Check Point Warns of Zero-Day Attacks on its VPN Gateway Products
Check Point is warning of a zero-day vulnerability in its Network Security gateway products that threat actors have exploited in the wild.
Tracked as CVE-2024-24919 (CVSS score: 7.5), the issue impacts CloudGuard Network, Quantum Maestro, Quantum Scalable Chassis, Quantum Security Gateways, and Quantum Spark appliances.
« The vulnerability potentially allows an attacker to read certain information on Internet-connected Gateways with remote access VPN or mobile access enabled, » Check Point said.
Analysis from our SOC team
The CVE-2024-24919 is currently being exploited, and VPNs being an appealing target to hackers, it is crucial to install the latest patch. Guidance on this matter has been provided in Check Point FAQ.
Researchers from ThreatFabric discovered a macOS version of the LightSpy spyware that has been active in the wild since at least January 2024.
ThreatFabric observed threat actors using two publicly available exploits (CVE-2018-4233, CVE-2018-4404) to deliver macOS implants. The experts noticed that a portion of the CVE-2018-4404 exploit is likely borrowed from the Metasploit framework.
The macOS version of LightSpy supports 10 plugins to exfiltrate private information from devices.
Analysis from our SOC team
A common belief is that there are no viruses for macOS, giving users a false sense of security. While macOS is considered more secure than other operating systems due to its Unix-based foundation and strict security policies, it is not invulnerable. Attackers are well aware of this, which is one reason why we have noticed an increase in viruses targeting macOS in the last few years.
This article is a good reminder that no matter the system you use, you should always remain careful when browsing the internet, and keep your system and applications up-to-date.
On 14 May 2024, D-Link and the Zero Day Initiative reported publicly about 4 high to critical vulnerabilities in D-Link D-View 8. The reported vulnerabilities are CVE-2024-5296, CVE-2024-5297, CVE-2024-5298 and CVE-2024-5299.
D-View 8 is a network monitoring and traffic management software used by network administrators. There is presently no indication that these vulnerabilities have come under active exploitation (cut-off date: 28 May 2024).
Exploitation of these vulnerabilities have a high impact on confidentiality, integrity and availability.
Analysis from our SOC team
Monitoring tools are extremely useful to administrators, but can also be valuable to attackers, as it could help them, for example:
– Map the company network
– Gain information on the various assets
– Keep attacks under the radar
– Get access to monitored systems
To ensure your single pane of glass isn’t used against you, make sure it is well configured and up-to-date. D-Link reported that these vulnerabilities are fixed with software update v2.0.3.88
« Your tax return or simplified tax return proposal is available in MyMinfin (Tax-on-web) ». Messages of this kind are set to multiply over the coming weeks. But « tax return » also means an opportunity for scammers to send fraudulent messages using this theme. So be wary of messages you may receive from the FPS Finance, My eBox or the Region concerning missing data, possible refunds, etc.
Do not click on the links, as they will direct you to a fake site. Forward this message to suspicious@safeonweb.be and delete it permanently.
Analysis from our SOC team
The tips described in the article are what we would like to emphasize on as well. In general, do not take action as requested in the email. Instead of clicking on a link, navigate to the website yourself, this will greatly reduce the risk of falling victim to a scammer.
Forward suspicious messages to any of the three email addresses from Safeonweb.
– verdacht@safeonweb.be
– suspect@safeonweb.be
– suspicious@safeonweb.be
Our SOC is also available to assist in case there are any doubts or suspicions about text or mail messages.
