What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2020-12-21 19:26:48 | Best Practice: Identifying And Mitigating The Impact Of Sunburst (lien direct) | Introduction During the closing weeks of 2020 a Cyber Security attack became one of the main headline news stories of what had already been a news-rich year. Attributed to a campaign that began months earlier, the information security teams of government agencies and private organizations quickly shifted their focus to a vulnerability in the SolarWinds… | Vulnerability | Solardwinds Solardwinds | |
|
2020-12-03 10:58:34 | Widespread android applications still exposed to vulnerability on google play core library (lien direct) | High profile android apps still exposed to a CVE reported in August, patched in April If exploited, attacker can grab credentials, steal 2FA codes, gain access to corporate resources and spy using location access Apps vulnerable include : Edge, OKCupid, , Grindr and Cisco teams and more A new vulnerability for the Google Play… | Vulnerability | ||
|
2020-11-30 10:00:08 | Preventing the Unknown with Static Analysis (lien direct) | This blog provides insights into zero-day unknown threats – what are they, and why is it a challenge to protect against them. Also, it covers Check Point SandBlast Agent's approach, describing the broad aspects it covers – from Anti-Malware towards advanced Static Analysis unique methods. What are zero-day threats? A zero-day vulnerability is a security… | Vulnerability | ||
|
2020-11-10 06:00:56 | Critical Vulnerability in Windows OS – Check Point customers remain protected (lien direct) | Only five days after Google disclosed information about a critical vulnerability in the Microsoft Windows operating system (CVE-2020-17087), Check Point has officially released protection to keep its customers completely safe. Early protections against vulnerabilities that are under active attack are crucial. Microsoft is expected to release an update today, November 10, 2020, but Google research… | Vulnerability | ||
|
2020-10-02 10:00:53 | Graphology of an Exploit – Fingerprinting exploit authors to help with hunting zero-day exploits in the wild (lien direct) | In the cyber-crime economy, which is all about exploiting vulnerabilities in software and products, the most valuable and prized asset is the 'zero day' – a vulnerability for which there is no patch or update available. Last year, an exploit broker stated it would pay up to $2 million for zero-day jailbreaks of Apple’s iOS… | Vulnerability | ||
|
2020-09-15 10:00:50 | Not for higher education: cybercriminals target academic & research institutions across the world (lien direct) | Across the USA, Europe and Asia, there was an increase in the number of attacks targeting the education and research sector in recent months. The USA witnessed an increase in DDOS attacks, while there was an increase in information disclosure attempts in Europe. Asia meanwhile, faced an increase in vulnerability exploits. July and August signals… | Vulnerability | ||
|
2020-07-03 10:00:59 | Nexus Zeta – From Suspicious Alerts to Conviction (lien direct) | Two years ago, we shared the interesting story of Nexus Zeta: How a newbie hacker managed to create a monster botnet. The attacker created an impressive attack chain that comprised of several stages, from leveraging a 0-day vulnerability (CVE-2017-17215) found in the UPnP (Universal Plug and Play) mechanism in Huawei HG532 Home Routers to creating… | Vulnerability | ||
|
2020-05-21 11:00:30 | Safe-Linking – fixing a 20-year-old problem to make Linux exploitation harder for threat actor (lien direct) | Let's face it, we're all looking for easier way to do things. Short-cuts that help us get our work done faster and with less effort. And hackers are no different. To launch an attack against any software or system, hackers and threat actors will first look for an existing vulnerability or weakness that they can… | Vulnerability Threat | ||
|
2020-03-26 11:00:01 | Who\'s Zooming Who? Guidelines on How to Use Zoom Safely (lien direct) | By Omri Herscovici, Vulnerability Research Team Lead In recent weeks, the COVID-19 crisis has meant that millions of people are staying at home instead of going to work or meeting up with people. Estimates vary but up to 50% of employees globally may now be working remotely. Online communications platforms have become essential for personal… | Vulnerability Guideline | ||
