Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 

Your Check Point Weekly Updates & Threat Intelligence -- 11/11/2021

Aaron_Rose
Employee
Employee
0 0 748

 

 

Newsletter_Social.jpg

 

 

ANNOUNCEMENTS & UPCOMING EVENTS  

 

Check Point: <SECURE> Cloud -- November 10th at 12:00p EST:

  • Dorit Dor & Moti Sagey doing an “Ask Me Anything” type of session
  • Jeff Man, popular Podcast host talking about the fundamentals of security applied to cloud
  • Speakers from AWS & Hashicorp talking about Security as Code
  • Speakers from Microsoft and a customer talking about managing security in a hybrid cloud
  • TJ Gonen talking about all the cloud innovations from Check Point

Register Here

Virtual Hot Sauce Tasting Event

  • Don’t let the heat of phishing burn your company. Instead, join us on November 16th at 4:00 PM ET for a virtual Hot Sauce tasting! Before your tongue burns, you'll know Check Point uses advanced AI and machine learning to catch the most sophisticated and evasive phishing attacks—all before it reaches your inbox. Join us to learn the importance of a prevention-first method to email security and sample some of the best—and hottest—hot sauces around. We'll even raffle off a complimentary, private cooking class with Chef Matt, to one lucky attendee!
    Register Here

  • New YouTube Channels: 
    • Check Point Architects
      This channel, managed by architects Dan Taney & Aaron Rose will serve as a repository for demo videos, reports for forensic analysis, and technical training for our customers.
    • Tips & Tricks
      Did you miss an episode of Tips & Tricks?  Or do you want to replay a specific topic?  Here you’ll find all the videos for past & future Tips & Tricks. 

 

  • Podcast: “CISO Secrets”

“CISO's Secrets” promises clear talk on cybersecurity’s burning topics, but not only; A series of 40 minutes weekly podcast hosting Telco industry CIOs and CISO’s, from global and leading companies. Podcast will share true stories, reveal real-life scenarios, and more. The host will lead discussions about Security trends, best practices, cloud, networks, data, employees, habits, and secrets while drifting between personal and professional life.

Listen Here

TOP ATTACKS AND BREACHES

  • Check Point Research warns of scammers using Google Ads to steal crypto wallets, after seeing over $500k worth of cryptocurrency stolen from victims during one weekend. Scammers are placing ads at the top of Google Search that imitate popular wallet brands, such as Phantom and MetaMask, to trick users into giving up their wallet passphrase and private key. 
  • Check Point Research detected over 100 attacks in recent weeks using the new version of the banking Trojan Mekotio that targeted Latin America in the past, despite the arrests of people associated with its propagation. Security researchers report on its new, stealthier infection flow which starts with a phishing email containing a link to a zip file attachment. Check Point Threat Emulation provides protection against this threat (Win.PSBypass.A; Wins.obfusBat.A)
  • Canadian provinces Newfoundland and Labrador health-care system has suffered a cyberattack, “the worst in Canadian History”, which led to severe disruption to healthcare providers and hospitals. 
  • The UK Labour Party has disclosed that information concerning members, registered and affiliated supporters, was impacted in a data breach after a ransomware attack hit a third-party organization that was managing the party's data.
  • CERT France has issued a warning concerning new ransomware group Lockean responsible for many attacks against French companies over the past two years, including pharmaceutical groups and newspapers.
  • US defense contractor Electronic Warfare Associates (EWA) has confirmed they were victim of a data breach after threat actors launched a phishing campaign and hacked their email system. Hackers were able to exfiltrate files containing personal information.
  • New threat actor “Tortilla”, predominantly targeting US victims, has been hacking Microsoft Exchange servers and breaching corporate networks using the ProxyShell flaw to install the Babuk Ransomware.
    Check Point IPS, Harmony Endpoint and Threat Emulation provide protection against this threat (Microsoft Exchange Server Remote Code Execution (CVE-2021-34473); HEUR:Trojan-Ransom.Linux.Babuk; Ransomware.Win.Babuk)

 

VULNERABILITIES AND PATCHES

  • Google has released the November 2021 Android security updates addressing 18 flaws in the framework and system components as well as 18 other vulnerabilities in the kernel and vendor components.
  • Cisco has released security updates to address critical vulnerabilities in their products allowing unauthenticated hackers to log in using hard coded credentials or default SSH keys to take over vulnerable systems.
  • Mozilla has released Thunderbird 91.3 patching several severe vulnerabilities to prevent attacks such as  denial-of-service, spoof the origin, security policies bypass, and arbitrary code execution.
  • The Philips TASY Electronic Medical Record used by hospitals as a medical record solution and healthcare management system, is vulnerable to two critical SQL injection vulnerabilities that may result in patient data exposure if exploited.
  • A serious heap-overflow security flaw in the Transparent Inter Process Communication module of the Linux kernel tracked CVE-2021-43267 could allow local exploitation and remote code execution, leading to full system compromise.
  • CISA has ordered US federal agencies to patch 276 vulnerabilities actively exploited from 2017 to 2021, posing a significant risk to government agencies.

THREAT INTELLIGENCE REPORTS

  • The HelloKitty ransomware gang (aka FiveHands) has added distributed denial-of-service (DDoS) attacks to their extortion tactics.
    Check Point Harmony Endpoint provides protection against this threat
  • Ransomware gangs are targeting companies involved in "significant financial events" such as corporate M&A.
  • Cybercriminals are asking fraud schemes victims to use cryptocurrency ATMs and QR codes to facilitate payments.
  • The BlackMatter ransomware group says it is shutting down due to pressure from the authorities and recent law enforcement operations. Following the news, their affiliates are transferring their victims to the competing LockBit ransomware site for continued extortion.
    Check Point Harmony Endpoint provides protection against this threat
  • Researchers have found a new attack method called "Trojan Source" allowing vulnerabilities injection into the source code of a software project in a way that is very difficult to detect.
  • The US government is offering a $10 million reward in exchange of information leading to the identification or arrest of members of the DarkSide ransomware gang and its rebrands.

 

 

BOOKMARKS

  • CheckMates Video Series: Check Point for Beginners
    If you’re new to Check Point, or would like to brush up on your CP skillset, this is an excellent video series to get you started!  
  • CheckMates “TechTalk” Webinar Recordings
    In case you missed our previous TechTalks, checkout this page for a list of recordings of all the TechTalk webinar series.  Including Management API Best Practices, Migrate to R8x.xx, IPS Ease of Use in R81, & more.

 

 

If you were forwarded this email, click here to subscribe.