2nd December – Threat Intelligence Bulletin

December 2, 2019

For the latest discoveries in cyber research for the week of 2nd December 2019, please download our Threat Intelligence Bulletin.


Check Point Anti-Virus and Anti-Ransomware blades provide protection against these threats (Ransomware.Win32.Ryuk.TC; Trojan.Win32.Emotet)

  • Adobe’s Magento Marketplace has suffered a data breach by a malicious actor that utilized an undisclosed vulnerability in order to gain access to the personal data of the platform users. The exposed information included names, email addresses, MageID, billing and shipping address information, and some limited commercial information.
  • Details of 7 Palo Alto Networks current and former employees were accidentally exposed by a third-party contractor. The details included names, dates of birth and social security numbers.


  • Researchers have discovered 37 vulnerabilities in four popular open-source VNC remote desktop clients and servers that would allow an attacker to gain control of a remote computer.
  • A new vulnerability (CVE-2018-9195) has been found and patched in multiple security products of the security company Fortinet. The vulnerability would allow an attacker to spy on traffic between Fortinet applications and servers as well as to track the online behavior of the company’s users.
  • A researcher has detected a vulnerability in the control panels for lights placed on tall structures to warn airplanes not to hit them. The panels were exposed to the public internet and could be used to turn off the lights by an attacker.
  • Security firm Kaspersky has fixed multiple vulnerabilities in its products (CVE-2019-15684, CVE-2019-15685, CVE-2019-15687 and CVE-2019-15688). The vulnerabilities could allow an attacker to disable several protections and gather limited data about its users.


  • The National Cyber Security Centre in the Netherlands has reported that at least 1,800 companies globally are victims of one of the three Ransomware families: LockerGoga, MegaCortex and Ryuk.

Check Point Anti-Virus and Anti-Ransomware blades provide protection against these threats (Ransomware.Win32.Ryuk.TC; Ransomware.Win32.LockerGoga; Trojan-Ransom.Win32.MegaCortex)

  • Researchers have raised several privacy and security concerns regarding a popular Chinese smartwatch (SMA-WATCH-M2) that is used by parents to track their children. The use of unencrypted communication between the watch and the company servers and a vulnerable database allowed the researchers to obtain personal and real-time location information of nearly 5000 children.
  • Researchers have discovered a new password stealer, CStealer, which targets passwords stored in the Chrome browser. The stealer uploads the stolen credentials to a remote MongoDB database, which may indicate that the data is shared between several attackers.
  • The Trickbot banking Trojan has been upgraded with the ability to steal private keys and passwords from OpenSSH and OpenVPN clients through its password-stealing module. The stolen data can later be used by attackers to gain access to additional computers.

Check Point Anti-Virus and Anti-Bot blades provide protection against this threat (Trojan-Banker.Win32.TrickBot)

  • A report has shown the sharp increase in the malicious use of Chrome notification, pushing unwanted ads, phishing scams and malicious content



  • Check Point Research Publications
  • Global Cyber Attack Reports
  • Threat Research
February 17, 2020

“The Turkish Rat” Evolved Adwind in a Massive Ongoing Phishing Campaign

  • Check Point Research Publications
August 11, 2017

“The Next WannaCry” Vulnerability is Here

  • Check Point Research Publications
January 11, 2018

‘RubyMiner’ Cryptominer Affects 30% of WW Networks