A podcast that follows CheckPoint’s Threat Intelligence Group analysts and researchers as they scour the internet for new threats and vulnerabilities.
Produced by PI Media LTD
!#002#
A podcast that follows CheckPoint’s Threat Intelligence Group analysts and researchers as they scour the internet for new threats and vulnerabilities.
Produced by PI Media LTD
!#002#
Copyright: © Copyright PI Media
Once every year, Check Point releases an annual report reviewing the biggest events and trends in cybersecurity. In this episode we'll break down the latest iteration, focusing on its most important parts, to catch you up on what you need to know most in 2024.
For years now, Iran’s state-sponsored hackers have been some of the most prolific in the world. But prolific does not necessarily mean sophisticated -- its attacks haven’t quite impressed in the way that the U.S., Russia, and China’s do. But in a campaign recently uncovered by CheckPoint, one Iranian APT unleashed tools and tactics unlike anything we’ve seen from the country before. If before they were at the kids’ table, this latest campaign suggests that they might have just moved up.
Once a year, Check Point Research releases a “mid-year report”: a summary of the first half of the calendar year in cybersecurity, including all of the major changes, trends, and events that defined January through June. Obviously a lot happens in that time, and so the reports end up rather long. Which is why, sometimes, we’ll do one of these episodes to summarize. Not every detail, but the biggest, most important things you should know.
Between corporations, governments, and the rest of us, billions are spent every year trying to secure cyberspace. Which makes it almost unbelievable to think that just one, simple policy change from one company -- with almost no cost to anybody, and no effort involved -- could alter the entire course of cyberspace. And yet, that is exactly what happened a year ago today.
For all the ridiculous spam calls in the world, but a small percentage of them are actually, legitimately, convincing. According to the Korean government, “voice phishing” compromises nearly 200 Korean citizens every day, with average financial losses around 8,500 dollars worth of Korean won.
If it’s that successful, surely, the scammers are doing something right. There’s more substance to these attacks than you might think.
In July 2021, several prominent human rights activists in Azerbaijan received the same phishing email that delivered them spyware, capable of causing significant harm to their personal and professional lives. But that was only the beginning of a story in which the domestic surveillance toolbox is fired in the midst of a small-scale cyberwar in the South Caucasus, the site of one of the most contentious political disputes on the planet.
In 2022, government APTs wiped out entire computer systems, hackers turned good software evil, and ransomware evolved into something entirely new. In this episode we'll review the biggest stories, most important trends, and cutting insights from the last year in cybersecurity.
Today's AI can beat humans at Jeopardy, chess, recognizing faces and diagnosing medical conditions. As of last Fall it can write malware, too. In fact, it can write an entire attack chain: phishing emails, macros, reverse shells, you name it. What do we do now?
Earlier this Fall, some users of the OpenSea trading platform posted dire messages to Twitter: all of the NFTs in their wallets were gone. Thousands of dollars worth of investments had suddenly disappeared. Soon it became clear: they were never getting their money back. This wasn’t just a glitch, it was a hack. But how?
For decades, hacktivism has been associated with groups like Anonymous. Recently, though, something has changed. An entirely new kind of hacktivist has arisen: one with more resources, capabilities and power than anything we've seen before.
Every year, ordinary people lose money in blockchain hacks. Could it be that this technology is simply insecure by nature? Or is there something we’re all missing -- something that can save this industry, and the millions of people who’ve invested their hard-earned money into it, from squandering billions of dollars every year?
How was the use of cyber manifested in the Russia-Ukraine war? Will Microsoft block VB macros?
We'll discuss all this and more while reviewing the Mid-Year Cyber Attack Trends report of 2022.
On March 23rd, 2022, individuals working at the most important defense research institutes in Russia all received variations of the same email. The messages appeared to be quite official, regarding sanctions for Ukraine. In reality they were traps, planted by a mysterious foreign APT.
Five years ago today, the world witnessed the most destructive ransomware attack ever. Its name was Wannacry, and it changed everything. What happened, how has ransomware evolved since, and have we learned our lesson? Or could something just like it happen again?
The Conti group tallied over 700 victims, including many multi-million-dollar corporate, government and healthcare organizations. Then, in their most publicized move yet, they put their full backing behind the Russian invasion of Ukraine.
One anonymous researcher decided enough was enough. They hacked the hackers, and leaked the innermost details of their operation, giving us an inside look into arguably the most dangerous ransomware operation on the planet.
