GuLoader? No, CloudEyE.

June 8, 2020 1:59 am

Italian company exposed on Clearnet earned up to $ 500,000 helping cybercriminals to deliver malware using cloud drives. Recently, we wrote about the network dropper known as GuLoader, which has been very actively... Click to Read More

Bringing VandaTheGod down to Earth: Exposing the person behind a 7-year hacktivism campaign

May 28, 2020 2:02 am

Introduction Since 2013, many official websites belonging to governments worldwide were hacked and defaced by an attacker who self-identified as ’VandaTheGod.’ The hacker targeted governments in numerous countries, including: Brazil, the Dominican Republic,... Click to Read More

Safe-Linking – Eliminating a 20 year-old malloc() exploit primitive

May 21, 2020 1:55 am

Research by: Eyal Itkin Overview One of our goals for every research project we work on in Check Point Research is to get an intimate understanding of how software work: What components do they... Click to Read More

Reverse RDP – The Path Not Taken

May 14, 2020 2:07 am

Research by: Eyal Itkin Overview During 2019, we published our research on the Reverse RDP Attack: Part 1 and Part 2. In those blog posts, we described how we found numerous critical vulnerabilities... Click to Read More

Bugs on the Windshield: Fuzzing the Windows Kernel

May 6, 2020 3:44 am

Research By: Netanel Ben-Simon and Yoav Alon Background: In our previous research, we used WinAFL to fuzz user-space applications running on Windows, and found over 50 vulnerabilities in Adobe Reader and Microsoft Edge.... Click to Read More

Nazar: Spirits of the Past

May 5, 2020 7:00 am

In mid-2017, The Shadow Brokers exposed NSA files in a leak known as "Lost In Translation". Recently, researcher uncovered "Nazar", a previously-unknown APT that was mentioned in the leak. We decided to dive into each and every one of the components and share our technical analysis. What we found out, is far from being "advanced".

First seen in the wild – Malware uses Corporate MDM as attack vector

April 29, 2020 4:38 am

Research by: Aviran Hazum, Bogdan Melnykov, Chana Efrati, Danil Golubenko, Israel Wernik, Liav Kuperman, Ohad Mana Overview: Check Point researchers discovered a new Cerberus variant which is targeting a multinational conglomerate, and is... Click to Read More

E-Learning Platforms Getting Schooled – Multiple Vulnerabilities in WordPress’ Most Popular Learning Management System Plugins

April 29, 2020 2:00 am

Research by: Omri Herscovici and Sagi Tzadik Overview The COVID-19 pandemic has changed the way we live and work. “Sheltering in place” requires many people to work from home, thereby necessitating the use... Click to Read More

OptOut – Compiler Undefined Behavior Optimizations

April 24, 2020 2:00 am

Research by: Eyal Itkin, Gili Yankovitch Introduction During 35C3, Gili Yankovitch (@cytingale) and I attended a great talk called: “Memsad – Why Clearing Memory is Hard” (https://media.ccc.de/v/35c3-9788-memsad). In his talk, Ilja van Sprundel presented... Click to Read More

IR Case: The Florentine Banker Group

April 23, 2020 2:59 am

by Matan Ben David Introduction On December 16 2019, Check Point’s Incident Response Team (CPIRT) was engaged by three firms in the finance sector to investigate fraudulent wire transfers sent from their joint... Click to Read More

Ransomware Evolved: Double Extortion

April 16, 2020 2:03 am

Overview Picture this scene:  you arrive at the office one morning to find that cybercriminals have accessed your entire corporate network and encrypted all your files and databases, bringing the operations of your... Click to Read More

Threat Actors Migrating to the Cloud

April 10, 2020 3:06 am

Where do malware payloads come from? It’s a question with an apparently trivial answer. Usually these sit on dedicated servers owned by the campaign managers, and occasionally on a legitimate website that has... Click to Read More

Breaking through Windows’ defenses: Analyzing mLNK Builder

March 26, 2020 3:00 am

Introduction Launching an attack does not always require high technical aptitude on the part of a threat actor, especially when there are ready-made tools available for every stage of the infection chain. Delivery... Click to Read More

“I want to learn about exploitation! Where do I start?”

March 25, 2020 4:10 am

We’ve heard this question a lot. We’re even young enough to remember having asked it. The standard answer is often an embarrassed mumble that there are no golden rules, and that you should... Click to Read More

Google Play Store Played Again – Tekya Clicker Hides in 24 Children’s Games and 32 Utility Apps

March 24, 2020 2:14 am

Research by Israel Wernik, Danil Golubenko , Aviran Hazum    Although Google has taken steps to secure its Play store and stop malicious activity, hackers are still finding ways to infiltrate the app store and access users’... Click to Read More