CheckMates Go: Cyber Security Podcast from Check Point

PhoneBoy talks about how XDR solutions should improve your cyber security posture, but not all do.

• XDR Researcher Turns XDR Software Into Perfect Malware
• What is XDR?
• Endpoint Security VPN configuration options are obscured in trac.config file
• Harmony Endpoint
• Sense of Urgency

A brief overview of the product announcements made at CPX 2024. The materials are available on CheckMates: https://community.checkpoint.com/t5/General-Topics/CPX-2024/m-p/208174#M34494 

Reviewing some of the top cyber security stories for 2023.  Hope to see everyone at CPX 2024!

In this episode, PhoneBoy talks about fraud and how to be resilient against it.

• 6 types of fraud to remain aware of (and other trends)
• 10 ways to reduce your risk of cyber fraud
• Quantum SASE

In this episode, PhoneBoy covers three stories:

• Kerberoasting attacks explained (and how to prevent them)
• 7 actionable security automation best practices
• 5 emerging malware threats, record-breaking malware activity

In this episode, PhoneBoy talks about the challenges with ensuring security with open-source software, which is in many products and services you use today.

In this episode, PhoneBoy talks with Aaron Brongersma about his exploration of AI tools, the issues with data residency and AI, the societal issues with AI, AI as a Service, and a few words about Quantum SASE.

Some questions and answers around Blockchain Security from our TechTalk on Blockchain Security.

PhoneBoy talks to Adam Gray, CTO of Novacoast about how ChatGPT is used by threat actors to compromise systems, the GPT-4 System Card, where ChatGPT seems to be useful in general with respect to cyber security, ChatGPT writing legal briefs, what early search engines and ChatGPT have in common, and how the more some things change, the more they stay the same.

A discussion between Check Point's Chief Strategy Officer Itai Greenberg and Idan Levin, Partner at Collider Ventures about the security trends related to blockchain security.

In this episode, PhoneBoy talks to Adam Gray, CTO of Novacoast to discuss some of what he's seen as part of their MSSP operations, including Living off the Land attacks, how AI is being actively used to exploit vulnerabilities, mobile security, CIS Controls, browser extensions, the data modern cars collect and share, password managers being a source of compromise, biometrics, why organizations use MSSPs like Pillr, automation and orchestration, vulnerability management, and Windows XP still being in use. 

In this episode, I talk about how over-provisioning identities in the cloud leads to "shadow access" by malicious actors...and what you can do about it.

• Eight Key Success Factors for Cloud-Native Application Protection (CNAPP)
• CloudGuard Cloud Native Application Protection Platform

In this episode, PhoneBoy talks about some of the more rogue uses of GPT-like tools.

• ChatGPT generates 'convincing' fake scientific article
• 'DarkBERT' GPT-Based Malware Trains Up on the Entire Dark Web
• The WormGPT case: How Generative artificial intelligence (AI) can improve the capabilities of cybercriminals and allows them to launch sophisticated attacks
• Lowering the Bar(d)? Check Point Research’s security analysis spurs concerns over Google Bard’s limitations

In this episode, PhoneBoy talks with Aaron Brongersma about the challenges of ensuring your code is secure, particularly when people who traditionally haven't written code are having to do so to leverage certain technologies like ChatGPT.

• VSCode Security: Malicious Extensions Detected- More Than 45,000 Downloads- PII Exposed, and Backdoors Enabled

Ralph Bonnell did a great session on DNS as a CheckMates TechTalk. You can access the materials (including some Q&A) here.

In this episode, PhoneBoy covers a few recent stories related to the legal and cybersecurity issues related to generative AIs such as ChatGPT.

