Tag Archive: vulnerabilities

Remote Cloud Execution – Critical Vulnerabilities in Azure Cloud Infrastructure (Part I)

January 30, 2020 4:00 am

Ronen Shustin Cloud Attack Part I Motivation Cloud security is like voodoo. Clients blindly trust the cloud providers and the security they provide. If we look at popular cloud vulnerabilities, we see that... Click to Read More

Canadian banks targeted in a massive phishing campaign

December 23, 2019 3:00 am

Introduction Recently, Check Point engines detected a new phishing campaign impersonating the Royal Bank of Canada (RBC). The attack starts by sending legitimate-looking e-mails containing a PDF attachment to multiple organizations and victims... Click to Read More

UPSynergy: Chinese-American Spy vs. Spy Story

September 5, 2019 6:00 am

Research By: Mark Lechtik & Nadav Grossman   Introduction Earlier this year, our colleagues at Symantec uncovered an interesting story about the use of Equation group exploitation tools by an alleged Chinese group... Click to Read More

50 CVEs in 50 Days: Fuzzing Adobe Reader

December 12, 2018 3:05 am

Research By: Yoav Alon, Netanel Ben-Simon Introduction The year 2017 was an inflection point in the vulnerability landscape. The number of new vulnerabilities reported that year was around 14,000, which is over twice... Click to Read More

DJI Drone Vulnerability

November 8, 2018 5:14 am

Research by: Oded Vanunu, Dikla Barda and Roman Zaikin   DJI is the world’s leader in the civilian drone and aerial imaging technology industry. Besides from consumers, though, it has also taken a... Click to Read More

Faxploit: Sending Fax Back to the Dark Ages

August 12, 2018 3:09 pm

Research By: Eyal Itkin, Yannay Livneh and Yaniv Balmas   Fax, the brilliant technology that lifted mankind out the dark ages of mail delivery when only the postal service and carrier pigeons were... Click to Read More

Man-in-the-Disk: Android Apps Exposed via External Storage

August 12, 2018 1:09 pm

Research By: Slava Makkaveev   Recently, our researchers came across a shortcoming in the design of Android’s use of storage resources. Careless use of External Storage by applications may open the door to... Click to Read More

FakesApp: A Vulnerability in WhatsApp

August 7, 2018 4:15 am

Research By: Dikla Barda, Roman Zaikin and Oded Vanunu   As of early 2018, the Facebook-owned messaging application, WhatsApp, has over 1.5 billion users with over one billion groups and 65 billion messages... Click to Read More

Remote Code Execution Vulnerability on LG Smartphones

May 8, 2018 8:58 am

Research By: Slava Makkaveev   Background A few months ago, Check Point Research discovered two vulnerabilities that reside in the default keyboard on all mainstream LG smartphone models (termed by LG as ‘LGEIME’).... Click to Read More

Uncovering Drupalgeddon 2

April 12, 2018 6:18 am

Research By: Eyal Shalev, Rotem Reiss and Eran Vaknin   Abstract Two weeks ago, a highly critical (25/25 NIST rank) vulnerability, nicknamed Drupalgeddon 2 (SA-CORE-2018-002 / CVE-2018-7600), was disclosed by the Drupal security... Click to Read More

Check Point Responds to AMD Flaws

March 19, 2018 6:12 am

  Following recent heated attention over possible flaws in AMD processor chips, Check Point Research was privately approached by the source of these controversial findings, CTS Labs, and was asked to verify their... Click to Read More

Guest Accounts Gain Full Access on Chrome RDP

March 13, 2018 1:29 am

Research By: Ofer Caspi, Benjamin Berger   Chrome Remote Desktop is an extension to the Chrome browser that allows users to remotely access another computer through Chrome browser or a Chromebook. It is... Click to Read More

Exploiting CVE-2018-0802 Office Equation Vulnerabilty Demo Video

January 9, 2018 11:35 am

  The Check Point Research team discovered a new vulnerability (CVE-2018-0802) in the Office Equation 3.0 process (EQNEDT32.EXE). This is a POC video of the vulnerability being exploited while bypassing the new ASLR... Click to Read More

Many Formulas, One Calc – Exploiting a New Office Equation Vulnerability

January 9, 2018 10:38 am

Research By: Omer Gull and Netanel Ben Simon    Background A few weeks ago, a vulnerability in the Office Equation 3.0 process (EQNEDT32.EXE) was discovered by Embedi. For a couple of reasons this... Click to Read More

Detection of the Meltdown and Spectre Vulnerabilities

January 8, 2018 11:22 pm

Research By:  Erez Israel, Daniel Marx, Yoav Alon, Aviv Gafni and Ben Omelchenko    Last week, two publications regarding a pair of vulnerabilities named individually by their publishers as Meltdown and Spectre sent... Click to Read More