What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-06-15 11:00:57 | How cybersecurity readiness prevents small and medium businesses (SMBs) from fuelling supply chain attacks (lien direct) | >Supply chain attacks aren't new. If the past couple of years have taught businesses anything, it's that the impact of supply chain cyber attacks is now, universal, from the fallout of the SolarWinds software breach, to the exposed Apache Log4j vulnerability and Kaseya last year. Unfortunately when such supply chain attacks hit smaller businesses who are usually… | Vulnerability | ||
|
2022-06-14 09:59:02 | Iranian Spear Phishing Operation Targets Former Israeli Foreign Minister, Former US Ambassador to Israel, Former Israeli Army General and Three other High-Profile Executives (lien direct) | >Check Point Research (CPR) exposes an Iranian spear-phishing operation targeting high-profile Israeli and US executives. The attackers hijacked emails of senior people in Israel and then used it to target other high-level officials to steal personal information. Targets have included former Israeli Foreign Minister, Tzipi Livni, the former US Ambassador to Israel, former Major General… | |||
|
2022-06-09 11:00:41 | What role did a viral pandemic play in cyber security consolidation? (lien direct) | >By Antoine Korulski, Product Marketing Manager, Infinity architecture With cyber-attacks against corporate networks increasing 50% year-over-year, it has become clear that the past year has seen a dual pandemic, a biological and a cyber one. As the World Economic Forum warned us: “We should prepare for a COVID-like global cyber pandemic that will spread faster… | |||
|
2022-06-09 11:00:30 | May 2022\'s Most Wanted Malware: Snake Keylogger returns to the index in eighth place following email campaigns delivering the malware via PDF files (lien direct) | >Our Global Threat Index for May 2022 reveals that Emotet, an advanced, self-propagating and modular Trojan, is still the most prevalent malware impacting 8% of organizations worldwide, a slight increase from last month as a result of multiple widespread campaigns. Emotet is an agile malware proving profitable due to its ability to remain undetected. Its… | Threat Malware | ||
|
2022-06-09 11:00:15 | Crypto-Miners Leveraging Atlassian Zero-Day Vulnerability (lien direct) | >Introduction On May 31, a critical unpatched vulnerability, which affects all confluence server and data center supported versions was reported to Atlassian by Volexity, a security company. Atlassian warned their customers of the critical vulnerability on June 2 and issued a patch a day later. CISA added this vulnerability to their list of Known Exploited… | Vulnerability | ||
|
2022-06-08 11:00:49 | Privilege Escalation in Azure: Keep your enemies close, and your permissions closer (lien direct) | >By Omer Shmuelly, Security Researcher, Cloud Security, published June 8, 2022 As more and more organizations are migrating their infrastructure to the cloud, a unified cloud security tool, such as Check Point's CloudGuard becomes essential. In an ocean of standards and regulations, managing your cloud security posture (CSPM) can be a challenging task. While some… | APT 32 | ||
|
2022-06-07 11:00:55 | 4 Tips for an Airtight Kubernetes Security Policy (lien direct) | >By Dotan Nahum Kubernetes powers significant automation capabilities for developers in deploying, managing, scaling, and ensuring the availability of containerized apps. Data from 2021 shows that adoption continues to rise with over 5.6 million developers now using the industry's favored container orchestration engine. However, Kubernetes and containerization introduce new complexities that pose unique security challenges. In fact, Red Hat's… | Uber | ||
|
2022-06-02 11:00:38 | Check Point Research unveils vulnerability within UNISOC baseband chipset (lien direct) | >Vulnerability could neutralize communication of Android mobile phones Highlights CPR finds vulnerability in UNISOC's baseband chipset that could deny and block communication of mobile phones by remote attacker UNISOC reached an 11% global market share of Smartphone Application Processor (AP) at the end of 2021 CPR responsibly disclosed the information to UNISOC who acknowledged the… | Vulnerability | ||
|
2022-05-31 18:35:42 | “Follina”- Zero-day vulnerability in Microsoft Office: Check Point Customers remain protected (lien direct) | >The vulnerability On May 30th researchers revealed a zero-day vulnerability in Microsoft Office that if exploited by using a malicious word document, might enable code execution on a victim's machine. The vulnerability, now dubbed “follina” sees a word document using a remote template feature to retrieve an HTML File from a remote server, and by… | Vulnerability | ||
|