• Highly effective responses to the alarming democratization of AI
• Breaking GPT-4 Bad: Check Point Research Exposes How Security Boundaries Can Be Breached as Machines Wrestle with Inner Conflicts
• Authors Accuse OpenAI of Using Pirate Sites to Train ChatGPT

Cyber Security Evangelist Ashwin Ram talks about ChatGPT in the context of Artificial Intelligence and the Evolving Threat Landscape.
Full TechTalk: https://community.checkpoint.com/t5/General-Topics/AI-and-the-Evolving-Threat-Landscape-TechTalk-Video-Slides-and-Q/m-p/181992/highlight/true#M30319 

Another series of headlines from our friends at CyberTalk.org

• What is purple teaming and why is it useful?
• One easy way to secure your Android
• 6 simple & straightforward Cyber Monday fraud prevention tips
• Canada advances cyber security via Indo-Pacific Strategy

Second in a series on business data and how organizations can protect it. Mazhar Hamayun is a Security Engineer with Check Point and a member of the Office of the CTO who covered this topic on CyberTalk.org. We discuss some of his tips in this episode.

The book I mentioned in this section: Building Internet Firewalls 2nd Edition.

Some articles from our friends at CyberTalk.org about passwords, phishing, and passkeys.

• 20 Password Management Best Practices
• 10 Signs of Phishing for Anyone Who Champions Security
• 5 Steps to Mitigate Credential Exposure Risks
• This is How We Will Replace Passwords in the Near Future…

First of a series on business data and how organizations can protect it. Mazhar Hamayun is a Security Engineer with Check Point and a member of the Office of the CTO who covered this topic on CyberTalk.org. We begin the series by discussing what business data is, where it might reside, who might want it that shouldn't, and why.

Some recent headlines from our friends at CyberTalk.org:

• FOMO on the latest cyber security tech?
• 8 mistakes CIOs make and how to avoid them
• American Airlines learns breach caused by phishing
• Adware installed 13 million times + how to uninstall it

Part 2 of my conversation with Cyber Security Evangelist Eddie Doyle about how organizations can create a culture of cyber security that goes beyond just the technical people, and it's easier than you think!

• Miller's Law

From our friends at CyberTalk.org:

• How to prevent sneaky zero day attacks on fleets of smartphones
• CISO’s Guide to Mobile Security
• Hackers could crash power grids, but they’re mostly after…
• 10 mind-boggling cyber security statistics (and they might scare you)
• 7 actionable CISO strategies for effective executive-level communication

PhoneBoy talks with Cyber Security Evangelist Eddie Doyle about how organizations can create a culture of cyber security that goes beyond just the technical people, and it's easier than you think!

Some recent CISO-focused headlines from our friends at CyberTalk:

• 5 key traits of highly effective CISOs
• 6 different types of CISOs and the environments they thrive in
• Zero Trust Segmentation: A primer for CISOs

Part 2 of 2 of our conversation with Check Point Evangelist Mark Ostrowski about how to protect yourself from the threats out there today.

Full TechTalk here: https://community.checkpoint.com/t5/Threat-Prevention/Malware-2021-to-Present-Day-Building-a-Preventative-Cyber/m-p/152918#M4011 

We're going to try something a little different with PhoneBoy reading and commenting on a few articles from CyberTalk.org. If you like this format, let us know by commenting!

Links:

• SmokeLoader distributes Amadey malware, what you need to know
• Xiaomi Phone Bug, Payment Forgery 
• Researching Xiaomi's TEE to get Chinese Money 
• Healthcare Payer CISO Shares Real World Insights
• MailChimp Breach Exposes Email Addresses and Callback Phishing 
• 10 Key Facts About Callback Phishing Attacks

Part 1 of 2 with Check Point Evangelist Mark Ostrowski on the state of malware over the last 18 months or so. 

Full TechTalk here: https://community.checkpoint.com/t5/Threat-Prevention/Malware-2021-to-Present-Day-Building-a-Preventative-Cyber/m-p/152918#M4011 

Part 3 of my conversation with Adam Gray at Novacoast about what powers NovaSOC.

PhoneBoy and fellow Cyber Security Evangelist Grant Asplund talk about the current state of the workplace in the era of Covid and some stories of pre-Covid business travel.

Part 2 of PhoneBoy's conversation with Adam Gray at Novacoast about Incident Response, Remote Access, and the challenges of doing cyber security in a distributed world.

Part 2 of PhoneBoy's conversation with fellow Cyber Security Evangelist  who hosts the CISO's Secrets podcast as well as the Talking Cloud podcast. We talk a little bit about MetaInfo, a company Check Point acquired in 1998, and a bit more technology history that is still impacting cyber security today.

