Category: Heimdal Security Blog

The healthcare company AmerisourceBergen confirmed a data breach in the IT system of one of its subsidiaries. The announcement comes after the Lorenz ransomware posted what the threat actor claims to be exfiltrated data from the pharmaceutical distributor. AmerisourceBergen has…

Read more →

A new variant of the Mirai-based Medusa DDoS (distributed denial of service) botnet has been discovered in the wild, equipped with a ransomware module and a Telnet brute-forcer. The Medusa malware (not to be confused with the Android malware with the…

Read more →

An industrial control system (or ICS) is a type of computer system that monitors and controls industrial processes and infrastructure. ICSs are used in a variety of industries, including oil and gas, chemical, water and wastewater, energy, food and beverage,…

Read more →

On Tuesday, 6 February 2023, Denis Mihaqlovic Dubnikov, a Russian citizen, pleaded guilty to the accusations of laundering ransomware money. The money came from cyberattacks made by the Ryuk ransomware group in the span of three years. Dubnikov is a…

Read more →

SYN flood is a type of denial-of-service (DoS) attack in which a threat actor floods a server with several requests, but doesn’t acknowledge back the connection, leaving it half-opened, usually with the purpose of consuming server resources, which leads to…

Read more →

Weee!, a US-based grocery delivery platform, had been the victim of a cyberattack resulting in the data leakage of 11 million customers. Some of the logs included door codes that couriers use to enter buildings. Weee! is an online platform…

Read more →

Last summer, threat actors began using Sliver as an alternative to Cobalt Strike, employing it for network surveillance, command execution, reflective DLL loading, session spawning, and process manipulation. Recently observed attacks target two 2022 vulnerabilities in Sunlogin, a remote-control software…

Read more →

Pix is an instant payment platform developed and managed by the Central Bank of Brazil (BCB), which enables quick payment and transfer execution, with over 100 million registered accounts worldwide. A new strain of mobile malware targeting Brazil and other…

Read more →

The „Holy Souls” or NEPTUNIUM threat group is considered responsible for the recent attack on the satirical French magazine Charlie Hebdo. The group is known to be backed up by the Iranian state and was previously sanctioned by the U.S.…

Read more →

Container security is a vital factor for all companies that use containers for running their software, as an alternative to using virtual machines (VMs). Container security is a total of policies and tools that are applied to maintain a container…

Read more →

Endpoints are one of the hackers` favorite gates to attacking organizations` networks. Check out our top 10 endpoint security best practices that will keep you safe and help prevent cyberattacks. Setting foot into only one of the connected devices can…

Read more →

Threat actors breached Tallahassee Memorial HealthCare`s (TMH) security system last Thursday. As a result, the whole IT system had to be taken offline and thoroughly checked, while non-emergency procedures were suspended. All patients requiring emergency services were taken to other…

Read more →

A new wave of ransomware attacks is targeting ESXi hypervisors. VMware ESXi is a hypervisor developed by VMware that is enterprise-class and type-1. It is used to install and maintain virtual machines. A patch for CVE-2021-21974 has been available since February…

Read more →

Since September 2021, over a thousand vulnerable Redis servers online have been infected by a stealthy malware dubbed “HeadCrab”, designed to build a botnet that mines Monero cryptocurrency. At least 1,200 servers have been infected by the HeadCrab malware, which…

Read more →

According to the Dutch National Cybersecurity Center (NCSC), several hospitals from European countries supporting Ukraine have been targeted by pro-Russian threat actors, including their own UMCG hospital in Groningen. UMCG Groningen Shutdown The cause behind UMCG’s shutdown seems to be…

Read more →

In today’s digital world, security is a major concern for anyone interacting online. Have you ever seen a pop-up asking for permission to post on your social media feed, access your smart devices, or share files across different platforms? It’s…

Read more →

1,894 web injects (overlays of phishing windows) are for sale on Russian cybercrime forums. The threat actor that advertises them, called InTheBox, offers affordable deals and prices. The phishing windows are meant to steal credentials from banking, cryptocurrency exchange, and…

Read more →

Whether your company is subject to stringent cybersecurity regulatory requirements or you want to strengthen your overall security, encryption as a service is an effective way to protect sensitive data at rest and in transit. The thing is, many businesses…

Read more →

In a previous article, we talked about the core differences (and similarities) between SOAR and XDR. And because no SecOps specialist should be without an adequate toolkit, here are some SOAR tools you can try out to up your security…

Read more →

When you think of ‘hacking’, some things that might come to mind would be bad persons with criminal intent trying to infiltrate our systems and steal our data, or maybe ‘hacking’ scenes from popular movies. Hackers are usually the threat…

