Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 

Your Check Point Weekly Updates & Threat Intelligence -- 05/29/2020

Aaron_Rose
Employee
Employee
1 0 568

Newsletter_Social.jpg

 

ANNOUNCEMENTS & UPCOMING EVENTS

  • Tips and Tricks 2020 #10 - Best Practices for Threat Prevention in SmartView
    When: Friday, June 5th – 9am (EST)
    Register Here

  • Join our BrightTalk Channel!
    Check Point has teamed up with BrightTalk to give you a one-stop-shop for our webinars.  It features both upcoming live webinars, as well as past webinars - that are available for replay - on topics including Quantum Security Gateways and Endpoint Security.
    Check out our channel here
  • Free Jump Start Training!! – New Course Added
    Check Point’s Education Services Team has expanded our course offerings on Udemy to include a Jumpstart Course for our Hyperscale Network Security solution, Maestro!  This two part course for the Maestro Orchestrator includes initial installation, creation and configuration of security group via the web user interface and SmartConsole features. 
    Access the Training Here

VULNERABILITIES AND PATCHES

  • Researchers have disclosed a security flaw in the Bluetooth and Wi-Fi protocols that left multiple devices, such all iPhones, MacBooks, and the Samsung Galaxy S series, vulnerable to a new attack named Spectra.
  • Five windows zero-day vulnerabilities that allow attackers to escalate privileges have been disclosed. Four vulnerabilities are treated as critical. (CVE-2020-0915, CVE-2020-0986, CVE-2020-0916, CVE-2020-0915)
  • Docker has fixed a security vulnerability in Dockers windows client. The vulnerability (CVE-2020-11492) allows attackers to run programs as SYSTEM which can lead to executing commands with the highest privileges.
  • Microsoft has released a security update to a vulnerability in Edge (Chromium-based) (CVE-2020-1195). An attacker could exploit this vulnerability to write files to arbitrary locations and gain elevated privileges.
  • Cisco has fixed a critical remote code execution vulnerability (CVE-2020-3280) in Cisco Unified Contact Center Express.
  • VMware has released a patch for a VMware cloud directory code injection vulnerability, which may lead to arbitrary remote code execution (CVE-2020-3956).

TOP ATTACKS AND BREACHES

  • Thousands of Israeli websites have been defaced in an Anti-Israeli Campaign carried out by the “Hacker of Savior” group. All websites were hosted on a local Israeli hosting company called uPress, and the attackers centrally exploited a vulnerability in a WordPress plugin to publish an anti-Israeli message on the websites’ homepages with an embedded link to attempt to get webcam access. 
  • Check Point Research has identified a phishing document impersonating the IRS 1040 form, one of the official documents that US taxpayers use to file their annual income tax return. Uploaded to Google Drive, the PDF document was called “2018 1040 Tax Forms5.pdf” and came with a phishing kit.  Check Point Anti-Virus provides protection against this threat
  • Indonesia’s election commission has suffered from a data breach leaked on a well-known hacker forum. The data posted includes more than 200 million voters’ personal information such as names, addresses, ID numbers, birth dates, and more. The leaked information appears to date back to 2013.  
  • Iranian Chafer APT group has targeted government and air transportation companies in Kuwait and Saudi Arabia in a recent attack campaign that included several hacking tools and a custom-built backdoor.   
  • UK airline EasyJet has been hit by a cyber-attack exposing email addresses and travel information of 9 million customers, and credit card details of 2,200 customers.
  • Thailand’s Android users are being targeted by a new variant of DenDroid name “WolfRAT”, operated by Wolf researchers, over messaging apps like WhatsApp, Facebook Messenger and Line. The new variant performs spying functions, stealing photos, audio, text messages and more. 
  • A hacking group called CyberWare is targeting companies that allegedly conduct loan scams with MilkmanVictory ransomware and multiple denial of service attacks. The ransomware encrypts files and deletes the key, as the hackers intend to create irreversible damage rather than ask for ransom.  Check Point SandBlast provides protection against this threat

 

THREAT INTELLIGENCE REPORTS

  • Check Point Research has introduced a new security mechanism for Linux called “safe-linking”. This mechanism, which protects against exploitation of single-linked lists, is now deployed in popular open-source libraries such as glibc.
  • Researchers have analyzed “DEFENSOR ID”, a banking Trojan that can steal the victim’s bank account credentials, cryptocurrency wallet private key, two-factor authentication and more. The Android app was available on the official Google Play store.
    Check Point SandBlast Mobile provides protection against this threat
  • Ragnar Locker ransomware has improved and is now opening a virtual machine on the victim’s device to avoid detection while running the ransomware, then mapping network drives and encrypting them.
    Check Point SandBlast provides protection against this threat (Ransomware.Win32.Ragnarlocker)
  • Researchers have released a new jailbreak tool that can unlock all iPhones that run versions of iOS from 11 to 13.5. It is yet unknown which vulnerabilities were used in building the jailbreak.
  • Winnti hacking group is using a new malware named PipeMon with a novel method to achieve persistence in attacks aimed at video game companies.

BOOKMARKS

  • CheckMates Video Series: Check Point for Beginners
    If you’re new to Check Point, or would like to brush up on your CP skillset, this is an excellent video series to get you started!  
  • The “Ultimate” Collection of Check Point Links
    This is a personal favorite compiled by Valerie Loukine, a Cyber Security Evangelist here at Check Point.  The document includes 50+ links to helpful articles, secure knowledge (SK’s), best practice guides, videos & more.  I highly recommend you bookmark this one!
  • CheckMates “TechTalk” Webinar Recordings
    In case you missed our previous TechTalks, checkout this page for a list of recordings of all the TechTalk webinar series.  Including Management API Best Practices, Migrate to R80.20, IPS Ease of Use in R80.20, & more.

 

 

If you were forwarded this email, click here to subscribe.