Phorpiex Breakdown

November 19, 2019 3:33 am

Research by: Alexey Bukhteyev Introduction We recently wrote about the massive “sextortion” spam campaign carried out by the Phorpiex botnet. However, this is only a small part of this botnet’s malicious activity. Capable... Click to Read More

The Road to Qualcomm TrustZone Apps Fuzzing

November 14, 2019 2:52 am

Research By: Slava Makkaveev Trusted Execution Environment TrustZone is a security extension integrated by ARM into the Corex-A processor. This extension creates an isolated virtual secure world which can be used by the... Click to Read More

21th October – Threat Intelligence Bulletin

October 22, 2019 8:03 am

For the latest discoveries in cyber research for the week of 14th October 2019, please download our Threat Intelligence Bulletin TOP ATTACKS AND BREACHES Check Point Research has exposed the Phorpiex botnet which... Click to Read More

TCP SACK Security Issue in OpenBSD – CVE-2019-8460

October 22, 2019 5:47 am

Reuven Plevinsky and Tal Vainshtein Background Following the recent hype over the TCP networking vulnerabilities found by Netflix in Linux and FreeBSD, for which Check Point quickly responded and provided protection, we have... Click to Read More

Pony’s C&C servers hidden inside the Bitcoin blockchain

October 17, 2019 5:57 am

Research by: Kobi Eisenkraft, Arie Olshtein Introduction Redaman is a form of banking malware distributed by phishing campaigns that target mostly Russia language speakers. First seen in 2015 and reported as the RTM... Click to Read More

In the Footsteps of a Sextortion Campaign

October 16, 2019 5:00 am

Research by: Gil Mansharov and Alexey Bukhteyev Introduction In its 2018 annual publication, the FBI IC3 (Internet Crime Complaint Center) reported a 242% rise in extortion emails, the majority of which are “sextortion”,... Click to Read More

The Eye on the Nile

October 3, 2019 1:19 am

  Introduction Back in March 2019, Amnesty International published a report that uncovered a targeted attack against journalists and human rights activists in Egypt. The victims even received an e-mail from Google warning... Click to Read More

Mapping the connections inside Russia’s APT Ecosystem

September 24, 2019 5:57 am

Research by Itay Cohen from Check Point Research and Omri Ben Bassat from Intezer This research is a joint effort conducted by Check Point and Intezer. prologue пролог If the names Turla, Sofacy,... Click to Read More

UPSynergy: Chinese-American Spy vs. Spy Story

September 5, 2019 6:00 am

Research By: Mark Lechtik & Nadav Grossman   Introduction Earlier this year, our colleagues at Symantec uncovered an interesting story about the use of Equation group exploitation tools by an alleged Chinese group... Click to Read More

Advanced SMS Phishing Attacks Against Modern Android-based Smartphones

September 4, 2019 5:55 am

Research By: Artyom Skrobov, Slava Makkaveev Introduction Check Point Researchers have identified a susceptibility to advanced phishing attacks in certain modern Android-based phones, including models by Samsung, Huawei, LG and Sony. In these... Click to Read More

Say Cheese: Ransomware-ing a DSLR Camera

August 11, 2019 10:55 am

Research by: Eyal Itkin TL;DR Cameras. We take them to every important life event, we bring them on our vacations, and we store them in a protective case to keep them safe during transit.... Click to Read More

SELECT code_execution FROM * USING SQLite;

August 10, 2019 2:00 pm

Gaining code execution using a malicious SQLite database Research By: Omer Gull tl;dr SQLite is one of the most deployed software in the world. However, from a security perspective, it has only been... Click to Read More

Black Hat 2019 – WhatsApp Protocol Decryption for Chat Manipulation and More

August 7, 2019 5:05 pm

  Research By: Dikla Barda, Roman Zaikin and Oded Vanunu According to sources, WhatsApp, the Facebook-owned messaging application has over 1.5 billion users in over 180 countries. The average user checks WhatsApp more... Click to Read More

Reverse RDP Attack: The Hyper-V Connection

August 7, 2019 4:00 pm

Research by: Eyal Itkin Overview Earlier this year, we published our research on the Reverse RDP Attack. In our previous blog post, we described how we found numerous critical vulnerabilities in popular Remote... Click to Read More

Cobalt Group Returns To Kazakhstan

July 31, 2019 7:14 am

Introduction Cobalt Group is a financially motivated cyber-crime gang that has been active since at least 2016. The group is mainly interested in carrying out attacks against banks, in an attempt to access... Click to Read More