Articles about Check Point

High-tech startup-rich neighbourhood Herzliya Pituach, Israel. Pic by InnaFelker, editorial use only via Shutterstock

Israeli tech firms make their exits, stage rich

Israeli hi-tech companies rang the tills with exits adding up to $3.3bn in the first half of 2016. A total of 45 hi-tech firms completed exit deals that averaged $74m, according to a study by IVC Research Center and law firm Meitar Liquornik. Increased difficulties in raising capital, particularly in the United States and …
John Leyden, 06 Jul 2016
Image composite Titima Ongkantong, Stephen Marques, Shutterstock

Outed China ad firm infects 10m Androids, makes $300k a month

Net scum behind the Hummingbird Android malware are raking in a mind-boggling US$300,000 (£233,125, A$404,261) a month through illegitimate advertising and app downloads from a whopping 10 million infected devices. The offending group, known as Yingmob, is an offshoot of a legitimate Chinese advertising analytics firm with …
Darren Pauli, 06 Jul 2016
Venomous snake

Nuclear goes boom

Shake-ups at the top of the exploit kit world continue, with news the world's two top pop boxes have disappeared. Exploit kits are the all-in-one commercial crime offerings through which specifically vulnerable users can be targeted with a barrage of constantly updated and occasionally zero-day attacks. Victims subject to …
Darren Pauli, 28 Jun 2016
Happy man holds flag of Israel. Pic: Shutterstock

Israeli cybersecurity boom 'sustainable', argues industry’s father

Israel cyber week The "father" of Israel's cybersecurity industry reckons the unprecedented growth in its security startup industry can be sustained. Isaac Ben Israel, who heads the Interdisciplinary Cyber Research Center (ICRC) at Tel Aviv University, estimates there are 400 cybersecurity firms in Israel. Together with more established …
John Leyden, 22 Jun 2016

Man-in-the-middle biz Blue Coat bought by Symantec: Infosec bods are worried

Analysis Symantec’s deal to to buy Blue Coat, the controversial web filtering firm, for $4.65bn will bolster its enterprise security business. But some security experts are concerned about the potential for conflict of interest created by housing Symantec’s digital certificate business and Blue Coat’s man-in-the-middle SSL inspection …
John Leyden, 14 Jun 2016

Oh snap! Facebook zaps crap yap gap in web chat, natter app flap

A vulnerability in Facebook's web chatrooms and its Messenger app would have let miscreants surreptitiously tamper with messages after they had been sent. The flaw was discovered by eggheads at security biz Check Point, who reported it to the social network giant. We're told attackers would have needed only a basic knowledge …
John Leyden, 08 Jun 2016
Suspicous process detected: Microsoft's Scott Guthrie shows off the Azure Security Center

Microsoft's Scott Guthrie wrote code live on stage for Azure devs

Microsoft’s Executive Vice President of Cloud and Enterprise, Scott Guthrie, came to London’s Mermaid Theatre on 3rd June 2016 to present to around 600 IT folk at the Azure Users Group, at an event called AzureCraft. It is unusual for someone on this page to come to this type of event, and even to engage in the precarious …
Tim Anderson, 06 Jun 2016
Dounreay shaft explosion copyright Dounrea Site Restoration Ltd and Nuclear Decommissioning Authority

Inside the world's second worst exploit toolkit

Security researchers have lifted the lid on the Nuclear exploit kit, rated the second largest malware-as-a-service toolkit in the world. Nuclear has generated 1.8 million attacks worth $12m in revenue in one month alone, chiefly through slinging the infamous Locky ransomware. The estimated monthly revenue for the developers of …
John Nicholson, 19 May 2016

Kids these days can't even write a decent virus

The crusty headless Conficker worm is the web's most prolific web threat, says security Check Point. The net menace was the one-time world's biggest bot worming its way since 2008 through millions of machines across every country in the world, smashing through social networks including Facebook, Skype, and popular email …
Darren Pauli, 18 May 2016

