Skip to main content
close search
site logo
Dive Brief

Check Point Software links newly identified CVE to VPN attacks

The company is now mandating customers download a hotfix designed to prevent attackers from gaining access.

Published May 29, 2024
David Jones's headshot
Reporter
Cyber Security Data Breach Protection Ransomware Email Phishing Encrypted Technology, Digital Information Protected Secured
Just_Super via Getty Images

Dive Brief:

  • Check Point Software linked a series of recent attacks targeting customers using remote access VPNs to a vulnerability, the company said in an updated blog post Tuesday.
  • The vulnerability, listed as CVE-2024-24919, allows an attacker to read certain information on internet-connected gateways with either IPSec VPN, remote access VPN or mobile access enabled, Check Point Software said. The National Vulnerability Database has not yet performed an analysis. 
  • The company said it is now mandatory for customers to install a hotfix designed to prevent successful exploitation.

Dive Insight:

The attacks are the latest indicator of hackers exploiting vulnerabilities in VPNs and other edge devices to gain access to customer environments. 

Check Point Software had been monitoring threat activity in recent months and on Friday discovered a series of login attempts against customers using old VPN local accounts secured with password-only authentication methods. 

Check Point Software is working with teams of incident response specialists, technical service and product security experts to investigate the attacks. The company also notified cybersecurity authorities. 

Company officials are still investigating the attacks and have not attributed the malicious activity to any particular threat group or hacker. A range of threat actors, from nation-state affiliates to criminal groups, have attacked VPN environments in recent months

The hotfix mandate is designed to prevent attackers from further exploiting the vulnerability, as a number of threat groups have targeted older technology systems without the most recent security protections as well as older vulnerabilities. 

What is also unknown is whether hackers will be able to find workarounds against the fix. In a number of cases, high profile organizations have been successfully hacked after following all mitigation instructions. 

For example, Comcast’s Xfinity unit in 2023 was hacked after applying what it says were the recommended mitigations from Citrix. 

There is no indication of any weaknesses in the Check Point hotfix, but the company confirmed it is monitoring the situation to make sure there aren’t any future attempts to bypass protections. 

“So far it works well, and we believe it’s both effective and rather easy to install,” Gil Messing, chief of staff at Check Point Software, said via email. 

But Messing acknowledged numerous other cases where hackers were able to regain access after the installation of initial mitigation measures and patches. He said the company’s teams are on constant alert about such a scenario and will research any information necessary to prevent such an instance.

Filed Under: Vulnerability

Editors' picks

Company Announcements

View all | Post a press release
Fathom5’s ARIA Technology Joins NSIN Propel Maritime Digital Defense Accelerator
From Fathom5
November 18, 2024
DigiCert Unveils 2025 Security Predictions
From DigiCert
November 21, 2024
Nile Adds Industry’s First Campus Zero Trust Delivered As a Service
From Nile
November 21, 2024
TrustNet Named 2024’s Best Compliance Advisory and Audit Firm at CDM’s Annual Top InfoSec Inno…
From TrustNet
November 06, 2024
Editors' picks
Latest in Vulnerability
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell