In the grand scheme of cybersecurity, the design issue in Foxit PDF Reader was really very minor. But it revealed a much larger and more impactful phenomenon that we’ll probably have to deal with for as long as there are computers around: the instinct to click ‘Ok’.
Once every year, Check Point releases an annual report reviewing the biggest events and trends in cybersecurity. In this episode we'll break down the latest iteration, focusing on its most important parts, to catch you up on what you need to know most in 2024.
For years now, Iran’s state-sponsored hackers have been some of the most prolific in the world. But prolific does not necessarily mean sophisticated -- its attacks haven’t quite impressed in the way that the U.S., Russia, and China’s do. But in a campaign recently uncovered by CheckPoint, one Iranian APT unleashed tools and tactics unlike anything we’ve seen from the country before. If before they were at the kids’ table, this latest campaign suggests that they might have just moved up.
Once a year, Check Point Research releases a “mid-year report”: a summary of the first half of the calendar year in cybersecurity, including all of the major changes, trends, and events that defined January through June. Obviously a lot happens in that time, and so the reports end up rather long. Which is why, sometimes, we’ll do one of these episodes to summarize. Not every detail, but the biggest, most important things you should know.
Between corporations, governments, and the rest of us, billions are spent every year trying to secure cyberspace. Which makes it almost unbelievable to think that just one, simple policy change from one company -- with almost no cost to anybody, and no effort involved -- could alter the entire course of cyberspace. And yet, that is exactly what happened a year ago today.
For all the ridiculous spam calls in the world, but a small percentage of them are actually, legitimately, convincing. According to the Korean government, “voice phishing” compromises nearly 200 Korean citizens every day, with average financial losses around 8,500 dollars worth of Korean won. If it’s that successful, surely, the scammers are doing something right. There’s more substance to these attacks than you might think.
In July 2021, several prominent human rights activists in Azerbaijan received the same phishing email that delivered them spyware, capable of causing significant harm to their personal and professional lives. But that was only the beginning of a story in which the domestic surveillance toolbox is fired in the midst of a small-scale cyberwar in the South Caucasus, the site of one of the most contentious political disputes on the planet.
In 2022, government APTs wiped out entire computer systems, hackers turned good software evil, and ransomware evolved into something entirely new. In this episode we'll review the biggest stories, most important trends, and cutting insights from the last year in cybersecurity.
Today's AI can beat humans at Jeopardy, chess, recognizing faces and diagnosing medical conditions. As of last Fall it can write malware, too. In fact, it can write an entire attack chain: phishing emails, macros, reverse shells, you name it. What do we do now?
Earlier this Fall, some users of the OpenSea trading platform posted dire messages to Twitter: all of the NFTs in their wallets were gone. Thousands of dollars worth of investments had suddenly disappeared. Soon it became clear: they were never getting their money back. This wasn’t just a glitch, it was a hack. But how?
For decades, hacktivism has been associated with groups like Anonymous. Recently, though, something has changed. An entirely new kind of hacktivist has arisen: one with more resources, capabilities and power than anything we've seen before.
Every year, ordinary people lose money in blockchain hacks. Could it be that this technology is simply insecure by nature? Or is there something we’re all missing -- something that can save this industry, and the millions of people who’ve invested their hard-earned money into it, from squandering billions of dollars every year?
How was the use of cyber manifested in the Russia-Ukraine war? Will Microsoft block VB macros? We'll discuss all this and more while reviewing the Mid-Year Cyber Attack Trends report of 2022.
On March 23rd, 2022, individuals working at the most important defense research institutes in Russia all received variations of the same email. The messages appeared to be quite official, regarding sanctions for Ukraine. In reality they were traps, planted by a mysterious foreign APT.
Five years ago today, the world witnessed the most destructive ransomware attack ever. Its name was Wannacry, and it changed everything. What happened, how has ransomware evolved since, and have we learned our lesson? Or could something just like it happen again?
The Conti group tallied over 700 victims, including many multi-million-dollar corporate, government and healthcare organizations. Then, in their most publicized move yet, they put their full backing behind the Russian invasion of Ukraine. One anonymous researcher decided enough was enough. They hacked the hackers, and leaked the innermost details of their operation, giving us an inside look into arguably the most dangerous ransomware operation on the planet.