Nuisance caller fined a quarter of a million pounds by the ICO

A claims spam company from Blackburn has been fined £250,000 by the Information Commissioner's Office (ICO) after making over 17.5 million nuisance calls. Check Point Claims had harassed people illegally with automated calls encouraging them to claim compensation for job-related hearing loss. The ICO launched its …

Malware on Google Play

More apps with malware have been found in Google's app store. Several applications are infected with the "Viking Horde" malware, including Viking Jump, Wi-Fi Plus, Memory Booster, Parrot Copter, and Simple 2048, security firm Check Point warns. The Viking Horde malware creates a mobile botnet for ad-click fraud and scamming …
John Leyden, 11 May 2016

Google can't hold back this malware running riot in its Play store

Security researchers have discovered a strain of Android malware that keeps finding its way onto Google Play – despite the store supposedly being scrubbed clean of infiltrated apps. The software nasty – Android.Spy.277.origin – is hidden in more than 100 applications on Google Play. Sketchy programs harboring the malware …
John Leyden, 26 Apr 2016

Check Point chugs on: Profits and revenues up despite volatile market

Check Point’s share price has dipped a touch after the firm reported lacklustre Q1 financial results. During the first quarter ending 31 March 2016, Check Point’s total revenues came in at $404m, compared to $373m in the first quarter of 2015, a nine per cent increase year-on-year. Its GAAP net income rose, albeit modestly. …
John Leyden, 21 Apr 2016
money_currencies_648

Baddies' brilliant plan to get mobile malware whitelisted: Bribery

Criminals have resorted to bribes in order to smuggle malware into the source code of mobile gaming apps. The scam, in which malware authors bribed the employees of a legitimate mobile games company in China to embed malware into mobile apps, was uncovered by security researchers from Check Point. The bribe ensured that …
John Leyden, 11 Apr 2016
Man gesticulates furiously in front of parked car. Photo by Shutterstock

Neighbour sick of you parking in his driveway? You'd better hack-proof your car

Car security startup Karamba Security has emerged from stealth with $2.5m in funding and a plan to revamp in-car security. Karamba has developed a technology that hardens the externally-facing electronic control unit (ECU) of cars in order to defend against hack attacks. The software is designed to protect a car's externally …
John Leyden, 07 Apr 2016

Unpatched stealthy iOS MDM hack spells ruin for Apple tech enterprises

Black Hat Asia Enterprises the world over are at risk from a seamless new attack that allows the latest Apple devices to be quietly compromised in what researchers say requires a total overhaul of Cupertino's enterprise provisioning architecture for mobile device management. The unpatched hack – dubbed SideStepper and crafted by Israel-based …
Darren Pauli, 31 Mar 2016

Hospital servers in crosshairs of new ransomware strain

Security types are warning hospitals to stay on alert for a "widespread campaign" targeting vulnerable servers with new strains of ransomware. The SamSam ransomware variant targets vulnerable servers with criminals breaking into networks and infecting as many systems as they can access. Cisco's Talos threat man Nick Biasini …
Darren Pauli, 30 Mar 2016

Infosec bods pop mobile money crypto by 'sniffing' e-mag radiation

Researchers have broken the encryption schemes used in mobile money transfers by “sniffing” electromagnetic radiation from smartphones. The work, by researchers from the Check Point Institute for Information Security at Tel Aviv University and the University of Adelaide, offers further evidence that TEMPEST-style side channel …
John Leyden, 17 Mar 2016

Android device manager app vuln leaves millions at risk of pwnage

Flaws in a widely used Android device manager app leave users at risk of phone data hijacking and malicious code execution unless they update their smartphones, security researchers warn. Flaws in the AirDroid, a free device manager app which allows users to access their Android devices through their computers, leave an …
John Leyden, 19 Feb 2016
wham_bang by Roy Lichtenstein

