Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 

Your Check Point Weekly Updates & Threat Intelligence -- 05/22/2020

Aaron_Rose
Employee
Employee
1 0 554

Newsletter_Social.jpg

 


ANNOUNCEMENTS & UPCOMING EVENTS

  • Beyond the Perimeter “Coffee Talks” Podcast
    Tune in to Check Point's Coffee Talk, sponsored by your Check Point "Beyond the Perimeter" Team, 14 minutes before your virtual day gets away from you, to get you in the loop while you get that first cup of coffee down, your perfect companion on your COMMUTE TO NOWHERE in COVID times brought to you by Check Point's Beyond The Perimeter Team!  Grab your coffee, quarantine yourself in your home office, and dial us up. Join your host Brian Linder and a different guest expert each episode for a spirited and sometimes quirky look at the CyberSecurity state-of-the-state, COVID, evolving, and emerging threats and challenges facing all of us in all matters of Cybersecurity. Be a little smarter before the day gets away from you, and be entered to win Amazon eGift Cards on every episode.
    When: Every Tuesday – 8:45-9:05am (EST)
    Register Here

  • Webinar- “CloudGuard IaaS Deployment Options on Google Cloud”
    In this session, we will demonstrate all CloudGuard deployment options on Google Cloud.  We will also review the GCP and advantages over AWS and Azure.  We’ll start by building a basic topology for protecting a two-tier web application with a single CloudGuard gateway.  This will consist of a walk you through of the entire process, from the very beginning of building a VPC, subnets, routing, firewall rules, and instances, deploy managed instance groups (MIGs), Internal & External Load Balancer.  Then we will publish two web applications and configure inbound access with SSL inspection, Outbound, and East/West access.
    When: Tuesday, May 26th – 11am (EST)
    Register Here

  • Join our BrightTalk Channel!
    Check Point has teamed up with BrightTalk to give you a one-stop-shop for our webinars.  It features both upcoming live webinars, as well as past webinars - that are available for replay - on topics including Quantum Security Gateways and Endpoint Security.
    Check out our channel here

  • Free Jump Start Training!! – New Course Added
    Check Point’s Education Services Team has expanded our course offerings on Udemy to include a Jumpstart Course for our Hyperscale Network Security solution, Maestro!  This two part course for the Maestro Orchestrator includes initial installation, creation and configuration of security group via the web user interface and SmartConsole features. 
    Access the Training Here

 

VULNERABILITIES AND PATCHES

  • Researchers have uncovered a set of 7 new unpatchable hardware vulnerabilities that affect all desktops and laptops sold in the past 9 years with Thunderbolt, or Thunderbolt-compatible USB-C ports. Exploitation of these vulnerabilities cannot be done remotely, and would require physical access to the computer.
  • Microsoft has released its March 2020 Patch Tuesday security updates to fix 111 vulnerabilities. 16 are rated critical while the rest have been ranked important.
    Check Point IPS provides protection against these threats
  • A critical vulnerability in the WP Product Review life, WordPress plugin that helps site owners create custom review articles using pre-defined templates and installed on over 40,000 sites, can lead to malicious code injection and potentially taking-over vulnerable websites.

TOP ATTACKS AND BREACHES

  • Supercomputers in Switzerland, Germany and the UK have been infected by what looks like a cryptocurrency mining malware. Some of the supercomputers were being used to research COVID-19, and are still down for forensic investigation. The attackers appear to have gained access to the supercomputer clusters via compromised SSH credentials.
  • UK’s ministry of defense contractor “Interserve”, support services and construction company, has suffered a data breach. Attackers have stolen up to 100,000 past and present employees’ personal details including payment and payroll information.
  • Researchers have uncovered a new Trojan dubbed QNodeService, used in a Coronavirus-themed phishing campaign. The operators behind the campaign promise COVID-19 tax relief, to lure victims to run the malicious file.
    Check Point Anti-Virus product provides protection against this threat (backdoor.Win32.qnode)
  • Diebold Nixdorf, major ATM manufacturer, has suffered a ransomware attack that caused only “a limited IT systems outage.” The company discloses the security breach but pointed out that the infection did not impact its ATMs or customer networks.
    Check Point SandBlast provides protection against this threat
  • Magellan Health, a US healthcare company, has been hit by ransomware. The attack took place on April 11, 2020, and included a data breach of personal information from one of the corporate servers.
    Check Point SandBlast provides protection against this threat
  • REvil ransomware, which has recently breached celebrity law firm Grubman Shire Meiselas & Sacks, has increased the ransom demand to $42M. In parallel, the hackers have started releasing leaked client emails, some of them mentioning US President Donald Trump.
    Check Point SandBlast and Anti-Bot provide protection against this threat (Ransomware.Win32.REvil)

 

THREAT INTELLIGENCE REPORTS

  • Check Point Research, analyzing Microsoft’s patch for CVE-2020-0655, have found that the patch added a workaround to fix the vulnerability, but does not address the core vulnerability in the PathCchCanonicalize function. The vulnerability can still be exploited to modify and steal data, among other attacks.
  • Check Point Research have discovered new phishing campaigns impersonating the WHO and popular conferencing platforms, to steal sensitive information. Check Point has seen 192,000 coronavirus-related cyber-attacks per week over the past three weeks, a 30% increase compared to previous weeks.
  • The US government has released information on three new malware variants used in malicious cyber activity campaigns by a North Korean government-backed hacker group tracked as HIDDEN COBRA.
    Check Point SandBlast, Anti-Bot and Anti-Virus provide protection against this threat (Generic.Win32.HiddenCobra)
  • Edison, iPhone Email application, has released a version that contained a bug that caused accounts and massages to sync on devices used by other people. Edison responded by reverting the update and informing that only a “small percent” of users were affected.
  • Researches have exposed a new cyberespionage campaign carried out by the Russia-linked APT group Turla, using a new version of the COMpfun malware. The new variant allows attackers to control hosts using a HTTP status codes.
    Check Point SandBlast and Anti-Bot provide protection against this threat

BOOKMARKS

  • CheckMates Video Series: Check Point for Beginners
    If you’re new to Check Point, or would like to brush up on your CP skillset, this is an excellent video series to get you started!  
  • The “Ultimate” Collection of Check Point Links
    This is a personal favorite compiled by Valerie Loukine, a Cyber Security Evangelist here at Check Point.  The document includes 50+ links to helpful articles, secure knowledge (SK’s), best practice guides, videos & more.  I highly recommend you bookmark this one!
  • CheckMates “TechTalk” Webinar Recordings
    In case you missed our previous TechTalks, checkout this page for a list of recordings of all the TechTalk webinar series.  Including Management API Best Practices, Migrate to R80.20, IPS Ease of Use in R80.20, & more.

 

 

If you were forwarded this email, click here to subscribe.