Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 

Your Check Point Weekly Updates & Threat Intelligence -- 09/10/2021

Aaron_Rose
Employee
Employee
0 0 736

Newsletter_Social.jpg

 

 

ANNOUNCEMENTS & UPCOMING EVENTS  

  • Hands-On Labs: Anti-Ransomware Demo Day
    Join us and learn from our Harmony team experts, who will show you how to protect your enterprise against the most sophisticated ransomware attacks, safely recover encrypted data, and ensure business continuity and productivity
    When: Tuesday, September 14th @ 10am EST
    Register Here

  • Webinar: How to Prepare for Ransomware AttacksThe latest ransomware attacks have many organizations considering their risks. If you’re concerned about this threat, curious about REvil, LockBit, Maze, or ransomware-as-a-service, this session of for you.  Join Check Point’s security and technology experts on September 14th to learn about the latest ransomware trends and how Check Point protects customers from the most advanced, never seen before ransomware attacks. Speakers: Jeff Schwartz - Vice President of Engineering & Aaron Rose - Security Architect & Office of the CTO
    • Insights into the recent evolution of ransomware and tactics like “Triple Extortion”
    • How to protect your organization from ransomware attacks with Check Point Harmony Endpoint
    • In-action demo of our latest anti-ransomware capabilities

When: Tuesday, September 14th @ 1:00pm EST
Register Here

  • New YouTube Channels: 
    • Check Point Architects
      This channel, managed by architects Dan Taney & Aaron Rose will serve as a repository for demo videos, reports for forensic analysis, and technical training for our customers.
    • Tips & Tricks
      Did you miss an episode of Tips & Tricks?  Or do you want to replay a specific topic?  Here you’ll find all the videos for past & future Tips & Tricks. 

 

  • Podcast: “CISO Secrets”

“CISO's Secrets” promises clear talk on cybersecurity’s burning topics, but not only; A series of 40 minutes weekly podcast hosting Telco industry CIOs and CISO’s, from global and leading companies. Podcast will share true stories, reveal real-life scenarios, and more. The host will lead discussions about Security trends, best practices, cloud, networks, data, employees, habits, and secrets while drifting between personal and professional life.

Listen Here


VULNERABILITIES AND PATCHES

  • Check Point Research has recently exposed a new Out-Of-Bounds read-write vulnerability, tracked as CVE-2020-1910, in the WhatsApp instant messaging app. The issue, which could have allowed a sophisticated attacker to read sensitive information from WhatsApp memory, was subsequently patched.
  • Threat actors are currently exploiting the Atlassian Confluence remote code execution vulnerability that was recently unveiled, aiming at installing crypto miners. The vulnerability, tracked as CVE-2021-26084, allows a user to execute arbitrary code on a Confluence Server or Data Center instance.
  • Sixteen vulnerabilities dubbed BrakTooth are affecting Bluetooth stacks on system-on-a-chip and could impact billions of varied devices including industrial equipment. The vulnerabilities could allow a threat actor a range of possibilities, including the ability to execute malware on a device.
  • Cisco has announced patching a severe authentication bypass vulnerability (CVE-2021-34746) in its Enterprise Network Function Virtualization Infrastructure Software (NFVIS) which could have allowed a remote attacker to circumvent authentication and log into a vulnerable device as an administrator.

 

TOP ATTACKS AND BREACHES

  • Following the SolarWinds Orion supply-chain attack, the software firm Autodesk announced they identified a compromised server and realized they were also attacked by the Russian linked group Cozy Bear as part of the espionage campaign.
  • The Thai airline Bangkok Airways has announced they were the target of the LockBit ransomware gang. The threat actors announced on their leak website they were holding 200GB of stolen data including passengers’ sensitive data, and threatened to leak it if the company refuses to pay the ransom.

Check Point Harmony Endpoint provides protection against this threat (Ransomware.Win32.LockBit)

  • US-based DuPage Medical Group has experienced a data breach, potentially affecting sensitive medical and private information of 600,000 patients in 100 locations.
  • The Conti ransomware gang has been hacking into Microsoft Exchange servers using the Proxyshell exploits that allow remote code execution on unpatched servers.

Check Point SandBlast Agent and IPS provide protection against this threat (Ransomware.Win32.Conti; HEUR:Trojan-Ransom.Win32.Conti; Microsoft Exchange Server Remote Code Execution (CVE-2021-34473))

  • A researcher has found that over 60,000 parked domains from the domain management company MarkMonitor were left vulnerable to AWS hijacking. The domains were seen pointing to nonexistent Amazon S3 bucket addresses, implying that domain takeovers can be done.
  • US officials are warning of potential investment scams associated with the repercussions of Hurricane Ida: victims targeted will likely be among those receiving compensation from insurance companies covering Hurricane damages.
  • After being fired from a New York credit union, a former revengeful employee deleted 21 GB of data from the company’s file server, including loan applications and highly sensitive information.

 

THREAT INTELLIGENCE REPORTS

  • The Conti ransomware gang playbook that was published by an affiliate of the group last month has been translated to English, and delivers many insights into the attackers’ methods.

Check Point Harmony Endpoint provides protection against this threat (Ransomware.Win32.Conti)

  • The entire source code of Babuk Locker (or Babyk) ransomware has been leaked on a Russian speaking hacker forum by a threat actor allegedly tied to the group, claiming to be suffering from a terminal illness.

Check Point Threat Emulation and Harmony Endpoint provide protection against this threat (HEUR:Trojan-Ransom.Linux.Babuk; Ransomware.Win.Babuk)

  • The FIN7 cybercrime gang has launched a new campaign using Windows 11 theme lures. The group targeted the point-of-sale provider Clearmind, with malicious Microsoft Word documents that include a VBA macro, and made sure that the targets were not from one of the CIS countries.
  • The FBI has released a special warning saying that ransomware gangs are aggressively targeting the food and agricultural sectors that could not only cause financial damage but also impact food supply chains like restaurants, markets, farms, or producers.
  • The FBI and CISA jointly warn of the higher risk of ransomware attacks during weekends and holidays, especially when company’s offices are closed.