June 19, 2017
TOP ATTACKS AND BREACHES
- Cherry Blossom, a sophisticated framework developed by CIA that has been published by WikiLeaks as part of the Vault 7 series, aims to compromise a large number of different Wi-Fi devices. Cherry Blossom enables the attackers to access to their targets’ network traffic, redirect traffic to malicious websites or inject malware to their incoming traffic, gaining access to remote users behind the router.
- The UK National Crime Agency has published details regarding a 2014 security breach, in which sensitive information from the US Department of Defense was stolen. The British threat actor behind this attack was arrested in 2015, and now pleaded guilty to an offence under the Computer Misuse Act.
- The University College London has suffered a ransomware attack. The infection came after one of the university’s staff or students visited a malicious website.
- A new PayPal phishing campaign not only steals victims’ credentials, but also asks victims to confirm their identity by sending a picture of them holding their ID and their credit card.
- Another phishing campaign targets mobile Facebook users and relies on the fact that the victims will not notice the full URL due to the small screen of their mobile phone.Check Point IPS blade will provide protection against this threat in its next online package
- A technical alert has been published by the US Department of Homeland Security and the FBI. The report reveals new evidence of malicious activity originating from a malware called DeltaCharlie that is being used by the North Korean “Hidden Cobra” group to create its private DDoS botnet. Check Point Anti-Bot blade provides protection against this threat (Trojan-DDoS.Win32.HiddenCobra)
- Security Researchers have published a new report regarding a group of threat actors called Fin10, which managed to steal sensitive information from the computers of Canadian mining companies and casinos. According to the report, after stealing the data, the threat actors asked for a ransom of up to 500 BTC.
VULNERABILITIES AND PATCHES
- CrashOverride, the industrial malware behind the 2016 Ukraine electric grids attack, has been revealed. Check Point IPS blade provides protection against this threat (Siemens SIPROTEC Denial of Service)
- Microsoft has released critical security updates patching over 90 security flaws, including some that could, according to Microsoft, protect against “potential nation-state activity”. The release includes patches for the older Windows versions XP and Server 2003, probably due to lessons learned from the WannaCry campaign.
- Adobe has released new security patches (APSB17-17) for products such as Flash Player and Shockwave Player. In total the new patches will fix 20 security flaws. The most critical update is for remote code execution vulnerability found in Adobe Flash Player. Check Point IPS blade provides protection against this threat (Adobe Flash Player Memory Corruption (APSB17 17;CVE 2017 *))
- As part of the Redstone 3, the new windows 10 update, Microsoft confirms to disable the SMBv1. People at Microsoft said that this decision had been made even before the WannaCry attack and they prefer that people will run with the SMB 3.x version.
THREAT INTELLIGENCE REPORTS
- According to new scan results performed by security researchers, it appears that more than 2.3 million devices that are connected to the internet are exposing SMB ports, making them potentially vulnerable to severe attacks, such as the WannaCry attack. Check Point IPS blade provides protection against this threat (Microsoft Windows SMB Remote Code Execution (MS17-010: CVE-2017-014*); Microsoft Windows Eternal* SMB Remote Code Execution; Microsoft Windows DoublePulsar SMB Remote Code Execution; Linux EternalRed Samba Remote Code Execution (CVE 2017 7494))
- Security researchers have shared their scan findings in a new report. The report indicated that nearly 10 million devices with open Telnet ports are found in the wild. Additionally, millions of devices have been found using non-encrypted protocols online.
- The Neutrino exploit kit service has been shut down by its authors and is no longer active. A security researcher claims to have spoken to the kit’s author, who said the business was no longer profitable. Check Point IPS blade provides protection against this threat (Neutrino Exploit Kit Landing Page Code Execution)