Category: Heimdal Security Blog

What Is a Privileged Access Workstation?

A Privileged Access Workstation (PAW) is a secure computer built to safeguard sensitive tasks and privileged accounts. IT admins and security teams use PAWs to manage critical systems like the Active Directory. They also use them to access cloud services,…

Google To Make MFA Mandatory for Google Cloud in 2025

Google has recently announced that it plans to implement mandatory multi-factor authentication (MFA) on all Cloud accounts by the end of 2025. Google argues that MFA strengthens security without sacrificing a smooth and convenient online experience. It is reported that…

How to Build a Healthy Patch Management Program

Any cybersecurity professional will know that regularly patching vulnerabilities is essential to protecting a network. Keeping apps, devices, and infrastructure up to date closes ‘back doors’ into your environment. But most cybersecurity professionals will also know there’s a big gap…

Why having too many cybersecurity point solutions is risky

“We have so many solutions now to solve single issues in our companies that the number of security solutions is becoming a risk itself” – Thomas Baasnes, Cybersecurity Director at Verdane. How many cybersecurity point solutions does your organization use?…

How to Build a Healthy Patch Management Program?

Any cybersecurity professional will know that regularly patching vulnerabilities is essential to protecting a network. Keeping apps, devices, and infrastructure up to date closes ‘back doors’ into your environment. But most cybersecurity professionals will also know there’s a big gap…

Interlock Ransomware Specifically Targets FreeBSD Servers

Interlock ransomware operators created an encryptor meant to target FreeBSD servers. This is a practice that hackers often use in attacks on VMware ESXi servers and virtual machines. Now, the security researchers analyzed a sample of the FreeBSD ELF encryptor…

Schneider Electric Investigates Cybersecurity Incident

Schneider Electric, a French multinational specializing in energy management and automation solutions, has confirmed a cybersecurity incident involving unauthorized access to one of its internal project execution tracking platforms. The breach was reported after a threat actor known as “Grep”…

How to Implement Patch Management Software

Deploying patches is time-consuming, tedious, and uses up a lot of resources. No wonder many IT employees see it as drudge work. The good news is there’s a smarter way to do it: by implementing patch management software. Key takeaways:…

Why Is Privileged Access Management (PAM) Important?

Is your organization planning to implement a privileged access management (PAM) solution? If you already have passwords, an anti-virus, and a firewall, you might be wondering why you need to implement another cybersecurity technology. This article will help you understand…

NotLockBit Ransomware Targets Both Windows and MacOS

Researchers warn that NotLockBit, a new malware family mimicking LockBit ransomware, can impact Windows and macOS systems. The malware appears to be the first fully functional ransomware targeting macOS systems, moving beyond previous proof-of-concept (PoC) samples. What is NotLockBit Ransomware…

Free & Downloadable User Access Review Policy Template – 2024

Managing access to sensitive systems and data is more crucial than ever. Organizations across all industries face significant challenges in ensuring that their security measures keep pace with the complexities of user access management. To address these challenges, we’ve developed…

Top 10 Managed Service Providers in New Jersey for 2024

New Jersey, often seen as the corridor between New York and Philadelphia, is not only a strategic location for businesses but also a hub for technology services, including top Managed Service Providers.  Managed Service Providers play a crucial role in…

Ransomware Attack Disrupts UMC Health System Activity

UMC Health System was hit by a ransomware attack at the end of September. The attack caused the healthcare institution to divert patients to other clinics. Initially, the healthcare provider was unable to process messages from the patient portal. Also,…

Top 10 Managed Service Providers in New York for 2024

The bustling metropolis of New York is not only a hub for finance, media, and culture but also a dynamic space for technology services, including top Managed Service Providers.  Managed Service Providers (MSPs) play a pivotal role in supporting businesses…

Cyberattack Forces Kansas Water Plant to Operate Manually

The water supply system of Arkansas City, Kansas, activated manual operation mode to contain a cyberattack. The security team discovered the attack on Sunday morning. City authorities say the water supply remains safe and there are no service disruptions. FBI…

[Free & Downloadable] Endpoint Security Policy Template – 2024

Endpoint devices, such as desktops, laptops, tablets, and smartphones, form the backbone of modern corporate infrastructure. They allow employees flexibility and access to essential resources, but they also present significant security risks if not managed properly. This Endpoint Security Policy…

Why DNS Security Is Important: 3 Real-life Use Cases

DNS security is important for protecting corporate networks from DDoS attacks, phishing, ransomware, and data breaches. The domain name system is the cornerstone of the Internet but is not safe by design. Multiple layers of protection — like DNSSEC and…

How to Scale Your MSP from a Firm That Grew Revenue 440%

So, you’re running a reasonably successful MSP. You’re busy and have regular clients. Your profits, while not stellar, are good enough. You’ve got a decent reputation, not too much employee churn, and things are basically working fine.  Let’s not minimize…

Transport for London (TfL) Targeted in Cyberattack

Transport for London (TfL) announced on September 2nd that they have detected an ongoing cybersecurity incident. The attack did not disrupt services. For the moment, there is no evidence of the attackers succeeding to compromise customers data. TfL’s security team…

RansomHub Breached Over 200 Victims, the FBI Says

RansomHub ransomware affiliates have reportedly breached over 200 victims from a wide range of critical U.S. infrastructure sectors. This ransomware-as-a-service (RaaS) operation reached this milestone quickly, being first spotted in February 2024. The ransomware group specializes in data-theft-based extortion rather…

What Is XDR Threat Hunting?

