Blog News -  Úvod  APT  Attack  BigBrother  BotNet  Bug  Cyber  Cryptocurrency  Exploit  Hacking  Hardware  IoT  Malware  Phishing  Ransomware  Spam  Vulnerebility

Update 14.11.2018 14:43:36

 

Datum

Obrázek

Název

Info

Companies

14.11.2018Výsledek obrázku pro Project ZeroHeap Feng Shader: Exploiting SwiftShader in ChromeOn the majority of systems, under normal conditions, SwiftShader will never be used by Chrome - it’s used as a fallback if you have a known-bad “blacklisted” graphics card or driver. However, Chrome can also decide at runtime that your graphics driver is having issues, and switch to using SwiftShader to give a better user experience. Project Zero
14.11.2018Výsledek obrázku pro Project ZeroDeja-XNUThis blog post revisits an old bug found by Pangu Team and combines it with a new, albeit very similar issue I recently found to try to build a "perfect" exploit for iOS 7.1.2.Project Zero
14.11.2018Microsoft Patch Tuesday – November 2018This month the vendor has patched 62 vulnerabilities, 13 of which are rated Critical.Symantec
10.11.2018Výsledek obrázku pro cisco talosMetamorfo Banking Trojan Keeps Its Sights on BrazilFinancially motivated cybercriminals have used banking trojans for years to steal sensitive financial information from victims. They are often created to gather credit card information and login credentials for various online banking and financial services websites so this data can be monetized by the attackers. Cisco Talos
9.11.2018Emotet launches major new spam campaignEmotet launches major new spam campaignThe recent spike in Emotet activity shows that it remains an active threat.Eset
9.11.2018US Air Force invites white hats to find hackable flaws, againUS Air Force invites white hats to find hackable flaws, againThis is the third time that the air force wants ethical hackers to uncover chinks in its digital armor.Eset
9.11.2018FASTCash: How the Lazarus Group is Emptying Millions from ATMsOn October 2, 2018, an alert was issued by US-CERT, the Department of Homeland Security, the Department of the Treasury, and the FBI. According to this new alert, Hidden Cobra (the U.S. government’s code name for Lazarus) has been conducting “FASTCash” attacks, stealing money from Automated Teller Machines (ATMs) from banks in Asia and Africa since at least 2016.Symantec
9.11.2018Výsledek obrázku pro F5 labs2018 Phishing and Fraud Report: Attacks Peak During the HolidaysPhishing attack? Absolutely. Success? Likely. Risk of incident? High. Breach costs? About $6.5 million.F5 Labs
8.11.2018

DJI Drone Vulnerability

Besides from consumers, though, it has also taken a large share of the corporate market, with customers coming from the critical infrastructure, manufacturing, agricultural, construction, emergency-management sectors and more. With so many customers worldwide, both consumer and corporate, DJI drones can obtain data and images from a wide range of viewpoints and across a large spectrum of subject matter.Checkpoint
8.11.2018Supply-chain attack on cryptocurrency exchange gate.ioSupply-chain attack on cryptocurrency exchange gate.ioLatest ESET research shows just how far attackers will go in order to steal bitcoin from customers of one specific virtual currency exchangeEset
1.11.2018New Ramnit Campaign Spreads Azorult MalwareThis summer we wrote about the Ramnit malware and its underlying “Black” botnet campaign which was used for distributing proxy malware. Much to our surprise, the C&C servers of the “Black” botnet were shut.Checkpoint
30.10.2018SamSam: Targeted Ransomware Attacks ContinueRansomware group remains highly active in 2018, focussing mainly on organizations in the U.S.Symantec
30.10.2018Gallmaker: New Attack Group Eschews Malware to Live off the LandA new attack group is targeting government, military, and defense sectors in what appears to be a classic espionage campaign.Symantec
30.10.2018Symantec’s Latest Intelligence Page: Your Weather Report for the Threat LandscapeWe've revamped the Latest Intelligence page with new metrics and a new look.Symantec
30.10.2018Ransomware and the enterprise: A new white paperRansomware and the enterprise: A new white paperRansomware remains a serious threat and this new white paper explains what enterprises need to know, and do, to reduce riskEset
30.10.2018

Zooming In On “Domestic Kitten”

In recent years, Iran has been channeling significant resources into cyber warfare, devoting designated entities within multiple government agencies to conduct extensive espionage campaigns against foreign countries such as the United States, Israel.Checkpoint
25.10.2018ESET releases new decryptor for Syrian victims of GandCrab ransomwareESET releases new decryptor for Syrian victims of GandCrab ransomwareESET experts have created a new decryption tool that can be used by Syrian victims of the GandCrab ransomware. It is based on a set of keys recently released by the malware operators