Did you know that in 2021 there has been a 40% increase in weekly average number of cyber attacks compared to 2020? That is just one of the fascinating findings in the report published by Check Point due to the Cybersecurity Awareness Month. In this episode we will talk about the interesting findings and their implication.
You own some pretty "smart" computers. The laptop on your desk, the phone in your pocket, the system that runs your car. But you're also surrounded by "dumb" computers--simple machines, like your alarm clock, your computer mouse, your refrigerator. We all know that smart computers can be hacked, but what about the dumb ones? Could someone hack your watch? How about your e-book reader? How would it work? What would happen if they did?
It seemed like a totally normal day--people went to work, to school, to get away for an early weekend. Then, across the country of Iran, trains began to freeze in place. The system for tracking them went down. And, on display screens in stations across the country, a message was posted: the country was under attack...
In this episode of “Cyber Academy" we will talk about the CVE database. What's a CVE? What do the numbers attached to the CVE mean? Are they random or not? Why do we need to catalogue CVEs? What is the connection between CVEs and dictionaries, phonebooks and the deep blue sea? Who is Mitre? and what do you do if you discover a CVE all by yourself? About CVEs, vulnerabilities and a lot more in this new episode of "Cyber Academy".
Check Point Research (CPR) finds security flaws in Atlassian, a platform used by 180,000 customers worldwide to engineer software and manage projects. With just one click, an attacker could have used the flaws get access to the Atlassian Jira bug system and get sensitive information such as security issues on Atlassian cloud, Bitbucket and on premise products.
In this episode of "Cyber Academy" we will talk about viruses, worms and trojans. What is the difference between these three types of malware and what they have in common. We will talk about their evolvement since the early days of the internet till today. How in the past there was a clear distinction between them and today classifying them is a bit more complicated.
Last May, in one of the most brazen attacks ever attempted, cybercriminals from Eastern Europe shut down the supply of gasoline to most of the east coast of the United States. Past the many millions of people affected, and the many millions of dollars lost, it was a message: that ransomware can have world-altering consequences. It wasn't that long ago that ransomware didn't even exist. How did we get to this point? And is there any way to stop this most popular trend in cybercrime, before it's t...
In this episode of “Cyber Academy, we will talk about Botnets. What are Botnets used for? How does the Botmaster, the attacker, control the bots he has under his control? We will talk about the different aspects of this modern-day crime. For example how it's connected to spam mail or bitcoins. Are Botnets an ingenious way to make "easy money" or do Botmasters have to work hard just like everybody else…About the creative "mouse and cat" game played against Botmasters and a lot more in the second ...
Would you use a computer without any kind of antivirus? Would you put your personal photos on that device? Use it to text and email? Access your bank? It turns out: you're probably already doing all of these things. The most sensitive, least protected device in your life is in your pocket right now.
In our previous episodes, you heard the term "vulnerabilities" more than once. But what exactly does it mean? What stands behind this big word? For such terms and questions, we create the format of "Cyber Academy''. In each "Cyber Academy' episode, we’ll bring you a single topic - usually a basic term, an idea or a technology related to cybersecurity - and cover the basics of what you need to know about that topic, in order to better understand cybersecurity and its complexities. So, enough with...
In 2020 hospitals were hit with ransomware, corporations with phishing attacks, and we saw one of the biggest hacks ever conceived: the SolarWinds breach. It was a groundbreaking year, so in this episode we're summarizing the most important things you need to know. A SparkNotes for cybersecurity in 2020.
When the Pfizer and Moderna vaccines were first approved, almost nobody could get one. Meanwhile, on the darknet, cybercriminals were offering deals on mass shipments. Most people still aren't inoculated today, yet the darknet market for vaccines is thriving.Is the darknet getting vaccines while the rest of us can't? What's actually going on?
In the summer of 2016, a group of anonymous hackers hacked into the NSA and released some of the most powerful exploits ever developed. The ramifications of that leak would be felt for years to come, in some of the most destructive cyber attacks on record. But even all these years later there are mysteries yet unsolved, and stories that seem to contradict what we thought we knew all along.
The recent SolarWinds breach was one of the most sophisticated, complex cyber operations in history. By the end 18,000 companies, including a dozen U.S. federal agencies, were compromised. How did the hackers pull it off?