2022-05-30 11:00:15 | Check Point Software Technologies protects against malicious Chrome extensions (lien direct) | >Recently, Check Point's Infinity XDR, which will be officially available later this year, detected an evasive malicious Chrome extension which modifies the Chrome LNK files (the shortcuts to the Chrome browser application) and adds suspicious arguments. Chrome extensions are popular for their ability to expand the browser functionality. This malicious extension named Paon can potentially… | |||
|
2022-05-27 11:00:54 | Trofi Security Defends U.S. Memorial Museum\'s Priceless Assets with Check Point (lien direct) | >By Amit Sharon, Head of Customer Experience, Check Point Both private- and public-sector organizations are targeted by active cybersecurity attacks and face additional risk from unknown threats. To protect clients’ assets, Trofi Security maintains leading-edge security strategies and solutions. This is how the firm defends one of its most-attacked clients. READ MORE > Trofi Security… | Guideline | ||
|
2022-05-27 11:00:14 | The IaC Showdown: Terraform vs. Ansible (lien direct) | >By Dotan Nahum Infrastructure as code (IaC) has become the de-facto method for dealing with infrastructure at scale. This codification of infrastructure configurations lets software development teams create version-controlled, reusable configurations. Moreover, it enables integrating infrastructure management as a part of the delivery pipeline. Terraform and Ansible are two leading IaC tools with somewhat overlapping… | Guideline Tool | ||
|
2022-05-26 10:05:14 | Country Extortion: Ransomware expands business to include the government sector (lien direct) | >Currently Conti is conducting a wide extortion operation against two governments in Latin America – Costa Rica and Peru It is unprecedented for a country to declare a state of war with a cybercriminal group Attacks by Conti on sovereign countries depict the growing power of organized cybercrime groups An unprecedented event has occurred… | Ransomware | ||
|
2022-05-25 11:00:16 | Cybersecurity for banks – How Global Banks enable the secure remote workforce (lien direct) | >By Alon Bar, Product Marketing Manager With remote users connecting to corporate applications more than ever, the organization's attack surface has never been wider. To assure advanced protection of its remote workforce, a bank must secure: All devices, including tablets, mobile, BYOD, and managed devices Users while browsing the internet and using email and collaboration… | |||
|
2022-05-20 11:00:42 | 5 Essential Ways to Improve SDLC Security (lien direct) | >By Dotan Nahum Vulnerabilities found in application platforms and third-party libraries have drawn growing attention to application security in the last few years, putting pressure on DevOps teams to detect and resolve vulnerabilities in their Software Development Life Cycle (SDLC). Take the NVD (National Vulnerability Database), which tracks and records all significant vulnerabilities published and disclosed… | Vulnerability | ||
|
2022-05-20 09:39:03 | From Bitcoin to the Metaverse: The current evolution is a revolution (lien direct) | >By: Oded Vanunu- Head Of Products Vulnerability Research & Roman Zaikin – Security Expert Bitcoin Day is around the corner and a huge topic of interest in our modern era. As bitcoin becomes the hot new technology, it is clear that hackers have taken advantage of it. According to reports, crypto scammers took a… | Vulnerability | ||
|
2022-05-19 11:00:59 | Twisted Panda: Check Point Research unveils a Chinese APT espionage campaign against Russian state-owned defense institutes (lien direct) | >Key findings: Check Point Research (CPR) unveils a targeted campaign against at least two research institutes in Russia, which are part of the Rostec corporation, a state-owned defense conglomerate. This campaign is a continuation of what is believed to be a long-running espionage operation against Russian-related entities that has persisted since at least July 2021.… | |||
|
2022-05-18 08:01:55 | Check Point Harmony Mobile Introduces Malicious File Protection (lien direct) | >The industry's leading mobile security solution can now block the download of malicious files to mobile devices and prevent file-based cyber-attacks on organizations By Noa Goldstein, Product Marketing Manager and Guy Lev, Harmony Mobile Product Lead. Check Point announces the availability of the most complete cyber protection against mobile-related threats with a new version of… | Threat Guideline | ||
|
2022-05-13 11:00:37 | Secure Your Migration to AWS, Part II: The Road to Success (lien direct) | >By Mark Brindley, Head of Cloud Alliance Part I of this blogpost discussed the advantages of migrating to the AWS cloud and five of the biggest cloud migration security challenges. Part II addresses how Check Point and AWS work together to address these challenges, and the best approaches to secure organizations' workloads when migrating to… | |||
|
