tldr - powered by Generative AI
Recent attacks on enterprise networks through Check Point VPNs involved the exploitation of a zero-day vulnerability, allowing threat actors to gain access to sensitive information and potentially move laterally within the network.
- Threat actors exploited a zero-day vulnerability (CVE-2024-24919) to gain initial access to enterprise networks through Check Point VPNs.
- The vulnerability allowed hackers to extract password hashes for all local accounts, including service accounts used to connect to Active Directory.
- The attacks did not require user interaction or privileges, making them easy to exploit remotely.
- Mnemonic reported seeing attacks exploiting the vulnerability in its customers' environments since April 30.
- The attacks appear to be linked to previous activity involving the misuse of Visual Studio Code for traffic tunneling.
Tags:
zero-day vulnerability
network security
threat actors
remote access