Celebrate 10 years of BSides Knoxville, featuring discussions of AI in security, historical hacking, and holistic protection, fostering a dynamic cybersecurity community.

Note: This vulnerability remains under active exploitation, and Kroll experts are investigating. If further details are uncovered by our team, updates will be made to the Kroll Cyber Risk blog. A critical zero-day vulnerability, being tracked as CVE-2024-24919, has been discovered and patched in a number of Check Point products. This vulnerability has a CVSS score of 8.6 assigned by Check Point and is actively being exploited in the wild with proof of concept (POC) exploits available.

Vulnerability scanning is a critical component of any robust Offensive Security strategy. When combined with penetration testing and Red Team exercises, they can serve as an early warning system to identify potential security weaknesses and provide an organization with the breathing room needed to implement changes before they are discovered and exploited.

In this version of the Hacker’s Playbook Threat Coverage round-up, we are highlighting attack coverage for newly discovered or analyzed threats, including a newly created scenario that leverages AI Generated malware. SafeBreach customers can select and run these attacks and more from the SafeBreach Hacker’s Playbook to ensure coverage against these advanced threats. Additional details about the threats and our coverage can be seen below.

On May 27, 2024, Check Point released hot fixes for an information disclosure vulnerability being leveraged by threat actors to target Check Point VPNs. This vulnerability was labeled as CVE-2024-24919 and is rated as high severity, as a remote threat actor can exploit the vulnerability to access information on Gateways connected to the Internet, with IPSec VPN, Remote Access VPN or Mobile Access enabled.

On May 28, 2024, Okta disclosed that the cross-origin authentication feature in Customer Identity Cloud (CIC) is being targeted by credential-stuffing attacks. These attacks involve threat actors using large lists of stolen usernames and passwords to gain unauthorized access to online services. Suspicious activity has been observed starting from April 15, prompting Okta to notify affected customers and provide guidance to mitigate the issue.

There’s been a lot of excitement around generative AI technology over the past few years, especially in software development. Developers of all levels are turning to AI tools, such as GitHub Copilot, Amazon CodeWhisperer, and OpenAI’s ChatGPT, to support their coding efforts. In fact, GitHub found that 92% of developers use AI coding tools. However, many businesses are realizing that they need to be more cautious when using AI in software development.

CVE-2024-24919 is a critical security vulnerability identified in Check Point Quantum Security Gateway, a widely used network security appliance. This vulnerability allows attackers to exploit the gateway, leading to the exposure of sensitive information. As a zero-day exploit, it presents significant risks to organizations relying on Check Point for their network security.