Did you know that in 2021 there has been a 40% increase in weekly average number of cyber attacks compared to 2020? That is just one of the fascinating findings in the report published by Check Point due to the Cybersecurity Awareness Month. In this episode we will talk about the interesting findings and their implication.
You own some pretty "smart" computers. The laptop on your desk, the phone in your pocket, the system that runs your car. But you're also surrounded by "dumb" computers--simple machines, like your alarm clock, your computer mouse, your refrigerator. We all know that smart computers can be hacked, but what about the dumb ones? Could someone hack your watch? How about your e-book reader? How would it work? What would happen if they did?
It seemed like a totally normal day--people went to work, to school, to get away for an early weekend. Then, across the country of Iran, trains began to freeze in place. The system for tracking them went down. And, on display screens in stations across the country, a message was posted: the country was under attack...
In this episode of “Cyber Academy" we will talk about the CVE database. What's a CVE? What do the numbers attached to the CVE mean? Are they random or not? Why do we need to catalogue CVEs? What is the connection between CVEs and dictionaries, phonebooks and the deep blue sea? Who is Mitre? and what do you do if you discover a CVE all by yourself? About CVEs, vulnerabilities and a lot more in this new episode of "Cyber Academy".
Check Point Research (CPR) finds security flaws in Atlassian, a platform used by 180,000 customers worldwide to engineer software and manage projects. With just one click, an attacker could have used the flaws get access to the Atlassian Jira bug system and get sensitive information such as security issues on Atlassian cloud, Bitbucket and on premise products.
In this episode of "Cyber Academy" we will talk about viruses, worms and trojans. What is the difference between these three types of malware and what they have in common. We will talk about their evolvement since the early days of the internet till today. How in the past there was a clear distinction between them and today classifying them is a bit more complicated.
Last May, in one of the most brazen attacks ever attempted, cybercriminals from Eastern Europe shut down the supply of gasoline to most of the east coast of the United States. Past the many millions of people affected, and the many millions of dollars lost, it was a message: that ransomware can have world-altering consequences.
It wasn't that long ago that ransomware didn't even exist. How did we get to this point? And is there any way to stop this most popular trend in cybercrime, before it's too late?
In this episode of “Cyber Academy, we will talk about Botnets. What are Botnets used for? How does the Botmaster, the attacker, control the bots he has under his control? We will talk about the different aspects of this modern-day crime. For example how it's connected to spam mail or bitcoins. Are Botnets an ingenious way to make "easy money" or do Botmasters have to work hard just like everybody else…About the creative "mouse and cat" game played against Botmasters and a lot more in the second episode of Cyber Acadamy.
Would you use a computer without any kind of antivirus? Would you put your personal photos on that device? Use it to text and email? Access your bank? It turns out: you're probably already doing all of these things. The most sensitive, least protected device in your life is in your pocket right now.
In our previous episodes, you heard the term "vulnerabilities" more than once. But what exactly does it mean? What stands behind this big word?
For such terms and questions, we create the format of "Cyber Academy''. In each "Cyber Academy' episode, we’ll bring you a single topic - usually a basic term, an idea or a technology related to cybersecurity - and cover the basics of what you need to know about that topic, in order to better understand cybersecurity and its complexities.
So, enough with the introductions - let’s dive straight into our first topic: Vulnerabilities.
In 2020 hospitals were hit with ransomware, corporations with phishing attacks, and we saw one of the biggest hacks ever conceived: the SolarWinds breach. It was a groundbreaking year, so in this episode we're summarizing the most important things you need to know. A SparkNotes for cybersecurity in 2020.
When the Pfizer and Moderna vaccines were first approved, almost nobody could get one. Meanwhile, on the darknet, cybercriminals were offering deals on mass shipments. Most people still aren't inoculated today, yet the darknet market for vaccines is thriving.Is the darknet getting vaccines while the rest of us can't? What's actually going on?
In the summer of 2016, a group of anonymous hackers hacked into the NSA and released some of the most powerful exploits ever developed. The ramifications of that leak would be felt for years to come, in some of the most destructive cyber attacks on record.
But even all these years later there are mysteries yet unsolved, and stories that seem to contradict what we thought we knew all along.
The recent SolarWinds breach was one of the most sophisticated, complex cyber operations in history. By the end 18,000 companies, including a dozen U.S. federal agencies, were compromised. How did the hackers pull it off?