Israeli military techies cook up security alerts software

Lessons from building the threat intelligence platform for the Israeli Defence Force form the technical foundations of a new security startup called Siemplify. Siemplify’s tech is designed to contextualise threat alerts from the disparate array of security technologies on enterprise networks (anti-malware, intrusion detection …
John Leyden, 18 Feb 2016

Disputed eBay platform vuln poses ‘severe risk’ to tat bazaar's users

A vulnerability in eBay’s online sales platform creates a mechanism for crooks to sling malware or run phishing campaigns. The vulnerability allowed hackers to bypass eBay’s code validation mechanisms, thereby allowing them to push malicious Javascript code towards targeted eBay users. If the flaw is left unpatched, eBay’s …
John Leyden, 02 Feb 2016
Couple holding hands. Pic: Marina Aguiar

Israeli security firms Check Point, CyberArk in talks – report

Israeli security firm Check Point is reportedly in preliminary talks with local rival CyberArk about a possible acquisition/merger. Rumours of the courtship surfaced in Hebrew-language Israeli financial newspaper TheMarker on Wednesday, and lead to twitterings in some quarters that we were about to witness the birth of some …
John Leyden, 13 Jan 2016
banksy_hmv_nipper_bazooka_648

TV streaming stick brings the movies and the network backdoors

Vulnerabilities in the EZCast TV streaming stick can allow a hacker to take full control of home networks, steal data and plant bots, researchers at security firm Check Point have warned, with the TV device's flaws effectively handing over root shell control over networks in users’ homes or offices. EZCast is a HDMI dongle- …
John Leyden, 08 Jan 2016
Cat 5 cable

Conficker, back from the undead, dominates malware threat landscape

Conficker was the most common malware used to attack UK and international organisations in October, accounting for 20 per cent of all attacks globally, according to security vendor Check Point. When it first appeared in November 2008, the Windows-affecting Conficker worm caused all manner of problems mainly because of its …
John Leyden, 01 Dec 2015

Outrageous OPSEC: What happens when skiddies play natsec

CheckPoint has raided the servers of a bumbling alleged Iranian hacking group using credentials hardcoded into malware, using its access to name suspected members. The Rocket Kitten group was revealed September 2014 and later in more detail March targeting organisations throughout the Middle East with persistent, successful, …
Darren Pauli, 10 Nov 2015
airplane just kidding shot

No C&C server needed: Russia menaced by offline ransomware

Miscreants have cooked up a new strain of ransomware that works offline and so might be more resistant to law enforcement takedown efforts as a result. The ransomware family (identified by various names by antivirus firms) manages to encrypt files on infected Windows PCs without storing the entire decryption key locally – and …
John Leyden, 05 Nov 2015

Cisco takes Security Everywhere™ to throw blanket over shadow IT

Cisco wants you to know it has Security Everywhere™, but that it doesn't mean it is Gossamer Thin. Rather, the messaging from the Borg is that its newly-boosted security suites cover just about everything that needs to be securable. That it says includes the things you don't know you even own, or to use advertising lingo, …
Darren Pauli, 04 Nov 2015
malware_security_648

Cyber crims up the ante with Google Play brainteaser malware

Android malware bundled in an intelligence-testing game has been published to the official Google Play Store, not once but twice, claiming hundreds of thousands of victims in the process. Dodgy versions of a gaming app called BrainTest were able to bypass Google’s security scanning of mobile apps using a range of techniques. …
John Leyden, 22 Sep 2015
shutterstock_197065211

Oh snap! Yap app WhatsApp chaps zap .BAT trap in hack flap

The web version of phone chat app WhatsApp – yes, there's a web version – allowed internet lowlifes to fire off malware at potentially millions of PCs, apparently. WhatsApp Web runs in your browser, and allows you to message friends and follow conversations just as you would on your mobe. We're told Check Point security …
Chris Williams, 08 Sep 2015
angry_woman_mobile_cropped_648