Eset

25.10.2018Banking Trojans continue to surface on Google PlayBanking Trojans continue to surface on Google PlayThe malicious apps have all been removed from the official Android store but not before the apps were installed by almost 30,000 users

Eset

25.10.2018LuminosityLink RAT author sentenced to 2.5 years in jailLuminosityLink RAT author sentenced to 2.5 years in jailAs part of his plea agreement, the author of the malware also forfeited the proceeds from his crimes – 114 Bitcoin worth $725,000

Eset

25.10.2018GreyEnergy: Updated arsenal of one of the most dangerous threat actorsGreyEnergy: Updated arsenal of one of the most dangerous threat actorsESET research reveals a successor to the infamous BlackEnergy APT group targeting critical infrastructure, quite possibly in preparation for damaging attacks

Eset

25.10.2018Výsledek obrázku pro fireEyeTRITON Attribution: Russian Government-Owned Lab Most Likely Built Custom Intrusion Tools for TRITON AttackersFireEye Intelligence assesses with high confidence that intrusion activity that led to deployment of TRITON was supported by a Russian government-owned technical research institution located in Moscow.FireEye
25.10.2018Výsledek obrázku pro fireEyeICS Tactical Security Trends: Analysis of the Most Frequent Security Risks Observed in the FieldFireEye compiled data to identify the most pervasive and highest priority security risks in industrial facilities.FireEye
25.10.2018Výsledek obrázku pro fireEye2018 Flare-On Challenge SolutionsThe fifth annual Flare-On Challenge is over, with 114 finishers out of 4,893 registrants.FireEye
25.10.2018Výsledek obrázku pro fireEyeFLARE Script Series: Reverse Engineering WebAssembly Modules Using the idawasm IDA Pro PluginWe introduce idawasm, an IDA Pro plugin that provides a loader and processor modules for WebAssembly modulesFireEye
25.10.2018Výsledek obrázku pro fireEyeAPT38: Details on New North Korean Regime-Backed Threat GroupWe release details on APT38, a threat group we believe is responsible for conducting financial crime on behalf of the North Korean regime, stealing millions of dollars from banks worldwide.FireEye

18.10.2018

The Emergence of the

New Azorult 3.3

During the last week, Check Point Research spotted a new version of Azorult in the wild being delivered through the RIG exploit kit, as well as other sources. Azorult is a long known information stealer and malware downloader, with this particular version being advertised in an underground forum since October 4. The version number given to it by its authors is 3.3Checkpoint
18.10.2018

Godzilla Loader and the Long Tail of Malware

To most victims, malware is a force of nature. Zeus, Wannacry, Conficker are all vengeful gods, out to punish the common man for clicking the wrong link. Even for a security analyst, it’s easy to fall into the kind of thinking where malicious tools and campaigns emerge out of the ether, forged by an invisible hand. Checkpoint

27.9.2018

The ‘Gazorp’ Dark Web Azorult Builder

On 17th September Check Point Research found a new online builder, dubbed ‘Gazorp’, hosted on the Dark Web. Gazorp is designed for building binaries of the popular malware, Azorult, an infostealer used for stealing user passwords, credit card information, cryptocurrency related data and more.

Checkpoint

20.9.2018

Fake finance apps on Google Play target users from around the world

Fake finance apps on Google Play target users from around the world

Cybercrooks use bogus apps to phish six online banks and a cryptocurrency exchange

Eset

20.9.2018

The Occasional Orator Part 1

The Occasional Orator

) Part 1

Speaking at conferences can be daunting for presenters but often it is about striking the right balance between content and delivery

Eset

20.9.2018

Bristol airport takes flight screens offline after apparent ransomware attack

Bristol airport takes flight screens offline after apparent ransomware attack

The screens in “key locations” are back up and running again, while the airport paid no ransom to return its systems to working order

Eset

20.9.2018

One in three UK orgs hit by cryptojacking in previous month, survey finds

One in three UK orgs hit by cryptojacking in previous month, survey finds

Conversely, only a little over one-third of IT executives believe that their systems have never been hijacked to surreptitiously mine digital currencies

Eset

14.9.2018

Meet Black Rose Lucy, the Latest Russian MaaS Botnet

An organization needs to have a collaborative hiring process, advised Steve Jobs. Always a group to follow mainstream trends closely, in recent years we’ve seen cyber criminals take greater heed of this advice by increasingly hiring cyber mercenaries and Malware-as-a-Service (MaaS) providers as a way to carry out their malicious activities.

