Zero-Day Exploits Target Check Point VPNs

What C-Level Executives Need to Know  

Threat actors have been exploiting a zero-day vulnerability (CVE-2024-24919) in Check Point Remote Access VPNs since at least April 30. This high-severity vulnerability allows hackers to obtain sensitive information from internet-connected network security gateways with remote access VPN or mobile access enabled.

Specifically, the attacks focus on old local accounts with unrecommended password-only authentication. While only a small number of customers have been affected so far, it’s crucial for C-level executives to be aware of this threat and take necessary precautions.