All news with #check point tag

⚠ Check Point uncovered a global phishing campaign that delivered 115,000 fake invitations via Google Classroom to about 13,500 organizations worldwide within a single week. Attackers used seemingly legitimate classroom invites to present unrelated commercial offers and instructed recipients to continue contact via WhatsApp, shifting conversations off monitored email channels. Because many filters treat messages from Google services as trustworthy, these messages often bypass conventional protections. Experts advise staff training, adoption of AI-driven detection that evaluates context and intent, and extending phishing defenses beyond email to collaboration and messaging platforms.

🚀 Check Point has been named a Leader in the 2025 Gartner Magic Quadrant for Hybrid Mesh Firewall, recognized for ability to execute and completeness of vision. The firm emphasizes its AI-powered network security to deliver consistent, high-performance threat prevention across on-premises, cloud and SASE environments. The recognition highlights unified management and proactive defenses designed for distributed enterprises facing AI-driven attacks.

⚠️ Cybersecurity researchers warn of a targeted social‑engineering campaign delivering an in‑memory implant called MixShell to supply‑chain manufacturers through corporate 'Contact Us' forms. The activity, tracked as ZipLine by Check Point, uses weeks of credible exchanges, fake NDAs and weaponized ZIPs containing LNK files that trigger PowerShell loaders. MixShell runs primarily in memory, uses DNS tunneling for C2 with HTTP fallback, and enables remote commands, file access, reverse proxying, persistence and lateral movement. Malicious archives are staged on abused Heroku subdomains, illustrating use of legitimate PaaS for tailored delivery.

🔒 ZipLine is a highly sophisticated social-engineering phishing campaign identified by Check Point Research that reverses the typical attack flow by initiating contact through corporate “Contact Us” forms. Attackers cultivate multi-week, professional email exchanges and often request NDAs before delivering a malicious ZIP containing the in-memory backdoor MixShell. MixShell maintains covert command-and-control via DNS tunneling with HTTP fallback and executes in memory to reduce forensic traces. The campaign primarily targets U.S. manufacturing and supply-chain–critical organizations and has evolved a second wave that uses an AI transformation pretext to increase legitimacy.

🔒 CloudGuard WAF-as-a-Service is now available on the AWS Marketplace and verified as Deployed on AWS. This pay-as-you-go service simplifies web application and API protection for AWS customers and reduces procurement friction. The offering has been recognized in the Gartner Market Guide for WAAP and named a Leader in the GigaOm Radar. Independent testing reported a 99.4% threat detection rate and 0.81% false positives, underscoring strong efficacy with low noise.

🔗 The Harmony SASE MCP Server connects AI and IDE assistants to Harmony SASE, enabling direct, secure access to networking and security context. Built on the open Model Context Protocol (MCP), it exposes a curated set of endpoints so AI tools like Claude, Cursor, and GitHub Copilot can enrich workflows, accelerate investigations, and integrate SASE telemetry into familiar analyst and developer interfaces.