Checkpoint

14.9.2018

Domestic Kitten: An Iranian Surveillance Operation

Chinese strategist Sun Tzu, Italian political philosopher Machiavelli and English philosopher Thomas Hobbes all justified deceit in war as a legitimate form of warfare. Preceding them all, however, were some in the Middle East who had already internalized and implemented this strategy to great effect, and continue to do so today.

Checkpoint

30.8.2018

Ransom Warrior Decryption Tool

On August 8th, a new ransomware, dubbed ‘RansomWarrior’, was found by the Malware Hunter Team. Going by the ransom note shown to its victims, RansomWarrior seems to have been developed by Indian hackers, who...

Checkpoint

28.8.2018

CeidPageLock: A Chinese RootKit

Research by: Israel Gubi Over the last few weeks, we have been observing a rootkit named CEIDPageLock being distributed by the RIG Exploit kit. The rootkit was first discovered by 360 Security Center...

Checkpoint

26.8.2018

Interactive Mapping of APT-C-23

Research by: Aseel Kayal Last month, we investigated the renewal of a targeted attack against the Palestinian Authority, attributed to the APT-C-23 threat group. Although this campaign was initially discovered in early 2017,...

Checkpoint

20.8.2018

Ryuk Ransomware: A Targeted Campaign Break-Down

Over the past two weeks, Ryuk, a targeted and well-planned Ransomware, has attacked various organizations worldwide. So far the campaign has targeted several enterprises, while encrypting hundreds of PC, storage and data centers...

Checkpoint

16.8.2018

VBEtaly: An Italian Ursnif MalSpam Campaign

Check Point researchers have found another wave of the Ursnif malspam campaign targeting Italy. Only a few details are known so far but what we have found is that the file delivered is a VBE file (encoded VBS) named “SCANSIONE.vbe” and is delivered via ZIP attachments in emails with the subject suggesting different documents in Italian.

Checkpoint

12.8.2018

Faxploit: Sending Fax Back to the Dark Ages

Research By: Eyal Itkin and Yaniv Balmas Fax, the brilliant technology that lifted mankind out the dark ages of mail delivery when only the postal service and carrier pigeons were used to deliver..

Checkpoint

12.8.2018

Man-in-the-Disk: Android Apps Exposed via External Storage

Research By: Slava Makkaveev Recently, our researchers came across a shortcoming in the design of Android’s use of storage resources. Careless use of External Storage by applications may open the door to an...

Checkpoint

7.8.2018

FakesApp: A Vulnerability in WhatsApp

Research By: Dikla Barda, Roman Zaikin and Oded Vanunu As of early 2018, the Facebook-owned messaging application, WhatsApp, has over 1.5 billion users with over one billion groups and 65 billion messages sent...

Checkpoint

5.8.2018

Ramnit’s Network of Proxy Servers

Research By: Alexey Bukhteyev As you may know, Ramnit is one of the most prominent banking malware families in existence today and lately Check Point Research monitored a new massive campaign of Ramnit, dubbed...

Checkpoint

31.7.2018

Osiris: An Enhanced Banking Trojan

Research By: Yaroslav Harakhavik and Nikita Fokin Following our recent analysis of the Kronos banking Trojan, we discovered that Kronos has also now been enhanced to hide its communication with C&C server using Tor....

Checkpoint

30.7.2018

A Malvertising Campaign of Secrets and Lies

Check Point Research has uncovered a large Malvertising campaign that starts with thousands of compromised WordPress websites, involves multiple parties in the online advertising chain and ends with distributing malicious content, via multiple...

Checkpoint

30.7.2018

Emotet: The Tricky Trojan that ‘Git Clones’The Emotet Trojan downloader originally debuted in 2014 as a banking Trojan that took an unusual approach to stealing banking credentials; Instead of hooking per-browser functions in the victim’s web browser process, Emotet...

Checkpoint

30.7.2018

GlanceLove: Spying Under the Cover of the World CupWhen the whistle of the first match of the 2018 World Cup blew, it didn’t just signal the start of an exciting tournament for football fans worldwide, but also gave the green light...

Checkpoint

30.7.2018

Cyber Attack Trends: 2018 Mid-Year ReportWhen it comes to the global cyber threat landscape, threats are ever evolving, keeping organizations, as well as the security research community, constantly challenged. In our Cyber Attack Trends: 2018 Mid-Year Report we...