2022-05-12 16:45:59 | Ransomware cyber-attacks in Costa Rica and Peru drives national response (lien direct) | >Highlights Effectively, one out of every 60 organizations globally have been impacted by attempted ransomware attacks every week, so far in in the first four months of 2022 A 14% increase of attempted ransomware attacks to organizations globally every week compared to the same period last year. To mark the 5th anniversary of the WannaCry… | Ransomware | Wannacry | |
|
2022-05-12 00:37:30 | How the evolution of ransomware has changed the threat landscape (lien direct) | >From WannaCry to Conti: A 5-Year Perspective Five years ago, on May 12, 2017, the world fell victim to a major ransomware attack known as 'WannaCry'. The attack had an unprecedented scale, and spread around the world like wildfire, with more than 200,000 Windows computers across 150 countries affected outbreaking only a few days.… | Threat Ransomware | Wannacry Wannacry | |
|
2022-05-11 11:00:38 | April 2022\'s Most Wanted Malware: A Shake Up in the Index but Emotet is Still on Top (lien direct) | >Check Point Research reports that April has seen a lot of activity from Formbook to Lokibot. This month also saw Spring4Shell make headlines, but it is not yet one of the most exploited vulnerabilities Our latest Global Threat Index for April 2022 reveals that Emotet, an advanced, self-propagating and modular Trojan, is still the most… | Threat | ||
|
2022-05-10 10:06:06 | Info-stealer Campaign targets German Car Dealerships and Manufacturers (lien direct) | >Introduction: It started with a seemingly benign email, dealing with the purchase of a vehicle, and ended in a reveal of a months' long campaign targeting German organizations. Most of the targets are related to the German auto-industry sector and the attacks were designed to deploy various types of info-stealing malware. The threat actors behind… | Threat | ||
|
2022-05-08 11:17:30 | Considering Replacing Your Endpoint Security Solution? 5 Questions Worth Asking (lien direct) | >By Noa Goldstein, Product Marketing Manager and Bar Yassure, Product Manager. Is it time for a new endpoint security strategy? The recent years have proved endpoint security to be more important than ever, with the move to remote and hybrid workforce expanding the attack surface and the recent conflict in eastern Europe bringing on a… | |||
|
2022-05-06 11:00:28 | The complete guide to SSH keys in GitLab (lien direct) | >By Dotan Nahum April 20, 2022 No one wants to send their precious information over unencrypted channels. This is why most websites and web services use HTTPS to encrypt data by default. When it comes to connecting to GitLab, many users and developers default to using HTTPS. Why? Because everyone knows how a username and… | |||
|
2022-05-06 11:00:22 | Secure Your Migration to AWS, Part I: The Challenges (lien direct) | >By Mark Brindley, Head of Cloud Alliance The cloud provides the infrastructure backbone for most enterprises, as well as the delivery of mission-critical applications. In the last decade, the cloud has become scalable, flexible, reliable, and customizable-and is the leading foundation of server architecture among both new and established businesses. The rapid growth of hybrid… | Guideline | ||
|
2022-05-05 11:00:04 | Check Point Software Outlines Five Must-Haves for Creating a Secure Password (lien direct) | >To protect ourselves from cybercriminals, it is essential to use a combination of characters when creating a password, use different ones for each account, use a long password, change it regularly and use two-factor authentication. World Password Day is comes around every year on the first Thursday of May and is the perfect time to… | |||
|
2022-05-05 10:59:33 | The Age of Zero-day Java Vulnerabilities (lien direct) | >Spring4Shell, Log4j and a few good tips for staying secure By Idan Sofer May 5th, 2022 Well it is now safe to say that the season of Java vulnerability exploits is upon us. In the wake of massive zero day attack vectors such as Log4Shell (discovered Dec 2022) and his younger sibling Spring4Shell (discovered Mar… | Vulnerability | ||
|
2021-01-05 11:00:43 | Attacks targeting healthcare organizations spike globally as COVID-19 cases rise again (lien direct) | At the end of October 2020, we reported that hospitals and healthcare organizations had been targeted by a rising wave of ransomware attacks, with the majority of attacks using the infamous Ryuk ransomware. This followed a Joint Cybersecurity Advisory issued by the CISA, FBI and NHS, which warned of an increased and imminent cybercrime threat to US… | Threat Ransomware | ||
|
2021-01-04 11:00:50 | Our New Year\'s Resolution for You: Protect Your IoT Networks and Devices! (lien direct) | By, Mitch Muro, Product Marketing Manager Can 2020 just be over yet?! I mean, come on. Not only have we been struck with one of the most sophisticated and severe attacks seen to date (which of course is the Generation V SolarWinds Sunburst Attack), but cyber criminals are even taking advantage of the increase in… | Mobile | Solardwinds Solardwinds | |
|