A man goes on Dubai T.V to discuss national security in the Middle East. 1,000 miles north, a social activist uses Telegram to organize anti-government activity. 5,000 miles north, an immigrant applies for a driver's license in Sweden. None of these people know one another, but they're all about to fall victim to the same attack. An attack that changes the way we view one of the world's biggest powers.
DNS is the phone book of the internet--it's how your computer knows where to go to reach the website you want to visit. It's no stretch to say that, without functioning DNS, the internet as we know it could not exist. So imagine what would happen if you could completely compromise it..
Most people place their virtual assistants in their living room or bedroom. This makes it very easy to interact with cyberspace while you're laying around, watching T.V., or doing dishes. It also means that you're allowing a listening device into the most sensitive spaces in your home. What if somebody were able to take control of that device? To make commands on your behalf, interact with your personal data, and listen to you when you don't realize it?
When Gal Elbaz came across a modest GIF parser sitting in a remote corner of GitHub, he wasn't exactly looking for trouble. But he found it. What was so troublesome about this parser in particular? It wasn't popular, it was created by some unknown programmer, and it didn't have any extraordinary qualities. Except it was familiar. Gal had seen this code before...
Major tech companies understand that their brands are only as strong as they are safe to use, so they set bounties on vulnerabilities: hundreds of thousands of dollars, a million dollars, to any programmer who can find a hole in their sites. White hat hackers comb every line of code to try and earn the grand prize, and in return, the companies gain peace of mind knowing the smartest minds out there can’t break in.
You might think, then: if so much money goes towards securing these platforms, they must be unbreakable. But you’d be surprised what’s out there.
In the next few episodes of CPRadio, we're going to run through--step by step--how to hack some of the world's biggest apps. We begin, here, with Tik Tok.
In 2015, Khalifa Haftar--a fierce military general, known as "Libya's most potent warlord"--began an operation to take over the state of Libya. He led an insurgent army, slowly taking over the country's southern lands, headed straight for the capital of Tripoli. All the while, 'Khalifa Haftar' on Facebook was publishing updates about the war, even top-secret documents, to thousands of fans.
Why was one of the world's most significant military leaders posting classified documents to Facebook? He wasn't, of course. But what was actually going on was just as strange.
A new kind of man-in-the-middle attack is emerging, and it may just be the most lucrative method of hacking ever conceived.
The first publicized case of Ccoronavirus in the United States occurred in late February, 2020. Almost immediately, a different spread began: hackers, leveraging the global panic to spread new kinds of malicious cyber threats. Whether the new, COVID-related malware succeeded would depend on one question: does fear and uncertainty make us more hackable?
Phishing is the oldest trick in the book—we're all familiar with it by now. Yet for the past few years, Canadian companies had been falling victim to an ordinary phishing campaign. What made this threat different?
It began with a "Google" security email. But the trail of breadcrumbs traced back to something much, much bigger: a laser-targeted hacking campaign that put its targets' lives in danger.
Last year, iOS, Zynga, Facebook and Capital One were hacked. Personal information from over a billion people were exposed in data breaches, and new kinds of attacks we've hardly seen before came to dominate cyberspace. Check Point reviews the biggest trends, events and stories of the past year in its annual report, out now.
The world's premier cyber espionage agency built one of the world's most advanced cyber tools. When it was leaked, most of the security sector was stunned. Hidden away at the other end of the world, however, a worthy adversary had already deployed the same attack tool. How'd they got their hands on it? And who's been spying on whom this whole time?
This podcast is produced by P.I. Media for Check Point.
The most popular video game in the world has a problem: a black market economy has developed around its in-game currency. Cybercriminals are hacking user accounts, juicing credit cards, and selling virtual currency for real-life dollars and cents. To ensure fun and safety for players, the cycle must be stopped.
This podcast is produced by P.I. Media for Check Point.
The Middle East is a turbulent and explosive region, to put it mildly – and that is why when Aseel Kial, a Malware Analyst at CheckPoint, came across a new malware targeting ISIS operatives, she wasn't terribly surprised. The surprise came, however, when she found out who is behind the target attack, and the social engineering techniques they used. An ISIS-themed birthday cake, anyone?…
This podcast is produced by P.I. Media for Check Point.
What happens if a single baby monitor can be hacked? Powerful ransomware has caused outages in hospitals across the world, putting thousands of lives in danger. Medical devices–insulin injectors, heart monitors, pacemakers–are the next targets.
This podcast is produced by P.I. Media for Check Point.