Check Point Mobile Access 操作系统命令注入漏洞

Check Point Mobile Access is a secure and easy solution from Check Point, Inc. It is used for smartphones, tablets or personal computers to securely connect to corporate applications over the Internet. An operating system command injection vulnerability exists in Check Point Mobile Access Portal...

Mobile Access Portal Agent before Build 800007042 runs Arbitrary Applications

Cause Mobile Access Portal Agent runs predefined Native Applications. If administrator configured such application with environment variables in the path, Portal Agent may run an arbitrary application that was placed in a specially created location. Symptoms - When environment variables are used ...

OpenSea ‘Free Gift’ NFTs Drain Cryptowallet Balances

Users of OpenSea, the world’s largest digital-collectible marketplace, have found their cryptocurrency wallets ripped off thanks to cyberattackers weaponizing security bugs that allowed them to highjack user accounts. The attacks revolved around boobytrapped art files, which circulated in the for...

WhatsApp Photo Filter Bug Allows Sensitive Info to Be Lifted

A security vulnerability in WhatsApp’s pic-retouching function could allow an attacker to read sensitive information from the WhatsApp memory, researchers said – so users should be careful whose pics they view and should, of course, update their apps. Disclosed by Check Point Research CPR, the...

WhatsApp Photo Filter Bug Could Have Exposed Your Data to Remote Attackers

A now-patched high-severity security vulnerability in WhatApp's image filter feature could have been abused to send a malicious image over the messaging app to read sensitive information from the app's memory. Tracked as CVE-2020-1910 CVSS score: 7.8, the flaw concerns an out-of-bounds read/write...

Amazon Kindle Vulnerable to Malicious EBooks

A security flaw in Amazon’s Kindle e-reader made it vulnerable to malicious eBooks, opening the door to turning the devices into bots, compromising personal information and more. That’s according to Check Point researcher Slava Makkaeveev, who released the findings Friday. Check Point disclosed t...

XLoader Windows InfoStealer Malware Now Upgraded to Attack macOS Systems

A popular malware known for stealing sensitive information from Windows machines has evolved into a new strain capable of also targeting Apple's macOS operating system. The upgraded malware, dubbed "XLoader," is a successor to another well-known Windows-based info stealer called Formbook that's...

MacOS Being Picked Apart by $49 XLoader Data Stealer

There’s a new version of the old FormBook form-stealer and keylogger that’s added Mac users to its hit list, and it’s selling like hotcakes on underground markets for as low as $49. It’s not only cheap; it’s easy. The data stealer is distributed in the form of malware-as-a-service MaaS and stands...

Experts Uncover Malware Attacks Targeting Corporate Networks in Latin America

Cybersecurity researchers on Thursday took the wraps off a new, ongoing espionage campaign targeting corporate networks in Spanish-speaking countries, specifically Venezuela, to spy on its victims. Dubbed "Bandidos" by ESET owing to the use of an upgraded variant of Bandook malware, the primary...

One-Click Exploit Could Have Let Attackers Hijack Any Atlassian Account

Cybersecurity researchers on Wednesday disclosed critical flaws in the Atlassian project and software development platform that could be exploited to take over an account and control some of the apps connected through its single sign-on SSO capability. "With just one click, an attacker could have...

Atlassian Bugs Could Have Led to 1-Click Takeover

Atlassian, a platform used by 180,000 customers to engineer software and manage projects, could have been hijacked with a single click due to security flaws, researchers have disclosed. On Thursday, Check Point Research CPR published a report PDF outlining how an attacker could have exploited the...

Check Point Response to Wi-Fi FragAttacks in Quantum Spark appliances

Cause Several CVEs were published on Wi-Fi devices under the name FragAttacks. More information about them can be found at: https://www.fragattacks.com/ The list of new CVEs related to wireless security flaws with fragmented and aggregated frames, is relevant to Check Point Quantum Spark wireless...

23 Android Apps Expose Over 100,000,000 Users' Personal Data

Misconfigurations in multiple Android apps leaked sensitive data of more than 100 million users, potentially making them a lucrative target for malicious actors. "By not following best-practices when configuring and integrating third-party cloud-services into applications, millions of users'...

New Qualcomm Chip Bug Could Let Hackers Spy On Android Devices

Cybersecurity researchers have disclosed a new security vulnerability in Qualcomm's mobile station modems MSM that could potentially allow an attacker to leverage the underlying Android operating system to slip malicious code into mobile phones, undetected. "If exploited, the vulnerability would...

Check Point Response to CVE-2021-21538 - Dell iDRAC9 improper authentication vulnerability

Symptoms - Dell published CVE-2021-21538 for iDRAC9 versions 4.40.00.00 and later, but lower than 4.40.10.00 - A remote unauthenticated attacker could potentially exploit this authentication vulnerability to gain access to the virtual console Solution Important Note: If you have not enabled iDRAC...

Check Point Identity Agent Backlink Vulnerability

Check Point Identity Agent is an application from Check Point USA. It is used to obtain and report identities to the Check Point Identity Awareness Security Gateway. A back-link vulnerability exists in versions prior to Check Point Identity Agent R81.018.0000, which allows a less privileged user ...

CVE-2021-30356

A denial of service vulnerability was reported in Check Point Identity Agent before R81.018.0000, which could allow low privileged users to overwrite protected system files...

CVE-2021-30356

A denial of service vulnerability was reported in Check Point Identity Agent before R81.018.0000, which could allow low privileged users to overwrite protected system files...

Denial of service

A denial of service vulnerability was reported in Check Point Identity Agent before R81.018.0000, which could allow low privileged users to overwrite protected system files...

CVE-2021-30356

A denial of service vulnerability was reported in Check Point Identity Agent before R81.018.0000, which could allow low privileged users to overwrite protected system files...