Checkpoint

30.7.2018

Deep Dive into UPAS Kit vs. KronosBy Mark Lechtik Introduction In this post we will be analyzing the UPAS Kit and the Kronos banking Trojan, two malwares that have come under the spotlight recently due to the back story...

Checkpoint

30.7.2018

Scriptable Remote Debugging with Windbg and IDA ProRequired Background: Basic experience with virtual machines, i.e. creating a VM and installing an OS. The most technically involved it gets is setting up a working SSH server on one of the VMs

Checkpoint

30.7.2018

Remote Code Execution Vulnerability on LG SmartphonesResearch by: Slava Makkaveev Background A few months ago, Check Point Research discovered two vulnerabilities that reside in the default keyboard on all mainstream LG smartphone models (termed by LG as ‘LGEIME’). These...Checkpoint
30.7.2018Telegram: Cyber Crime’s Channel of ChoiceIntroduction The Dark Web is a hive of illicit activity. From illegal guns and drug dealing to the Ransomware-as-a-Service programs buyers and sellers can use this medium to trade and exchange both knowledge..Checkpoint

30.7.2018

SiliVaccine: Inside North Korea’s Anti-VirusBy: Mark Lechtik and Michael Kajiloti Revealed: In an exclusive piece of research, Check Point Researchers have carried out a revealing investigation into North Korea’s home-grown anti-virus software, SiliVaccine. One of several interesting.

Checkpoint

30.7.2018

A Crypto Mining Operation UnmaskedIntroduction With the emerging threat of miners and the rise of cryptocurrencies that have taken the world by storm lately, Check Point Research has been keeping an eye out for mining campaigns. During

Checkpoint

30.7.2018

MMap Vulnerabilities – Linux KernelBy: Eyal Itkin As part of our efforts in identifying vulnerabilities in different products, from time to time we also review the Linux Kernel, mainly searching for vulnerabilities in different drivers. In this

Checkpoint

30.7.2018

NTLM Credentials Theft via PDF FilesJust a few days after it was reported that malicious actors can exploit a vulnerability in MS outlook using OLE to steal a Windows user’s NTLM hashes, the Check Point research team can.Checkpoint

30.7.2018

A New Phishing Kit on the Dark NetCheck Point Research and the cyber intelligence company, CyberInt, have collaborated to discover the next generation in phishing kits, currently being advertised on the Dark Net. Unlike previous kits which are primarily composed.Checkpoint
30.7.2018Check Point’s 2018 Security Report2017 was a pivotal year that surprised many in the IT security industry. From the resurgence of destructive ransomware, IoT botnets, data breaches and mobile malware to full scale nation state attacks, it is

Checkpoint

30.7.2018

Uncovering Drupalgeddon 2By Eyal Shalev, Rotem Reiss and Eran Vaknin Abstract Two weeks ago, a highly critical (25/25 NIST rank) vulnerability, nicknamed Drupalgeddon 2 (SA-CORE-2018-002 / CVE-2018-7600), was disclosed by the Drupal security team. This vulnerability

Checkpoint

30.7.2018

Return of the Festi RootkitFesti, a once popular rootkit is back in the wild, distributed mainly by the RIG exploit kit. A long known Windows rootkit, Festi dates back to 2009 where at that time it served.

Checkpoint

30.7.2018

Necurs is Back, Just in Time for EasterAfter a drastic decline in the volume of spam coming from the Necurs spambot observed by Check Point Telemetry in the past month, the infamous botnet is back once again and is spreading.Checkpoint

30.7.2018

Tribute to Kris KasperskyJust over a year ago one of the greatest minds in the cyber research world sadly passed away. Born in the small Russian village of Uspenskoye, Kris Kaspersky, originally named Nikolay Likhachev, suffered.Checkpoint

30.7.2018

RottenSys: Not a Secure Wi-Fi Service At AllResearch By: Feixiang He, Bohdan Melnykov, Elena Root Key Findings: RottenSys, a mobile adware, has infected nearly 5 million devices since 2016. Indications show the malware could have entered earlier in the supplier..

Checkpoint

30.7.2018

The GandCrab Ransomware MindsetKey Points: In 2018 even ransomware is agile. Learn about the mindset of the GandCrab ransomware developers. Take a deep dive into the inner workings of GandCrab’s operation. Get an overview of two

Checkpoint

30.7.2018

Guest Accounts Gain Full Access on Chrome RDPResearchers: Ofer Caspi, Benjamin Berger Chrome Remote Desktop is an extension to the Chrome browser that allows users to remotely access another computer through Chrome browser or a Chromebook. It is fully cross-platform, and.