|
2020-03-11 11:00:24 | February 2020\'s Most Wanted Malware: Increase in Exploits Spreading the Mirai Botnet to IoT Devices (lien direct) | Check Point Research also reports that Emotet has been spreading via new SMS phishing Campaign Our latest Global Threat Index for February 2020 shows a large increase in exploitation of a vulnerability to spread the Mirai botnet, which is notorious for targeting Internet-of-Things (IoT) devices, such as web cameras, modems and routers, and for conducting… | Vulnerability Threat | ||
|
2019-11-11 18:37:29 | First BlueKeep Attacks Begin: Checkpoint Customers Remain Protected (lien direct) | By Adeline Chan, Threat Prevention Product Marketing Manager, published November 11, 2019 After months of warning, the first BlueKeep attacks finally happened. BlueKeep, a critical vulnerability found in older versions of Microsoft Windows, was discovered in the wild as part of a new hacking campaign. Security researchers detected the campaign via the use of honeypots, a… | Vulnerability Threat | ||
|
2019-09-12 13:00:01 | August 2019\'s Most Wanted Malware: Echobot Launches Widespread Attack Against IoT Devices (lien direct) | In August, the research team saw an increase in a new variant of the Mirai IoT Botnet, Echobot, which has launched widespread attacks against a range of IoT devices. First seen in May 2019, Echobot has exploited over 50 different vulnerabilities, causing a sharp rise in the 'Command Injection Over HTTP' vulnerability which has impacted… | Vulnerability | ||
|
2019-09-11 13:00:05 | BlueKeep exploit is weaponized: Check Point customers remain protected (lien direct) | The notorious BlueKeep vulnerability has been escalated from a theoretical, critical vulnerability, to an immediate, critical threat. First reported in May 2019, Bluekeep (CVE-2019-070) was reported as a critical security vulnerability by Microsoft. The vulnerability exists in the Remote Desktop Protocol (RDP) and allows for Remote Code Execution (RCE). Check Point, recognizing the criticality of… | Vulnerability | ||
|
2019-09-05 16:07:02 | Mobile Security Flaw Leaves Android Smartphones Vulnerable to SMS Phishing Attacks (lien direct) | By Yael Macias, Threat Prevention Product Marketing Research By: Artyom Skrobov, Slava Makkaveev Check Point researchers recently discovered a vulnerability to advanced phishing attacks in a wide variety of Android phones, including models by Samsung, Huawei, LG and Sony, which account for more than 50 percent of the Android market). In these attacks, a remote… | Vulnerability Threat | ||
|
2019-08-08 13:00:05 | July 2019\'s Most Wanted Malware: Vulnerability in OpenDreamBox 2.0.0 WebAdmin Plugin Enables Attackers to Execute Commands Remotely (lien direct) | In July, a new vulnerability in the OpenDreamBox 2.0.0 WebAdmin Plugin that has impacted 32% of organizations globally in the last month, was discovered. The vulnerability, ranked the 8th most exploited, enables attackers to execute commands remotely on target machines. It was often triggered along with other IoT attacks – most commonly the MVPower DVR… | Vulnerability | ||
|
2019-06-19 13:01:02 | CPR Zero: Check Point Research\'s Vulnerability Repository (lien direct) | During the past 5 years, Check Point Research has invested significant resources into vulnerability research. For every vulnerability we discover, we first notify the vendor and immediately develop new protections which are integrated into the Check Point line of products. During the course of our vulnerability research, we come across a vast number of bugs,… | Vulnerability | ||
|
2019-06-13 13:00:03 | May 2019\'s Most Wanted Malware: Patch Now to Avoid the BlueKeep Blues (lien direct) | In May, the most significant event in the threat landscape was not a new type of malware: it was a serious vulnerability in older versions of Windows operating systems that – if exploited by criminals – could lead to the type of mega-scale ransomware attacks we saw in 2017 with WannaCry and NotPetya. The… | Ransomware Vulnerability Threat Guideline | NotPetya Wannacry | ★★★ |
|
