31.05.2024

VPN Check Point Configuration Error Warning
As of May 24, 2024, analysts at Check Point have identified an abnormal surge in attempts to access Check Point gateways using outdated local accounts, specifically through the VPN module, employing an unadvised authentication method — solely password-based. Authentication via password only is considered unreliable in ensuring adequate security in today's IT environment.
The error pertains to the VPN authentication mechanism, enabling malicious actors to circumvent protection and gain access to an organization's internal network. Attention to this issue should primarily be directed towards companies utilizing Check Point VPN solutions with local users lacking MFA.
Recommendations:● Promptly review the error details via the following link: https://support.checkpoint.com/results/sk/sk182336● Check your network security settings and implement additional protective measures as necessary.

New Pulsing DoS Attack Method Discovered
Researchers at Tsinghua University in Beijing, China, have unearthed a novel approach to launching large-scale DDoS attacks utilizing DNS traffic.
Dubbed DNSBomb, this fresh DoS attack vector leverages multiple widely deployed mechanisms to enhance the reliability and availability of the Domain Name System (DNS). It accumulates DNS requests sent at a low rate, consolidating them into short, high-intensity bursts of volumetric traffic.
This overwhelms and disrupts TCP traffic streams in target systems and services. The research team asserts that they tested their technique on 10 major DNS programs and 46 public DNS services, managing to initiate DNSBomb at speeds up to 8.7 Gbps, amplifying DNS traffic to 20,000 times its initial size, marking a significant amplification factor.

Vulnerability in R Programming Language
Researchers at HiddenLayer have uncovered vulnerability CVE-2024-27322 (CVSS: 8.8) in the R programming language. This vulnerability enables arbitrary code execution through the deserialisation of untrusted data. This vulnerability can be exploited via the loading of R Data Serialization (RDS) files or R packages, which developers and data researchers commonly use.
An attacker can exploit this by crafting an RDS file containing an instruction to set the value to unbound_value and an arbitrary code expression. Due to lazy evaluation, the expression will only be computed and executed upon accessing the symbol associated with the RDS file. If a user assigns a symbol (variable) to the RDS file for manipulation, arbitrary code will execute when the user accesses that symbol. If the object is compiled into an R package, this package can be added to the R repository, and arbitrary code will execute when a user downloads this package.
The R project has released an update addressing this vulnerability.
Source: HiddenLayer Research

Vulnerability Detected in Telegram Web Application
Security researcher Pedro Batista recently discovered a significant Cross-Site Scripting (XSS) vulnerability in the Telegram web application. This vulnerability could potentially allow attackers to hijack user sessions with a single click.
The Telegram team promptly addressed the vulnerability in versions of Telegram WebK 2.0.0 (486) and below through a patch released on March 11, 2024.
Exploiting the vulnerability leveraged the web_app_open_link event in Telegram mini-applications, widely used for cryptocurrency payments on the TON blockchain. By creating a malicious mini-application, attackers could initiate unauthorized code execution within the parent window context, compromising user data.
Source: Security Mailing List

Exploitation of Foxit PDF Reader Vulnerability for Malware Distribution
Numerous cybercriminals are exploiting a vulnerability in Foxit PDF Reader to disseminate various forms of malicious software, including Agent Tesla, AsyncRAT, DCRat, and others. According to a technical report from Check Point, this exploit can trigger security warnings, coercing unsuspecting users into executing malicious commands.
Through this vulnerability, cybercriminals utilize PDF files to deploy various types of malware, including Remcos RAT.
Foxit has pledged to address this vulnerability in version 2024.3.
Source: The Hacker News