That diagram from 1997 mentioned in the show is on the CheckMates post for this episode.

PhoneBoy talks with Adam Gray, a founding and current member of the Board of Directors of Novacoast. We talk a bit about the early days of Cyber Security, how that led to the NovaSOC offering, then a bit about the potential security issues with browser extensions.

PhoneBoy talks with fellow Cyber Security Evangelist Grant Asplund, host of the CISO's Secrets podcast as well as the Talking Cloud podcast. Grant's got quite an interesting history, which we get into in this episode, talking his history opening up an Apple dealer back in the 1980s and what networking looked like back then.

PhoneBoy talks with Check Point Product Manager Yoni Nave about Check Point's upcoming Extended Detection and Response (XDR) offering which will also incorporate some Managed Detection and Response (MDR) elements if you need it.

PhoneBoy talks with Product Manager Yoni Nave about the evolution from Endpoint Detection and Response (EDR) to Extended Detection and Response (XDR). 

PhoneBoy talks with Product Manager Yoni Nave to answer the question What is Endpoint Detection and Response?

In April of 2021, PhoneBoy talked with Tim Otis and Jon Niccolls of the Check Point Incident Response Team about Ransomware. Since then, things have gotten worse. How was Colonial Pipeline compromised with Ransomware? An older VPN account.

PhoneBoy talks with Tim Otis and Jon Niccolls from the Check Point Incident Response Team about what the recent Solarwinds Suburst attack and Microsoft Exchange Hack have in common from an incident response point of view.

Part 2 of our conversation with Product Manager Yoni Nave about Check Point's participation in the recent MITRE Engenuity Enterprise Attack Evaluation 2020, the excellent results Check Point received, and why it matters.

The report from MITRE: https://attackevals.mitre-engenuity.org/enterprise/participants/checkpoint/results.html?adversary=carbanak_fin7

Check Point's blog post on the topic: https://blog.checkpoint.com/2021/04/20/mitre-engenuity-attck-evaluations-highlight-check-point-software-leadership-in-endpoint-security-with-100-detection-across-all-tested-unique-attck-techniques/

Part 1 of the conversation: https://community.checkpoint.com/t5/CheckMates-Go-Cyber-Security/S03E09-MITRE-Engenuity-ATT-amp-CK-Evaluation-Part-1/ba-p/118020 

Part 1 of a 2 part conversation with Product Manager Yoni Nave about Check Point's participation in the recent MITRE Engenuity Enterprise Attack Evaluation 2020, the excellent results Check Point received, and why it matters.

The report from MITRE: https://attackevals.mitre-engenuity.org/enterprise/participants/checkpoint/results.html?adversary=carbanak_fin7

Check Point's blog post on the topic: https://blog.checkpoint.com/2021/04/20/mitre-engenuity-attck-evaluations-highlight-check-point-software-leadership-in-endpoint-security-with-100-detection-across-all-tested-unique-attck-techniques/

PhoneBoy talks with Shay Levin and Val Loukine about some recent community projects:

• CloudMates: Our new cloud-focused community on CheckMates
• CheckMates Toolbox: A collection of useful tools developed by Check Point R&D and the CheckMates Community
• TechTalks: Our regular series designed to educate you on the latest information security technology and trends, including practical advice on protecting your critical assets from cyber attacks!

And register for our CPX 360 2021 Wrap-Up happening on April 20th @ 8am PDT/ 5pm CET.

PhoneBoy talks with Eric Anderson at Atlantic Data Security about the psychology of always being on the defense in cyber security.

What value does a value added reseller actually add? PhoneBoy talks with Eric Anderson at Atlantic Data Security about it.

Also, if you missed all the great content at CPX 360 2021, we have it on CheckMates!

The mics are turned around and PhoneBoy's the one being interviewed, this time by fellow Check Point Evangelist Grant Asplund for his Talking Cloud podcast.

In this episode, we'll hear from Gera Dorfman, Benny Shlesinger, Oded Gonda, and Itai Greenberg who will give you a preview of what we'll be speaking about in more detail as part of Check Point's CPX 360 2021 conference coming up on the 23-24 February 2021 around Network Security and how we will be expanding the Infinity vision. Make sure you listen to Part 1 of our CPX 360 2021 preview if you haven't already!

