#CheckPoint – Xynik

Check Point warns customers to patch VPN vulnerability under active exploitation

June 3, 2024 by Xynik

June 3, 2024 at 08:12AM Cybersecurity software vendor Check Point detected a zero-day vulnerability being actively exploited. The vulnerability, assigned CVE-2024-24919, affects several Check Point products and can result in unauthorized access to sensitive information. Check Point advised users to update their software and harden their VPN posture. Additionally, various other critical vulnerabilities in different … Read more

Check Point VPN zero-day exploited in attacks since April 30

May 29, 2024 by Xynik

May 29, 2024 at 03:45PM Threat actors are exploiting a high-severity zero-day vulnerability in Check Point Remote Access VPN, stealing Active Directory data to move through victims’ networks. Check Point warns customers of attackers targeting their security gateways using old VPN local accounts with insecure password-only authentication. The company has released hotfixes to block exploitation … Read more

Check Point releases emergency fix for VPN zero-day exploited in attacks

May 29, 2024 by Xynik

May 29, 2024 at 09:34AM Check Point releases hotfixes for VPN zero-day exploited in attacks targeting remote access to firewalls and corporate networks. The vulnerability (CVE-2024-24919) affects Check Point Security Gateways and impacts various product versions. Security updates have been issued, and installation instructions provided. A remote access validation script is available to review results … Read more

Hackers target Check Point VPNs to breach enterprise networks

May 27, 2024 by Xynik

May 27, 2024 at 02:24PM Check Point warns of ongoing campaign targeting Remote Access VPN devices, affecting enterprise networks. Attackers exploit old local accounts’ insecure password-only authentication. Check Point advises customers to secure accounts and install a hotfix to block login attempts using password-only authentication. Cisco also reported credential brute-forcing attacks on VPN and SSH … Read more

Iranian MOIS-Linked Hackers Behind Destructive Attacks on Albania and Israel

May 20, 2024 by Xynik

May 20, 2024 at 12:27PM Iranian threat actor affiliated with the Ministry of Intelligence and Security (MOIS) conducts destructive wiping attacks in Albania and Israel. Cybersecurity firm Check Point tracks the activity as Void Manticore, also known as Storm-0842. The group uses wiper malware and leverages publicly available tools for attacks, demonstrating a high degree … Read more

Critical Flaw in AI Python Package Can Lead to System and Data Compromise

May 17, 2024 by Xynik

May 17, 2024 at 09:57AM A critical vulnerability, tracked as CVE-2024-34359 and named Llama Drama, was discovered in a Python package used by AI developers. The flaw allows for arbitrary code execution, posing a risk to systems and data. Cybersecurity firm Checkpoint detailed the issue, and a patch has been released with llama_cpp_python 0.2.72. More … Read more

Magnet Goblin hackers use 1-day flaws to drop custom Linux malware

March 10, 2024 by Xynik

March 10, 2024 at 11:42AM Magnet Goblin, a financially motivated hacking group, exploits 1-day vulnerabilities to breach public-facing servers and deploy custom malware on Windows and Linux systems. They target devices and services like Ivanti Connect Secure, Apache ActiveMQ, ConnectWise ScreenConnect, Qlik Sense, and Magento. Check Point analysts emphasize the importance of timely patching and … Read more

‘The Weirdest Trend in Cybersecurity’: Nation-States Returning to USBs

March 7, 2024 by Xynik

March 7, 2024 at 04:26PM Nation-state cyber threat groups are using USBs to infiltrate government and critical infrastructure. Check Point’s Maya Horowitz highlighted USBs as the primary infection vector for major threats, including China’s Camaro Dragon and Russia’s Gamaredon. Instances of USB attacks at a power company and a UK hospital underscore the danger. Organizations … Read more

Raspberry Robin Malware Upgrades with Discord Spread and New Exploits

February 9, 2024 by Xynik

February 9, 2024 at 12:27PM The malware Raspberry Robin has evolved to utilize new one-day exploits for local privilege escalation, making it harder to detect and analyze. It serves as an initial access facilitator for other malicious payloads and has ties to various e-crime groups. The threat actors behind it purchase exploits from the dark … Read more

Check Point CEO to Step Down After 3 Decades

February 6, 2024 by Xynik

February 6, 2024 at 11:25AM Check Point CEO Gil Shwed will step down after 30 years to focus on the company’s evolution and transition into the role of executive chairman. He highlighted the initiation of the succession process to hire a new CEO and expressed excitement about the company’s technology pipeline and global team. Check … Read more