77% of Android Devices Still Endanger Users Due to Design Flaws

 
Researchers have discovered a design flaw in Android that can be used to remotely capture screenshots or record audio… without the user’s knowledge or consent.   The attack relies on the MediaProjection service in Android, which has these extensive capabilities, and was made available for the use of non-propriety apps since Android version 5.0 (Lollipop). While apps are required to receive the user's permission to use this service, the new attack uses a screen overlay tactic to deceive them into granting it unknowingly.   At the time of publication, Google has only fixed the issue in Android version 8.0 (Oreo), leaving Android versions 5.0, 6.0 and 7.0, which ...

Uber Takes Cloud Security For A Ride

 
Cloud security has had a rough ride of it recently, and this past week its driver was the $68bn global transportation company, Uber.   Earlier this week, it was revealed that the personal details of Uber’s 57 million drivers and had been stolen back in 2016. The company then made matters worse by not reporting the breach to international data regulators, and instead paid the perpetrators $100,000 to delete the sensitive files and cover up the incident.   However, Uber’s failure to disclose the breach goes beyond non-adherence to best practice and journeys into the realm of the unethical. With such a large amount of sensitive data at stake, Uber was certainly ...

Check Point Security Credentials Validated with Cyber Essentials Plus Awards

 
Check Point is proud to announce that we have received two ‘Cyber Essentials Plus’ awards under the British Government’s Cyber Essentials Accreditation Scheme. The British Ambassador to Israel, David Quarrey, officially presented the accreditations as part of the UK Government’s Cyber Essentials Scheme. Launched in 2014, the Cyber Essentials Scheme serves as part of the National Cyber Security Strategy to help British organizations bolster their defenses against cyber-attack.   Meeting the Criteria The Cyber Essentials Plus accreditation offers a higher level of assurance by externally testing an organisation’s cyber security approach. The assessment was conducted ...

The Danger Behind Santa’s Beard

 
Santa’s beard is usually white, the colour of purity and innocence. However, cyber-criminals targeting online shoppers enjoying the run up to the Black Friday and Christmas holidays this year could be trying to take advantage of that innocence.   Researchers at Check Point recently discovered that criminals have a new way to trick merry online shoppers via the massively popular AliExpress shopping portal. With more than 100 million customers and $23bn in revenue worldwide, AliExpress, part of the AliBaba Group, is one of the most popular places to shop online.   After discovering the vulnerability, Check Point Researchers immediately informed AliExpress who, due to ...

New Research: Mobile Malware Hits Every Business

 
Every business has experienced at least one mobile cyberattack in the past year, according to a new study published today by Check Point mobile threat researchers. The report, entitled Mobile Cyberattacks Impact Every Business, is the first study to document the volume and impact of mobile attacks across corporate and public enterprise environments. The landmark study analyzes actual threat telemetry from corporate-issued and personally-owned bring-your-own devices. Data from the research demonstrates that enterprise mobility is under constant attack, affecting all regions and industries, on both Android and iOS platforms. These threats to mobile users are often sophisticated and ...

SandBlast Mobile: The Best Mobile Security Solution Just Got Better

 
If there’s one thing we can count on it’s the tenacity and resourcefulness of cybercriminals. SandBlast Mobile threat researchers recently identified two new trends emerging in the global hacking community. First, cybercriminals have recently begun developing mobile permutations of existing zero-day malware. One recent case involved a mobile remote access Trojan (mRAT) that was spotted on the device of the chief security officer of a major European bank. An mRAT allows an attacker to remotely access an infected device and gather information from all its sensors, such as the camera, microphone, message and call directories, and much more. mRATs are typically used to surveil mobile ...

October’s Most Wanted Malware: Cryptocurrency Mining Presents New Threat

 
Check Point’s latest Global Threat Index has revealed crypto miners were an increasingly prevalent form of malware during October as organizations were targeted with the CoinHive variant Crypto mining is emerging as a silent, yet significant, actor in the threat landscape, allowing threat actors to extract substantial profits while victims’ endpoints and networks suffer from latency and decreased performance. The emergence of Seamless and CoinHive once again highlights the breadth and depth of the challenges organizations face in securing their networks against cyber-criminals. Following up on recent Check Point research that found that cryptocurrency miners can use up to 65% of ...

Check Point IoT Blog Series: ‘Home, Smart Home’ – But How Secure Is It?

 
The smart home is often idealized as a domestic paradise -- your fridge orders your groceries for you, your robot vacuum cleaner zooms from room to room, and changing the thermostat is as easy as pulling up an app on your phone. But beneath the surface of this always-on, seamlessly connected exterior, however, lie significant concerns about privacy and cybersecurity. These concerns were dramatized in the Season 2 premiere of the cyber-drama ‘Mr. Robot’. The TV and stereo are switched on and off randomly; the water temperature in the shower goes from boiling to freezing, and the air conditioning is switched to Arctic temperatures. Someone hacked this fictional smart home, forcing the ...