2020-12-31 11:00:28 | AESI Acumen Engineered Solutions International Inc./ AESI-US Inc. (\'AESI\') simplifies mission-critical security operations with Check Point Software (lien direct) | By Amit Sharon, Head of Global Customer Community & Market Intelligence, Check Point Software A consulting company gains cloud-based security operations integration and automation to transform operations. See how. READ MORE > AESI’s clients are electric utilities companies that rely on AESI for its cybersecurity, regulatory compliance, and operational technology expertise. I met with Kyle… | |||
|
2020-12-30 14:00:58 | Scalable remote access with VMSS enhances Azure security, while working from home (lien direct) | By Hezi Bahry, CloudGuard Product Manager, published December 30, 2020 In the early stages of the Coronavirus pandemic, many customers contacted us with concerns about how to support their drastically changing security needs. One of the major challenges large organizations and enterprises face is workforce connectivity using remote access from outside the office into cloud… | |||
|
2020-12-21 19:26:48 | Best Practice: Identifying And Mitigating The Impact Of Sunburst (lien direct) | Introduction During the closing weeks of 2020 a Cyber Security attack became one of the main headline news stories of what had already been a news-rich year. Attributed to a campaign that began months earlier, the information security teams of government agencies and private organizations quickly shifted their focus to a vulnerability in the SolarWinds… | Vulnerability | Solardwinds Solardwinds | |
|
2020-12-18 11:00:00 | 10 Must-have Cyber Security Resources as You Plan for 2021 (lien direct) | In looking back at 2020, organizations saw an increase in the most devastating forms of ransomware, botnets spreading threats to IoT devices, a shocking set of nearly overnight digital transformations, panic about nation-state hacking, and broadcasts about gaps in cloud security. Combatting this past year's cyber threats proved challenging, and the hackers are already mapping… | |||
|
2020-12-16 19:28:13 | SolarWinds Sunburst Attack: What Do You Need to Know and How Can You Remain Protected (lien direct) | On the week of December 13th , US government offices exposed they were targeted by a series of mega cyber attacks, allegedly related to state-sponsored threat organizations. Those attacks targeted government, technology and enterprise organizations worldwide. This series of attacks was made possible when hackers were able to embed a backdoor into SolarWinds software updates. Over… | Threat Mobile | Solardwinds Solardwinds | |
|
2020-12-16 19:28:13 | The Cyber Pandemic is Here – Protect Your Organization (lien direct) | The COVID-19 pandemic has had a dramatic effect on organizations globally. As previously reported, threat actors will always seek to take advantage of major events or changes for their own gain. The COVID-19 pandemic presented cybercriminals the perfect opportunity to take advantage of global media interest to spread malicious activity. We’ve found that Coronavirus-themed domains are… | Threat | ||
|
2020-12-14 11:00:45 | Check Point CloudGuard is a launch partner for AWS Outposts to Enhance AWS Hybrid-Cloud Security (lien direct) | By Jonathan Maresky, CloudGuard Product Marketing Manager Check Point is a launch partner for Amazon Web Services (AWS) Outposts. This recognizes that Check Point CloudGuard has demonstrated successful integration with AWS Outposts deployments. Background Five years ago, the idea of AWS Outposts would been difficult for me to believe. Back then, AWS did not publicly… | |||
|
2020-12-11 11:00:49 | Covid-19 \'Vaccines\' Touted for Just $250 on Darknet (lien direct) | Range of counterfeit coronavirus vaccines and medicines offered on Darknet Vaccine-related phishing campaigns take advantage of the global race to deliver the shots Covid vaccine-related domains show sharp rise in parallel to news of successful results in clinical trials Although the Covid-19 pandemic continues to spread and disrupt our lives, societies and economies, there is… | |||
|
2020-12-11 11:00:46 | Eye on the Eye – Increasing Security and Visibility for your IP Cameras (lien direct) | Adi Ikan, Network Research & Protection Group Manager Oren Koren, Senior Cyber Security Product Manager Ibrahim Shibli, Security Expert IP cameras, a type of digital video camera that receives control data and sends image data via an IP network, are commonly used for surveillance. As a result, they are an essential part of our ability… | |||
|
2020-12-10 11:00:55 | Aligning Secure Remote Access to NIST Guidelines (lien direct) | With 80% of security professionals scaling up their remote access infrastructure, per Check Point research, certain controls should be applied to ensure that security is not compromised. Below are key guidelines recommended by the National Institute of Standards and Technology (NIST) in supporting standard users, privileged administrators, BYOD and third parties. Plan remote work-related security… | |||
