Check Point Response to Ripple20 Vulnerabilities

Symptoms - On June 16, 2020, CERT published vulnerabilities in the Treck IP Stack with the following CVEs: CVE-2020-11896, CVE-2020-11897, CVE-2020-11898, CVE-2020-11899, CVE-2020-11900, CVE-2020-11901, CVE-2020-11902, CVE-2020-11903, CVE-2020-11904, CVE-2020-11905, CVE-2020-11906, CVE-2020-11907...

Phishing Campaign Targeting Office 365, Exploits Brand Names

Researchers have discovered a sophisticated new phishing campaign that uses recognized brand names to bypass security filters as well as to trick victims into giving up Microsoft Office 365 credentials to gain access to corporate networks. A new report from Check Point Software first observed the...

Encryption Utility Firm Accused of Bundling Malware Functions in Product

An Italian company that sells what it describes as a legitimate encryption utility is being used as malware packer for the cloud-delivered malicious GuLoader dropper, claim researchers. The tool, according a recent investigation, creates GuLoader samples and helps the malware avoid antivirus...

CVE-2020-1247

An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka ‘Win32k Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1207, CVE-2020-1251, CVE-2020-1253, CVE-2020-1310. Recent assessments:...

Researchers Uncover Brazilian Hacktivist's Identity Who Defaced Over 4800 Sites

It's one thing for hackers to target websites and proudly announce it on social media platforms for all to see. It's, however, an entirely different thing to leave a digital trail that leads cybersecurity researchers right to their doorsteps. That's exactly what happened in the case of a hacktivi...

Researchers Uncover Brazilian Hacktivist's Identity Who Defaced Over 4800 Sites

It's one thing for hackers to target websites and proudly announce it on social media platforms for all to see. It's, however, an entirely different thing to leave a digital trail that leads cybersecurity researchers right to their doorsteps. That's exactly what happened in the case of a hacktivi...

Improper Microsoft Patch for Reverse RDP Attacks Leaves 3rd-Party RDP Clients Vulnerable

Remember the Reverse RDP Attack—wherein a client system vulnerable to a path traversal vulnerability could get compromised when remotely accessing a server over Microsoft's Remote Desktop Protocol? Though Microsoft had patched the vulnerability CVE-2019-0887 as part of its July 2019 Patch Tuesday...

This Asia-Pacific Cyber Espionage Campaign Went Undetected for 5 Years

An advanced group of Chinese hackers has recently been spotted to be behind a sustained cyber espionage campaign targeting government entities in Australia, Indonesia, Philippines, Vietnam, Thailand, Myanmar, and Brunei—which went undetected for at least five years and is still an ongoing threat...

Check Point Gaia Operating System Administrator password truncation (sk156192)

The remote host is running a version of the Gaia Operating System which is affected by multiple vulnerabilities involving the Linux Kernel's handling of TCP networking. - It is possible to overflow the 16bit width of TCPSKBCBskb-tcpgsosegs which could result in the system crashing resulting in a...

Check Point Local Privilege Escalation

The remote host is running a version of Checkpoint Endpoint Security Initial Client. that is vulnerable to a local privilege escalation vulnerability. The vulnerability exists because vulnerable versions attempt to load a DLL that is placed in any PATH location on a clean install. An attacker cou...

Tekya Malware Threatens Millions of Android Users via Google Play

Researchers have discovered a new family of auto-clicker malware that commits mobile ad fraud, lurking in 56 apps on the Google Play store. Collectively, they have been downloaded nearly a million times worldwide. A team from Check Point Software recently discovered the malware, dubbed Tekya, whi...

Dozens of Android Apps for Kids on Google Play Store Caught in Ad Fraud Scheme

More than 50 Android apps on the Google Play Store—most of which were designed for kids and had racked up almost 1 million downloads between them—have been caught using a new trick to secretly click on ads without the knowledge of smartphone users. Dubbed "Tekya," the malware in the apps imitated...

Check Point Response to CVE-2020-8597 - PPP buffer overflow vulnerability

Cause The bounds check for the rhostname was improperly constructed in the EAP request and response functions, which could allow a buffer overflow to occur. Configuring to connect to a malicious server can expose the system to this vulnerability. Symptoms - A buffer overflow flaw was found in the...

Researchers Uncover a Nigerian Hacker's Pursuit of his Million Dollar Dream

Social engineering-driven malware threats continue to be a big threat, but new research details how cybercriminals profit off such schemes to launder hundreds of thousands of dollars from stolen credit cards of unsuspecting victims. Cybersecurity firm Check Point Research, in a report shared with...

Check Point Security Gateway Denial of Service (sk161812)

A denial of service DoS vulnerability exists in Checkpoint Security Gateway R80.30 when the Threat Prevention Forensics feature is enabled. An authenticated, local attacker can exploit this issue by implementing a specific copnfiguration of enhanced logging, to cause the system to stop responding...

Flaw in Philips Smart Light Bulbs Exposes Your WiFi Network to Hackers

There are over a hundred potential ways hackers can ruin your life by having access to your WiFi network that's also connected to your computers, smartphones, and other smart devices. Whether it's about exploiting operating system and software vulnerabilities or manipulating network traffic, ever...

Bezos, WhatsApp Cyberattacks Show Growing Mobile Sophistication

NEW ORLEANS – Sophisticated nation-state groups are increasingly using mobile devices as an infection vector. Oded Vanunu, head of products vulnerability research at Check Point research, told Threatpost during CPX 360 this week that because mobile devices come equipped with varying technologies,...

Video: Zoom Researcher Details Web Conference Security Risks, 2020 Threats

Research unveiled this week at CPX 360, a security event hosted by Check Point, disclosed vulnerabilities discovered in Zoom’s enterprise video conferencing platform. Zoom issued a bevy of security fixes after researchers said the company’s platform used weak authentication that made it possible...

Zoom Fixed Flaw Opening Meetings to Hackers

NEW ORLEANS – Enterprise video conferencing firm Zoom has issued a bevy of security fixes after researchers said the company’s platform used weak authentication that made it possible for adversaries to join active meetings. The issue stems from Zoom’s conference meetings not requiring a “meeting...

Check Point Response to CVE-2020-0601 - CryptoAPI Spoofing Vulnerability

Symptoms - On January 14, 2020, Microsoft published the following: A spoofing vulnerability exists in the way Windows CryptoAPI Crypt32.dll validates Elliptic Curve Cryptography ECC certificates. An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a...