In this episode, we will hear from Dr. Dorit Dor, TJ Gonen, and Neatsun Ziv who will give you a preview of what we'll be speaking about in more detail as part of our CPX 360 2021 conference coming up on the 23-24 February 2021 around Cloud and Endpoint Security.

Is there really a talent shortage in Cyber Security? PhoneBoy talks with Eric Anderson at Atlantic Data Security about the reality of the situation.

As part of our CheckMates Fest, Check Point's Chief Security Advisor Dan Wiley gave us an overview of what Incidence Response saw in 2020 in terms of threats.

To see what Dan Wiley looked like during his presentation, head over to the show page on CheckMates.

A brief reflection about CheckMates Go in 2020 and our upcoming CheckMates Fest on 6 January. 

PhoneBoy talks with David Ulloa, CISO at IMC Companies about their experience with Check Point CloudGuard SaaS, which he also posted a review of on IT Central Station. See also the full IMC Customer success story on the Check Point website and the customer Webinar with IMC Companies.

In a recent CheckMates event, put together by Check Point SE and CheckMates Ambassador Stacy Dunn, IT professionals gathered around the virtual campfire to tell some nightmarish tales, like that time a database was accidentally deleted, encountering malware or ransomware for the first time, or other disastrous IT situations that may have been miraculously recovered from.

In this excerpt, we have stories from David Hughes, Chris Young, and Skyler Tuter.  Previous excerpts were pushed as S02E34 and S02E36.

PhoneBoy talks with David Ulloa, CISO at IMC Companies about their experience with Check Point Remote Access. See also the full IMC Customer success story on the Check Point website and the customer Webinar with IMC Companies.

It's that time of the year where people shop online. Check Point Research has seen a marked increase in the number of phishing-related emails, particularly those that claim to be from shipping companies.

PhoneBoy talks with Security Analyst Adi Rosenbaum about the report, what we found, and how to protect yourself from these scams. See the full report on Check Point's blog.

In a recent CheckMates event, put together by Check Point SE and CheckMates Ambassador Stacy Dunn, IT professionals gathered around the virtual campfire to tell some nightmarish tales, like that time a database was accidentally deleted, encountering malware or ransomware for the first time, or other disastrous IT situations that may have been miraculously recovered from.

The previous excerpt from this session was published as S02E34.
In this excerpt, we hear from Tracy Sargeant and Jeremiah Robinson.

PhoneBoy talks with David Ulloa, CISO at IMC Companies about their experience with Check Point SandBlast Agent. See also the full IMC Customer success story on the Check Point website and the customer Webinar with IMC Companies.

In a recent CheckMates event, put together by Check Point SE and CheckMates Ambassador Stacy Dunn, IT professionals gathered around the virtual campfire to tell some nightmarish tales, like that time a database was accidentally deleted, encountering malware or ransomware for the first time, or other disastrous IT situations that may have been miraculously recovered from.

In this excerpt from the event, we have stories from Stephen Hawkey and Joe Sullivan.

In case you need to double check, the new podcast RSS feed is: https://feeds.buzzsprout.com/1474780.rss 

PhoneBoy talks with Tim Otis of the Check Point Incident Response Team about Wiper Malware... and The Cuckoo's Egg gets a mention.

A quick bulletin on the rise in Ransomware incidents observed over the last 48 hours.

• https://blog.checkpoint.com/2020/10/29/hospitals-targeted-in-rising-wave-of-ryuk-ransomware-attacks/
• https://us-cert.cisa.gov/ncas/alerts/aa20-302a
• https://us-cert.cisa.gov/sites/default/files/publications/AA20-302A_Ransomware%20_Activity_Targeting_the_Healthcare_and_Public_Health_Sector.pdf
• The Check Point Incident Response Team is standing by to help

PhoneBoy talks with Tim Otis from the Check Point Incident Response Team about Meme Warfare and Logo-ed Vulnerabilities

PhoneBoy talks with Tim Otis from the Check Point Incident Response Team about what threats we see related to elections.

Somehow, PhoneBoy's conversation with Ray Schippers and Tim Otis from the Check Point Incident Response Team around Ransomware led to Pee Chee folders.

