Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 

Your Check Point Weekly Updates & Threat Intelligence -- 08/27/2020

Aaron_Rose
Employee
Employee
0 0 583

Newsletter_Social.jpg

 

ANNOUNCEMENTS & UPCOMING EVENTS

  • Webinar: CheckMates TechTalk “Moving the Security Management to the Cloud”
    Have you ever wondered what it would be like to manage your on-premises and virtual gateways from the cloud? Via a web browser? With the best access control and threat prevention platform that can keep pace with the latest security, handle rapid growth and effectively manage maintenance? Join our session and learn about our latest offering Smart-1 Cloud, taking the best security management and putting it in the cloud, utilizing the industry’s most advanced threat prevention and security management.
    When: Wednesday, September 2nd 11:00am
    Register Here

  • Webinar: “Women in IT: Breaking the Glass Ceiling”
    Join us for a live webinar where women in Executive leadership positions will gather for a candid discussion about their perspectives on essential leadership qualities, self-awareness, resilience, and values.
    Topics will include:
    --Diversity in the workplace
    --Finding work/life balance while remote working
    --Empathy as a superpower
    --The future for Women in IT
    When: Tuesday, September 15th 12pm EST
    Register Here

  • Webinar: “SASE Securely Connects Remote and Branch Users to the Cloud”
    --Today’s enterprises are hyper-distributed, with applications residing everywhere including traditional datacenters, cloud data centers or accessed as cloud services, like Office 365.  Branches are now bypassing data center security and connecting to local internet providers to reduce application latency and costs.  Remote User connectivity is the new normal, so enterprises need to use zero trust access controls to support network connectivity at anytime from anywhere.  The only way to secure a distributed enterprise is with distributed security. How do you do that without losing control? Check Point Secure Access Service Edge (SASE) is the solution.
    When: Thursday, September 3rd– 12pm EST
    Register for the webinar here
       

  • Podcast: Beyond the Perimeter “Coffee Talks”
    Join your favorite radio voice, Brian Linder, and co-host, Aaron Rose on our new bi-weekly “Coffee Talks” podcast.  Each episode we explore the latest in Advanced Threats and discuss the latest cyber security trends, technologies & best practices with our guests.  Just 14 minutes each episode, it’s the perfect way to start your day by staying in the loop as we all emerge into a post-COVID world.
    iTunes
    Spotify


VULNERABILITIES AND PATCHES

  • Microsoft has issued an out-of-band software update for Windows 8.1 and Windows Server 2012 R2 to patch two recently reported vulnerabilities CVE-2020-1530 and CVE-2020-1537.
  • A vulnerability in Jenkins, an open source server software, tracked as CVE-2019-17638 with CVSS rating of 9.4, may allow unauthenticated attackers to receive sensitive data intended for other users.
    Check Point IPS provides protection against this threat (Jenkins Jetty Buffer Overflow (CVE-2019-17638))
  • PoC exploits for two previously patched vulnerabilities in Apache Struts 2 have been published on GitHub. Successful exploitation of the bugs, tracked as CVE-2019-0230 and CVE-2019-0233, could allow RCE and DoS attacks.
    Check Point IPS provides protection against this threat (Apache Struts2 Content-Type Remote Code Execution)(Apache Tomcat CGI Servlet Remote Code Execution (CVE-2019-0232))
  • A critical bug in Google’s Gmail allowed attackers to send spoofed emails, bypassing both SPF and DMARC security protocols. The issue is caused due to missing verification when configuring mail routes.
  • Cisco has released updates to multiple vulnerabilities on the Trek IP stack, known as Ripple20, exploitation of which could result in remote code execution or DoS. Update is required on multiple Cisco products.

 

TOP ATTACKS AND BREACHES

  • The University of Utah has paid $457K to prevent attackers from publishing student and employee information stolen during a ransomware attack which ended on July 19th. The ransom has been paid by the university’s cyber insurer. 
  • Taiwan has blamed four Chinese APT groups: Blacktech, Taidoor, MustangPanda and APT40 for conducting a long-term espionage operation. The operation targeted employees of companies that provide services to government entities.
  • International IT giant Konica Minolta has been hit by RansomEXX ransomware, the same malware used in an attack on Texas department of transportation in June 2020, and its services were down for almost a week.
  • South African credit reporting agency, Experian, has disclosed a data breach of personal information impacting 24 million customers. The attackers behind this operation were identified by local law enforcement, and a court order allowed to seize their equipment and wipe the stolen data.
  • Voice phishing attacks are on the rise due to COVID-19 remote work policies and following the high-profile Twitter vishing scam. Researchers describe coordinated attacks, leasing of American voice actors, set-up of dedicated phishing pages to bypass MFA mechanism, in campaigns often focusing on corporate new hires.
  • Thousands of Canadian government services accounts have been hacked in credentials stuffing attacks, some were later used to divert COVID-19 aid payments.
  • A newly reported botnet dubbed FritzFrog, operating since early this year, has been targeting SSH servers. FritzFrog, written from scratch in GO, is a P2P botnet, does not have a centralized C2 and is fileless - operating completely from memory. It is currently used for Monero cryptomining but most likely intended for future infrastructure-as-a-service purposes.
    Check Point Anti-Bot provides protection against this threat (Botnet.Linux.FritzFrog)

 

THREAT INTELLIGENCE REPORTS

  • The threat actor behind the GoldenSpy backdoor, delivered with compulsory tax-software for companies conducting business in China, is engaged in an effort to uninstall it, trying to cover their traces. Researchers report of several variants of the uninstaller, changing to avoid detection by published YARA rules.
    Check Point SandBlast and anti-Bot provide protection against this threat (Goldenspy)
  • US CISA has published a malware analysis of a North Korean RAT, BLINDINGCAN, used by the Lazarus APT group in a campaign to recruit defense employees of American defense corporations through LinkedIn. This follows an extensive report by the US army describing North Korea’s cyber arm ‘Bureau 121’ and its subdivisions, employing more than 6,000 hackers, many of which operate from abroad.
    Check Point Anti-Bot and Anti-Virus provide protection against this threat (RAT.Win32.BLINDINGCAN)
  • Hidden Shadow, the threat actor behind the WannaRen ransomware, has submitted master decryption key to be used for a free decryption tool. WannaRen’s integrated EternalBlue exploit mechanism made it spread rapidly in China, driving its developers to release keys, probably in fear of Chinese authorities’ actions.
    Check Point SandBlast and Anti-Virus provide protection against this (Ransomware.Win32.wannaren)

 

BOOKMARKS

  • CheckMates Video Series: Check Point for Beginners
    If you’re new to Check Point, or would like to brush up on your CP skillset, this is an excellent video series to get you started!  
  • The “Ultimate” Collection of Check Point Links
    This is a personal favorite compiled by Valerie Loukine, a Cyber Security Evangelist here at Check Point.  The document includes 50+ links to helpful articles, secure knowledge (SK’s), best practice guides, videos & more.  I highly recommend you bookmark this one!
  • CheckMates “TechTalk” Webinar Recordings
    In case you missed our previous TechTalks, checkout this page for a list of recordings of all the TechTalk webinar series.  Including Management API Best Practices, Migrate to R80.40, IPS Ease of Use in R80.20, & more.

 

 

If you were forwarded this email, click here to subscribe.