This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Your Check Point Weekly Updates & Threat Intelligence -- 10/16/2020

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Aaron_Rose
Employee
Employee
0 0 533
‎2020-10-16 06:41 AM

Newsletter_Social.jpg

 

ANNOUNCEMENTS & UPCOMING EVENTS

  • Check Point’s New SASE Remote Access Solution – Powered by Odo
    We recently acquired Odo to enhance our SASE solution with advanced zero-trust network access capabilities.  In this session we discuss and demonstrate Odo’s technology and architecture, and explain how it will be combined into our SASE platform.
    Details Here (Q&A, Webinar Recording & Demos)

  • CheckMates Go Podcast - S02E29: Ransomware Recovery is Pee Chee
    Check Point’s PhoneBoy, aka Dameon Welch Abernathy, talks with Raymond Schippers and Tim Otis from the Check Point Incident Response Team about the latest issues with Ransomware. You have your Pee Chee folder with your recovery plans printed out, right?
    Listen Here

  • Tip of the Week: “Configuring Geo Policy using Updatable Objects in R80.20 and Up”

  • Podcast: Beyond the Perimeter “Coffee Talks”
    Join your favorite radio voice, Brian Linder, and co-host, Aaron Rose on our new bi-weekly “Coffee Talks” podcast.  Each episode we explore the latest in Advanced Threats and discuss the latest cyber security trends, technologies & best practices with our guests.  Just 14 minutes each episode, it’s the perfect way to start your day by staying in the loop as we all emerge into a post-COVID world.
    iTunes
    Spotify


VULNERABILITIES AND PATCHES

  • Researchers have discovered 55 security flaws, 11 of them critical, in multiple Apple services. Among the flaws is a wormable cross-site scripting (XSS) vulnerability that could enable iCloud data theft.
  • Cisco has addressed three high severity vulnerabilities in WebEx video conferencing system, Video Surveillance 8000 Series IP Cameras and Identity Services Engine. The IP Cameras flaw could allow an attacker to execute arbitrary code and cause the device to reload, resulting in a DDoS attack.
  • Researchers have uncovered ‘The Prisoner of Azure-Kaban’ - six vulnerabilities, three of them critical, in Azure Sphere, a new IoT security solution for cloud connected devices.
  • Comcast XR11 voice remote controller, used for over 18 million devices across the US, has been found to be vulnerable to a man-in-the-middle attack leveraging its RF communication, that could turn the device into an eavesdropping tool.
  • QNAP has patched two critical vulnerabilities in Helpdesk, an app built-in to its Network Attached Storage (NAS) servers. The flaw might enable an attacker to take over the vulnerable device.

 

TOP ATTACKS AND BREACHES

  • Healthcare technology firm eResearchTechnology, providing software for hospitals and clinics, has been hit by the Ryuk ransomware, leading to delays in COVID-19 treatment development.
    Check Point SandBlast and Anti-Bot provide protection against this threat (Ransomware.Win32.Ryuk)
  • Check Point Research has reported that attackers are launching phishing campaigns targeting Amazon consumers in preparation for Amazon’s annual Prime Day. Over a quarter of the domains containing the word Amazon and registered during the last month are malicious.
  • Asian food delivery app Chowbus has been breached, leading to an extensive data theft. Over 400,000 customer records including names, email addresses, phone numbers and home addresses were stolen.
  • The US Justice Department has revealed 92 domains used by Iran's Islamic Revolutionary Guard Corps (IRGC) to host fake news outlets in multiple languages as part of a global disinformation campaign.
  • The virtual conference platform Playback Now has been leveraged for a credit card skim and financial data theft attack. Attackers impersonated the platform’s official website and injected a reference to the rogue website into dozens of Magneto e-commerce websites.
  • Docsketch electronic document-signing service has announced a data breach, as hackers gained access to its database containing contact information and form fields related to documents filed out by users.
  • The FBI and CISA have released a warning against a campaign leveraging multiple vulnerabilities, old and new, to gain access to federal, state and local computer networks, carried out by foreign government-linked threat actors. Elections support systems were accessed, but elections data has not been compromised.
  • Georgia Department of Human Services has been hit by a cyber-attack, exposing personal information of adults and children who have cases with child protection services.
  • The Springfield Public School district in Massachusetts has been hit with ransomware, forcing a complete shut-down of its systems and of over 60 schools, accommodating 25,000 students and 4,500 employees.

 

THREAT INTELLIGENCE REPORTS

  • Check Point Research has warned against a surge in ransomware attacks, led by Maze and Ryuk. In Q3, there were 50% more ransomware attacks globally than in Q2, and the number of Ryuk attacks against healthcare organizations doubled.
    Check Point SandBlast and Anti-Bot provide protection against this threat (Ransomware.Win32.Ryuk; Ransomware.Win32.Maze)
  • MosaicRegressor is a campaign relying on a modified Hacking Team tool to attack the machine’s UEFI firmware, in charge of loading the operating system, and deliver a persistent malware. Diplomats worldwide are among its targets.
    Check Point SandBlast Agent provides protection against this threat
  • Researchers have investigated BAHAMUT, a quality threat group that targets government and human rights entities across India, the Emirates, Saudi Arabia and the Middle East, and uses zero-day exploits and malicious apps available in Google Play Store and App Store for infection.
  • The US Cyber Command has gained access to the Trickbot botnet management panel and acted to disconnect all infected machines from the C&C servers and deceive its operators by adding forged records to the botnet database.
  • New IoT botnet dubbed HEH had been discovered by researchers. The botnet targets routers, servers and IoT devices and features a disk-wiping function, which allows it to wipe all data from the infected systems.

 

BOOKMARKS

  • CheckMates Video Series: Check Point for Beginners
    If you’re new to Check Point, or would like to brush up on your CP skillset, this is an excellent video series to get you started!  
  • CheckMates “TechTalk” Webinar Recordings
    In case you missed our previous TechTalks, checkout this page for a list of recordings of all the TechTalk webinar series.  Including Management API Best Practices, Migrate to R80.40, IPS Ease of Use in R80.20, & more.

 

If you were forwarded this email, click here to subscribe.

0 Kudos