Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 

Your Check Point Weekly Updates & Threat Intelligence -- 09/30/2020

Aaron_Rose
Employee
Employee
0 0 735

Newsletter_Social.jpg

 

ANNOUNCEMENTS & UPCOMING EVENTS

  • Webinar : “Support for Election Protection”
    If you are responsible for security around the upcoming November 3rd elections, we're here to help. Our Incident Response team is available to help anyone who has experienced a breach, is undergoing brute force attacks, or anything else they face leading up to November 3rd. Join us for this webinar intended to assist the community by providing information regarding cybersecurity threats facing the 2020 election. You'll learn how to:
    --Mitigate threats from disruptive and destructive attacks to infrastructure, information providers or partners
    --Prevent phishing attacks that use government impersonators or, play on concerns about COVID-19
    --Work securely with 3rd party community portals, data aggregation services and election equipment providers
    When: Tuesday, October 6th 1pm EST
    Register Here

  • TechTalk: “Check Point’s New SASE Remote Access Solution – Powered by Odo”
    We recently acquired Odo to enhance our SASE solution with advanced zero-trust network access capabilities.  In this session we discuss and demonstrate Odo’s technology and architecture, and explain how it will be combined into our SASE platform
    When: Wednesday, October, 7th 11am EST
    Register Here

  • CheckMates Go Podcast: S02E27 - DDoS Extortion
    Check Point’s PhoneBoy, aka Dameon Welch Abernathy, talks with Raymond Schippers and Tim Otis from the Check Point Incident Response Team about how the threat of DDoS is being used to extort money from organizations.
    Listen Here

  • Tip of the Week: “ClusterXL Troubleshooting”

  • Podcast: Beyond the Perimeter “Coffee Talks”
    Join your favorite radio voice, Brian Linder, and co-host, Aaron Rose on our new bi-weekly “Coffee Talks” podcast.  Each episode we explore the latest in Advanced Threats and discuss the latest cyber security trends, technologies & best practices with our guests.  Just 14 minutes each episode, it’s the perfect way to start your day by staying in the loop as we all emerge into a post-COVID world.
    iTunes
    Spotify


VULNERABILITIES AND PATCHES

  • Check Point Research has exposed a vulnerability (CVE-2020-1895) in the iOS and Android versions of Instagram. The high severity vulnerability resides in the open source JPEG format decoder, Mozjpeg, and could have enabled attackers to access victim’s camera, microphone and other components. Check Point SandBlast Mobile provides protection against this threat
  • Cisco Systems has released a series of fixes in a wide range of products. Twenty nine of the patched vulnerabilities are rated high severity.
  • Google has released a new version of Chrome, fixing ten security flaws. The successful exploitation of the most severe of these could allow an attacker to execute arbitrary code by getting the victim to visit a specially crafted webpage.
  • Apple has patched four vulnerabilities affecting macOS Catalina, High Sierra and Mojave.

 

TOP ATTACKS AND BREACHES

  • Following last week’s emergency directive issued by CISA, Microsoft has warned that attackers are actively exploiting the critical Zerologon vulnerability (CVE-2020-1472) to attack Microsoft Windows servers using publicly available PoC exploits.
    Check Point IPS blade provides protection against this threat (Microsoft Netlogon Elevation of Privilege (CVE-2020-1472))
  • Tyler Technologies, the largest provider of software and technology services to the United States public sector, has suffered a cyberattack most likely involving the RansomExx ransomware. Tyler has warned that its credentials were used for remote access to several of its clients and advised for password reset. 
  • $150 million have been stolen from several hot wallets of the Singapore-based cryptocurrency exchange KuCoin. KuCoin stated that hackers obtained private keys to its wallets, and promised to reimburse affected users and publish the wallet address of the hacker and the list of stolen funds.
  • Another DDoS attack hits financial institutions; several Hungarian banks and telecommunication services were disrupted by a distributed attack originating from servers in Russia, China and Vietnam.
  • The network of an unspecified US federal agency has been recently compromised, according to a CISA report. The threat actor behind the attack used compromised O365 credentials to implant malware, evaded the agency’s anti-malware protection and gained persistent access to the network.
  • A major data breach in an Indian government COVID-19 tracking app has exposed personal data of more than 8 million citizens. The exposed data included full names, gender, age, residential address, and contact numbers of everyone who had tested COVID-19 positive in the Indian state of Uttar Pradesh.
  • Luxottica, the world's largest eyewear company, has been hit by a ransomware attack, leading to the shutdown of its operations in Italy and China. Experts suspect the source of the breach was a Citrix ADX controller device, vulnerable to the critical (CVE-2019-19781) flaw. 

 

THREAT INTELLIGENCE REPORTS

  • Facebook has removed accounts and pages of several Russian, Chinese and Philippine disinformation networks conducting coordinated inauthentic behavior (CIB). The Chinese operations were engaged in US elections and China’s interests in the Philippines and Southeast Asia. The Russian networks were involved in creating factious media entities and amplify their content.  
  • Microsoft has published that earlier this year it removed 18 Azure Active Directory applications that were used by the Chinese APT-40 threat actor group as part of their multistage infection chain.
  • Researchers report a Russian speaking threat-actor, OldGremlin, has been linked to at least nine ransomware attacks this year on medical labs, banks, manufacturers, and software developers in Russia. A large Russian medical company hit by the actor received ransom demands of $50K in cryptocurrency.
  • Researchers have exposed an ongoing cyber espionage operation against Indian defense units. The operation, active for more than a year, has been attributed to the Pakistani Transparent Tribe APT group.
  • CISA and the FBI have issued a joint statement warning of threat actors actively spreading false information about compromised voting systems and voter registration databases in order to discredit the electoral process. According to CISA, attempts to compromise election infrastructure could only slow down but not prevent voting efforts.

 

BOOKMARKS

  • CheckMates Video Series: Check Point for Beginners
    If you’re new to Check Point, or would like to brush up on your CP skillset, this is an excellent video series to get you started!  
  • CheckMates “TechTalk” Webinar Recordings
    In case you missed our previous TechTalks, checkout this page for a list of recordings of all the TechTalk webinar series.  Including Management API Best Practices, Migrate to R80.40, IPS Ease of Use in R80.20, & more.

 

 

click here to subscribe & have this weekly newsletter delivered to your inbox