Future-Proof Security Management

 
Cyber security is about more than stopping threats; it is also about maintaining a robust and flexible security infrastructure that can scale and evolve to keep pace with the business. It is a trite but true claim – your security is only as strong as your ability to manage it.   In my line of work, I am constantly talking to customers and industry analysts to gain insights that will help us improve security management effectiveness and efficiency in our products. More importantly, we look for trends to educate us in building into our products the capabilities to handle incipient security challenges. From our research, some trends have emerged that we believe will transform the ...

Love is in the air (along with malware in your email): Facebook email redirection used to overcome spam filtering

 
Every year in the middle of February, much of the world takes a brief moment to focus on love. I’m pretty sure there is an element we could trace back to greeting card suppliers, florists, or purveyors of fine chocolates, but maybe that is just the cynic in me. But what strikes me as interesting (as a security guy), is how much the concept of love seems to be front and center in the security world. Anyone remember the “I LOVE YOU” email worm, which wreaked havoc in 2000? And still fresh in our minds is Heartbleed, which had little to do with love, but I think the nifty logo got it much more coverage than if they had called it the OpenSSL crypto buffer over-read ...

Campaign Targeting WordPress: Users being Redirected to Angler Exploit Kit

 
In the past week, a massive campaign targeting WordPress-based websites has been reported by several security vendors, including Sucuri and Malwarebytes. In the previous iteration, unsuspecting victims were redirected to domains hosting ads which, if clicked, sent them to the Nuclear Exploit Kit landing page. Check Point security analysts have recently observed a change in the process – victims are now sent to the notorious Angler Exploit Kit landing page. An obfuscated malicious script is appended to the end of the infected websites’ JS files. When the user’s browser loads the page, the script redirects to a gate controlled by the malicious actor. This is the obfuscated script; ...

Managing the Complex Ecosystem of Healthcare Security

 
Healthcare is one of several industries that has made tremendous strides with integrating advanced technology into their medical environments. Doctors can now communicate with their patients in a number of different ways, including email, updates through text messages, automated prescriptions, as well as communicating through customized portals, specific to that healthcare environment, to conveniently send information. We can now access our medical histories and data through these portals, without having to wait long periods of time. The proliferation of doctors and hospital staff bringing their own devices - laptops, tablets and other mobile devices has also lessened the time it takes to ...

Too Much Freedom is Dangerous: Understanding IE 11 CVE-2015-2419 Exploitation

 
It's been a while since a pure JavaScript vulnerability was widely used by exploit kits. The last few years mostly gave us IE Use-After-Free vulnerabilities. When those were dealt with by Microsoft's IsolatedHeap and MemoryProtection mechanisms, introduced in the middle of 2014, the stage was clear for Flash to take over. Now, as Flash is marching towards its imminent death, Silverlight has been dying for a long time, and Java applets must be signed and played only after the user is prompted, we can expect some new trend to arrive on the scene. CVE-2015-2419 (Jscript9 Memory Corruption), the subject of our paper, was patched 5 months ago, but is still used across most Exploit Kits. ...

Introducing Check Point SandBlast Agent

 
As the modern workplace continues to evolve, it becomes increasingly important that individual end-user devices are protected from advanced threats. In most organizations today, endpoint device protection is still limited to traditional antivirus solutions that only detect previously known threats and techniques. Hackers today utilize sophisticated malware variants and new zero-day attacks to target end user devices and evade detection. Users may inadvertently be exposed to malware when downloading files, putting the enterprise network at risk of infection. When suspicious events do occur, it is essential that organizations have immediate access to the information required to fully ...

In The Wild: Mobile Security Observations from the Check Point Research Team

 
Every day, it seems, our research team encounters new ways hackers can infiltrate your mobile device. This week our mobile security observations we'll go over some new advancements in malware targeting Android devices, as well as additional dangerous architecture flaws in the iOS environment. Dropper Uses Steganography to Infiltrate Google Play - And Devices Researchers have revealed a new malware campaign on Google Play embedded into more than 60 game apps. The apps are still on Google Play and, from the looks of it, there is no hard evidence that these apps were developed with a malicious intention. Notwithstanding, the apps do have dire dropping capabilities that may easily be abused ...

HummingBad: A Persistent Mobile Chain Attack

 
Check Point Mobile Threat Prevention has detected a new, unknown mobile malware that targeted two customer Android devices belonging to employees at a large financial services institution. Mobile Threat Prevention identified the threat automatically by detecting exploitation attempts while examining the malware in the MTP emulators. The infection was remediated after the system notified the devices owners and the system administrators. The infection vector was a drive-by download attack, and the Check Points Threat-Cloud indicates some adult content sites served the malicious payload. Called HummingBad, this malware establishes a persistent rootkit with the objective to generate ...

Super Bowl Cybercrime

 
Super Bowl 50 is coming to my hometown and, along with it, over a million devoted fans who’ll pack events, concerts and restaurants from San Francisco to Santa Clara. That week they, along with fellow fans across the nation, will go nuts for anything related to the ultimate football showdown. They’ll don team t-shirts and hats, stick bumper stickers and flags on their cars, they’ll even paint their faces, chests and bellies team colors to prove their dedication. Now, I’ll admit I don’t know much about football, but I do know how all of this exuberance makes fans easy targets for cyber criminals. There are all kinds of football-related sites and apps out there to keep fans ...

Size Doesn’t Matter in Cybersecurity

 
Has the landscape of small business security improved over the last few years? This is the question I'm asking myself as we roll into 2016. As a former IT administrator for my friend's small drafting company, which involved a wide breadth of IT related tasks from managing their five desktop computers to securing their network firewall, I've witnessed first-hand the types of IT challenges a typical small business faces on a daily basis. A common phrase echoed by politicians and economists is, 'Small business is the backbone of the economy.'   Today, there are over 28 million small businesses representing over 55% of jobs in the US, according to the small business administration . ...