Ethereum’s CREATE2: A Double-Edged Sword in Blockchain Security
Check Point Research » Threat Research
by etal
1w ago
By Oded Vanunu, Dikla Barda, Roman Zaikin Ethereum’s CREATE2 function is being exploited by attackers to compromise the security of digital wallets, bypassing traditional security measures and facilitating unauthorized access to funds. The attack method involves tricking users into approving transactions for smart contracts that haven’t been deployed yet, allowing cybercriminals to later deploy malicious contracts and steal cryptocurrencies. This vulnerability highlights the need for enhanced security measures in wallet security products to adapt to the evolving tactics of cybercriminals, ensu ..read more
Visit website
Magnet Goblin Targets Publicly Facing Servers Using 1-Day Vulnerabilities
Check Point Research » Threat Research
by etal
2w ago
Key Points Magnet Goblin is a financially motivated threat actor that quickly adopts and leverages 1-day vulnerabilities in public-facing services as an initial infection vector. At least in one case of Ivanti Connect Secure VPN (CVE-2024-21887), the exploit entered the group’s arsenal as fast as within 1 day after a POC for it was published. Campaigns that we were able to attribute to this actor targeted Ivanti, Magento, Qlink Sense and possibly Apache ActiveMQ. Analysis of the actor’s recent Ivanti Connect Secure VPN campaign revealed a novel Linux version of a malware called NerbianRA ..read more
Visit website
4th March – Threat Intelligence Report
Check Point Research » Threat Research
by tomersp@checkpoint.com
3w ago
For the latest discoveries in cyber research for the week of 4th March, please download our Threat_Intelligence Bulletin. TOP ATTACKS AND BREACHES UnitedHealth Group confirmed its subsidiary was attacked by the ALPHV ransomware gang. 6 terabytes of data were stolen in the attack, and Change Healthcare, a crucial intermediary between pharmacies and insurance companies, was forced to disconnect its systems on February 21. The disruption impacted U.S. military clinics and hospitals worldwide, necessitating manual prescription processes. Check Point Harmony Endpoint and Threat Emulation provide ..read more
Visit website
2024’s Cyber Battleground Unveiled: Escalating Ransomware Epidemic, the Evolution of Cyber Warfare Tactics and strategic use of AI in defense – Insights from Check Point’s Latest Security Report
Check Point Research » Threat Research
by etal
1M ago
Key Takeaways: ·        Rising Threats: Cybersecurity landscape faces an unprecedented surge in ransomware attacks, with 1 in every 10 organizations globally being targeted in 2023. ·        Evolution of Tactics: Adversaries exploit zero-day vulnerabilities, employ disruptive wipers, utlise emerging RaaS (Ransomware-as-a-Service) tactics and target edge devices, amplifying the complexity of cyber threats. ·        AI-Powered Defense: Artificial intelligence emerges as a formidable defender ..read more
Visit website
The Risks of the #MonikerLink Bug in Microsoft Outlook and the Big Picture
Check Point Research » Threat Research
by etal
1M ago
Introduction Recently, Check Point Research released a white paper titled “The Obvious, the Normal, and the Advanced: A Comprehensive Analysis of Outlook Attack Vectors”, detailing various attack vectors on Outlook to help the industry understand the security risks the popular Outlook app may bring into organizations. As mentioned in the paper, we discovered an interesting security issue in Outlook when the app handles specific hyperlinks. In this blog post, we will share our research on the issue with the security community and help defend against it. We will also highlight the broader impact ..read more
Visit website
Maldocs ­of Word and Excel: Vigor of the Ages
Check Point Research » Threat Research
by etal
1M ago
Research by: Raman Ladutska We chose a fantasy decoration style at certain points of the article to attract attention to the described problem. We hope that visualizing a fantasy adventure as a fight against the source of evil will transform the real world and make it a safer and better place. Figure 1 – The Title Page Chasing new exploits, vulnerabilities, and threats is the way to go in the ever-changing cybercrime landscape. However, in a constant flow of information, the focus on yesterday’s highlights is low: every day, new CVEs occur, and new threats emerge. With this state of affairs, o ..read more
Visit website
Raspberry Robin Keeps Riding the Wave of Endless 1-Days
Check Point Research » Threat Research
by shlomoo@checkpoint.com
1M ago
Key Findings Two new 1-day LPE exploits were used by the Raspberry Robin worm before they were publicly disclosed, which means that Raspberry Robin has access to an exploit seller or its authors develop the exploits themselves in a short period of time. Raspberry Robin is continually updated with new features and evasions to be even stealthier than before. Raspberry Robin slightly changed its communication method and lateral movement to avoid being caught by behavioral signatures implemented based on its previous version. Raspberry Robin is spread with a new delivery method, disguising as a l ..read more
Visit website
Check Point Research alerts on a new NFT airdrop campaign
Check Point Research » Threat Research
by etal
2M ago
By Oded Vanunu, Dikla Barda, Roman Zaikin A recent investigation conducted by Check Point Research has revealed a sophisticated NFT scam campaign operating on a large scale: This campaign is unique in its methodology, employing a source spoofing technique to target a broad spectrum of token holders. It specifically focuses on more than 100 highly popular projects, aiming its attacks at token holders. For instance, if you are listed as an APE token holder, the attacker would send you an airdrop labeled as an Ape NFT airdrop. The rationale behind this is that the attacker lacks access to the em ..read more
Visit website
.NET Hooking – Harmonizing Managed Territory
Check Point Research » Threat Research
by shlomoo@checkpoint.com
2M ago
Research by: Jiri Vinopal Key Points Check Point Research (CPR) provides an introduction to .NET managed hooking using the Harmony library. We cover the most common examples of implementation using different types of Harmony patches. The practical example using Harmony hooking to defeat the notorious “ConfuserEx2” obfuscator results in the “ConfuserEx2_String_Decryptor” tool. CPR reveals a neat trick how to combine both debugging and hooking using the Harmony library (Harmony hooking from the dnSpyEx debugging context). Introduction For a malware researcher, analyst, or reverse engineer, the ..read more
Visit website
Rhadamanthys v0.5.0 – a deep dive into the stealer’s components
Check Point Research » Threat Research
by shlomoo@checkpoint.com
3M ago
Research by: hasherezade Highlights The Rhadamanthys stealer is a multi-layer malware, sold on the black market, and frequently updated. Recently the author released a new major version, 0.5.0. In the new version, the malware expands its stealing capabilities and also introduces some general-purpose spying functions. A new plugin system makes the malware expandable for specific distributor needs. The custom executable formats, used for modules, are unchanged since our last publication (XS1 and XS2 formats are still in distribution). Check Point Research (CPR) provides a comprehensive review o ..read more
Visit website

Follow Check Point Research » Threat Research on FeedSpot

Continue with Google
Continue with Apple
OR