CVE-2023-28134

The CVE-2023-28134 issue affects Check Point Harmony Endpoint / ZoneAlarm Extreme Security. A local attacker who can run low-privilege code can escalate to SYSTEM via the Remediation Service vulnerability. Public fixes are available: Check Point Endpoint Security E87.10 Windows clients and ZoneAl...

CVE-2023-28134 Local Privliege Escalation in Check Point Endpoint Security Remediation Service

Local attacker can escalate privileges on affected installations of Check Point Harmony Endpoint/ZoneAlarm Extreme Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability...

CVE-2023-28134 Local Privliege Escalation in Check Point Endpoint Security Remediation Service

Local attacker can escalate privileges on affected installations of Check Point Harmony Endpoint/ZoneAlarm Extreme Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability...

Check Point Harmony Endpoint Security Vulnerability

Check Point Harmony Endpoint is an endpoint security product from Check Point. A security vulnerability exists in Check Point Harmony Endpoint that stems from an elevation of privilege vulnerability...

Local Privilege Escalation in Check Point Endpoint Security Remediation Service

Symptoms - This vulnerability allows local attackers to escalate privileges on affected installations of Check Point Harmony Endpoint / ZoneAlarm Extreme Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability...

PT-2023-8555 · Check Point · Check Point Endpoint Security +2

Name of the Vulnerable Software and Affected Versions: Check Point Harmony Endpoint/ZoneAlarm Extreme Security versions affected versions not specified Description: The issue is related to improper permission assignment for a critical resource in Check Point Endpoint Security. It allows a local...

Iranian Hackers Launch Destructive Cyber Attacks on Israeli Tech and Education Sectors

Israeli higher education and tech sectors have been targeted as part of a series of destructive cyber attacks that commenced in January 2023 with an aim to deploy previously undocumented wiper malware. The intrusions, which took place as recently as October, have been attributed to an Iranian...

Iranian Cyber Espionage Group Targets Financial and Government Sectors in Middle East

A threat actor affiliated with Iran's Ministry of Intelligence and Security MOIS has been observed waging a sophisticated cyber espionage campaign targeting financial, government, military, and telecommunications sectors in the Middle East for at least a year. Israeli cybersecurity firm Check...

Researchers Unveil ToddyCat's New Set of Tools for Data Exfiltration

The advanced persistent threat APT actor known as ToddyCat has been linked to a new set of malicious tools that are designed for data exfiltration, offering a deeper insight into the hacking crew's tactics and capabilities. The findings come from Kaspersky, which first shed light on the adversary...

Researchers Uncover Ongoing Attacks Targeting Asian Governments and Telecom Giants

High-profile government and telecom entities in Asia have been targeted as part of an ongoing campaign since 2021 that's designed to deploy basic backdoors and loaders for delivering next-stage malware. Cybersecurity company Check Point is tracking the activity under the name Stayin' Alive. Targe...

Formbook Takes the Throne as Most Prevalent Malware

By Waqas September 2023’s Most Wanted Malware: Remcos Wreaks Havoc in Colombia and Formbook Takes Top Spot after Qbot Shutdown, reveals Check Point. This is a post from HackRead.com Read the original post: Formbook Takes the Throne as Most Prevalent Malware...

New Variant of Banking Trojan BBTok Targets Over 40 Latin American Banks

An active malware campaign targeting Latin America is dispensing a new variant of a banking trojan called BBTok, particularly users in Brazil and Mexico. "The BBTok banker has a dedicated functionality that replicates the interfaces of more than 40 Mexican and Brazilian banks, and tricks the...

BBTok Malware Returns, Targeting Over 40 Banks in Brazil and Mexico

By Deeba Ahmed New BBTok Banking Trojan Variant Emerges in Latin America: Check Point Research. This is a post from HackRead.com Read the original post: BBTok Malware Returns, Targeting Over 40 Banks in Brazil and Mexico...

PT-2023-9283 · Check Point · Check Point Zonealarm Extreme Security

Name of the Vulnerable Software and Affected Versions: Check Point ZoneAlarm Extreme Security affected versions not specified Description: This issue allows local attackers to escalate privileges on affected installations. The flaw exists within the Forensic Recorder service, where an attacker ca...

Checkpoint Gaia Portal R81.10 Remote Command Execution Vulnerability

========================= Exploit Title: Hostname injection leads to Remote Code Execution RCE Authenticated Product: Gaia Portal Vendor: Checkpoint Vulnerable Versions: R81.20 Take 14, R81.10 Take 95, R81 Take 82 and R80.40 Take 198 Tested Version: R81.10 take 335 Advisory Publication: July 27,...

Checkpoint Gaia Portal R81.10 Remote Command Execution

========================= Exploit Title: Hostname injection leads to Remote Code Execution RCE Authenticated Product: Gaia Portal Vendor: Checkpoint Vulnerable Versions: R81.20 Take 14, R81.10 Take 95, R81 Take 82 and R80.40 Take 198 Tested Version: R81.10 take 335 Advisory Publication: July 27,...

The vulnerability of clients under comprehensive network endpoint protection from Check Point Endpoint Security allows attackers to enhance their privileges.

The vulnerability of Check Point Endpoint Security’s comprehensive network endpoint protection lies in the improper assignment of permissions to critical resources. Exploiting this vulnerability can allow attackers to enhance their privileges...

Check Point Response to CVE-2023-28130 - Hostname command injection in Gaia Portal

Symptoms - Local user may lead to privilege escalation using Gaia Portal "Hosts and DNS" page. This issue received the ID CVE-2023-28130. Solution This problem was fixed. The fix adds more validations on user input and is included starting from: Check Point R82 Jumbo Hotfix Accumulator for R81.20...

Design/Logic Flaw

Local privilege escalation in Check Point Endpoint Security Client version E87.30 via crafted OpenSSL configuration file...

CVE-2023-28133

CVE-2023-28133 relates to a local privilege escalation in Check Point Endpoint Security Client (E87.30). The root cause is a flaw involving a crafted OpenSSL configuration file that allows a low-privilege user (Users group) to elevate privileges via affected components (e.g., TracSrvWrapper.exe, ...