CPradio

Once every year, Check Point releases an annual report reviewing the biggest events and trends in cybersecurity. In this episode we'll break down the latest iteration, focusing on its most important parts, to catch you up on what you need to know most in 2024.

For years now, Iran’s state-sponsored hackers have been some of the most prolific in the world. But prolific does not necessarily mean sophisticated -- its attacks haven’t quite impressed in the way that the U.S., Russia, and China’s do. But in a campaign recently uncovered by CheckPoint, one Iranian APT unleashed tools and tactics unlike anything we’ve seen from the country before. If before they were at the kids’ table, this latest campaign suggests that they might have just moved up.

Once a year, Check Point Research releases a “mid-year report”: a summary of the first half of the calendar year in cybersecurity, including all of the major changes, trends, and events that defined January through June. Obviously a lot happens in that time, and so the reports end up rather long. Which is why, sometimes, we’ll do one of these episodes to summarize. Not every detail, but the biggest, most important things you should know.

Between corporations, governments, and the rest of us, billions are spent every year trying to secure cyberspace. Which makes it almost unbelievable to think that just one, simple policy change from one company -- with almost no cost to anybody, and no effort involved -- could alter the entire course of cyberspace. And yet, that is exactly what happened a year ago today.

For all the ridiculous spam calls in the world, but a small percentage of them are actually, legitimately, convincing. According to the Korean government, “voice phishing” compromises nearly 200 Korean citizens every day, with average financial losses around 8,500 dollars worth of Korean won. If it’s that successful, surely, the scammers are doing something right. There’s more substance to these attacks than you might think.

In July 2021, several prominent human rights activists in Azerbaijan received the same phishing email that delivered them spyware, capable of causing significant harm to their personal and professional lives. But that was only the beginning of a story in which the domestic surveillance toolbox is fired in the midst of a small-scale cyberwar in the South Caucasus, the site of one of the most contentious political disputes on the planet.

In 2022, government APTs wiped out entire computer systems, hackers turned good software evil, and ransomware evolved into something entirely new. In this episode we'll review the biggest stories, most important trends, and cutting insights from the last year in cybersecurity.

Today's AI can beat humans at Jeopardy, chess, recognizing faces and diagnosing medical conditions. As of last Fall it can write malware, too. In fact, it can write an entire attack chain: phishing emails, macros, reverse shells, you name it. What do we do now?

Earlier this Fall, some users of the OpenSea trading platform posted dire messages to Twitter: all of the NFTs in their wallets were gone. Thousands of dollars worth of investments had suddenly disappeared. Soon it became clear: they were never getting their money back. This wasn’t just a glitch, it was a hack. But how?

For decades, hacktivism has been associated with groups like Anonymous. Recently, though, something has changed. An entirely new kind of hacktivist has arisen: one with more resources, capabilities and power than anything we've seen before.

Every year, ordinary people lose money in blockchain hacks. Could it be that this technology is simply insecure by nature? Or is there something we’re all missing -- something that can save this industry, and the millions of people who’ve invested their hard-earned money into it, from squandering billions of dollars every year?

How was the use of cyber manifested in the Russia-Ukraine war? Will Microsoft block VB macros? We'll discuss all this and more while reviewing the Mid-Year Cyber Attack Trends report of 2022.

On March 23rd, 2022, individuals working at the most important defense research institutes in Russia all received variations of the same email. The messages appeared to be quite official, regarding sanctions for Ukraine. In reality they were traps, planted by a mysterious foreign APT.

Five years ago today, the world witnessed the most destructive ransomware attack ever. Its name was Wannacry, and it changed everything. What happened, how has ransomware evolved since, and have we learned our lesson? Or could something just like it happen again?

The Conti group tallied over 700 victims, including many multi-million-dollar corporate, government and healthcare organizations. Then, in their most publicized move yet, they put their full backing behind the Russian invasion of Ukraine. One anonymous researcher decided enough was enough. They hacked the hackers, and leaked the innermost details of their operation, giving us an inside look into arguably the most dangerous ransomware operation on the planet.

Did you know that in 2021 there has been a 40% increase in weekly average number of cyber attacks compared to 2020? That is just one of the fascinating findings in the report published by Check Point due to the Cybersecurity Awareness Month. In this episode we will talk about the interesting findings and their implication.

You own some pretty "smart" computers. The laptop on your desk, the phone in your pocket, the system that runs your car. But you're also surrounded by "dumb" computers--simple machines, like your alarm clock, your computer mouse, your refrigerator. We all know that smart computers can be hacked, but what about the dumb ones? Could someone hack your watch? How about your e-book reader? How would it work? What would happen if they did?

It seemed like a totally normal day--people went to work, to school, to get away for an early weekend. Then, across the country of Iran, trains began to freeze in place. The system for tracking them went down. And, on display screens in stations across the country, a message was posted: the country was under attack...

In this episode of “Cyber Academy" we will talk about the CVE database. What's a CVE? What do the numbers attached to the CVE mean? Are they random or not? Why do we need to catalogue CVEs? What is the connection between CVEs and dictionaries, phonebooks and the deep blue sea? Who is Mitre? and what do you do if you discover a CVE all by yourself? About CVEs, vulnerabilities and a lot more in this new episode of "Cyber Academy".

Check Point Research (CPR) finds security flaws in Atlassian, a platform used by 180,000 customers worldwide to engineer software and manage projects. With just one click, an attacker could have used the flaws get access to the Atlassian Jira bug system and get sensitive information such as security issues on Atlassian cloud, Bitbucket and on premise products.