BYOD? More like CYOD as companies still set the parameters

Companies are rapidly expanding the volume of mobile devices used by their employees. The number of devices enrolled in business grew by 72 per cent during the whole of last year, compared with 2013. Moreover, a Good Technology survey in the first quarter of 2015 found 72 per cent of those devices ran iOS, 26 per cent Android …
Andy Favell, 25 Aug 2015
Smilin' Marv

Mobile device screens recorded using the Certifi-gate vulnerability

Vulnerable plug-ins have been installed on hundreds of thousands of Android devices, allowing screens to be recorded, according to data from the scanning tool which discovered that the so-called Certifi-gate vulnerability is already being exploited in the wild. The Certifi-gate vulnerability was disclosed by security …
John Leyden, 25 Aug 2015

Patching a fragmented, Stagefrightened Android isn't easy

Android users face a triple patching headache with the recent discovery of a collection of serious vulnerabilities affecting smartphones and tablets running Google's mobile operating system. Security experts warn that the fragmented nature of Android devices will make patching more difficult than it would be in updating PCs. …
John Leyden, 12 Aug 2015

Android faces SECOND patching crisis, on the same scale as Stagefright

Hours after Google and smartphone makers promised an imminent patch for the infamous Stagefright vulnerability another critical flaw in Android is being outed. The “Certifi-gate” vulnerability allows applications to gain illegitimate privileged access rights, typically reserved for remote support applications that are either …
John Leyden, 06 Aug 2015

Wordpress issues second urgent patch in two weeks

Weary Wordpress worker-bees are being asked to hit the "Update" button again. Just a couple of weeks after an XSS vulnerability forced a July 24th call to upgrade to Wordpress 4.2.3, a handy collection of vulns mean it's time to run in version 4.2.4. At least Wordpress has an easy upgrade mechanism. The new vulnerabilities …
Android icon desktop toys

Fragmented Android development creating greater security risks

The fragmentation of Android is creating additional security risks, as the rush to release new devices without sufficient testing is inadvertently introducing security flaws, security researchers have warned. The researchers – Xiaoyong Zhou, Yeonjoon Lee, Nan Zhang, Muhammad Naveed and XiaoFeng Wang – uncovered flaws in …
John Leyden, 20 Jul 2015
padlock

US dominates net-security patents, China, Canada and Oz on the advance

The US, China, Canada and Australia are the world's major sources of security patents, according to analysis by LexInnova. The company issued a report on Friday looking at the market for security patent licensing. It'll come as no surprise that Cisco is the 800-pound gorilla of the security game with 6,442 patents (followed …
swiss_cheese_648

Symantec announces latest grand fromage prior to split

Symantec has appointed another senior exec to its team, ahead of a major corporate restructuring which will see the firm split into two by the end of the year. The company today named Keith Bird, UK boss of Check Point, as its next managing director for Northern Europe. The division will effectively undo the 2004 acquisition of …
Kat Hall, 17 Jun 2015
Lock security

Check Point snaps up mobile security outfit Lacoon

Check Point is buying Lacoon Mobile Security, in a deal that expands the security software firm beyond its core firewall and IDS market while pushing it further into mobile. Terms of the deal, announced Thursday, were undisclosed. Lacoon develops security apps for both iOS and Android, as well as marketing real-time mobile …
John Leyden, 02 Apr 2015
Spying image

Mystery 'Explosive' cyber-spy campaign traced back to Lebanon

A nation-state cyber-attack campaign running since 2012 has been traced back to a somewhat unlikely launchpad in Lebanon. Security researchers at Check Point reckon hackers behind the so-called Volatile Cedar campaign have hit defence contractors, telecommunications and media companies, and educational institutions in multiple …
John Leyden, 01 Apr 2015

Broadband routers: SOHOpeless and vendors don't care

Feature It is far more common to find routers with critical flaws than without – Craig Young It's sad that end-user education about strong passwords, password safes, and phishing can be undone by something as innocuous as the blinking box in the corner of your room. – Peter Adkins Introduction Home and small business router …
Darren Pauli, 05 Mar 2015
Lock security

