Introduction In the last few months, Check Point Research has been tracking “Stayin’ Alive”, an ongoing campaign that has been active since at least 2021. The campaign operates in Asia, primarily targeting the Telecom industry, as well as government organizations. The “Stayin’ Alive” campaign consists of mostly downloaders and loaders, some of which are used […]
Google’s research team has launched v8CTF, a capture-the-flag (CTF) challenge focused on its Chrome browser’s V8 JavaScript engine. The competition opened on October 6, 2023, and is accessible to any exploit writers. “Once you have identified a vulnerability present in our deployed version, exploit it, and grab the flag,” Google software engineers Stephen Roettger and […]
Recent research from Menlo Labs has uncovered a sophisticated phishing campaign aimed at executives employed across industries, such as banking, insurance, property management, real estate, and manufacturing. The U.S.-based organizations have been the primary targets. Diving into details The phishing campaign began in July and abused an open redirection vulnerability on the job search platform […]
Cyber attacks are on the rise. Cyber Security Hub research has found that two in five cyber security professionals said the rate and volume of cyber attacks experienced by their organization increased in the past year. With this increase in cyber attacks, it is no longer enough for cyber security teams to employ only reactive […]
The Sonatype Security Research team is currently tracking an ongoing campaign on the npm registry that uses npm packages to retrieve and exfiltrate your Kubernetes configuration and SSH keys to an external server.
Sep 19, 2023THNNetwork Security / Exploit New research has found that close to 12,000 internet-exposed Juniper firewall devices are vulnerable to a recently disclosed remote code execution flaw. VulnCheck, which discovered a new exploit for CVE-2023-36845, said it could be exploited by an “unauthenticated and remote attacker to execute arbitrary code on Juniper firewalls without […]
In early 2021, we published a research paper discussing the operation of a China-linked threat actor we tracked as Earth Lusca. Since our initial research, the group has remained active and has even extended its operations, targeting countries around the world during the first half of 2023. While monitoring the group, we managed to obtain […]
Research by: Niv Asraf Abstract In the last two months, Check Point researchers encountered a new large-scale phishing campaign that recently targeted more than 40 prominent companies across multiple industries, in Colombia. The attackers’ objective was to discreetly install the notorious “Remcos” malware on victims’ computers. Remcos, a sophisticated “Swiss Army Knife” RAT, grants attackers […]
Application Security , Next-Generation Technologies & Secure Development Research Services Business Will Keep GrammaTech Name, Five Points Capital Ownership Michael Novinson (MichaelNovinson) • September 5, 2023 Mike Dager, CEO, CodeSecure (Image: CodeSecure) GrammaTech has separated its security software products and cyber research services divisions, and venture capital firm Battery Ventures has acquired the […]