1282 matches found
Check Point Response to CVE-2021-4034 - local privilege escalation in polkit's pkexec
Symptoms - A Local Privilege Escalation from any user to root was discovered in polkit's pkexec, a SUID-root program that is installed by default on every major Linux distribution. The vulnerability allows unprivileged users to run commands as privileged users according to predefined policies. Fo...
Check Point Response to CVE-2021-36347, CVE-2021-36348, CVE-2021-36346, CVE-2021-3712 - Dell iDRAC8 / iDRAC9 vulnerabilities
Cause See Dell's DSA-2021-259: Dell EMC iDRAC Security Update for Multiple Security Vulnerabilities. CVE-2021-36347 CVE-2021-36348 CVE-2021-36346 CVE-2021-3712 Symptoms - Dell published CVE-2021-36347 for iDRAC8 versions before 2.82.82.82 and iDRAC9 versions before 5.00.20.00 - Dell published...
CVE-2021-30360
Users have access to the directory where the installation repair occurs. Since the MS Installer allows regular users to run the repair, an attacker can initiate the installation repair and place a specially crafted EXE in the repair folder which runs with the Check Point Remote Access Client...
Design/Logic Flaw
Users have access to the directory where the installation repair occurs. Since the MS Installer allows regular users to run the repair, an attacker can initiate the installation repair and place a specially crafted EXE in the repair folder which runs with the Check Point Remote Access Client...
Enterprise Endpoint Security 代码问题漏洞
Check Point Enterprise Endpoint Security is an advanced protection focused on traditional endpoints and modern mobile devices from Check Point Israel. A security vulnerability exists in Enterprise Endpoint Security E86.20 Windows Clients that originates from a user having access to the directory...
CVE-2021-30360
Users have access to the directory where the installation repair occurs. Since the MS Installer allows regular users to run the repair, an attacker can initiate the installation repair and place a specially crafted EXE in the repair folder which runs with the Check Point Remote Access Client...
‘Malsmoke’ Exploits Microsoft’s E-Signature Verification
Threat actors are exploiting Microsoft’s digital signature verification to steal user credentials and other sensitive information by delivering the ZLoader malware, which previously has been used to distribute Ryuk and Conti ransomware, researchers have found. Researchers at Check Point Research...
New Zloader Banking Malware Campaign Exploiting Microsoft Signature Verification
An ongoing ZLoader malware campaign has been uncovered exploiting remote monitoring tools and a nine-year-old flaw concerning Microsoft's digital signature verification to siphon user credentials and sensitive information. Israeli cybersecurity company Check Point Research, which has been trackin...
Experts Detail Logging Tool of DanderSpritz Framework Used by Equation Group Hackers
Cybersecurity researchers have offered a detailed glimpse into a system called DoubleFeature that's dedicated to logging the different stages of post-exploitation stemming from the deployment of DanderSpritz, a full-featured malware framework used by the Equation Group. DanderSpritz came to light...
China suspends deal with Alibaba for not sharing Log4j 0-day first with the government
China's internet regulator, the Ministry of Industry and Information Technology MIIT, has temporarily suspended a partnership with Alibaba Cloud, the cloud computing subsidiary of e-commerce giant Alibaba Group, for six months on account of the fact that it failed to promptly inform the governmen...
New Phorpiex Botnet Variant Steals Half a Million Dollars in Cryptocurrency
Cryptocurrency users in Ethiopia, Nigeria, India, Guatemala, and the Philippines are being targeted by a new variant of the Phorpiex botnet called Twizt that has resulted in the theft of virtual coins amounting to $500,000 over the last one year. Israeli security firm Check Point Research, which...
Log4Shell Is Spawning Even Nastier Mutations
The internet has a fast-spreading, malignant cancer – otherwise known as the Apache Log4j logging library exploit – that’s been rapidly mutating and attracting swarms of attackers since it was publicly disclosed last week. Most of the attacks focus on cryptocurrency mining done on victims’ dimes,...
Check Point response to CVE-2021-43267
Symptoms A flaw was discovered in the cryptographic receive code in the Linux kernel's implementation of transparent inter-process communication. An attacker, with the ability to send TIPC messages to the target, can cause memory corruption and escalate privileges on the target system. Cause This...
Check Point Response to Apache Log4j Remote Code Execution
Solution On December 10, 2021, a proof of concept of a vulnerability in the Apache Log4j Java library CVE-2021-44228 was published. The vulnerability may allow unauthenticated threat actors to obtain remote code execution. The severity of the vulnerability was deemed critical. The Check Point...
Emotet’s Behavior & Spread Are Omens of Ransomware Attacks
The rapid spread of Emotet via TrickBot and its behavior since the malware resurfaced last month could signal that a spate of ransomware attacks are on the way, spurring researchers to warn organizations to buckle up and get ready. In mid-November, a team of researchers from Cryptolaemus, G DATA...
More Stealthier Version of BrazKing Android Malware Spotted in the Wild
Banking apps from Brazil are being targeted by a more elusive and stealthier version of an Android remote access trojan RAT that's capable of carrying out financial fraud attacks by stealing two-factor authentication 2FA codes and initiating rogue transactions from infected devices to transfer...
New 'Moses Staff' Hacker Group Targets Israeli Companies With Destructive Attacks
A new politically-motivated hacker group named "Moses Staff" has been linked to a wave of targeted attacks targeting Israeli organizations since September 2021 with the goal of plundering and leaking sensitive information prior to encrypting their networks, with no option to regain access or...
Mekotio Banking Trojan Resurges with Tweaked Code, Stealthy Campaign
The Mekotio Latin American banking trojan is bouncing back after several of the gang that operates it were arrested in Spain. More than 100 attacks in recent weeks have featured a new infection routine, indicating that the group continues to actively retool. “The new campaign started right after...
Check Point response to Apache CVEs - November 2021 for httpd versions between 2.4.41 and 2.4.51
Solution In November 2021, Apache open source published CVEs for httpd versions between 2.4.41 and 2.4.51 see the list of the CVEs in the "Cause" section. Check Point uses the Apache HTTP Server as the Web server for several of its user portals on both the Security Gateway Gaia Portal, Identity...
Cyber Attack in Iran Reportedly Cripples Gas Stations Across the Country
A cyber attack in Iran left petrol stations across the country crippled, disrupting fuel sales and defacing electronic billboards to display messages challenging the regime's ability to distribute gasoline. Posts and videos circulated on social media showed messages that said, "Khamenei! Where is...