Check Point Research

Executive Summary Research by Erez Goldberg Server-Side Template Injection (SSTI) vulnerabilities refer to weaknesses in web applications which attackers can exploit to inject malicious code into server-side templates. This allows them to execute arbitrary commands on the server, potentially leading to unauthorized data access, server compromise, or exploitation of additional vulnerabilities. Recently, SSTI vulnerabilities are […]

The post Server-Side Template Injection: Transforming Web Applications from Assets to Liabilities appeared first on Check Point Research.

For the latest discoveries in cyber research for the week of 12th August, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES Financial data systems of The Grand Palais which hosts Olympic events in France, were targeted by an undisclosed ransomware group. As part of the attack, also the financial systems of around 40 […]

The post 12th August – Threat Intelligence Report appeared first on Check Point Research.

For the latest discoveries in cyber research for the week of 5th August, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES American blood donation center OneBlood has been a victim of a ransomware attack that caused disruption to its software system, affecting operations across more than 350 hospitals in Florida, Georgia, and the […]

The post 5th August – Threat Intelligence Report appeared first on Check Point Research.

For the latest discoveries in cyber research for the week of 29th July, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES The Superior Court of Los Angeles was forced to shut down its network following a ransomware attack. The court, the largest in the United States, has closed all of its 36 courthouse […]

The post 29th July – Threat Intelligence Report appeared first on Check Point Research.

Research by: hasherezade Highlights: Introduction Process injection is one of the important techniques used by attackers. We can find its variants implemented in almost every malware. It serves purposes such as: Due to the fact that interference in the memory of a process by malicious modules can cause a lot of damage, all sorts of AV […]

The post Thread Name-Calling – using Thread Name for offense appeared first on Check Point Research.

Research by: Antonis Terefos (@Tera0017) Key Points Introduction Threat actors continually evolve their tactics to stay ahead of detection. Traditional methods of malware distribution via emails containing malicious attachments are heavily monitored, and the general public has become more aware of these tactics. Recently, Check Point Research observed threat actors using GitHub to achieve initial […]

The post Stargazers Ghost Network appeared first on Check Point Research.

Research by Dikla Barda, Roman Ziakin and Oded Vanunu Check Point’s Threat Intel blockchain system identified and alerted that in recent times, fraudsters have evolved to become increasingly sophisticated, exploiting legitimate blockchain protocols to conduct their scams. The Uniswap Protocol, launched in 2018, is the largest and most popular decentralized exchange for swapping cryptocurrency tokens […]

The post Unveiling the Scam: How Fraudsters Abuse Legitimate Blockchain Protocols to Steal Your Cryptocurrency Wallet appeared first on Check Point Research.

For the latest discoveries in cyber research for the week of 22nd July, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES American Bassett Furniture Industries has been a victim of a ransomware attack that resulted in the encryption of data files and the shutdown of its manufacturing facilities. The attack has significantly disrupted […]

The post 22nd July – Threat Intelligence Report appeared first on Check Point Research.

For the latest discoveries in cyber research for the week of 15th July, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES American telecom giant AT&T has disclosed a massive data breach that exposed personal information of 110M of its customers. The data was stolen from the company’s workspace on a third-party cloud platform, […]

The post 15th July – Threat Intelligence Report appeared first on Check Point Research.

Key Findings Introduction MuddyWater, an Iranian threat group affiliated with the Ministry of Intelligence and Security (MOIS), is known to be active since at least 2017. During the last year, MuddyWater engaged in widespread phishing campaigns targeting the Middle East, with a particular focus on Israel. Since October 2023, the actors’ activities have increased significantly. Their methods […]

The post New BugSleep Backdoor Deployed in Recent MuddyWater Campaigns appeared first on Check Point Research.

by Haifei Li Introduction and Background Check Point Research recently discovered that threat actors have been using novel (or previously unknown) tricks to lure Windows users for remote code execution. Specifically, the attackers used special Windows Internet Shortcut files (.url extension name), which, when clicked, would call the retired Internet Explorer (IE) to visit the […]

The post Resurrecting Internet Explorer: Threat Actors Using Zero-day Tricks in Internet Shortcut File to Lure Victims (CVE-2024-38112) appeared first on Check Point Research.

For the latest discoveries in cyber research for the week of 8th July, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES FIA, the governing body for Formula 1, disclosed a data breach stemming from a phishing attack on their email accounts. The attack led to unauthorized access to personal data, and the incident […]

The post 8th July – Threat Intelligence Report appeared first on Check Point Research.

Author: Moshe Marelus Introduction In recent months, CPR has been investigating the usage of compiled V8 JavaScript by malware authors. Compiled V8 JavaScript is a lesser-known feature in V8, Google’s JavaScript engine, that enables the compilation of JavaScript into low-level bytecode. This technique assists attackers in evading static detections and hiding their original source code, […]

The post Exploring Compiled V8 JavaScript Usage in Malware appeared first on Check Point Research.

Introduction Cryptographic attacks, even more advanced ones, are often made more difficult to understand than they need to be. Sometimes it’s because the explanation is “too much too soon” — it skips the simple general idea and goes straight to real world attacks with all their messy details. Other times it’s because of too much […]

The post Modern Cryptographic Attacks: A Guide for the Perplexed appeared first on Check Point Research.

For the latest discoveries in cyber research for the week of 1st July, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES The BlackSuit ransomware group has hit South Africa’s National Health Laboratory Service (NHLS), disrupting lab result dissemination amid a Mpox outbreak. The actors have deleted system sections, including backups, forcing manual result […]

The post 1st July – Threat Intelligence Report appeared first on Check Point Research.

For the latest discoveries in cyber research for the week of 24th June, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES The BlackSuit ransomware group has disrupted operations at CDK Global, a significant provider of IT and digital marketing solutions to the automotive industry, targeting their SaaS platforms across the United States and […]

The post 24th June – Threat Intelligence Report appeared first on Check Point Research.

Research by: Antonis Terefos, Bohdan Melnykov Introduction Android, Google’s most popular mobile operating system, powers billions of smartphones and tablets globally. Known for its open-source nature and flexibility, Android offers users a wide array of features, customization options, and access to a vast ecosystem of applications through the Google Play Store and other sources. However, […]

The post Rafel RAT, Android Malware from Espionage to Ransomware Operations appeared first on Check Point Research.

For the latest discoveries in cyber research for the week of 17th June, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES An attack targeting Snowflake customer databases, identified as the work of threat actor UNC5537, has led to significant data theft and extortion. UNC5537 used stolen Snowflake customer credentials, obtained mainly from infostealer […]

The post 17th June – Threat Intelligence Report appeared first on Check Point Research.