Checkpoint

30.7.2018Check Point Mobile Research Team Looks Back On 2017The mobile world is extremely dynamic and changes rapidly, so it’s always a little hectic to follow its lead. For this reason, we try to stop every once in a while and take.Checkpoint

30.7.2018

Jenkins Miner: One of the Biggest Mining Operations Ever DiscoveredThe Check Point research team has discovered what could potentially become one of the biggest malicious mining operations ever seen. As seen in our previous report of the RubyMiner, these types of attacksCheckpoint

30.7.2018

A New Rig Exploit Kit Campaign Dropping XMRig MinerCryptocurrency values may be tumbling but cyber criminals are still hedging their bets on its long term returns. Check Point researchers have discovered a new malvertising campaign leading to the Rig Exploit Kit..

Checkpoint

30.7.2018

DorkBot: An InvestigationResearch By: Mark Lechtik Overview: DorkBot is a known malware that dates back to 2012. It is thought to be distributed via links on social media, instant messaging applications or infected removable media.

Checkpoint

30.7.2018

Malware Displaying Porn Ads Discovered in Game Apps on Google PlayResearch by: Elena Root & Bogdan Melnykov Check Point Researchers have revealed a new and nasty malicious code on Google Play Store that hides itself inside around 60 game apps, several of which

Checkpoint

30.7.2018

‘RubyMiner’ Cryptominer Affects 30% of WW NetworksIn the last 24 hours, 30% of networks worldwide have experienced compromise attempts by a crypto-miner targeting web servers. During that period, the lone attacker attempted to exploit 30% of all networks worldwide.Checkpoint

30.7.2018

Many Formulas, One Calc – Exploiting a New Office Equation VulnerabilityBy: Omer Gull and Netanel Ben Simon Background A few weeks ago, a vulnerability in the Office Equation 3.0 process (EQNEDT32.EXE) was discovered by Embedi. For a couple of reasons this event raised.Checkpoint

30.7.2018

Malicious Flashlight Apps on Google PlayCheck Point researchers have detected a new type of adware roaming Google Play, the official app store of Google. The suspicious scripts override the user’s decision to disable ads showing outside of a.

Checkpoint

30.7.2018Huawei Router BotnetHuawei Home Routers in Botnet RecruitmentA Zero-Day vulnerability (CVE-2017-17215) in the Huawei home router HG532 has been discovered by Check Point Researchers, and hundreds of thousands of attempts to exploit it have already been found in the wild..

Checkpoint

30.7.2018

November Cyber RoundupNovember was another busy month as people geared up for Black Friday shopping and the pitfalls that brings to both online retailers and consumers alike. Take a look at our quick roundup of..Checkpoint

30.7.2018

ParseDroid â?? Targeting The Android Development & Research CommunityParseDroid: Targeting The Android Development & Research CommunityResearchers: Eran Vaknin, Gal Elbaz, Alon Boxiner, Oded Vanunu Latest research from the Check Point Research Team has revealed several vulnerabilities, that puts each and every organization that does any type of Java/Android..Checkpoint

30.7.2018

Christmas is Coming: The Criminals AwaitBy Dikla Barda, Roman Zaikin and Oded Vanunu Black Friday symbolizes the start of the end of year shopping season. During this period, online shopping is expected to increase rapidly as consumers search.

Checkpoint

30.7.2018

IoTroop Botnet: The Full InvestigationLast week, thanks to the Check Point web sensor network, our researchers discovered a new and massive IoT Botnet, ‘IoTroop’. Due to the urgency of this discovery, we quickly published our initial findings.

Checkpoint

30.7.2018

Bad Rabbit: The Full Research InvestigationWhat is this all about? Earlier this week a new ransomware attack dubbed ‘Bad Rabbit’ broke out and has so far affected The Ukraine, Russia, Turkey and Bulgaria.  Various healthcare, media, software and.Checkpoint

30.7.2018

A New IoT Botnet Storm is ComingKey Points: A massive Botnet is forming to create a cyber-storm that could take down the internet. An estimated million organizations have already been scanned with an unknown amount actually infected. The Botnet.Checkpoint
30.7.2018The Perfect ‘Inside Job’ Banking MalwareResearchers:  Mark Lechtik and Raman Ladutska The Brazilian cyberspace is known to be a whole ecosystem of its own and, although the banking malware that originates there has traditionally been somewhat basic, recent..

Checkpoint

30.7.2018

September’s Most Wanted Malware: Locky Shoots Back Up Global RankingsCheck Point’s latest Global Threat Index has revealed a massive increase in worldwide Locky attacks during September, with the ransomware impacting 11.5% of organizations globally over the course of the month. Locky has...

