Closing the Malware Gap: The Rise of Threat Extraction

 
Attackers most commonly enter organizations through everyday means such as an emailed file. While these documents look innocuous, they can easily contain malicious content delivered in the form of macros, embedded Java script and even external website links. This kind of infection happens more frequently than you’d think. According to Check Point’s 2015 Security Report, 41 percent of organizations surveyed downloaded at least one file infected with unknown malware in 2014. That’s almost a 25 percent increase from the previous year, indicating a serious security gap.   This gap is only going to become wider, given that opening external documents is an everyday occurrence in ...

Check Point and AirWatch Partner to Secure the Future of the Mobile Enterprise

 
As cyberthreats become more sophisticated, it's important to have a comprehensive mobile security strategy that ties into your broader security infrastructure. That strategy should include solutions that are easy to deploy, simple to manage, and transparent to the end user in order to achieve greater success and to maximize security. To help customers achieve that goal, Check Point announced today its participation as a charter member of the AirWatch Mobile Security Alliance. Through this partnership, Check Point and AirWatch will drive new ways for customers to protect devices accessing corporate data and networks, enabling organizations to battle today’s mobile threat environment ...

XCodeGhost: The First Wide-Scale Attack on iOS Apps Arrives

 
XcodeGhost is a compromised version of the iOS developer platform, Xcode. This unofficial version of Xcode was altered so that it injects malicious code into any app that was developed and compiled using it. How can an attacker use XcodeGhost? Infected apps are capable of receiving commands from the attacker through the server to perform actions such as prompting a fake alert dialog to phish user credentials; hijacking or opening specific URLs based on their scheme, allowing exploitation of vulnerabilities in the iOS system or other iOS apps; reading and writing data in the user’s clipboard, which could be used to read content such as the user’s password if that password is copied ...

BrainTest – A New Level of Sophistication in Mobile Malware

 
Check Point Mobile Threat Prevention has detected two instances of a mobile malware variant infecting multiple devices within the Check Point customer base. The malware, packaged within an Android game app called BrainTest, had been published to Google Play twice. Each instance had between 100,000 and 500,000 downloads according to Google Play statistics, reaching an aggregated infection rate of between 200,000 and 1 million users. Check Point reached out to Google on September 10, 2015, and the app containing the malware was removed from Google Play on September 15, 2015. Overview The malware was first detected on a Nexus 5 smartphone, and although the user attempted to remove ...

Finding Vulnerabilities in Core WordPress: A Bug Hunter’s Trilogy, Part III – Ultimatum

 
In this series of blog posts, Check Point vulnerability researcher Netanel Rubin tells a story in three acts – describing his long path of discovered flaws and vulnerabilities in core WordPress, leading him from a read-only ‘Subscriber’ user, through creating, editing and deleting posts, and all the way to performing SQL injection and persistent XSS attacks on 20% of the popular web. “Part III – Ultimatum” will describe and analyze CVE-2015-5714 and CVE-2015-5715, allowing XSS attacks, as well as another privilege escalation. Both vulnerabilities are now patched, please ensure you upgrade to WordPress 4.3.1 as soon as possible.   In Part I, we showed a privilege ...

The Problem with Traditional Sandboxing

 
Hackers have come to recognize and understand the usual methods of threat prevention, like antivirus, anti-bot and firewalls. While these are essential elements in a comprehensive security program, today’s advanced hackers use their knowledge and insight to design malware and attacks capable of evading detection by these traditional methods. According to the Check Point 2015 Security Report, unknown malware was downloaded every 34 seconds. With this rapid growth of unknown malware, traditional solutions alone are no longer sufficient to protect against the most advanced attacks.   In recent years, sandboxing technology has emerged as one solution to fight against unknown ...

Check Point IPS Protects Against Zero-Day Vulnerability in FireEye Appliances

 
On September 6th, researcher Kristian Erik Hermansen publically disclosed a zero-day vulnerability in FireEye appliances. This vulnerability impacts customers running HX 2.1.x and DMZ 2.1.x versions of the FireEye HX endpoint security platform, and appears to be concentrated in a PHP script on the appliance itself. If exploited, this vulnerability could lead to unauthorized remote root file system access. The Linux operating system used by the FireEye servers contains a number of system files with sensitive information. According to Hermansen’s disclosure, triggering the vulnerability allows the attacker to obtain a copy of the /etc/passwd file and gain access to other system files. ...

Analysis of the Sality Gambling Campaign

 
Check Point has a wide and global install base, from which we receive anonymized logs of millions of security incidents per day. At the end of July, one of our anomaly detection algorithms found the following domains in logs from approximately 15% of our sensors in Vietnam: blindzone.ivyro.net argentinaenimagenes.com imou.wz.cz burakcay.com   All four of these domains appear in the DNS request of thousands of files in the wild. These files all seem different from one another (different sizes, different file names etc.), but each one is identified by over 45 of 56 vendors in VT as related to Sality, a well-known malware family. In the graph below, it is evident that ...

The Sandbox Evolved: An Advanced Solution to Defeat the Unknown

 
The modern threat landscape is one of constant evolution. Everything is changing before our eyes – the types of security threats we face, and especially the methods cybercriminals use to infiltrate networks and confiscate data. These new, ever-changing threats have become very complex, bringing new risks and uncertainties. Typically, signature-based protection like antivirus (AV) and intrusion prevention systems (IPS) detect and block known malware from infecting the organization. However, knowing that most organizations have deployed these technologies, hackers have turned their focus towards creating unknown malware – often just variants of earlier code – in order to bypass ...

WhatsApp “MaliciousCard” Vulnerabilities Allowed Attackers to Compromise Hundreds of Millions of WhatsApp Users

 
Introduction WhatsApp Web is a web-based extension of the WhatsApp application on your phone. The web application mirrors all messages sent and received, and fully synchronize your phone and your desktop computer so that users can see all messages on both devices. WhatsApp Web is available for most WhatsApp supported platforms, including Android, iPhone (iOS), Windows Phone 8.x, BlackBerry, BB10 and Nokia smartphones. In September 2015, WhatsApp announced they had reached 900 million active users a month. At least 200M are estimated to use the WhatsApp Web interface, considering publicly available web traffic statistics.   Executive Summary Check Point security ...