This is my third conversation with Oren Koren on Infinity SOC. This time, we talk about the onboarding process and how little data we actually need from customers to show them tremendous value.

• Infinity SOC on CheckMates
• S02E23: Infinity SOC
• S02E26: What Can Infinity SOC Do For You

PhoneBoy talks with Ray Schippers and Tim Otis from the Check Point Incident Response Team about how the threat of DDoS is being used to extort money from organizations.

PhoneBoy talks with Oren Koren about the kinds of things you'll find in Infinity SOC to make your life as a cyber security analyst easier. See also our previous episode on Infinity SOC.

Check Point acquires Odo Security, which developed a cloud-based, clientless Secure Access Service Edge (SASE) technology that delivers secure remote access. Check Point Founder CEO Gil Shwed discusses the acquisition and Product Manager Eytan Segal talks about what our plan is to integrate this product into Check Point's portfolio.

• Press release
• More info about Odo Security's solution on CheckMates

PhoneBoy talks with Tim Otis and Ray Schippers from the Check Point Incident Response Team about how social engineering factors into cyber security incidents.

PhoneBoy Talks with Oren Koren about the evolution of Check Point Infinity SOC from its early days as a small R&D project and how Artificial Intelligence and Machine Learning are being used to quickly find cyber threats.

Shay Levin talks with Check Point researcher Sagi Tzadik about the discovery of SIGRed (CVE-2020-1350) and Ori Hamama about how we developed and deployed an IPS protection for it.

• Check Point Research blog on SIGRed
• Full SIGRed TechTalk on CheckMates

This is the final installment of our Ask Me Anything with Dr. Dorit Dor and team. Many of the questions asked involves features and functionality that will be in the R81 release, which is now in Public EA.

PhoneBoy talks with Global Security Architect Thomas Poole about common areas where organizations can improve their security posture.

Part 2 of our Ask Me Anything with Dr. Dorit Dor and team. In this episode, we wonder if there is any question Dorit can't answer? We also hear from Amnon Perlmutter, Eyal Fingold, and Itai Greenberg about DevSecOps and SD-WAN.

In this episode, PhoneBoy talks with Global Security Architect JP Edwards about the Secure Cloud Transformation and how it evolved from the Check Point Enterprise Security Framework. 

• Download the whitepaper

First of three parts of our Ask Me Anything with Check Point VP of Products Dr. Dorit Dor and her team.In this excerpt, we hear from Dorit, Gera Dorfman, and Benny Shlesinger on how Covid-19 has changed Check Point's product roadmap and delivery, Remote Access, Linux Endpoint, and R81.

PhoneBoy talks with Global Security Architect JP Edwards about the Check Point Enterprise Security Framework

The last of our excerpts from our Ask Me Anything with Check Point Founder and CEO Gil Shwed back in May.

A conversation with Tim Otis and Ray Schippers from the Check Point Incident Response Team that starts off talking about OWA and leads to a conversation about how customers can leverage features in the Check Point Security Gateway better.

In this episode, we have another excerpt from our Ask Me Anything with Gil Shwed, this time talking about how Check Point is handling the business realities with Covid-19. 

In this episode, I talk with Ray Schippers, Tim Otis, and Ashwin Ram about what's happening in the land of DDoS.

An excerpt from our Ask Me Anything with Check Point Founder and CEO Gil Shwed covering IoT, Zoom, and SD-WAN.

PhoneBoy talks with Tim Otis and Ray Schippers from the Check Point Incident Response Team about a recent investigation that led to APT41, which led to a discussion about attacks that "live off the land."

An excerpt of our Ask Me Anything with Check Point Founder and CEO Gil Shwed where we discuss how Covid-19 changed the cyber threat landscape.

PhoneBoy talks with fellow Cyber Security Evangelist Ashwin Ram about an idea for a talk he's putting together around lessons we've learned from dealing with Covid-19 in healthcare and how they can apply to Cyber Security.

PhoneBoy talks with fellow Cyber Security Evangelist Ashwin Ram about the mindset of Detection versus the Prevention mindset.

In this episode, PhoneBoy talks with Ray Schippers and Tim Otis from the Check Point Incident Response Team about phishing and where it can lead.