Extended detection and response (XDR) products have become an increasingly common feature of the cybersecurity market in recent years. Today, they’re by far the most advanced option on the market for identifying and responding to emerging threats and sophisticated attacks.…

EDR vs NGAV: Which Works Better for Your Organization?

Choosing between EDR and NGAV can feel like standing at a crossroads. Both NGAV and EDR solutions safeguard your organization from cyber threats but take a different approach. To make the right choice, you must understand what challenges they address…

Cybersecurity Solutions for Small and Medium Businesses (SMBs)

Small and medium businesses must prioritize cybersecurity to avoid financial, legal, and reputational risks. Using a unified cybersecurity platform or partnering with an MSSP offers effective, cost-efficient protection for endpoints and networks. This article will help you make an informed…

EDR vs NGAV: Which One Is Better For Your Organization?

Choosing between EDR and NGAV can feel like standing at a crossroads. Both safeguard your organization from cyber threats but take a different approach. To make the right choice, you must understand what challenges they address and how they integrate…

Cyberattack Disrupts Microchip Technology’s Activity

American microprocessor producer Microchip Technology Incorporated suffered a cyberattack last weekend. The incident impacted its systems and disrupted the workflow of some manufacturing units. On Saturday, August 17th, the IT team detected suspicious activities in their systems. The incident impacted…

Heimdal and ViroSafe Partner to Strengthen Nordic Cybersecurity

COPENHAGEN, Denmark, August 19, 2024 – Heimdal has announced a strategic partnership with ViroSafe, one of Norway’s top IT security distributors. The collaboration will expand access to advanced cybersecurity solutions across Norway. Heimdal offers the widest range of cybersecurity tools…

MDR vs MSSP: Key Differences and Full Guide

If you’re looking for external help with your organization’s security posture, one of the big decisions to make is whether you’ll go with generalists or specialists. On one hand, you could opt to work with a managed security service provider…

ADT Breached: Customer Data Leaked on a Hacking Forum

The American building security company, ADT, announced that it had been the victim of a data breach. Threat actors allegedly broke into certain of ADT’s systems and stole customer information, the company claims in a Form 8-K regulatory document it…

RaaS Group Targets Corporate Networks with SharpRhino RAT

The Hunters International ransomware gang targets IT professionals with SharpRhino remote access trojan (RAT). The malware spoofs the installer of Angry IP Scanner, an ethical hacking tool. Hunters International is a top 10 ransomware group that shares code similarities with…

StormCloud Hacks ISP to Spread Malware Posing as Software Updates

The StormCloud Chinese threat group used a compromised Internet Service Provider (ISP) to distribute malware that spoofed software updates. The attackers exploited a vulnerable HTTP software system that failed to authenticate digital signatures. The DNS spoofing campaign impacted Windows and…

10 Best Fortinet Competitors and Alternatives

While Fortinet offers strong endpoint protection and good integration, it has a few drawbacks including management complexities and also lacks OS compatibility checks. This article reviews the top 10 competitors and alternatives to Fortinet, showcasing options that might provide better…

Sitting Ducks DNS Attacks Used to Hijack Over 35,000 Domains

More than 35,000 registered domains have been hijacked by threat actors in so-called Sitting Ducks attacks that allow claiming a domain without having access to the owner’s account at the DNS provider or registrar. Cybercriminals utilize inadequate ownership verification at…

8 EDR Best Practices You Need to Pay Attention to in 2024

Endpoint detection and response (EDR) is one of the most important and fundamental cybersecurity products on the market. Effectively, it acts as a modern-day, cloud-based defense against viruses, malware, and a whole range of other real-time cyber threats. And of…

Hackers Exploit Vmware ESXi Vulnerability in Ransomware Attacks

Microsoft researchers revealed that ransomware threat groups exploit the VMware ESXi vulnerability CVE-2024-37085 for mass encryption. The researchers discovered the VMware ESXi authentication bypass vulnerability on June 25. After that, VMware released a fix in the ESXi 8.0 U3 version.…

DigiCert Revokes 83,267 TLS Certificates Due to DNS Check Problem

DigiCert announced they’ll revoke 83,267 SSL/TLS certificates impacting 6,807 subscribers due to an issue of DNS-based validation. The Certificate Authority organization required the affected customers to reissue their certificates within 24 hours. Then set the deadline for August 3rd, to…