CPR recently discovered a dating app with over 10 million downloads that had vulnerabilities, allowing precise location determination of their users, even with distance display being disabled.
research.checkpoint.com/2024/the-illus…

Our new research reveals how AI shapes election campaigns globally, from deepfakes to disinformation.

Dive into our latest analysis on the the contentious role of AI in politics :

research.checkpoint.com/2024/beyond-im…

In our recent publication, we look at Agent Tesla campaigns behind the scenes and reveal the identities of the actors responsible for the attacks against US and AU customers.👇
research.checkpoint.com/2024/agent-tes…

Malware spotlight: Meet the latest version of Linodas, the Linux sister RAT to DinodasRAT/XDelear
🐧 V11 of the extensive and well-developed Linux RAT
🕵️ New and unique filter module, hiding malware traces
Read more research.checkpoint.com/2024/29676/

We've noticed Microsoft has recently patched our MS-Access NTLM info-leak bug discussed at research.checkpoint.com/2023/abusing-m…. We've updated our blog post and we recommend users be careful when encountering the newly-introduced warning dialog on Microsoft Access.

Magnet Goblin, a financially-motivated threat actor:
🕐Quickly leverages 1-day vulnerabilities
🐧Uses a novel Linux version of a malware - NerbianRAT
🎯Targets multiple devices such as Ivanti, Magento, possibly Qlik Sense and Apache ActiveMQ.
👉Read more:
research.checkpoint.com/2024/magnet-go…

Today, we're disclosing an overlooked, wide-impact bug/attack vector affecting the Windows/COM ecosystem, dubbed #MonikerLink . In Outlook, the bug's impact is far and wide: from leaking NTLM creds to RCE. The same issue may exist in other software, too. research.checkpoint.com/2024/the-risks…

Malicious documents with 5-year-old CVEs could be considered useless anymore. In reality, in 2023, they were used by big malware names and targeted lucrative sectors. Check out our report covering this group of maldocs from different perspectives.
research.checkpoint.com/2024/maldocs-o…

#RaspberryRobin continues to rapidly improve itself -- using homebrew exploits for two 1-day LPE vulnerabilities that had no public implementation at the time, among other surprises 👇
research.checkpoint.com/2024/raspberry…

.NET Hooking - Harmonizing Managed Territory CP<r> provides a walk through the .NET hooking using the #Harmony library

🛠️ Common Examples of Implementation
💪 Defeating the #ConfuserEx2 string obfuscation
⚠️ Harmony hooking from the #dnSpyEx context
research.checkpoint.com/2024/net-hooki…

#Rhadamanthys stealer keeps evolving.
In our new blog, hasherezade takes you on a deep dive into version 0.5.0, layer by layer, discovering new features and techniques.
research.checkpoint.com/2023/rhadamant…

Outlook emails: More than meets the eye? Our new article explores the adventurous world of email attachments and links and why they might be party crashers in your security system. Knowledge is your best defense.
research.checkpoint.com/2023/the-obvio…

Amid the ongoing Israel - Hamas war, we are actively tracking relevant regional threats. Learn more about the evolution of the SysJoker backdoor:

🃏 New version rewritten in Rust

⚡️Connections to Operation Electric Powder

🎯Targets Israel

👉 research.checkpoint.com/2023/israel-ha…

We've recently conducted an analysis of the latest Linux ransomware campaigns, exploring key distinctions in maturity, objectives, and campaign patterns when compared to Windows ransomware. Stay tuned for insights! 🕵️‍♂️🔒
research.checkpoint.com/2023/the-platf…

Analyzing #LitterDrifter , Gamaredon's most recent USB worm:

🪱 LitterDrifter is VBS worm that propagates over USBs

🇺🇦 Ukraine remains the primary target for Gamaredon

💻Relies on Gamaredon's vast and flexible C2 infrastructure

Read more-->
research.checkpoint.com/2023/malware-s…