Check Point Blog

Welcome to the Check Point Blog where you will find posts tagged in two categories:

  • Threat Research: Research findings, threat intelligence, and perspectives from Check Point’s research teams
  • Security Insights: Perspectives on current events and the security landscape from Check Point thought leaders


Get started by choosing a category, or read them all!

Sort blog posts by:  

Beware of the Trident Exploits

 
Researchers from the University of Tornonto’s Citizen Lab last week revealed a sophisticated zero-day attack on the iPhone of Ahmed Mansoor, a human rights activist in the United Arab Emirates. Citizen Lab’s discovery exposed three zero-day exploits used by “Pegasus,” a lawful interception cyberespionage tool developed by the Israeli-based NSO Group and sold to government agencies. The attack was initiated by a spear phishing SMS sent to Mansoor’s iPhone 6. Had Mansoor clicked the infected link, the exploits would have been activated, jailbreaking his device and installing the Pegasus spyware. Webinar: Pegasus & Trident - Government-grade Espionage on iOS in the Wild iOS ...

Web Scripting Language PHP-7 Vulnerable to Remote Exploits

 
Exploiting server side bugs is a jackpot for hackers. Users tend to keep their data in one big pot – the server. This allows attackers to focus on one target, instead of individual users, making it possible for them to achieve greater results. This approach has been extremely profitable for attackers with various goals ranging from credential theft to cyber espionage. They manage to hack servers time and again by exploiting numerous vulnerabilities in server-side scripting languages. The most popular web server-side scripting language in use today is PHP, with over 80% of websites using it, according to Web Technology Surveys. Many secure coding practices are used when developing in ...

Advancing the Security of Your SDDC

 
VMworld US is rapidly approaching and we’ve been busy gearing up for a great show! In fact, the product team has been especially busy building new features and capabilities into our vSEC Cloud Security product portfolio which we’ll showcase during VMworld. While businesses of all sizes are making significant strides to virtualize networks and leverage public IaaS for greater efficiency and agility, solving the security challenges this new infrastructure brings continues to be common hurdle. The reason security remains a persistent hurdle is because embedded security controls in this new virtualized infrastructure – whether private SDDC or public IaaS  – do not provide any threat ...

The QuadRooter Domino Effect

 
Component suppliers, Android device manufacturers and developers all test their products rigorously. Even still, vulnerabilities -- both in hardware and software -- can be found on the smartphones and tablets we trust with our sensitive data. Until a patch for a vulnerability is installed, an affected device is exposed. That's why fixing vulnerabilities like QuadRooter requires the cooperation of everyone in the Android ecosystem including researchers, suppliers, Google, device manufacturers, and carriers. Suppliers: Check Point mobile researcher Adam Donenfeld informed Qualcomm about four vulnerabilities he discovered in its chipset software drivers between February and April, in ...

The Evolution of Proxy

 
When I entered the security market nearly 20 years ago, the philosophical and almost religious debate was whether proxy was a better technology than stateful inspection. Back then stateful firewalls were all about access control and proxy servers were interrupting a web connection to prevent direct internet exposure, and the “smart” ones were able to do some additional traffic verification. Times have changed though. Stateful inspection won the war against proxies back in the 2000’s, but people have not stopped discussing the topic. Just as the times have changed, so have the proxies. The proxies of today do not compare to the proxies of yesterday - and ditto for security gateways. ...

Check Point Forensic Files: Proving Ranscam ransomware does not provide a way to recover files

 
Every week we see new ransomware variants as cyber criminals continue to generate revenue from holding victims' files for ransom. In July, a new ransomware was discovered that is an out-and-out scam. It does not encrypt any files; it simply deletes all user files. It then demands a ransom for recovery of the files, but infected users cannot recover the files even if they pay the ransom. Researchers at Cisco did an analysis of the ransomware dubbed “Ranscam,” which can be read here. Figure 1: Forensic Analysis Overview. Click to open the interactive report. The forensic report is best viewed on wide screens with resolutions greater than 1280 x 768. The ideal browsers to view the ...

July’s Top 10 Most Wanted Malware

 
Check Point Software Technologies today revealed the number of active malware families decreased by 5 percent in July, as the company disclosed the most prevalent malware families attacking organizations’ networks in the month. During July, Check Point detected 2,300 unique and active malware families attacking business networks, a 5 percent increase compared to June, with Conficker remaining the most commonly used malware.  Despite the overall decrease in active malware the prevalence of mobile malware increased, accounting for 9 percent of active malware – up by 50 percent from June.  For the fourth consecutive month HummingBad remained the most commonly used malware to attack ...

CerberRing: An In-Depth Exposé on Cerber Ransomware-as-a-Service

 
Check Point researchers have uncovered the sophisticated infrastructure of Cerber, a Ransomware-as-a-Service, including the business model and money trail. For the full CerberRing Report click here. The ransomware epidemic continues to rage on, encrypting files of private and enterprise users alike. Ransomware has become a global problem. According to the FBI, the accumulated revenue in the first three months of 2016 was over $209 million. One question that naturally arises is - where does all this money go? In some cases, the operation is run by a single attacker, with the malware developer also serving as the distributor and the only one to profit from the campaign. However, the ...

QuadRooter: New Android Vulnerabilities in Over 900 Million Devices

 
Check Point today disclosed details about a set of four vulnerabilities affecting 900 million Android smartphones and tablets that use Qualcomm® chipsets. The Check Point mobile threat research team, which calls the set of vulnerabilities QuadRooter, presented its findings in a session at DEF CON 24 in Las Vegas. What is QuadRooter? QuadRooter is a set of four vulnerabilities affecting Android devices built using Qualcomm chipsets. Qualcomm is the world’s leading designer of LTE chipsets with a 65% share of the LTE modem baseband market. If any one of the four vulnerabilities is exploited, an attacker can trigger privilege escalations for the purpose of gaining root access to a ...