Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 

Your Check Point Weekly Updates & Threat Intelligence -- 08/06/2021

Aaron_Rose
Employee
Employee
0 0 689

Newsletter_Social.jpg

 

ANNOUNCEMENTS & UPCOMING EVENTS

  • Ransomware, Solved. -- Check Point is offering extended, 90-day evaluations of our Anti-Ransomware technology for all organizations.  
    In an effort to protect all users from the ongoing global Cyber Pandemic, including targeted ransomware, Check Point offers AI-based behavioral algorithms, file restoration, and deep forensics analysis to ensure you are able to:
    • Prevent: Attacks are automatically and fully quarantined based on anti-ransomware’s behavioral analysis
    • Contain: Infections are contained and terminated on the system, preventing lateral movement
    • Remediate: The system is automatically reverted to a pre-infection state without reliance on Windows Shadow Copy

Check out our video demonstration against multiple ransomware variants & request your evaluation here.

  • New YouTube Channels: 
    • Check Point Architects
      This channel, managed by architects Dan Taney & Aaron Rose will serve as a repository for demo videos, reports for forensic analysis, and technical training for our customers.
    • Tips & Tricks
      Did you miss an episode of Tips & Tricks?  Or do you want to replay a specific topic?  Here you’ll find all the videos for past & future Tips & Tricks. 

 

  • Check Point <SECURE> Users & Access
    In this virtual event, you will hear from security analysts, customers, architects, technologists, and a cybercrime psychology expert, as they give their insights and perspectives on securing the "everywhere employee" in the new hyper-distributed workspace. Learn about security best practices and innovations, including Secure Access Service Edge (SASE), Zero Trust Network Access (ZTNA), in-browser protection, Endpoint Protection (EPP) and EDR, cloud email & collaboration apps security, and Mobile Threat Defense (MTD).
    When: Wednesday, August 25th @ 11am EST
    Register Here

  • Podcast: “CISO Secrets”

“CISO's Secrets” promises clear talk on cybersecurity’s burning topics, but not only; A series of 40 minutes weekly podcast hosting Telco industry CIOs and CISO’s, from global and leading companies. Podcast will share true stories, reveal real-life scenarios, and more. The host will lead discussions about Security trends, best practices, cloud, networks, data, employees, habits, and secrets while drifting between personal and professional life.

Listen Here

VULNERABILITIES AND PATCHES

  • Zero-day flaws in Kaseya’s cloud-based enterprise solution can be exploited for remote code execution and privilege escalation on client-side. Users are warned to avoid exposing the service to the internet.
  • Flaws in Zimbra’s email collaboration software could allow attackers to compromise email accounts and cloud secrets by sending a malicious email containing a JavaScript payload.
  • Apple has released a security update to address a vulnerability in macOS and iOS that may have already been exploited to deliver malware (CVE-2021-30807).
  • Researchers have disclosed details about a recently patched critical flaw in Microsoft Hyper-V (CVE-2021-28476) that can trigger a DoS condition and remote code execution.
  • Node.JS has released an update for the use-after-free sever HTTP vulnerability (CVE-2021-22930) that could be exploited to corrupt the process and cause application crash and potentially remote code execution.

 TOP ATTACKS AND BREACHES

  • The company that manages COVID-19 vaccination appointments in the Lazio Region in Italy has been hit by ransomware. The attack took down its IT systems, making the booking site unreachable and suspending the vaccination of the entire region surrounding Rome. Check Point Harmony Endpoint provides protection against this threat
  • Threat actors have been using Google ads to promote a website that impersonated the official website for the Brave browser. When visitors try to download the browser from the fake website, it actually downloads remote access malware known as ArechClient or SectopRat.
    Check Point Zero-Phishing provides protection against this threat (Backdoor.SectopRat)     
  • Experts have spotted a previously undocumented Chinese-speaking threat actor tracked as GhostEmperor using a new PlugX variant in an ongoing attack targeting Microsoft Exchange flaws on high-profile victims, mainly South Asian entities and governments. Check Point Anti-Bot provides protection against this threat (Trojan.Win32.Plugx)
  • A new file wiping malware traced as “Meteor” has been found used in the recent attack against Iran’s railway system. “Meteor” is a wiping malware that intentionally deletes files on a computer and causes the system to become unbootable.
  • New camping named “BazaCall” has been spotted using fake call centers for tricking victims into downloading malware, performing data exfiltration, and deploying ransomware on affected machines.
  • Video game company Electronic Arts (EA) has suffered a data breach after refusing to pay ransom following an attack in June. The data published by the threat actors includes the source code for the FIFA 21 soccer game and the Frostbite game engine.
  • The US Department of Justice has disclosed that the Microsoft Office 365 email accounts of employees at 27 US Attorneys’ offices were breached by the Russian Foreign Intelligence Service (SVR) during the SolarWinds global hacking spree.

 THREAT INTELLIGENCE REPORTS

  • Check Point Research has released its 2021 mid-year security report, highlighting the threat trends in the first half of this year, including the global 29% increase in cyber-attacks, 93% surge in ransomware attacks fueled by the Triple Extortion technique, and rise in supply chain attacks.
  • Check Point Research has analyzed an XLoader variant for macOS, similar to the Formbook malware, including its anti-analysis tricks, encryption, network communication, and supported commands.
    Check Point Threat Emulation, Anti-Bot and Anti-Virus provide protection against these threats (Trojan.WIN32.Formbook; InfoStealer.Win.Formbook; Banking.Win32.Formbook; Trojan.Mac.XLoader)
  • Researches have spotted a new strain of Android banking Trojan Vultur, which uses screen recording and keylogging for the capturing of login credentials. Check Point Harmony Mobile provides protection against this threat
  • A new variant of the LockBit 2.0 ransomware has been found with an ability to use Windows Active Directory group policies to disable Windows Defender security features and launch the ransomware executable across an entire network.
    Check Point Harmony Endpoint provides protection against this threat (Ransomware.Win32.LockBit)
  • Experts have released a decryptor and file recovery tool for “Prometheus” ransomware, brute-forcing encryption keys. Since its release two weeks ago, the ransomware group hasn’t published new data on its dark web leak site, potentially seizing operation. Check Point Harmony Endpoint provides protection against this threat

 

BOOKMARKS

  • CheckMates Video Series: Check Point for Beginners
    If you’re new to Check Point, or would like to brush up on your CP skillset, this is an excellent video series to get you started!  
  • CheckMates “TechTalk” Webinar Recordings
    In case you missed our previous TechTalks, checkout this page for a list of recordings of all the TechTalk webinar series.  Including Management API Best Practices, Migrate to R8x.xx, IPS Ease of Use in R81, & more.

 

 

If you were forwarded this email, click here to subscribe.