Lucene search
K

1282 matches found

Cvelist
Cvelist
added 2021/04/22 5:37 p.m.16 views

CVE-2021-30356

A denial of service vulnerability was reported in Check Point Identity Agent before R81.018.0000, which could allow low privileged users to overwrite protected system files...

7.9AI score0.00995EPSS
Exploits0References1
CVE
CVE
added 2021/04/22 5:37 p.m.54 views

CVE-2021-30356

CVE-2021-30356 – Check Point Identity Agent : A denial-of-service vulnerability in Check Point Identity Agent prior to R81.018.0000 could allow a low-privileged user to overwrite protected system files, with impact described as partial integrity and availability effects. Affected product: Check P...

8.1CVSS7.6AI score0.00995EPSS
Exploits0References1Affected Software1
The Hacker News
The Hacker News
added 2021/04/22 10:0 a.m.101 views

Cybercriminals Using Telegram Messenger to Control ToxicEye Malware

Adversaries are increasingly abusing Telegram as a "command-and-control" system to distribute malware into organizations that could then be used to capture sensitive information from targeted systems. "Even when Telegram is not installed or being used, the system allows hackers to send malicious...

1.9AI score
Exploits0
CNNVD
CNNVD
added 2021/04/22 12:0 a.m.3 views

Check Point Identity Agent 后置链接漏洞

Check Point Identity Agent is an application from Check Point USA. It is used to obtain and report identities to the Check Point Identity Awareness Security Gateway. A back-link vulnerability exists in versions prior to Check Point Identity Agent R81.018.0000, which allows a less privileged user ...

8.1CVSS5.5AI score0.00995EPSS
Exploits0References2
CheckPoint Security
CheckPoint Security
added 2021/04/11 12:0 a.m.30 views

Check Point Response to CVE-2021-3449 - OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message

Symptoms - OpenSSL published CVE-2021-3449 for versions OpenSSL 1.1.1. - This issue can cause a corresponding process to stop working in Gaia OS. Solution Check Point versions R80.30 and lower are not vulnerable! Check Point is vulnerable to OpenSSL CVE-2021-3449 only in these cases: Quantum...

5.9CVSS7.1AI score0.62906EPSS
Exploits3
The Hacker News
The Hacker News
added 2021/04/08 1:37 p.m.62 views

Researchers uncover a new Iranian malware used in recent cyberattacks

An Iranian threat actor has unleashed a new cyberespionage campaign against a possible Lebanese target with a backdoor capable of exfiltrating sensitive information from compromised systems. Cybersecurity firm Check Point attributed the operation to APT34, citing similarities with previous...

1.3AI score
Exploits0
0day.today
0day.today
added 2021/04/08 12:0 a.m.53 views

Check Point Identity Agent Arbitrary File Write Vulnerability

Check Point Identity Agent Arbitrary File Write Vulnerability Description =========== The Check Point Identity Agent allows low privileged users to write files to protected locations of the file system. Details ======= Advisory ID: usd-2021-0005 Product: Check Point Identity Agent Affected Versio...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/04/08 12:0 a.m.563 views

Check Point Identity Agent Arbitrary File Write

Advisory: Privileged File Write Description =========== The Check Point Identity Agent allows low privileged users to write files to protected locations of the file system. Details ======= Advisory ID: usd-2021-0005 Product: Check Point Identity Agent Affected Version: R81.018.0000 Vulnerability...

0.3AI score
Exploits0
CNNVD
CNNVD
added 2021/04/06 12:0 a.m.4 views

Check Point Security Gateway 安全漏洞

Check Point R80.30 Security Gateway is a security gateway product from Check Point Israel. A security vulnerability exists in Security Gateway versions prior to 21.01.3 that originates from logging sensitive smart card data into the default message log...

4.6CVSS5.1AI score0.00175EPSS
Exploits0References2
ThreatPost
ThreatPost
added 2021/03/09 4:44 p.m.52 views

Google Play Harbors Malware-Laced Apps Bent on Spying

A malware dropper that paves the way for attackers to remotely steal data from Android phones has been spreading via nine malicious apps on the official Google Play store, according to researchers. The malware is part of a campaign aimed at lifting victims’ financial information, but which also...