Read more →

A Server-Side Request Forgery attack (SSRF) is a security vulnerability in which a hacker tricks a server into accessing unintended resources on his behalf. An SSRF attack can lead to sensitive information being leaked or the attacker gaining control of…

Read more →

Before we dive in, you might have heard the good news. This past week, on January 26th, to be exact, the FBI successfully shut down the Hive ransomware group and saved victims over a hundred million dollars in ransom payments…

Read more →

New versions of Prilex point-of-sale (POS) malware have been spotted in the wild. Their new capabilities include blocking Near Field Communication (NFC) credit card transactions. This way clients are obliged to use the machine to pay, allowing the malicious code…

Read more →

Russian hackers have claimed responsibility for a cyberattack that took more than a dozen US hospitals’ websites offline on Monday morning. Killnet, a pro-Russian hacking group infamous for DDoS attacks over the last year, claims to have taken down the…

Read more →

Google Fi, the cell network provider of Google, recently confirmed a data breach. It is likely that the incident is related to the recent T-Mobile security incident, which allowed threat actors to steal the information of millions of customers. Based…

Read more →

The LockBit ransomware gang has resumed using encryptors based on other operations, switching to one based on the Conti ransomware‘s leaked source code. Since its inception, the LockBit operation has gone through several iterations of its encryptor, beginning with a…

Read more →

One of the major topics of cybersecurity is sheltering your data against data breaches. And while many Internet users have in place measures to protect their information from hackers’ hands while using them, once they delete the data, they might…

Read more →

A Google ads malvertising campaign was found using KoiVM virtualization technology to install the Formbook data stealer without being spotted by antiviruses. MalVirt loaders are promoted by threat actors in advertising that appears to be for the Blender 3D program.…

Read more →

Monday, GitHub announced that unidentified threat actors were able to exfiltrate encrypted code signing certificates for certain versions of the GitHub Desktop for Mac and Atom applications. Therefore, the company is taking the precautionary action of canceling the exposed certificates.…

Read more →

It was recently discovered that a U.S. No Fly list, containing over 1.5 million records of banned flyers and 250,000 ‘selectees’ has been found published on a hacking forum. According to BleepingComputer, it’s the same TSA No Fly list that…

Read more →

DHCP, or Dynamic Host Configuration Protocol, is a network protocol that allows devices on a network to be automatically assigned an IP address. DHCP is used extensively in both home and enterprise networks, as it simplifies the process of configuring…

Read more →

The U.K. sports-fashion retail company JD Sports announced that one of its servers suffered a data breach. The server was holding details about the online orders of 10 million customers. All the information stored in the attacked server related to…

Read more →

Since September 2021, over a thousand vulnerable Redis servers online have been infected by a stealthy malware dubbed “HeadCrab”, designed to build a botnet that mines Monero cryptocurrency. At least 1,200 servers have been infected by the HeadCrab malware, which…

Read more →

In today’s digital world, security is a major concern for anyone interacting online. Have you ever seen a pop-up asking for permission to post on your social media feed, access your smart devices, or share files across different platforms? It’s…

Read more →

According to the Dutch National Cybersecurity Center (NCSC), several hospitals from European countries supporting Ukraine have been targeted by pro-Russian threat actors, including their own UMCG hospital in Groningen. UMCG Groningen Shutdown The cause behind UMCG’s shutdown seems to be…

Read more →

1,894 web injects (overlays of phishing windows) are for sale on Russian cybercrime forums. The threat actor that advertises them, called InTheBox, offers affordable deals and prices. The phishing windows are meant to steal credentials from banking, cryptocurrency exchange, and…

Read more →

A Server-Side Request Forgery attack (SSRF) is a security vulnerability in which a hacker tricks a server into accessing unintended resources on his behalf. An SSRF attack can lead to sensitive information being leaked or the attacker gaining control of…

Read more →

When you think of ‘hacking’, some things that might come to mind would be bad persons with criminal intent trying to infiltrate our systems and steal our data, or maybe ‘hacking’ scenes from popular movies. Hackers are usually the threat…

Read more →

Before we dive in, you might have heard the good news. This past week, on January 26th, to be exact, the FBI successfully shut down the Hive ransomware group and saved victims over a hundred million dollars in ransom payments…

Read more →

New versions of Prilex point-of-sale (POS) malware have been spotted in the wild. Their new capabilities include blocking Near Field Communication (NFC) credit card transactions. This way clients are obliged to use the machine to pay, allowing the malicious code…

Read more →

Russian hackers have claimed responsibility for a cyberattack that took more than a dozen US hospitals’ websites offline on Monday morning. Killnet, a pro-Russian hacking group infamous for DDoS attacks over the last year, claims to have taken down the…

