Command injection

The Check Point Gaia Portal's GUI Clients allowed authenticated administrators with permission for the GUI Clients settings to inject a command that would run on the Gaia OS...

CVE-2021-30361

The vulnerability CVE-2021-30361 affects the Check Point Gaia Portal GUI Clients, where authenticated administrators with GUI Clients permissions can inject a command that executes on the Gaia OS. The issue stems from an insecure interaction in the GUI Clients feature, enabling local command inje...

CVE-2021-30361

The Check Point Gaia Portal's GUI Clients allowed authenticated administrators with permission for the GUI Clients settings to inject a command that would run on the Gaia OS...

CVE-2022-23743

Check Point ZoneAlarm before version 15.8.200.19118 allows a local actor to escalate privileges during the upgrade process. In addition, weak permissions in the ProgramData\CheckPoint\ZoneAlarm\Data\Updates directory allow a local attacker the ability to execute an arbitrary file write, leading t...

Code injection

Check Point ZoneAlarm before version 15.8.200.19118 allows a local actor to escalate privileges during the upgrade process. In addition, weak permissions in the ProgramData\CheckPoint\ZoneAlarm\Data\Updates directory allow a local attacker the ability to execute an arbitrary file write, leading t...

CVE-2022-23743

Check Point ZoneAlarm before version 15.8.200.19118 allows a local actor to escalate privileges during the upgrade process. In addition, weak permissions in the ProgramData\CheckPoint\ZoneAlarm\Data\Updates directory allow a local attacker the ability to execute an arbitrary file write, leading t...

Check Point ZoneAlarm 安全漏洞

Check Point ZoneAlarm is a network firewall program from Check Point Israel. A security vulnerability exists in versions prior to Check Point ZoneAlarm 15.8.200.19118. A local attacker exploited the vulnerability to elevate privileges during an upgrade process...

CVE-2022-23743

Check Point ZoneAlarm on Windows is affected by CVE-2022-23743. Versions prior to 15.8.200.19118 allow local privilege escalation during the upgrade process. In addition, weak permissions in the ProgramData\CheckPoint\ZoneAlarm\Data\Updates directory enable a local attacker to perform an arbitrar...

Check Point Response to CVE-2022-23742 - local privileges escalation in Endpoint Security Client's EFRService

Symptoms - The EFRService, which collects forensics data for various blades for the Check Point Endpoint Security Client for Windows, copies files for forensics reports from a directory with insufficient privileges. A local attacker can replace those files with malicious or linked content, which...

Critical Bug in Everscale Wallet Could've Let Attackers Steal Cryptocurrencies

A security vulnerability has been disclosed in the web version of the Ever Surf wallet that, if successfully weaponized, could allow an attacker to gain full control over a victim's wallet. "By exploiting the vulnerability, it's possible to decrypt the private keys and seed phrases that are store...

Check Point Response to CVE-2022-21449 - Java "Psychic Signatures"

Symptoms - On April 20, 2022, security researcher Neil Madden published a blog post in which he provided details about a newly disclosed vulnerability in Java, CVE-2022-21449 or "Psychic Signatures". This security vulnerability originates in an incorrect implementation of the ECDSA signature...

Google Play Bitten by Sharkbot Info-stealer ‘AV Solution’

Researchers have found the info-stealing Android malware Sharkbot lurking unsuspected in the depths of the Google Play store under the cover of anti-virus AV solutions. While analyzing suspicious applications on the store, the Check Point Research CPR team found what purported to be genuine AV...

SharkBot Banking Trojan Resurfaces On Google Play Store Hidden Behind 7 New Apps

As many as seven malicious Android apps discovered on the Google Play Store masqueraded as antivirus solutions to deploy a banking trojan called SharkBot. "SharkBot steals credentials and banking information," Check Point researchers Alex Shamshur and Raman Ladutska said in a report shared with T...

Check Point Response to Spring Vulnerabilities CVE-2022-22963, CVE-2022-22946, CVE-2022-22947, CVE-2022-22965 (Spring4Shell), CVE-2022-22950

Solution On March 29, 2022, new CVEs were published on Spring Cloud: CVE-2022-22963, CVE-2022-22946, CVE-2022-22947, and CVE-2022-22950. On March 31, 2022, a bypass to the fix for CVE-2010-1622 was published by Praetorian, and received the nickname "Spring4Shell" see Spring Core on JDK9+ is...

Check Point Response to CVE-2022-0778 - possible infinite loop when parsing ECDSA certificates/keys in OpenSSL

Symptoms - A vulnerability was found in OpenSSL, making it possible to trigger an infinite loop by crafting a certificate with invalid explicit curve parameters. Because certificate parsing occurs before verification of the certificate signature, a process that parses an externally supplied...

Social Media Hijacking Malware Spreading Through Gaming Apps on Microsoft Store

A new malware capable of controlling social media accounts is being distributed through Microsoft's official app store in the form of trojanized gaming apps, infecting more than 5,000 Windows machines in Sweden, Bulgaria, Russia, Bermuda, and Spain. Israeli cybersecurity company Check Point dubbe...

Iranian State Broadcaster Clobbered by ‘Clumsy, Buggy’ Code

Footage of opposition leaders calling for the assassination of Iran’s Supreme Leader ran on several of the nation’s state-run TV channels in late January after a state-sponsored cyber-attack on Iranian state broadcaster IRIB. The incident – one of a series of politically motivated attacks in Iran...

TrickBot Ravages Customers of Amazon, PayPal and Other Top Brands

Cyberattackers are targeting 60 different high-profile companies with the TrickBot malware, researchers have warned, with many of those in the U.S. The goal is to attack those companies’ customers, according to Check Point Research CPR, which are being cherry-picked for victimization. According t...

TrickBot Malware Targeted Customers of 60 High-Profile Companies Since 2020

The notorious TrickBot malware is targeting customers of 60 financial and technology companies, including cryptocurrency firms, primarily located in the U.S., even as its operators have updated the botnet with new anti-analysis features. "TrickBot is a sophisticated and versatile malware with mor...

Check Point Response to CVE-2021-4034 - local privilege escalation in polkit's pkexec

Symptoms - A Local Privilege Escalation from any user to root was discovered in polkit's pkexec, a SUID-root program that is installed by default on every major Linux distribution. The vulnerability allows unprivileged users to run commands as privileged users according to predefined policies. Fo...