Checkpoint

30.7.2018

EternalBlue – Everything There Is To KnowIntroduction Since the revelation of the EternalBlue exploit, allegedly developed by the NSA, and the malicious uses that followed with WannaCry, it went under thorough scrutiny by the security community. While many details.Checkpoint

30.7.2018

August’s Most Wanted Malware: Banking Trojans and Ransomware That Want Your MoneyCheck Point’s latest Global Threat Index has revealed that banking trojans were extensively used by cyber-criminals during August with three main variants appearing in the top 10. The Zeus, Ramnit and Trickbot banking..Checkpoint

30.7.2018

ExpensiveWall: A dangerous ‘packed’ malware on Google Play that will hit you in your wallet!Check Point’s mobile threat research team identified a new variant of an Android malware that sends fraudulent premium SMS messages and charges for fake services to users’ accounts without their knowledge. According to...Checkpoint

30.7.2018

Beware of the Bashware: A New Method for Any Malware to Bypass Security SolutionsWith a growing number of cyber-attacks and the frequent news headlines on database breaches, spyware and ransomware, quality security products have become a commodity in every business organization. Consequently a lot of thought..

Checkpoint

30.7.2018

July’s Most Wanted Malware: RoughTed and Fireball Decrease, But Stay Most PrevalentCheck Point’s latest Global Threat Impact Index reveals that that the number of organizations impacted globally by the RoughTed malvertising campaign fell by over a third during July, from 28% to 18%. RoughTed

Checkpoint

30.7.2018Is Malware Hiding in Your Resume?Eran Vaknin, Dvir Atias, Alon Boxiner The popular business social network LinkedIn has accumulated over 500 million members across 200 countries worldwide. Whether you’re a manager seeking to expand your team or a..Checkpoint

30.7.2018

Cyber Attack Trends: Mid-Year ReportLooking back at the first half of 2017, the word ransomware is probably one of the first that come to mind, courtesy of WannaCry and the more recent Petya attacks that dominated the.Checkpoint

30.7.2018

Get Rich or Die Trying: A Case Study on the Real Identity behind a Wave of Cyber Attacks on Energy, Mining and Infrastructure CompaniesOver the past 4 months, over 4,000 organizations globally have been targeted by cyber attacks which aim to infect their networks, steal data and commit fraud.  Many of these companies are leading international.

Checkpoint

30.7.2018

“The Next WannaCry” Vulnerability is HereThis Tuesday, Microsoft released a security patch including 48 fixes, 25 of which are defined as “critical”. While Microsoft updates happen every month, this one reveals an especially dangerous vulnerability – CVE-2017-8620. Behind this dull.

Checkpoint

30.7.2018

JavaScript Lost in the DictionaryCheck Point threat Intelligence sensors have picked up a stealth campaign that traditional anti-virus solutions are having a hard time detecting. On July 17th SandBlast Zero-Day Protection started showing a massive email campaign which was..Checkpoint

30.7.2018

June’s Most Wanted Malware: RoughTed Malvertising Campaign Impacts 28% of OrganizationsTHE TAKEAWAY Check Point’s latest Global Threat Impact Index revealed that 28% of organizations globally were affected by the Roughted malvertising campaign during June. IN CONTEXT A large-scale malvertising campaign, RoughTed is used...Checkpoint

30.7.2018

OSX/Dok Refuses to Go Away and It’s After Your MoneyFollowing up on our recent discovery of the new OSX/Dok malware targeting macOS users, we’d like to report that the malicious actors behind it are not giving up yet. They are aiming at.Checkpoint
30.7.2018Hacked in Translation – “Director’s Cut” – Full Technical DetailsBackground Recently, Check Point researchers revealed a brand new attack vector – attack by subtitles. As discussed in the previous post and in our demo, we showed how attackers can use subtitles files

Checkpoint

30.7.2018

May’s Most Wanted Malware: Fireball and Wannacry Impact More Than 1 in 4 Organizations GloballyTHE TAKEAWAY: Check Point’s latest Global Threat Impact Index revealed more than one in four organizations globally was affected by the Fireball or Wannacry attacks during May. The top three malware families were...

Checkpoint

30.7.2018

How the CopyCat malware infected Android devices around the worldCheck Point researchers identified a mobile malware that infected 14 million Android devices, rooting approximately 8 million of them, and earning the hackers behind the campaign approximately $1.5 million in fake ad revenues...Checkpoint

30.7.2018

BROKERS IN THE SHADOWS – Part 2: Analyzing Petya’s DoublePulsarV2.0 BackdoorBackground In the wake of WannaCry, a new cyber threat has emerged from the NSA leak. Making use of previously exposed tools, Petya once again is engaged in another large scale attack. Important.

