When you look at files from your cloud, are they looking back at you?

 
When your users look at files served from your cloud platform, files that have tracking pixels could be looking back — revealing more than you should to outsiders about users and infrastructure. Security researchers are finding tracking pixels implicated in attacks on enterprises. So, if your IT workloads are on a cloud platform, you should add pixel tracking to your list of cloud security issues. Here is how pixel tracking works and how attackers are co-opting this marketing tool to compromise security at enterprises. Tracking pixels – also called web beacons, tracking beacons, and web bugs – are useful marketing tools. Digital-marketing experts use tracking pixels to measure ...

CRN Gives Check Point’s Star Partner Program 5 Stars

 
For the school kids in our neighborhood, getting a gold star from the teacher is a pretty big deal. Despite providing the world’s toughest cyber security, we’re still big kids at heart when it comes to receiving great recognition for stellar performance. This is why we are pretty stoked that CRN’s Partner Program Guide has bestowed their prestigious 5-Star award winning program rating on Check Point’s Star Partner Program. In fact, this is the first year that Check Point applied for the program and immediately received the 5 Star rating. Computer Reseller News (CRN)’s annual partner program guide is the industry’s ultimate source for information about IT vendors’ ...

Stranger things: Securing your network in the upside down world of SDx

 
The smash hit Netflix series ‘Stranger Things’ centers around the mysterious disappearance of residents of Hawkins, Indiana. Those who vanish find themselves in a frightening, parallel nether-world called the ‘Upside Down’, where things are not exactly as they seem. For some organizations, moving from physical hardware-based networks to SDx public or private clouds can feel similarly alien. While the familiar, conventional network construct still exists, the security infrastructure has disappeared since there’s no physical infrastructure to get to grips with. So what do they do next? What makes SDx strange? As we know, SDx stands for software-defined infrastructure. That ...

The latest findings on Chrysaor (Pegasus for Android) are even more stealthy

 
Earlier this week Google published a research about a new sophisticated spyware tool for Android, believed to be related to the Pegasus malware for iOS, which was discovered in August 2016. As Google wrote in their blog, the malware was most likely created by the authors of Pegasus – the NSO group, and shares many common features as Pegasus. What’s the big news? Chrysaor is a fully developed spy tool for Android devices, and can allow attackers to surveil their targets’ every move. Chrysaor has implemented elaborate modules to listen in on conversations, take screenshots and surveil the device’s surroundings, steal sensitive data and read SMS messages. This malware presents a ...

Stopping Your Staff from Raining Data from the Cloud

 
No matter what your company’s official position is on the use of cloud services, your employees absolutely depend on them as part of their day-to-day work. The problem: the services they tend to use usually aren’t the ones you want them to use. A 2015 study of cloud usage found that employees were using 15 times more cloud services than their IT departments estimated or authorized; an average company also uses over 1,100 cloud services, of which just 8% meet the data security and privacy requirements of enterprises. In light of this, it’s no surprise that data breaches from cloud services happen frequently. An October 2016 Ponemon study of nearly 650 IT professionals in North ...

Best-of-breed security for hybrid clouds

 
Wouldn’t it be great if you could make a fresh start with your organization’s IT infrastructure? Unfortunately, unless you’re a start-up, most enterprises don’t have the luxury of starting with a clean slate. Instead, the majority of us have to make the most of a hybrid of legacy apps and existing investments with new cloud deployments to keep pace with business demands. A recent survey by Verizon and Harvard Business Review highlighted this issue. It found that 63% of organizations are pursuing a hybrid cloud approach to improve their competitiveness, yet a third (32%) were struggling to integrate cloud with other systems. For many organizations, their IT infrastructure will ...

Ransomware– Not Only File Encryption

 
Ransomware is an ever-increasing threat worldwide, claiming new victims on a regular basis with no end in sight. While most ransomware families prevent the victims from accessing their documents, pictures, databases and other files by encrypting them and offering a decryption key in return for a ransom payment, others use different, but no less creative ways to extract payment from their victims. Here are some examples:    IoT ransomware Smart devices are known to be a soft spot targeted by threat actors for various purposes. In August 2016, security researchers demonstrated their ability to take control of a building’s thermostats and cause them to increase the temperature ...

Get off my (private) cloud

 
As enterprises transform their physical data centers to private and hybrid cloud models, how should they secure these new environments, keeping threats and attackers off their cloud? A new era of virtualization, automation and Anything-as-a-Service (XaaS) is being ushered in at a blistering pace, driving greater efficiencies and cost savings while dramatically changing the way businesses roll out new applications and services. And as Mick Jagger was fond of saying: “But it’s all right now, in fact it’s a gas!” It really can be all right if you understand how this new model doesn’t inadvertently introduce new risks or expose your business to more threats. The trends are ...

Three Key Takeaways from WikiLeaks’ Release of CIA Documents

 
The latest revelations by WikiLeaks, collectively called the “Vault 7 Leak”, have caused quite a commotion in the security world, reinvigorating myths that were previously viewed as theoretical. There are already several lessons to be learned from WikiLeaks’ most recent data dump, and we offer you three top takeaways from the initial document disclosure.   1. Every connected device can be hacked The publication details exploitation techniques for all sorts of electronic devices: from PCs and laptops, to mobile devices, and even to Smart TVs and connected cars. While these techniques are not groundbreaking, the sheer scope of hackable devices revealed in the CIA trove is ...

Check Point Comments on Recent Advanced Threats

 
Today’s publication by WikiLeaks shows how advanced hacking techniques, including extremely sophisticated exploit tools, are more readily available than you’d think; they’re available to everyone, including governments. These tools provide new surveillance capabilities allowing them to hack into enterprise and military networks, smartphones, tablets and even IoT devices such as Smart TVs. Check Point researchers have been tracking these exploits since the news was first released. What is not released yet is the code detail.  Since the information was retrieved from early 2016, most of the mobile devices that have been targeted so far are older operating system versions of Android ...