Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 

Your Check Point Weekly Updates & Threat Intelligence -- 08/20/2021

Aaron_Rose
Employee
Employee
0 0 353

Newsletter_Social.jpg

 

 

ANNOUNCEMENTS & UPCOMING EVENTS  

  • Tips & Tricks #13: “Lights Out Management – What’s Next?
    When: Thursday, August 26th @ 9am EST
    Register Here

  • Ransomware, Solved. -- Check Point is offering extended, 90-day evaluations of our Anti-Ransomware technology for all organizations.  
    In an effort to protect all users from the ongoing global Cyber Pandemic, including targeted ransomware, Check Point offers AI-based behavioral algorithms, file restoration, and deep forensics analysis to ensure you are able to:
    • Prevent: Attacks are automatically and fully quarantined based on anti-ransomware’s behavioral analysis
    • Contain: Infections are contained and terminated on the system, preventing lateral movement
    • Remediate: The system is automatically reverted to a pre-infection state without reliance on Windows Shadow Copy
      Check out our video demonstration against multiple ransomware variants & request your evaluation here.

 

  • New YouTube Channels: 
    • Check Point Architects
      This channel, managed by architects Dan Taney & Aaron Rose will serve as a repository for demo videos, reports for forensic analysis, and technical training for our customers.
    • Tips & Tricks
      Did you miss an episode of Tips & Tricks?  Or do you want to replay a specific topic?  Here you’ll find all the videos for past & future Tips & Tricks. 

 

  • Check Point <SECURE> Users & Access
    In this virtual event, you will hear from security analysts, customers, architects, technologists, and a cybercrime psychology expert, as they give their insights and perspectives on securing the "everywhere employee" in the new hyper-distributed workspace. Learn about security best practices and innovations, including Secure Access Service Edge (SASE), Zero Trust Network Access (ZTNA), in-browser protection, Endpoint Protection (EPP) and EDR, cloud email & collaboration apps security, and Mobile Threat Defense (MTD).
    When: Wednesday, August 25th @ 11am EST
    Register Here

  • Podcast: “CISO Secrets”
    “CISO's Secrets” promises clear talk on cybersecurity’s burning topics, but not only; A series of 40 minutes weekly podcast hosting Telco industry CIOs and CISO’s, from global and leading companies. Podcast will share true stories, reveal real-life scenarios, and more. The host will lead discussions about Security trends, best practices, cloud, networks, data, employees, habits, and secrets while drifting between personal and professional life.
    Listen Here

 


Vulnerabilities and Patches

  • Microsoft has released its August patch Tuesday addressing 44 CVEs including yet another vulnerability in the Print Spooler component tracked as (CVE-2021-36958) that allows remote code execution, as well as an actively exploited privilege escalation zero-day in the Windows Update Medic Service (CVE-2021-36948).
    Check Point IPS blade provides protection against this threat (Microsoft Windows Update Medic Service Privilege Escalation (CVE-2021-36948))
  • Adobe has released a security update that fixes a critical vulnerability in Magento and important bugs in Adobe Connect.
  • A flaw has been found in Microsoft’s new Windows 365 Cloud PC service. A threat actor could dump a user’s plaintext credentials using Mimikatz.

 

Top Attacks and Breaches

  • Check Point Research has revealed that the threat actor behinds last month’s cyber-attack on Iran’s train system is “Indra”, a group that identifies itself as Iranian regime opposition. They used similar tools in an attack against companies in Syria in 2019.
  • Poly Network, a China-based cross-chain decentralized finance (DeFi) platform for swapping tokens across blockchains, has suffered a major breach. The firm disclosed that attackers have stolen 611 million worth of cryptocurrencies from the network by exploiting a vulnerability in the system to plunder digital tokens.
  • T-Mobile has opened an investigation regarding a data breach exposed in a forum post claiming to be selling data of over 100 million people. The company has confirmed the data included user’s social security numbers, physical addresses, phone and IMEI numbers, and driver license information.
  • The Federal Board of Revenue (FBR) of Pakistan has suffered a data breach during a cyber-attack. Threat actors managed to breach the Microsoft Hyper-V software and took down the official website of the agency along with all sub-domains. Network access to the agency is for sale on a Russian hacking forum.
  • An archive containing 1.6 million emails with highly sensitive documents allegedly stolen from the Lithuanian Ministry of Foreign Affairs is available for sale in a hacking forum.
  • The US Financial Regulatory Authority (FINRA) has warned US brokerage firms and brokers about an ongoing phishing campaign impersonating FINRA officials, tricking victims with a threat of penalties to obtain sensitive information.
    Check Point Harmony Email & Office and Anti-Phishing provide protection against this threat
  • Threat actors have been attacking Microsoft Exchange servers using the ProxyShell vulnerabilities to install backdoors for later access (CVE-2021-34473, CVE-2021-34523, CVE-2021-31207).
    Check Point Sandblast and Anti-IPS blade provide protection against this threat

 

Threat Intelligence Reports

  • Check Point Research has released its monthly threat index for July 2021, showing that while Trickbot is still the most prevalent malware, Snake Keylogger, which was first detected in November 2020, has surged into second place following an intense phishing campaign.
  • A spear-phishing campaign has been targeting Office 365 customers in multiple attacks since July 2020, using Morse code and other encryption methods to evade detection. The malicious attachments have a XLS.HTML extension, so that victims would expect an xls file, while actually opening the internet browser.
    Check Point Harmony Email & Office and Anti-Phishing provide protection against this threat
  • A new Android Trojan named “FlyTrap” has compromised at least 10,000 Facebook accounts in 140 counties since March 2021, through malicious apps that were uploaded to and quickly removed from Google Play, and were later available on third-party app stores, allegedly providing coupons.
  • Ransomware operators such as ‘Magniber’ and ‘Vice Society’ are actively exploiting vulnerabilities in Windows Print Spooler to compromise, spread across a victim’s network, and deploy their tools.
    Check Point Harmony Endpoint and Anti-Bot provide protection against this threat                             
  • Researchers have discovered a new AdLoad adware campaign with over 150 unique samples, some of them with a valid signature, targeting Mac devices.
    Check Point Anti-Bot provides protection against this threat (Adware.Win32.Adload)
  • The SynAck ransomware operators have released the master decryption keys for their operation on their data leak site, as they are soon to launch a new ransomware as-a-service called EL_Cometa.
    Check Point Harmony Endpoint provides protection against this threat (Ransomware.Win32.SynAck)

 

BOOKMARKS

  • CheckMates Video Series: Check Point for Beginners
    If you’re new to Check Point, or would like to brush up on your CP skillset, this is an excellent video series to get you started!  
  • CheckMates “TechTalk” Webinar Recordings
    In case you missed our previous TechTalks, checkout this page for a list of recordings of all the TechTalk webinar series.  Including Management API Best Practices, Migrate to R8x.xx, IPS Ease of Use in R81, & more.

If you were forwarded this email, click here to subscribe.