0.2AI score
Exploits0References8
Schneier on Security
Schneier on Security
added 2021/03/04 12:25 p.m.98 views

Chinese Hackers Stole an NSA Windows Exploit in 2014

Check Point has evidence that probably government affiliated Chinese hackers stole and cloned an NSA Windows hacking tool years before probably government affiliated Russian hackers stole and then published the same tool. Heres the timeline: The timeline basically seems to be, according to Check...

6.9CVSS2.9AI score0.11022EPSS
Exploits1
The Hacker News
The Hacker News
added 2021/02/22 11:15 a.m.79 views

Chinese Hackers Had Access to a U.S. Hacking Tool Years Before It Was Leaked Online

On August 13, 2016, a hacking unit calling itself "The Shadow Brokers" announced that it had stolen malware tools and exploits used by the Equation Group, a sophisticated threat actor believed to be affiliated to the Tailored Access Operations TAO unit of the U.S. National Security Agency NSA...

7.8CVSS0.1AI score0.11022EPSS
Exploits1
The Hacker News
The Hacker News
added 2021/02/16 4:19 a.m.117 views

A Sticker Sent On Telegram Could Have Exposed Your Secret Chats

Cybersecurity researchers on Monday disclosed details of a now-patched flaw in the Telegram messaging app that could have exposed users' secret messages, photos, and videos to remote malicious actors. The issues were discovered by Italy-based Shielder in iOS, Android, and macOS versions of the ap...

0.3AI score
Exploits0
CheckPoint Security
CheckPoint Security
added 2021/01/28 12:0 a.m.21 views

Check Point Response to CVE-2021-3156 - sudo Privilege Escalation

Symptoms - CVE-2021-3156 states: "Sudo before 1.9.5p2 has a Heap-based Buffer Overflow, allowing privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character." - For more information, refer to https://www.sudo.ws/stable.html1.9.5p2 Solutio...

7.8CVSS7.8AI score0.99295EPSS
Exploits81
ThreatPost
ThreatPost
added 2021/01/26 11:0 a.m.114 views

TikTok Flaw Lay Bare Phone Numbers, User IDs For Phishing Attacks

A vulnerability in the popular TikTok short-form video-sharing platform could have allowed attackers to easily compile users’ phone numbers, unique user IDs and other data ripe for phishing attacks. TikTok, owned by ByteDance, has more than 800 million active users worldwide. The vulnerability,...

7AI score
Exploits0References6
The Hacker News
The Hacker News
added 2021/01/26 11:0 a.m.42 views

TikTok Bug Could Have Exposed Users' Profile Data and Phone Numbers

Cybersecurity researchers on Tuesday disclosed a now-patched security flaw in TikTok that could have potentially enabled an attacker to build a database of the app's users and their associated phone numbers for future malicious activity. Although this flaw only impacts those users who have linked...

7.4AI score
Exploits0
The Hacker News
The Hacker News
added 2021/01/26 11:0 a.m.5 views

TikTok Bug Could Have Exposed Users' Profile Data and Phone Numbers

Cybersecurity researchers on Tuesday disclosed a now-patched security flaw in TikTok that could have potentially enabled an attacker to build a database of the app's users and their associated phone numbers for future malicious activity. Although this flaw only impacts those users who have linked...

5.8AI score
Exploits0
ThreatPost
ThreatPost
added 2021/01/21 2:0 p.m.37 views

Google Searches Expose Stolen Corporate Credentials

Attackers behind a recently discovered phishing campaign have unintentionally left more than 1,000 stolen credentials available online via simple Google searches, researchers have found. The campaign, which began in August 2020, used e-mails that spoof notifications from Xerox scans to lure victi...

0.2AI score
Exploits0References8
The Hacker News
The Hacker News
added 2021/01/21 11:4 a.m.4 views

Hackers Accidentally Expose Passwords Stolen From Businesses On the Internet

A new large-scale phishing campaign targeting global organizations has been found to bypass Microsoft Office 365 Advanced Threat Protection ATP and steal credentials belonging to over a thousand corporate employees. The cyber offensive is said to have originated in August last year, with the...

5.9AI score
Exploits0
OSV
OSV
added 2021/01/20 7:15 p.m.5 views

CVE-2020-6024

Check Point SmartConsole before R80.10 Build 185, R80.20 Build 119, R80.30 before Build 94, R80.40 before Build 415, and R81 before Build 548 were vulnerable to a possible local privilege escalation due to running executables from a directory with write access to all authenticated users...

7.8CVSS7.1AI score0.00265EPSS
Exploits0References1
Rows per page
Query Builder