|
2020-12-10 11:00:21 | Game over? Vulnerabilities on Valve\'s Steam put hundreds of thousands gamers at risk (lien direct) | Highlights: CP<R> found four major vulnerabilities in the popular Valve games networking library. All vulnerabilities were acknowledged and received CVE’s. If exploited, an attacker could take over hundreds of thousands of computers without needing gamers to click on a malicious email or link. Unlike other vulnerabilities, victims are unknowingly affected by simply logging onto the… | |||
|
2020-12-09 11:00:52 | November 2020\'s Most Wanted Malware: Notorious Phorpiex Botnet Returns As Most Impactful Infection (lien direct) | Check Point Research reports new surge in attacks using the Phorpiex Botnet delivering the Avaddon ransomware in malicious spam campaigns Our latest Global Threat Index for November 2020 has revealed that there has been a new surge in infections by the well-known Phorpiex botnet which has made it the month's most prevalent malware, impacting 4%… | Threat Ransomware Spam | ||
|
2020-12-08 11:00:08 | The \'New Normal\' is Here to Stay for Some Time: New Survey Reveals Organizations\' Security Priorities for 2021 and Beyond (lien direct) | As 2020 draws to a close, we are approaching a milestone on the pathway through the Covid-19 pandemic. While cases and deaths continue to rise globally and economic disruption deepens, there has also been positive news: several vaccines have shown promising results in early trials and are being fast-tracked towards mass production. Even though there… | |||
|
2020-12-07 11:00:56 | Living in a Post-quantum Cryptography World (lien direct) | By Julia Rabinovich, Architect, Network Security Products Today, it is pretty expected from what we can see in the way hackers go after their victims. Whether through social engineering, phishing scams, or ransomware attacks ultimately it is just a hacker and his classic computer. Which means not a lot of computing power to decrypt complicated… | Ransomware | ||
|
2020-12-07 11:00:51 | AWS Instance Metadata Service (IMDS) Best Practices (lien direct) | Omer Shliva Cloud Guard Dome9 Research Introduction Metadata is “data that provides information about other data” (Wikipedia). In other words, Metadata is “data about data”. In AWS, Instance Metadata Service (IMDS) provides “data about your instance that you can use to configure or manage the running instance. Instance metadata is divided into categories, for example,… | |||
|
2020-12-04 11:00:22 | 40% of the World\'s Mobile Devices are Inherently Vulnerable. Is your Corporate Data at Risk? (lien direct) | By Oleg Mogilevsky, Product Marketing Manager, Threat Prevention These days you use your smartphone to do your job more than ever before. You might be as careful as one can be, but what if your phone is inherently vulnerable to exploits you are not aware of? In research dubbed “Achilles,” the Check Point Research team… | Threat | ||
|
2020-12-04 11:00:20 | ARSAT Migrates to Check Point Software in Record Time (lien direct) | By Amit Sharon, Head of Global Customer Community & Market Intelligence, Check Point Empresa Argentina de Soluciones Satelitales Sociedad Anónima (ARSAT) is one of the largest ISPs and data center companies in Argentina, the company is dedicated to providing the highest quality telecommunications services for its customers. ARSAT recently approached Tecsystem , a leading technology… | Guideline | ||
|
2020-12-03 11:00:18 | Check Point IoT Protect Firmware (lien direct) | A complete end-to-end solution for all your firmware security needs. By Mor Ahuvia, Product Marketing Manager and Bob Bent, Technical Marketing Manager To build connected devices that are 'secure by design' out-of-the-box, IoT manufacturers need to embed security into the device firmware. By uncovering risks, hardening their firmware and controlling access to their devices, device… | |||
|
2020-12-03 10:58:34 | Widespread android applications still exposed to vulnerability on google play core library (lien direct) | High profile android apps still exposed to a CVE reported in August, patched in April If exploited, attacker can grab credentials, steal 2FA codes, gain access to corporate resources and spy using location access Apps vulnerable include : Edge, OKCupid, , Grindr and Cisco teams and more A new vulnerability for the Google Play… | Vulnerability | ||
|
2020-12-02 11:00:12 | Telecommunication Service Providers Secure Businesses Using Check Point\'s Comprehensive Portfolio of Security Services (lien direct) | The Telecommunications Industry is undergoing a number of significant changes which are reshaping the market. The demand for more bandwidth and higher throughput keeps growing. Businesses are going through a digital transformation by migrating to the cloud and modifying the way they deploy and use their networks. The significant increase in the number of remote… |
To see everything:
Our RSS (filtrered)
