DressCode Android Malware Discovered on Google Play

 
The Check Point mobile threat prevention research team discovered a new Android malware on Google Play, called “DressCode,” which was embedded into more than 40 apps, and found in more than 400 additional apps on third party app stores. Check Point notified Google about the malicious apps, and some have already been removed from Google Play. The oldest apps were uploaded to Google Play on April 2016, where they remained undetected until recently. Some of the apps reached between 100,000 and 500,000 downloads each. Between 500,000 and 2,000,000 users downloaded the malicious apps from Google Play. Figure 1: One of the malicious apps found on Google Play. Similar to Viking ...

Check Point Spearheads Threat Prevention Security for Small and Medium Businesses

 
Small and medium-sized business owners typically think the security that protects their large enterprises counterparts is well out of reach in terms of costs and complexities. However recent shifts in the threat landscape have them rethinking their security strategies. Cybercriminals are equal opportunists who leverage the same tactics used on bigger enterprises to target smaller business. Now it’s a must for small businesses to have big security. According to the World Bank, more than 90 percent of registered businesses worldwide are considered small and medium-size (SMB). That’s a lot of ripe opportunity for shrewd cyber criminals who are more than aware of the easy pickings SMBs ...

Whaling: The Hunt for High Profile Business Targets

 
What are whaling attacks? “Whaling” attacks, also called Business Email Compromise (BEC), are a newer form of phishing attack. Phishing attacks consist of messages sent to would-be victims that try to deceive them into clicking malicious links, or opening an attachment that contains malware. Phishing attacks have evolved drastically, in part due to growing awareness of such threats. Spear phishing attacks are designed to target specific victims, as opposed to simply casting a wide net. Spear phishing often uses domains that are almost identical to real domains that are in constant contact with the victims, in an attempt to make the victim believe the phishing attempt is a valid ...

Beware of the Trident Exploits

 
Researchers from The Citizen Lab at the University of Toronto last week revealed a sophisticated zero-day attack on the iPhone of Ahmed Mansoor, a human rights activist in the United Arab Emirates. The Citizen Lab discovery exposed three zero-day exploits used by “Pegasus,” a lawful interception cyberespionage tool developed by the Israeli-based NSO Group and sold to government agencies. The attack was initiated by a spear phishing SMS sent to Mansoor’s iPhone 6. Had Mansoor clicked the infected link, the exploits would have been activated, jailbreaking his device and installing the Pegasus spyware. Webinar: Pegasus & Trident - Government-grade Espionage on iOS in the ...

Web Scripting Language PHP-7 Vulnerable to Remote Exploits

 
Exploiting server side bugs is a jackpot for hackers. Users tend to keep their data in one big pot – the server. This allows attackers to focus on one target, instead of individual users, making it possible for them to achieve greater results. This approach has been extremely profitable for attackers with various goals ranging from credential theft to cyber espionage. They manage to hack servers time and again by exploiting numerous vulnerabilities in server-side scripting languages. The most popular web server-side scripting language in use today is PHP, with over 80% of websites using it, according to Web Technology Surveys. Many secure coding practices are used when developing in ...

Advancing the Security of Your SDDC

 
VMworld US is rapidly approaching and we’ve been busy gearing up for a great show! In fact, the product team has been especially busy building new features and capabilities into our vSEC Cloud Security product portfolio which we’ll showcase during VMworld. While businesses of all sizes are making significant strides to virtualize networks and leverage public IaaS for greater efficiency and agility, solving the security challenges this new infrastructure brings continues to be common hurdle. The reason security remains a persistent hurdle is because embedded security controls in this new virtualized infrastructure – whether private SDDC or public IaaS  – do not provide any threat ...

The QuadRooter Domino Effect

 
Component suppliers, Android device manufacturers and developers all test their products rigorously. Even still, vulnerabilities -- both in hardware and software -- can be found on the smartphones and tablets we trust with our sensitive data. Until a patch for a vulnerability is installed, an affected device is exposed. That's why fixing vulnerabilities like QuadRooter requires the cooperation of everyone in the Android ecosystem including researchers, suppliers, Google, device manufacturers, and carriers. Suppliers: Check Point mobile researcher Adam Donenfeld informed Qualcomm about four vulnerabilities he discovered in its chipset software drivers between February and April, in ...

The Evolution of Proxy

 
When I entered the security market nearly 20 years ago, the philosophical and almost religious debate was whether proxy was a better technology than stateful inspection. Back then stateful firewalls were all about access control and proxy servers were interrupting a web connection to prevent direct internet exposure, and the “smart” ones were able to do some additional traffic verification. Times have changed though. Stateful inspection won the war against proxies back in the 2000’s, but people have not stopped discussing the topic. Just as the times have changed, so have the proxies. The proxies of today do not compare to the proxies of yesterday - and ditto for security gateways. ...

Check Point Forensic Files: Proving Ranscam ransomware does not provide a way to recover files

 
Every week we see new ransomware variants as cyber criminals continue to generate revenue from holding victims' files for ransom. In July, a new ransomware was discovered that is an out-and-out scam. It does not encrypt any files; it simply deletes all user files. It then demands a ransom for recovery of the files, but infected users cannot recover the files even if they pay the ransom. Researchers at Cisco did an analysis of the ransomware dubbed “Ranscam,” which can be read here. Figure 1: Forensic Analysis Overview. Click to open the interactive report. The forensic report is best viewed on wide screens with resolutions greater than 1280 x 768. The ideal browsers to view the ...