing a policy-based workaround. Check Point IPS provides protection against this threat (Windows Print Spooler Remote Code Execution (CVE-2021-34527))
  • Fourteen high severity vulnerabilities dubbed INFRA:HALT have been found, affecting millions of NicheStack industrial control TCP/IP stacks and will be extremely difficult to patch. Among the bugs are remote code execution, denial of service (DoS), and information leak to TCP spoofing and DNS cache poisoning.
  • Cisco has delivered patches for its Small Business VPN router to fix CVE-2021-1609 and CVE-2021-1610. These issues could have resulted in the execution of arbitrary code and denial-of-service (DoS) by an unauthenticated remote threat actor.
  • A bug in Telegram for Mac could allow saving self-destructing messages and media, without the need for the recipient to open the message.
  • An unofficial patch has been issued for Windows PetitPotam vulnerability. Check Point IPS provide protection against this threat (Microsoft Active Directory Certificate Services NTLM Relay)


TOP ATTACKS AND BREACHES

  • Four critical infrastructures organizations in South East Asia have been the target the of a cyberespionage campaign by alleged Chinese threat actors for several months, aiming at exploiting information from the victims’ SCADA systems. The targeted sectors included power, water, defense, and communications companies.
  • The Australian Cyber Security Centre warns of a possible upsurge in LockBit 2.0 ransomware attacks against Australian targets after gang members expressed their intention to recruit corporate insiders to assist them in breaching and encrypting networks in exchange for multimillion dollar disbursement. Check Point Harmony Endpoint provides protection against this threat (Ransomware.Win32.LockBit)
  • Taiwanese computer company Gigabyte has been the target of the ransomware gang RansomExx, which threatened in a double extortion scheme to release 112 GB of data, including ultra-confidential communications with Intel, AMD and American Megatrends if the victim doesn’t pay the ransom. Check Point Harmony Endpoint provides protection against this threat
  • Active exploitation of the CVE-2021-20090 vulnerability has been discovered, targeting millions of home routers and other Internet-of-things (IOT) devices. Threat actors’ IP address was located in Wuhan, China, and it appears they were trying to install a Mirai variant on the compromised devices. Check Point IPS provides protection against this threat (Command Injection Over HTTP Payload)
  • Researchers have found several denial-of-service (DoS) vulnerabilities in the Cobalt Strike hacking tool that allow blockage of beacon command & control communication channels and prevent new installations. Check Point Anti-Bot provides protection against this threat (Backdoor.Win32.CobaltStrike)
  • Researchers have analyzed the malware-as-a-service solution dubbed Prometheus, which distributes many well-known malware. The platform is sold on underground platforms for $250 a month, and was served to attack at least 3000 targets in the US, Germany and Belgium.


THREAT INTELLIGENCE REPORTS

  • The recently emerged ransomware BlackMatter brings together some of the strengths of both REvil and DarkSide. The gang targets both Windows systems and VMware ESXi servers in large companies with annual revenues of over $100 million, but will spare critical industries like healthcare, defense, NGOs etc. Check Point Harmony Endpoint provides protection against this threat
  • An individual associated with the AngryConti ransomware gang has leaked the group’s sensitive information and data, including IP addresses for Cobalt Strike C2 servers, training materials, and more.

 

BOOKMARKS

  • CheckMates Video Series: Check Point for Beginners
    If you’re new to Check Point, or would like to brush up on your CP skillset, this is an excellent video series to get you started!  
  • CheckMates “TechTalk” Webinar Recordings
    In case you missed our previous TechTalks, checkout this page for a list of recordings of all the TechTalk webinar series.  Including Management API Best Practices, Migrate to R8x.xx, IPS Ease of Use in R81, & more.

 

 

If you were forwarded this newsletter, click here to subscribe.