Check Point buys bare-metal security upstart Hyperwise

Check Point has pounced early to buy up stealth-mode security startup Hyperwise, which does sandboxing on the CPU itself rather than in the OS. Financial terms of the deal, announced on Wednesday, were not disclosed. Israel-based Hyperwise’s CPU level threat prevention technology is designed to throttle malware-based attacks at …
John Leyden, 18 Feb 2015
management regulation1

Symantec to cough up $17m after bloody dust-up with patent troll

Symantec must pay out $17m after losing a patent infringement battle to IP-hoarding house Intellectual Ventures. A jury in Delaware found in favor of Intellectual Ventures on two of three infringement claims, awarding the biz $8m in damages for one claim and $9m for the other. Symantec was found to have infringed on two patents …
Shaun Nichols, 10 Feb 2015
A Wren reenactor at Bletchley

Brits need chutzpah to copy Israeli cyberspies' tech creche – ex-spooks

Feature Israel's intelligence agency, Unit 8200, has been a production line for hi-tech startups since the 1980s, a success British politicians are now seeking to emulate. Yet replicating that success in Blighty may be difficult because of cultural and environmental differences that may prove difficult to overcome. Cabinet Office …
John Leyden, 26 Jan 2015

Misfortune Cookie crumbles router security: '12 MILLION+' in hijack risk

Infosec biz Check Point claims it has discovered a critical software vulnerability that allows hackers to hijack home and small business broadband routers across the web. The commandeered boxes could be used to launch attacks on PCs and gadgets within their local networks. More than 12 million low-end SOHO routers worldwide are …
John Leyden, 18 Dec 2014
android tongue

Bad news, fandroids: He who controls the IPC tool, controls the DROID

A security flaw in a core message-passing mechanism leaves every Android device potentially vulnerable to attack, security researchers warned on Thursday. The newly discovered flaw enables hackers to override in-app security features, leaving critical apps such as mobile banking susceptible to tampering. The same vulnerability …
John Leyden, 16 Oct 2014

Bugzilla code critters blab your security sinners, warns Mozilla

The Mozilla Foundation has warned of a number of recently discovered vulnerabilities in its Bugzilla bug-tracking tool that could give attackers access to sensitive information about software projects. One particularly serious flaw allows attackers to bypass email verification phase when creating new Bugzilla accounts, meaning …
Neil McAllister, 07 Oct 2014
Playmobil's Security Check Point

Locking it down: Steps to Oracle database security

Workshop How secure is your Oracle database? One of the DBA's roles is to ensure that the database is reliable and available, and to maintain the integrity of its data. Adequate system security is a big part of that process, and the more that you can do to lock down your database, the happier your compliance department and IT director …
Robin Birtstone, 16 May 2014

Canadian taxman says hundreds pierced by Heartbleed SSL skewer

The Canadian Revenue Agency has blamed the theft of 900 social insurance numbers on the infamous Heartbleed vulnerability. The Canadian taxman specifically blamed the data breach on a serious security shortcoming in widely used Open SSL technology discovered last week. What's significant is not the size of the breach, which is …
John Leyden, 14 Apr 2014

Use MediaWiki and hate malware? This patch is for you

Check Point Software Technologies has announced a remote code execution bug in the popular MediaWiki platform that powers Wikipedia. As detailed here: “Your MediaWiki installation is affected by a remote code execution vulnerability if you have enabled file upload support for DjVu (natively supported by MediaWiki) or PDF files ( …

Hackers steal 'FULL credit card details' of 376,000 people from Irish loyalty programme firm

A hack attack against an Irish loyalty programme firm, Loyaltybuild, has led to the theft of the full credit card details of at least 376,000 consumers, says the country's data protection watchdog. According to the results of a preliminary investigation by the Office of the Data Protection Commissioner (ODPC), credit card and – …
John Leyden, 14 Nov 2013