Check Point Threat Alert: Hacking Team
EXECUTIVE SUMMARY
Hacking Team is an Italian company that provides security services and tools to governments and law enforcement organizations.
The company experienced a data breach on Monday, July 6th, resulting in 400 GB of its documents being leaked.
Source code stolen from Hacking Team has revealed new zero day vulnerabilities in Windows and Adobe Flash.
Check Point has just released two new IPS protections to address these new vulnerabilities.
DESCRIPTION
Hacking Team Hacked
- The cybersecurity firm Hacking Team appears to have itself been the victim of a hack, with documents that purport to show it sold software to “repressive” regimes being posted to the company’s own Twitter feed.
- The Italy-based company offers security services to law enforcement and national security organizations. It offers legal offensive security services, using malware and vulnerabilities, to gain access to targeted networks.
- According to the documents, 400GB of which have been published, Hacking Team has also been working with numerous “repressive” governments – something it has previously explicitly denied doing.
New Zero Days Vulnerabilities Revealed
- The Adobe Flash exploit can mark injected code as executable – which is then called and can execute various actions.
- The Windows Kernel vulnerability can be used to elevate an attacker’s privileges to administrator level, allowing more damage or surveillance to be carried out. It can be chained with the aforementioned Flash zero-day to first execute code as a user and then gain more powers to fully hijack the system.
CHECK POINT IPS ZERO DAY PROTECTIONS
Check Point protects its customers from these zero day vulnerabilities with the following IPS protections:
- Adobe Flash ActionScript 3 ByteArray Use After Free (APSA15-03: CVE-2015-5119)
- This protection will detect and block attempts to exploit the vulnerability in CVE-2015-5119. A successful exploitation can allow a remote attacker to execute arbitrary code on a vulnerable system.
- Microsoft Windows Font Glyphs Kernel Code Injection (CVE-2015-2387)
- This protection will detect and block attempts to exploit the vulnerability in CVE-2015-2387. Successful exploitation of this vulnerability might result in invalid memory access, allowing kernel code injection.
REFERENCES
http://www.theguardian.com/technology/2015/jul/06/hacking-team-hacked-firm-sold-spying-tools-to-repressive-regimes-documents-claim http://www.theregister.co.uk/2015/07/07/hacking_team_zero_days_flash_windows_kernel/
You may also like
Shifting Attack Landscapes and Sectors in Q1 2024 with a 28% increase in cyber attacks globally
Not So Private After All: How Dating Apps Can Reveal Your Exact Location
Agent Tesla Targeting United States & Australia: Revealing the Attackers’ Identities
