Check Point VPN zero-day leaves thousands of devices exposed online

May 31, 2024
1 min read

TLDR:

  • A zero-day vulnerability affecting Check Point VPNs has been discovered
  • Exploitation attempts have been seen since April 7th, raising concerns among experts and government agencies

Thousands of internet-facing devices are vulnerable to a zero-day vulnerability in Check Point VPNs, allowing hackers to access sensitive information and potentially gain further network privileges. The bug, known as CVE-2024-24919, has prompted Check Point to release a fix, but exploitation attempts have been on the rise. The Cybersecurity and Infrastructure Security Agency (CISA) has confirmed attacks using the bug and researchers have observed nearly 14,000 exposed devices globally. Most affected devices are Quantum Spark Gateways, indicating that smaller commercial organizations may be at risk. Check Point is working with affected customers to mitigate exploitation attempts, with the bug’s severity score being raised recently. Experts warn that products like these are prime targets for cybercriminals, particularly in industries such as banking and finance.

Full Article:

Thousands of internet-facing devices are vulnerable to a zero-day vulnerability in Check Point VPNs, allowing hackers to access sensitive information and potentially gain further network privileges. The bug, known as CVE-2024-24919, has prompted Check Point to release a fix, but exploitation attempts have been on the rise. The Cybersecurity and Infrastructure Security Agency (CISA) has confirmed attacks using the bug and researchers have observed nearly 14,000 exposed devices globally. Most affected devices are Quantum Spark Gateways, indicating that smaller commercial organizations may be at risk. Check Point is working with affected customers to mitigate exploitation attempts, with the bug’s severity score being raised recently. Experts warn that products like these are prime targets for cybercriminals, particularly in industries such as banking and finance.

Latest from Blog

EU push for unified incident report rules

TLDR: The Federation of European Risk Management Associations (FERMA) is urging the EU to harmonize cyber incident reporting requirements ahead of new legislation. Upcoming legislation such as the NIS2 Directive, DORA, and