Checkpoint

30.7.2018

Preventing Petya – stopping the next ransomware attackCheck Point’s Incident Response Team has been responding to multiple global infections caused by a new variant of the Petya malware, which first appeared in 2016 and is currently moving laterally within customer.Checkpoint

30.7.2018

Threat Brief: Petya Ransomware, A Global Attack[updated 6/28] A worldwide attack erupted on June 27 with a high concentration of hits in Ukraine – including the Ukrainian central bank, government offices and private companies. The attack is distributing what seems..

Checkpoint

30.7.2018

CrashOverrideOn June 20th Check Point published an IPS signature providing virtual patching for the Siemens SIPROTEC DoS vulnerability. This IPS signature can help protect against a new malware, CrashOverride, also known as Industroyer–..Checkpoint

30.7.2018

Anatomy of the Jaff Ransomware CampaignLast month, Check Point researchers were able to spot the distribution of Jaff Ransomware by the Necurs Botnet. The ransomware was spread using malicious PDF files that had an embedded docm file, which.

Checkpoint

30.7.2018

FIREBALL – The Chinese Malware of 250 Million Computers InfectedCheck Point Threat Intelligence and research teams recently discovered a high volume Chinese threat operation which has infected over 250 million computers worldwide. The installed malware,  Fireball, takes over target browsers and turns.Checkpoint

30.7.2018

BROKERS IN THE SHADOWS: Analyzing vulnerabilities and attacks spawned by the leaked NSA hacking toolsBackground Rarely does the release of an exploit have such a large impact across the world. With the recent leak of the NSA exploit methods, we saw the effects of powerful tools in..Checkpoint

30.7.2018

The Judy Malware: Possibly the largest malware campaign found on Google PlayCheck Point researchers discovered another widespread malware campaign on Google Play, Google’s official app store. The malware, dubbed “Judy”, is an auto-clicking adware which was found on 41 apps developed by a Korean

Checkpoint

30.7.2018

Hacked in Translation – from Subtitles to Complete TakeoverCheck Point researchers revealed a new attack vector which threatens millions of users worldwide – attack by subtitles. By crafting malicious subtitle files, which are then downloaded by a victim’s media player, attackers..Checkpoint

30.7.2018

April’s Most Wanted Malware: Exploit Kit Attacks Continue, While Slammer Worm Resurfaces AgainCheck Point’s latest Global Threat Impact Index detected a continued increase in the number of organizations being targeted with Exploit Kits, as Rig EK became the most prevalent form of attack, while there..

Checkpoint

30.7.2018

Check Point Reveals Global WannaCry Ransomware Infection Map at CPX Europe 2017Check Point researchers have been investigating the ransomware campaign in detail since it was first reported. With a new Check Point WannaCry Ransomware Infection Map, the researchers were able to track 34,300 attack.Checkpoint

30.7.2018

WannaCry – New Kill-Switch, New SinkholeCheck Point Threat Intelligence and Research team has just registered a brand new kill-switch domain used by a fresh sample of the WannaCry Ransomware. In the last few hours we witnessed a stunning...Checkpoint

30.7.2018

WannaCry – Paid Time Off?Let us open with a TL;DR – DO NOT pay the ransom demanded by the WannaCry ransomware! Now, let us explain why: As of this writing , the 3 bitcoin accounts associated with.Checkpoint

30.7.2018

Global Outbreak of WannaCry[Updated May 17, 2017] On May 12, 2017 the Check Point Incident Response Team started tracking a wide spread outbreak of the WannaCryp ransomware. We have reports that multiple global organizations are experiencing..

Checkpoint

30.7.2018

JAFF – A New Ransomware is in town, and it’s widely spread by the infamous Necurs BotnetNecurs, one of the largest botnets, went offline during the holiday period of 2016 and through the beginning of 2017. However it returned only to shortly peak late in April, spreading Locky using..Checkpoint

30.7.2018

DiamondFox modular malware – a one-stop shopCheck Point researchers have conducted a thorough investigation of the DiamondFox malware-as-a-service in collaboration with Terbium Labs, a Dark Web Data Intelligence company. The report includes a review of the malware’s sales procedure...Checkpoint

