Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 

Your Check Point Weekly Updates & Threat Intelligence -- 08/20/2020

Aaron_Rose
Employee
Employee
0 0 654

Newsletter_Social.jpg

 

ANNOUNCEMENTS & UPCOMING EVENTS

  • Webinar: CheckMates TechTalk “Moving the Security Management to the Cloud”
    Have you ever wondered what it would be like to manage your on-premises and virtual gateways from the cloud? Via a web browser? With the best access control and threat prevention platform that can keep pace with the latest security, handle rapid growth and effectively manage maintenance? Join our session and learn about our latest offering Smart-1 Cloud, taking the best security management and putting it in the cloud, utilizing the industry’s most advanced threat prevention and security management.
    When: Wednesday, September 2nd 11:00am
    Register Here

  • Cloud Security Checkup & $100 AWS Credit
    Sure, you’ve secured your perimeter with the latest in Threat Prevention Technologies, but what about your cloud environment? 
    Check Point offers a free Cloud Security Checkup including:
    --Cloud Best Practices scan: Compute, storage, database, security & identity
    --Malicious Network Activities detection: Communication to C&C servers, infected EC2, compromised connection, data exfiltration potential, crypto-miners activity and more
    Download a sample report here
    Request a free Cloud Security Checkup & receive a $100 AWS Credit here

  • Webinar: “SASE Securely Connects Remote and Branch Users to the Cloud”
    --Today’s enterprises are hyper-distributed, with applications residing everywhere including traditional datacenters, cloud data centers or accessed as cloud services, like Office 365.  Branches are now bypassing data center security and connecting to local internet providers to reduce application latency and costs.  Remote User connectivity is the new normal, so enterprises need to use zero trust access controls to support network connectivity at anytime from anywhere.  The only way to secure a distributed enterprise is with distributed security. How do you do that without losing control? Check Point Secure Access Service Edge (SASE) is the solution.
    When: Thursday, September 3rd– 12pm EST
    Register for the webinar here
       

  • Podcast: Beyond the Perimeter “Coffee Talks”
    Join your favorite radio voice, Brian Linder, and co-host, Aaron Rose on our new bi-weekly “Coffee Talks” podcast.  Each episode we explore the latest in Advanced Threats and discuss the latest cyber security trends, technologies & best practices with our guests.  Just 14 minutes each episode, it’s the perfect way to start your day by staying in the loop as we all emerge into a post-COVID world.
    iTunes
    Spotify


VULNERABILITIES AND PATCHES

  • Check Point Research has disclosed vulnerabilities in Amazon Alexa that could grant attackers access to users’ chat history, banking data, usernames, phone numbers and other sensitive information. Possible attack vector requires user interaction by clicking a malicious link and then utilization of Amazon subdomain vulnerabilities, CORS misconfiguration and XSS to receive victim’s CSRF token.
  • Citrix has issued fixes for various vulnerabilities residing in its XenMobile Servers. Two of the vulnerabilities are rated critical and together they could allow unauthenticated attackers to take full control of the server.
  • On this Patch Tuesday Microsoft has released updates for more than 120 vulnerabilities and bugs, including an Internet Explorer vulnerability actively being exploited (CVE-2020-1380) and various others.
    Check Point IPS provides protection against these threats (CVE-2020-1529, CVE-2020-1566, CVE-2020-1578, CVE-2020-1570, CVE-2020-1380, CVE-2020-1567, CVE-2020-1587, CVE-2020-1480, CVE-2020-1584)
  • Attacks targeting a vulnerability in the vBulletin internet-forum-software have been detected shortly after a researcher disclosed it and published three PoC exploits. The new vulnerability is a bypass to an older fix of a 2019 vulnerability.
    Check Point IPS provides protection against this threat (vBulletin Forum Remote Code Execution (CVE-2019-16759))
  • Adobe has released updates to address multiple vulnerabilities in its various products. Eleven of the 26 bugs are rated critical.
    Check Point IPS blade provides protection against these threats (CVE-2020-9711, CVE-2020-9707, CVE-2020-9710, CVE-2020-9713, CVE-2020-9706, CVE-2020-9705, CVE-2020-9697)

 

TOP ATTACKS AND BREACHES

  • The SANS information security training institute has suffered a data breach comprised of 27,000 records of PII (Personally Identifiable Information) which were forwarded to an external email address. SANS traced the source of the attack to a phishing email.
  • The city of Lafayette Colorado has fallen victim to a ransomware attack and paid the criminals’ ransom demand of $45,000. The attack was not part of a targeted campaign and the undisclosed ransomware entered the city’s systems through phishing or brute force attack.
  • Sodinokibi ransomware group has compromised Jack Daniel’s whisky manufacturer – the Brown-Forman spirits group. The threat actor claimed they spent a month inside Brown-Forman’s systems and exfiltrated 1 TB of corporate data, but according to the company it stopped the attack before data was encrypted.
    Check Point SandBlast Anti-Ransomware provides protection against this threat
  • Maze ransomware-gang has published a 2.2GB archive comprising of files allegedly stolen from Canon during a ransomware attack earlier this month.
    Check Point SandBlast Anti-Ransomware and Anti-Bot provide protection against this (Ransomware.Win32.Maze)
  • Data of more than 200K users of Utah-based gun exchange sites has been leaked, and is offered free of charge on a cybercrime forum. According to researchers, the three leaked guns-related databases were all hosted on the same Amazon cloud server.
  • The Israeli Defense Ministry has accused the North Korean related Lazarus APT group in targeting employees of major Israeli defense companies through fake LinkedIn profiles. Researchers said that unlike the group’s regular financially motivated attacks, the current campaign was focused on technology theft.

 

THREAT INTELLIGENCE REPORTS

  • Researchers have reported of a previously unknown APT group dubbed RedCurl involved in business espionage. The Russian-speaking group has been active for at least three years. The group has targeted dozens of companies from various countries, initially compromising them through well-written phishing emails based on in-depth intelligence.
  • The FBI and NSA have released details about a new Linux malware dubbed Drovorub, attributed to the Russian military affiliated APT28. Drovorub is a multipurpose tool capable of data exfiltration, remote code execution and more.
  • A team of researchers has presented a new method of attack on mobile devices, which could let remote attackers break the encryption of voice calls and spy on targeted individuals. The method requires the attacker to be connected to the same base station and initiate a call to the victim.

 

BOOKMARKS

  • CheckMates Video Series: Check Point for Beginners
    If you’re new to Check Point, or would like to brush up on your CP skillset, this is an excellent video series to get you started!  
  • The “Ultimate” Collection of Check Point Links
    This is a personal favorite compiled by Valerie Loukine, a Cyber Security Evangelist here at Check Point.  The document includes 50+ links to helpful articles, secure knowledge (SK’s), best practice guides, videos & more.  I highly recommend you bookmark this one!
  • CheckMates “TechTalk” Webinar Recordings
    In case you missed our previous TechTalks, checkout this page for a list of recordings of all the TechTalk webinar series.  Including Management API Best Practices, Migrate to R80.40, IPS Ease of Use in R80.20, & more.

 

If you were forwarded this newsletter or found us online, click here to subscribe.