2019-05-20 21:02:01 | Critical Vulnerability in Windows OS – Learn How To Protect Yourself (lien direct) | In Brief In the last few days, Microsoft has released information about a critical vulnerability in the Windows operating system (CVE-2019-0708). This vulnerability allows remote code execution by an attacker directly from the network using the Remote Desktop Protocol (RDP) in remote desktop services that affects older versions of Windows used by many… | Vulnerability | ||
|
2019-04-17 13:00:00 | Department of Homeland Security issues security warning for VPN applications - Check Point VPNs not affected (lien direct) | by Lloyd Tanaka, Threat Prevention Product Marketing Manager, published April 17th 2019 On Friday April 12, The CERT Coordination Center (CERT/CC) with the US Department of Homeland Security (DHS), issued a warning of a newly discovered vulnerability affecting possibly hundreds of Virtual Private Network (VPN) applications. Check Point was one of a small handful… | Vulnerability Threat | ||
|
2019-04-04 13:00:03 | Xiaomi Vulnerability: When Security Is Not What it Seems (lien direct) | Smartphones usually come with pre-installed apps, some of which are useful and some that never get used at all. What a user does not expect, however, is for a preinstalled app to be an actual liability to their privacy and security. Check Point Research recently discovered a vulnerability in one of the preinstalled apps in… | Vulnerability | ★★ | |
|
2019-03-06 14:00:03 | (Déjà vu) PXE Dust: Finding a Vulnerability in Windows Servers Deployment Services (lien direct) | Research By: Omer Gull Introduction Many large organizations use Windows Deployment Services (WDS) to install customized operating systems on new machines in the network. The Windows Deployment Services is usually, by its nature, accessible to a... | Vulnerability | ||
|
2019-02-27 20:34:04 | Protecting Against WinRAR Vulnerabilities (lien direct) | A 19 year old, yet major, vulnerability was recently found by Check Point Research in the popular web application, WinRAR, that could potentially put over 500 million users at risk. The exploit works by simply extracting an archive from an innocent looking ACE file which could lead to a remote code execution. Following the discovery,… | Vulnerability Guideline | ★★★★★ | |
|
2019-02-14 02:39:02 | Docker Security Hole Revealed: Mitigate CVE-2019-5736 (lien direct) | by Marina Segal – Lead Product Manager, CloudGuard Dome9, Check Point and Amir Kaushansky – Product Manager, Cloud Security, Check Point How it was Discovered: On February 11th, a critical vulnerability in runC binary was released. According to Aleksa Sarai, a SUSE container senior software engineer and a runC maintainer, security researchers Adam Iwaniuk and Borys Popławski discovered… | Vulnerability Guideline | ||
|
2019-02-14 02:39:02 | Don\'t runC, How to Mitigate CVE-2019-5736 (lien direct) | How it was Discovered: On February 11th, a critical vulnerability in runC binary was released. According to Aleksa Sarai, a SUSE container senior software engineer and a runC maintainer, security researchers Adam Iwaniuk and Borys Popławski discovered a vulnerability which “allows a malicious container (with minimal user interaction) to overwrite the host runC binary and… | Vulnerability | ★★★★★ | |
|
2018-10-30 14:29:05 | Microsoft Office Vulnerability Found, Check Point Research To The Rescue (lien direct) | Neil Armstrong, the great space explorer, once said “research is all about creating new knowledge.” And of course, with knowledge we are in a better position to predict, and thus prepare, for what is yet to come. For this reason, the work Check Point Research does is invaluable when it comes to translating knowledge into… | Vulnerability | ||
|
2018-08-08 12:30:05 | FakesApp: Using WhatsApp to Spread Scams and Fake News (lien direct) | In a disturbing revelation, Check Point researchers have discovered a vulnerability in WhatsApp that allows a threat actor to intercept and manipulate messages sent by those in a group or private conversation. By doing so, attackers can put themselves in a position of immense power to not only steer potential evidence in their favor, but… | Vulnerability Threat |
To see everything:
Our RSS (filtrered)
