Check Point Blog

Threat Research June 2, 2015

New Vulnerabilities Discovered In WordPress

Not Just Another Broken Link…   Introduction     Check Point researcher Dikla Barda recently discovered critical vulnerabilities in two widely used WordPress plugins: the Broken Link Checker and the Download Manager. These vulnerabilities allow: Access…

Read More
Threat Research May 20, 2015

Check Point Threat Alert: Logjam

Executive Summary A major flaw was discovered with SSL and was named “Logjam”. The flaw affects a number of fundamental web protocols. 8.4% of the Top 1 Million domains were initially vulnerable. SK106147 – Check…

Read More
Threat Research April 20, 2015

Analyzing the Magento Vulnerability (Updated)

Check Point researchers recently discovered a critical RCE (remote code execution) vulnerability in the Magento web e-commerce platform that can lead to the complete compromise of any Magento-based store, including credit card information as well as…

Read More
Threat Research September 29, 2014

Shellshock A.K.A Bash Bug – A Serious Vulnerability That Could Affect Rooted or Jailbroken Mobile Devices

The security world is buzzing with news regarding the “Bash Bug”, also known as Shellshock,  a vulnerability discovered in one of the most fundamental interfaces powering the internet that is already being described as being…

Read More
Threat Research

Vulnerability Discovered Within Default Android Web Browser

A Vulnerability That Could Enable a Threat Actor to Run Malicious Code on a Victim’s Device Has Been Disclosed by Google Several weeks ago, Google discretely disclosed a vulnerability within the ASOP browser, the browser that…

Read More
Threat Research July 10, 2014

Security Disclosure: Google’s iOS Gmail App Potential Target for Threat Actors

Security Disclosure: As part of our ongoing research into Apple’s iOS environment, we analyze mobile apps from various perspectives. During a routine analysis of the Gmail iOS app we unexpectedly came across a vulnerability which enables a threat actor that is performing a Man-in-the-Middle attack to view, and even modify, encrypted communications. The Vulnerability: Gmail’s iOS App Does Not Perform Certificate Pinning.

Read More
Threat Research June 16, 2014

“TowelRoot” Gives Root Access to Samsung Galaxy S5 and other Popular Android Mobile Devices

A new vulnerability, codenamed TowelRoot, was recently released for the Linux kernel (CVE-2014-3153)  through version 3.14.5 and it has affected Android 4.4 mobile devices. This vulnerability is extremely prevalent and exists on almost every popular…

Read More