Is Malware Hiding in Your Resume? Vulnerability in LinkedIn Messenger Would Have Allowed Malicious File Transfer

 
The popular business social network LinkedIn has accumulated over 500 million members across 200 countries worldwide. Whether you’re a manager seeking to expand your team or a graduate on the job hunt, LinkedIn is the go-to place to expand your professional network.   As the world’s largest professional network, LinkedIn has acquired a noteworthy reputation. Individuals utilize the site to seek out trustworthy business connections and job opportunities. The most used feature on the site is the messenger platform. It enables users to easily send resumes, transfer academic research and share job descriptions. Users open messages under the assumption that the information is ...

CrashOverride

 
On June 20th Check Point published an IPS signature providing virtual patching for the Siemens SIPROTEC DoS vulnerability. This IPS signature can help protect against a new malware, CrashOverride, also known as Industroyer-- that is a direct threat to Electric Grid Operators.   CrashOverride is the fourth piece of ICS-tailored malware used against these targets and the second ever to be designed and deployed for disrupting physical industrial processes. CrashOverride was employed in the December 17th, 2016 cyber-attack on the Kiev, Ukraine transmission substation resulting in electric grid operations impact.   This malware is an extensible platform that can be used to ...

Android Permission Security Flaw

 
Check Point researchers spotted a flaw in one of Android’s security mechanisms. Based on Google’s policy which grants extensive permissions to apps installed directly from Google Play, this flaw exposes Android users to several types of attacks, including ransomware, banking malware and adware. Check Point reported this flaw to Google, which responded that this issue  is already being dealt with in the upcoming version of Android, currently dubbed "Android O".   Technical Background: In Android version 6.0.0, dubbed “Marshmallow”, Google introduced a new permission model for apps. The new model consists of several groups of permissions, with permissions considered as ...

Debug Instrumentation via Flash ActionScript

 
Browser plug-ins have always been an attractive target for attackers to exploit. In the last couple of years, the most prevalent attack platform was undoubtedly – Flash. With 250+ CVEs in 2016 alone, and incorporation in practically every exploit kit, Flash exploits are everywhere and deserve our attention. As researchers, we stumble upon many cases where we are required to analyze exploits found in the wild and collect as much information as possible regarding the exploit`s internal workings. This process quite often proves to be tedious and very time consuming, making the research task far from optimal. As most of an exploit’s juicy parts (such as ROP chains, Shellcodes and ...

The Unbearable Lightness of Operating Web-Based Attacks: How easy it is to steal money from IE 8.0-11.0 users

 
Looking back at the past year, there is no doubt that the malware-as-a-service industry, which sells and trades malware samples, attack tools, and a variety of services, is thriving. It means that cyber criminals with low technical skills can easily purchase attack tools from more advanced hackers, vastly increasing the number of potential attackers, attacks, and victims. Cerber, a ransomware-as-a-service operation, was one of the most dominant and profitable ransomware variants of 2016. Last December, a new DDoS (Distributed Denial of Service) collaborative effort dubbed Sledgehammer made headlines due to its unique operation mode. Participants were asked to attack targeted political ...

Check Point Discloses Vulnerability that Allowed Hackers to Take over Hundreds of Millions of WhatsApp & Telegram Accounts

 
One of the most concerning revelations arising from the recent WikiLeaks publication is the possibility that government organizations can compromise WhatsApp, Telegram and other end-to-end encrypted chat applications. While this has yet to be proven, many end-users are concerned as WhatsApp and Telegram use end-to-end encryption to guarantee user privacy. This encryption is designed to ensure that only the people communicating can read the messages and nobody else in between. Nevertheless, this same mechanism has also been the origin of a new severe vulnerability we have discovered in both messaging services’ online platform – WhatsApp Web and Telegram Web. The online version of ...

Hancitor Makes First Appearance in Top Five ‘Most Wanted’ Malware in Check Point’s February Global Threat Impact Index

 
Hancitor has surged into the top five of our ‘most wanted’ malware families worldwide for the first time, according to the new February Global Threat Impact Index from our Threat Intelligence Research Team. The downloader, which installs malicious payloads such as Banking Trojans and ransomware on infected machines, climbed 22 places after more than tripling its global impact in the past month. Also known as Chanitor, Hancitor is usually delivered as a macro-enabled Office document in phishing emails with "important" messages such as voicemails, faxes or invoices. The index ranked Kelihos, a botnet used in spam campaigns, as the most prevalent malware family overall, with 12% of ...

The Skinner adware rears its ugly head on Google Play

 
A new member of the ever growing adware-found-on-Google-Play-list has been found. Previous members include Viking Horde, DressCode and CallJam, among many others. The malware, dubbed "Skinner", was embedded inside an app which provides game related features. The app was downloaded by over 10,000 users, and managed to hide on Google Play for over two months. Skinner tracks the user's location and actions, and can execute code from its Command and Control server without the user's permission. The app was removed from the play store after we contacted the Google security team. While Adware are a common threat to users, Skinner displayed new elaborate tactics used to evade detection and ...

Check Point’s 2017 Cyber Security Survey Shows Key Concerns and Opportunities among IT Professionals

 
The theme of the 2017 RSA Conference is ‘The Power of Opportunity’ inspired by an approach to learning taken by the Zen monk Shunryu Suzuki. He said that one should pursue even the most advanced study with the mind-set of a beginner and be open to considering new possibilities. That’s certainly a good way to approach the challenges of enterprise security. Today’s business landscape is constantly evolving, presenting new opportunities and challenges – such as the migration to public and private clouds, wider roll-out of mobility and BYOD programs, and the emergence of new cyberthreats seeking to exploit these technologies. So, what are the threats that enterprises are ...

SQL Slammer Comeback

 
SQL Slammer is a computer worm that first appeared in the wild in January 2003, and caused a denial of service condition on tens of thousands of servers around the world. It did so by overloading Internet objects such as servers and routers with a massive number of network packets within 10 minutes of its first emergence.   The worm exploits a buffer overflow vulnerability in Microsoft SQL Server 2000 or MSDE 2000 by sending a formatted request to UDP port 1434. After the server is infected, it attempts to spread rapidly by sending the same payload to random IP addresses, causing a denial of service condition on its targets. This vulnerability was discovered by David Litchfield ...