Threat Intelligence Reports

Aaron_Rose · ‎2022-03-11

This is the Your Check Point weekly newsletter.

Upcoming Events & Announcements
Training Resources
Weekly Threat Intelligence (credit: Check Point Threat Research Teams)
- Ransomware gang Lapsus$, which took responsibility for last week’s breach on the giant chip firm NVIDIA, claims it has now managed to breach the Korean manufacturer Samsung, and published 190GB of sensitive data online.
- As part of the NVIDIA leak by the Lapsus$ ransomware gang were 2 stolen code signing certificates used by to sign their drivers and executables. Attackers have already started using these certificates to sign malware, hoping to evade security solutions.

Aaron_Rose · ‎2022-03-04

This is the Your Check Point weekly newsletter.

Upcoming Events & Announcements
Training Resources
Weekly Threat Intelligence (credit: Check Point Threat Research Teams)
- CISA has warned of 2 vulnerabilities in Zabbix IT monitoring tool that are actively exploited in the wild.
- Cisco has addressed four security vulnerabilities in new updates: CVE-2022-20650, a command injection flaw in the NX-API feature of Cisco NX-OS Software, CVE-2022-20623 & CVE-2022-20624, two DoS flaws in NX-OS, and CVE-2022-20625, another DoS vulnerability in the Cisco Discovery Protocol.

Aaron_Rose · ‎2022-02-11

This is the Your Check Point weekly newsletter.

Upcoming Events & Announcements
Training Resources
Weekly Threat Intelligence (credit: Check Point Threat Research Teams)
- Cisco has released patches for several flaws in Cisco Small business RV series routers (RV160, RV260, RV340 and RV345) - CVE-2022-20699 - a critical vulnerability which could allow remote executive of arbitrary code by unauthenticated attackers.
- APT35 group has upgraded its toolkit and is now leveraging a new PowerShell-based implant named “PowerLess Backdoor”. The code runs in a .NET application and won’t launch powershell.exe, allowing evasion from security defenses.

Aaron_Rose · ‎2022-02-04

This is the Your Check Point weekly newsletter.

Upcoming Events & Announcements
Training Resources
Weekly Threat Intelligence (credit: Check Point Threat Research Teams)
- An unauthenticated stack-based buffer overflow flaw (CVE-2021-20038) has been found in SonicWall Secure Mobile Access Gateways & is being actively exploited.
- New MacOS cyberespionage malware dubbed “DazzleSpy” is being leveraged in Watering-Hole attacks

Aaron_Rose · ‎2022-01-14

This is the Your Check Point weekly newsletter.

Upcoming Events & Announcements
Training Resources
Weekly Threat Intelligence (credit: Check Point Threat Research Teams)
- Educational platform provider FinalSite has been hit by a ransomware attack that disrupted thousands of schools receiving their services across 115 different countries.
- FIN7 hackers have been sending malicious USB devices through the US postal services, targeting critical infrastructure.

Aaron_Rose · ‎2022-01-07

This is the Your Check Point weekly newsletter.

Upcoming Events & Announcements
Training Resources
Weekly Threat Intelligence (credit: Check Point Threat Research Teams)
- AvosLocker operators provide a free decryptor after realizing they hit a US police department. #HackerWithAHeart or Fear of Prosecution? 🙂
- Apache Releases version 2.17.1 to address Log4J issue (CVE-2021-44832) (lower severity than the original Log4Shell)

Aaron_Rose · ‎2021-12-03

This is the Your Check Point weekly newsletter.

Upcoming Events & Announcements
Training Resources
Weekly Threat Intelligence (credit: Check Point Threat Research Teams)
- The patch for CVE-2021-41379 can be bypassed, enabling elevation of privileges in Windows 10 and 11 and Windows Server (a patch for the patch to fix the vulnerability.... 🙂 )
- The FBI is warning of a surge in spear-phishing email campaigns targeting customers of "brand-name companies", delivered in both emails and SMS messages.

Aaron_Rose · ‎2021-11-11

This is the Your Check Point weekly newsletter.

Upcoming Events & Announcements
Training Resources
Weekly Threat Intelligence (credit: Check Point Threat Research Teams)
- Cisco releases updates to patch critical vulnerabilities in their products, allowing attackers to log in using hard coded credentials or default SSH keys
- A serious heap-overflow flaw found in a Linux kernel module could allow RCE, leading to a pull system compromise (CVE-2021-43267)
- CISA orders US Federal agencies to patch 276 significant vulnerabilities

Aaron_Rose · ‎2021-11-05

This is the Your Check Point weekly newsletter.

Upcoming Events & Announcements
Training Resources
Weekly Threat Intelligence (credit: Check Point Threat Research Teams)
- Lazarus (AKA Hidden Cobra) has conducted a supply-chain campaign against IT companies and think tanks.
- A Privilege Escalation Vulnerability has been found, affecting all versions of MS Windows (CVE-2021-34484)

Aaron_Rose · ‎2021-10-15

This is the Your Check Point weekly newsletter.

Upcoming Events & Announcements
Training Resources
Weekly Threat Intelligence (credit: Check Point Threat Research Teams)
- Atom Silo, a new ransomware operator, is targeting a recently patched and actively exploited Atlassian Confluence Server & Data Center vulnerability (CVE-2021-26084)
- Google has issued October’s Android security updates, fixing 41 high to critical severity flaw

Your Check Point Weekly Updates & Threat Intelligence -- 03/11/2022