PhoneBoy's Conversation with Check Point Cyber Security Evangelist Ashwin Ram about his TechTalk on the cyber threats and opportunities (for malicious actors) in response to COVID-19.

PhoneBoy talks to Tim Otis and Raymond Schippers from Check Point's Incident Response Team about Ransomware: how it's getting into environments and what you can do about it.

PhoneBoy talks with Ray Schippers and Tim Otis from the Check Point Incident Response Team about recent exploits against Remote Access infrastructure and what steps you can take to protect it and your users.

Excerpt from our TechTalk: What's New In R80.40 Security Management.

PhoneBoy's conversation with Danny Shulman and Peter Elmer about HTTPS Inspection, which was covered in more detail in a TechTalk.

PhoneBoy Chats with Tomer Solé about Check Point's newest solution for securing SD-WAN: CloudGuard Connect

Joining Oded Awaskar in this episode are Tim Otis and Ray Schippers from the Check Point Incident Response team.

In this episode, we deep dive into CVE-2019-0708 dubbed “BlueKeep”, which was disclosed in the May 2019 “Patch Tuesday” of Microsoft.

We will share with you background on this vulnerability and reveal the “behind the scenes” of a security company when such a vulnerability is disclosed.

The episode concludes with recommendations on how to secure your environment from BlueKeep and similar vulnerabilities.

Joining Oded Awaskar in this episode is Avigayil Mechtinger, a cyber analyst from Check Point's Mobile Security team, telling us about the recent PreAMo clicker campaign (13:10).

In this episode, we also cover the following topics:

1. A recent vulnerability discovered in Oracle WebLogic servers is being exploited to deliver the Sodinokibi ransomware (1:56).
2. Check Point Research uncovered the activity of an Indonesian hacking group dubbed “plaNETWORK” (5:10).
3. Over 200 online university campus stores were affected by a credit card skimming attack, dubbed “Mirrorthief” (7:00).
4. Dell’s SupportAssist software was found vulnerable to remote code execution (9:50).     

You may read the full PreAMo clicker campaign in the cp<r> blog.

Both of the Threat Intelligence reports are located here and here.

Oded Awaskar is joined by Aseel Kayal, a malware analyst from Check Point's Threat Intelligence group who tells us about her latest research dealing with the Muddy Water APT group’s activity.

In addition, we discuss these issues:

• Information regarding the operations and tools of the Iranian linked OilRig APT (APT 34) group has been disclosed online.
• Anubis, an Android banking Trojan, has evolved to contain encryption, RAT functionality and device locking capabilities which qualify it as Android ransomware.

The relevant Threat Intelligence reports are located here and here.

The second episode of the CheckMates GO Podcast is out.

Joining Oded Awaskar is Yoav Arad Pinkas and Hadar Wiesen, a security analyst in the Managed Security Service team

In this episode we cover the following topics:

1. The Georgia Institute of technology suffered a data breach, which exposed the personal information of both faculty and students.
2. ShadowHammer – A supply chain hack of Asus which led to the installation of backdoors in numerous computers.
3. The emergency tornado alarm system in Texas was compromised, creating panic amongst residents.
4. Check Point researchers have discovered a vulnerability in one of Xiamoi’s built-in security applications that could allow an attacker to remotely hack the phone.

You may read the full Xiaomi research in the cp<r> blog.

Both of the Threat Intelligence Reports are located here and here.

In this podcast, Oded Awaskar and Yoav Arad Pinkas review the latest cyber & intelligence incidents from the past 2 weeks.

On the agenda:

1. “Simbad” – a mobile adware campaign spotted on Google’s Play Store by Check Point Researchers.
2. ‘Norsk Hydro’, an Aluminum company, “Hexion” and “Momentive”, two American chemicals companies have been hit by the LockerGoga ransomware.
3. 2 million emails of over 350,000 clients of the Oregon Department of Human Services (DHS) have been exposed after a successful spear phishing attack.
4. Vulnerabilities found in implantable defibrillators expose patients to life-threatening hacks.

You can find our full weekly Threat Intelligence reports here and here.

Also, the full “Simbad” blog post can be found in the cp<r>esearch blog.