Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 

Your Check Point Weekly Updates & Threat Intelligence -- 12/03/2021

Aaron_Rose
Employee
Employee
0 0 757

Newsletter_Social.jpg

 

ANNOUNCEMENTS & UPCOMING EVENTS  

  • TechTalk: Centralized Upgrades – Best Practices
    In a complex environment, keeping your security system up to date may be a real challenge. In the R&D Device Operation Group, our mission is to help our customers to reduce time and complexity of their daily tasks. In this TechTalk, we will discuss the latest SmartConsole functionality which changes the maintenance and upgrade routine for you. Join us to learn how to centralize upgrade operations with the latest versions.
    When: Wednesday, December 15th @ 11am EST
    Register Here

  • Virtual CPX 2022 – Save the Date! Jan 26 - 27, 2022
    CPX 360 2022 features an exclusive lineup of keynotes and in-depth sessions from industry visionaries and global experts who are helping to shape the future of cyber security. Here are some of the exciting features we have planned for you:
    • Industry and technology issues and trends
    • A special preview of Check Point’s 2022 product roadmap
    • Best practices and operations of Check Point solutions
    • The latest solutions from our Technology Partners
    • Hands-on labs and demos with our latest products
    • In-depth info on advances in cloud, zero trust, and endpoint security

  • New YouTube Channels: 
    • Check Point Architects
      This channel, managed by architects Dan Taney & Aaron Rose will serve as a repository for demo videos, reports for forensic analysis, and technical training for our customers.
    • Tips & Tricks
      Did you miss an episode of Tips & Tricks?  Or do you want to replay a specific topic?  Here you’ll find all the videos for past & future Tips & Tricks. 

 

  • Podcast: “CISO Secrets”

“CISO's Secrets” promises clear talk on cybersecurity’s burning topics, but not only; A series of 40 minutes weekly podcast hosting Telco industry CIOs and CISO’s, from global and leading companies. Podcast will share true stories, reveal real-life scenarios, and more. The host will lead discussions about Security trends, best practices, cloud, networks, data, employees, habits, and secrets while drifting between personal and professional life.

Listen Here

TOP ATTACKS AND BREACHES

  • GoDaddy has announced they suffered a data breach with data of up to 1.2 million of its customers being exposed after an unauthorized person used a compromised password to gain access to the company's Managed WordPress hosting environment. 
  • Iranian airline Mahan Air has been victim of a cyber-attack which resulted in its website going offline. The company still operated its flights on schedule without major disruptions.
  • A threat group is leveraging a new custom-made malware called “Tardigrade”, which is spread via phishing emails or infected USB drives, to attack biomanufacturing companies. The attacks aim at intellectual property theft and eventually infect the systems with a ransomware.
  • Security analysts have discovered a new malware campaign on Huawei's AppGallery catalog which led to 9,300,000 downloads from 190 different games containing the Android Trojan Cynos that is able to collect user phone number, device location and other parameters. 
  • A new Iranian threat actor is stealing Google and Instagram credentials belonging to Farsi-speaking targets worldwide by leveraging a Microsoft MSHTML RCE flaw tracked CVE-2021-40444 and using a new PowerShell-based stealer called PowerShortShell.
    Check Point IPS, Anti-Virus and Anti-Bot protect against this threat (Microsoft Internet Explorer MSHTML Remote Code Execution (CVE-2021-40444); HEUR:Exploit.MSOffice.CVE-2021-4044)
  • IKEA is currently victim of a cyberattack where threat actors are targeting employees in internal phishing attacks using stolen reply-chain emails – replying on legitimate internal emails and attaching or linking to malicious documents. IKEA suppliers and business partners are compromised as well.
  • A new malware campaign has been discovered on Discord deploying the Babadeda crypter to hide malware that targets cryptocurrencies, NFTs, and DeFi communities.

 

 

VULNERABILITIES AND PATCHES

  • Check Point Research has identified security flaws in the smartphone chip made by Taiwanese manufacturer MediaTek, used in 37% of the world’s smartphones. The security flaws were found inside the chip’s audio processer. MediaTek patched the vulnerabilities, which could have enabled a hacker to eavesdrop on Android users, elevate privileges and execute commands.
    Check Point Harmony Mobile provides protection against this threat
  • A researcher has demonstrated how the patch for CVE-2021-41379 can be bypassed, enabling elevation of privileges in Windows 10 and 11 and Windows Server.
  • Unofficial patches have been made available to protect Windows users from a local privilege escalation zero-day flaw in the Mobile Device Management Service concerning all Windows 10 versions.

THREAT INTELLIGENCE REPORTS

  • Security researchers have found CronRAT, a new remote access Trojan for Linux servers that conceals itself by hiding in tasks scheduled for execution on a date that does not exist, February 31st. The malware is used to enable server-side Magecart data theft.
  • The FBI is warning of a surge in spear-phishing email campaigns targeting customers of "brand-name companies", delivered in both emails and SMS messages.
  • A new JavaScript based malware strain called RATDispenser is being used to deliver remote access Trojans and info stealers and potentially steal cryptocurrency information. The delivery vector is a malicious email with an executable attachment.
  • Researchers have set up 320 publicly accessible honeypots to see how quickly malicious actors would target exposed cloud services, and report that 80% of them were compromised in under 24 hours. All honeypots were compromised within a week.
  • Researchers have spotted the TrickBot malware that evades detection by checking the screen resolution of a victim system, only executing on standard configurations.

 

 

 

BOOKMARKS

  • CheckMates Video Series: Check Point for Beginners
    If you’re new to Check Point, or would like to brush up on your CP skillset, this is an excellent video series to get you started!  
  • CheckMates “TechTalk” Webinar Recordings
    In case you missed our previous TechTalks, checkout this page for a list of recordings of all the TechTalk webinar series.  Including Management API Best Practices, Migrate to R8x.xx, IPS Ease of Use in R81, & more.

 

 

If you were forwarded this email, click here to subscribe.

 

Note: This email is typically sent once per week, I create this myself based on content I believe will be most relevant to our customers, partners & peers.  However, if you wish to unsubscribe, use the unsubscribe link or reply and I will remove you from my distribution list.