All articles tagged with #check point
Check Point Software Technologies is acquiring Lakera, an AI-native security platform, to enhance its end-to-end AI security offerings for enterprises, focusing on protecting AI models, agents, and data amidst the growing adoption of AI technologies.
Check Point has issued a warning about a zero-day vulnerability (CVE-2024-24919) in its Network Security gateway products, which has been actively exploited. The flaw, with a CVSS score of 7.5, affects various Quantum and CloudGuard products and allows attackers to read information on Internet-connected gateways with remote access VPN or mobile access enabled. Hotfixes are available for affected versions. The vulnerability has been exploited since April 30, 2024, allowing unauthorized actors to extract password hashes and Active Directory data, leading to potential lateral movement within networks.
Check Point has released emergency hotfixes for a zero-day VPN vulnerability (CVE-2024-24919) that was exploited to gain remote access to firewalls and corporate networks. The flaw affects various Check Point products, and the company has provided detailed instructions for applying the updates. The hotfixes also include measures to block login attempts using weak credentials.
Hackers are targeting Check Point Remote Access VPN devices to breach enterprise networks by exploiting old local accounts with insecure password-only authentication. Check Point advises customers to enhance security by using certificate authentication or deleting vulnerable accounts. A hotfix has been released to block weak password-only authentication. This follows similar attacks on Cisco VPN devices, highlighting a broader trend of VPN-targeted cyber threats.
The financially motivated hacking group Magnet Goblin is exploiting 1-day vulnerabilities to deploy custom malware on Windows and Linux systems, targeting devices and services such as Ivanti Connect Secure, Apache ActiveMQ, ConnectWise ScreenConnect, Qlik Sense, and Magento. The group uses custom malware including NerbianRAT and MiniNerbian, with a Linux variant of NerbianRAT identified. Check Point warns that identifying such threats among the volume of 1-day exploitation data is challenging, emphasizing the importance of quick patching and additional security measures to mitigate potential breaches.
Microsoft warns of a critical security vulnerability in Outlook, tracked as CVE-2024-21413, which allows remote unauthenticated attackers to exploit it easily, leading to remote code execution and bypassing Office Protected View. The flaw affects multiple Office products and can be exploited through low-complexity attacks without user interaction. Check Point researchers discovered the vulnerability, dubbed Moniker Link, which allows attackers to bypass Outlook protections for malicious links embedded in emails. Microsoft has issued a patch and urges all Outlook users to apply it as soon as possible.
Microsoft warns of a critical security vulnerability in Outlook, tracked as CVE-2024-21413, which allows remote unauthenticated attackers to exploit it easily, leading to remote code execution and bypassing Office Protected View. The flaw affects multiple Office products and can be exploited through low-complexity attacks without user interaction. Check Point researchers discovered the vulnerability, dubbed Moniker Link, which allows attackers to bypass Outlook protections for malicious links embedded in emails. Microsoft has issued a patch and urges all Outlook users to apply it as soon as possible.
The Raspberry Robin malware has evolved to include one-day exploits targeting vulnerabilities in Windows systems, indicating that the malware operator has access to exploit code or sources. The malware has also implemented new evasion techniques and distribution methods, including the use of Discord to drop malicious files onto targets. Check Point reports an increase in Raspberry Robin's operations, with large attack waves targeting systems worldwide. The malware now leverages exploits for CVE-2023-36802 and CVE-2023-29360 to elevate privileges on infected devices, and it has added new evasion mechanisms to evade security tools and OS defenses. The malware's operators are likely connected to a developer that provides exploit code, and Check Point provides indicators of compromise for identifying Raspberry Robin.
Gil Shwed, co-founder and CEO of Check Point for 30 years, is stepping down to become Executive Chairman, focusing on the company's future. Despite facing criticism for conservatism, Check Point's 2023 financial report showed a 4% revenue increase to $2.4 billion and a net profit of $840 million. Shwed's departure comes as the company thrives, with little competition in terms of profitability, and follows the acquisition of Perimeter 81 for half a billion dollars.
Iranian hacker group Scarred Manticore, believed to be affiliated with Iran's Ministry of Intelligence and Security (MOIS), has been conducting an ongoing espionage campaign targeting government, military, and telecom sectors in the Middle East, including Saudi Arabia, UAE, Jordan, Kuwait, Oman, Iraq, and Israel. The group, active since at least 2019, has been infiltrating organizations to exfiltrate data using advanced malware called Liontail, which allows remote command execution. Scarred Manticore's tools and capabilities demonstrate the progress Iranian actors have made, and while there are overlaps with the Iranian hacker group OilRig, attribution is not definitive. The group's operations are expected to continue and potentially expand into other regions aligned with Iranian long-term goals.
Check Point, the enterprise cybersecurity company, has acquired Perimeter 81, an Israeli startup specializing in security tools for remote and hybrid workers, for approximately $490 million. The acquisition will help Check Point expand its offerings and customer base in the remote work market. Perimeter 81's technology will be integrated into Check Point's Infinity architecture, allowing for more unified security services. This acquisition reflects the trend of larger enterprise platforms consolidating point-solution functionality to provide comprehensive solutions to customers. The deal is expected to close in Q3 2022.