30.7.2018

Update – OSX/Dok CampaignOur ongoing investigation of the OSX/DOK campaign has led us to detect several new variants of this malware. These new variants have the same functionality as the previous ones, and are designed to.Checkpoint

30.7.2018

OSX Malware is Catching Up, and it wants to Read Your HTTPS Traffic (updated)People often assume that if you’re running OSX, you’re relatively safe from malware. But this is becoming less and less true, as evidenced by a new strain of malware encountered by the Check.Checkpoint

30.7.2018

Check Point Discloses Vulnerability that Allowed Hackers to Take over Hundreds of Millions of WhatsApp & Telegram AccountsOne of the most concerning revelations arising from the recent WikiLeaks publication is the possibility that government organizations can compromise WhatsApp, Telegram and other end-to-end encrypted chat applications. While this has yet toCheckpoint

30.7.2018

2016 H2 Global and Regional Threat Intelligence TrendsIntroduction New, sophisticated threats continue to emerge on a daily basis across multiple platforms: social media, mobile platforms, email, and web pages. At the same time, prominent malware and attack methods continue to.

Checkpoint

30.7.2018

An In-depth Look at the Gooligan Malware CampaignCheck Point mobile threat researchers today published a technical report that provides deep technical analysis of the Gooligan Android malware campaign, which was first announced on November 30. The report discusses the ins and outs of.Checkpoint

30.7.2018

More Than 1 Million Google Accounts Breached by GooliganAs a result of a lot of hard work done by our security research teams, we revealed today a new and alarming malware campaign. The attack campaign, named Gooligan, breached the security of..Checkpoint

30.7.2018

ImageGate: Check Point uncovers a new method for distributing malware through imagesCheck Point researchers identified a new attack vector, named ImageGate, which embeds malware in image and graphic files. Furthermore, the researchers have discovered the hackers’ method of executing the malicious code within these..Checkpoint
2018Výsledek obrázku pro fireEyeIncreased Use of a Delphi Packer to Evade Malware ClassificationThe concept of "packing" or "crypting" a malicious program is widely popular among threat actors looking to bypass or defeat analysis by static and dynamic analysis tools.FireEye
2018Výsledek obrázku pro fireEyeClick It Up: Targeting Local Government Payment PortalsFireEye has been tracking a campaign this year targeting web payment portals that involves on-premise installations of Click2Gov.FireEye
2018Výsledek obrázku pro fireEyeAPT10 Targeting Japanese Corporations Using Updated TTPsIn July 2018, FireEye devices detected and blocked what appears to be APT10 (Menupass) activity targeting the Japanese media sector.FireEye
2018Výsledek obrázku pro fireEyeFallout Exploit Kit Used in Malvertising Campaign to Deliver GandCrab RansomwareFireEye identified a new exploit kit that was being served up as part of a malvertising campaign affecting users in Japan, Korea, the Middle East, Southern Europe, and other countries in the Asia Pacific region.FireEye
2018Výsledek obrázku pro fireEyeSuspected Iranian Influence Operation Leverages Network of Inauthentic News Sites & Social Media Targeting Audiences in U.S., UK, Latin America, Middle EastFireEye has identified a suspected influence operation that appears to originate from Iran aimed at audiences in the U.S., U.K., Latin America, and the Middle East.FireEye
2018Výsledek obrázku pro fireEyeAnnouncing the Fifth Annual Flare-On ChallengeThe FireEye Labs Advanced Reverse Engineering (FLARE) team’s annual reverse engineering challenge will start at 8:00 p.m. ET on Aug. 24, 2018.FireEye
2018Výsledek obrázku pro fireEyeBIOS Boots What? Finding Evil in Boot Code at Scale!This post details the challenges FireEye faced examining boot records at scale and our solution to find evil boot records in large enterprise networks.FireEye
2018Výsledek obrázku pro fireEyeOn the Hunt for FIN7: Pursuing an Enigmatic and Evasive Global Criminal OperationOn Aug. 1, 2018, indictments were unsealed announcing the arrests of three individuals within the leadership ranks of a criminal organization that aligns with activity we have tracked since 2015 as FIN7.FireEye
2018Výsledek obrázku pro fireEyeMicrosoft Office Vulnerabilities Used to Distribute FELIXROOT Backdoor in Recent CampaignFireEye recently observed a campaign involving Microsoft Office vulnerabilities being used to distribute the FELIXROOT backdoor.FireEye
2018Výsledek obrázku pro fireEyeHow the Rise of Cryptocurrencies Is Shaping the Cyber Crime Landscape: The Growth of MinersThis blog post discusses the various trends that we have been observing related to cryptojacking activity.FireEye