Read more →

Google Fi, the cell network provider of Google, recently confirmed a data breach. It is likely that the incident is related to the recent T-Mobile security incident, which allowed threat actors to steal the information of millions of customers. Based…

Read more →

Monday, GitHub announced that unidentified threat actors were able to exfiltrate encrypted code signing certificates for certain versions of the GitHub Desktop for Mac and Atom applications. Therefore, the company is taking the precautionary action of canceling the exposed certificates.…

Read more →

It was recently discovered that a U.S. No Fly list, containing over 1.5 million records of banned flyers and 250,000 ‘selectees’ has been found published on a hacking forum. According to BleepingComputer, it’s the same TSA No Fly list that…

Read more →

DHCP, or Dynamic Host Configuration Protocol, is a network protocol that allows devices on a network to be automatically assigned an IP address. DHCP is used extensively in both home and enterprise networks, as it simplifies the process of configuring…

Read more →

The U.K. sports-fashion retail company JD Sports announced that one of its servers suffered a data breach. The server was holding details about the online orders of 10 million customers. All the information stored in the attacked server related to…

Read more →

Researchers have identified the real-world identity of the threat actor behind Golden Chickens Malware-as-a-Service (MaaS), known as “badbullzvenom.” A 16-month-long investigation by eSentire’s Threat Response Unit revealed multiple instances of the badbullzvenom account being shared between two individuals. The second threat…

Read more →

Researchers discovered a new attack on a Ukrainian target performed by Russian threat actors that used a new wiper malware that compromises the Windows operating system. SwiftSlicer, as the new malware was named, is attributed to the Sandworm malicious group…

Read more →

Cybersecurity researchers uncovered a new strain of ransomware named Mimic. Mimic uses Everything API, a file search tool for Windows, to search for files to encrypt. Some of the code in Mimic is similar to that found in Conti, whose…

Read more →

Threat detection and response (TDR) is an increasingly important approach to security as organizations struggle to keep up with the growing number of cyberattacks. TDR combines several technologies and processes to detect, analyze, and respond to malicious activity on networks,…

Read more →

Windows’ celebrated CLI (i.e., Command-Line Interpreter) is, without a doubt, a treasure trove of hidden features, tools, and settings. Although a bit off-putting given its lackluster GUI, Command Prompt lets you tap into every area of your Operating System, from…

Read more →

We are sure that you already heard of spyware, but are you curious to dive deeper into the consequences and types of this malware infection? This sneaky malicious software may be collecting your data as we speak, with only a…

Read more →

As industry experts continuously predict that cybercrime will only get worse in the following years, we see that the digital world is keen to find and implement new strategies to bolster cybersecurity. Today I am going to talk about one…

Read more →

One of the most recent finds exposed the Aurora Stealer malware imitating popular applications to infect as many users as possible. Cyble researchers were able to determine that, in order to target a variety of well-known applications, the threat actors…

Read more →

As organizations are increasingly dealing with security concerns, there is a need for more sophisticated access control mechanisms to ensure only authorized personnel have access to sensitive information. But what exactly is the difference between Role-Based Access Control (RBAC), Attribute-Based…

Read more →

Federal authorities have taken down a website run by a notorious ransomware gang known to extort millions of dollars from victims as part of a global cybercrime operation. The FBI seized a cache of computer servers supporting the Hive group…

Read more →

Flaws found in the Galaxy App Store gave attackers the ability to install apps without the user’s knowledge and send them to malicious sites. Samsung was notified regarding flaws CVE-2023-21433 and CVE-2023-21434, in November and December 2022. After flagging the…

Read more →

The ever-changing landscape of cybersecurity makes it harder for companies to keep up with the malicious intents of threat actors. Each day, new vulnerabilities can appear in your systems, which can give threat actors the chance they needed to breach…

Read more →

SEO poisoning attacks have been on the rise in recent years, as more and more people are using search engines to find information online. Attackers are constantly coming up with new ways to exploit SEO vulnerabilities, so it’s important to…

Read more →

On January 25th, Killnet Russian activist threat group put several German websites offline after performing a DDoS attack. The hackers claimed they targeted government websites, banks, and airports as a reaction to Germany`s decision to supply Ukraine with 2 Leopard…

Read more →

The Federal Bureau of Investigation (FBI) has confirmed that the cyberattacks on Harmony Horizon, which resulted in the theft of $100 million worth of Ethereum, were coordinated by North Korean state-sponsored hacking group, Lazarus. The North Korean APT has moved…

Read more →

A phishing scam using legitimate remote monitoring and management (RMM) software was used to target at least two federal agencies in the U.S. Specifically, cyber-criminal actors sent phishing emails that led to the download of legitimate RMM software – ScreenConnect…

Read more →

Ransomware infiltrates and hinders everything from healthcare organizations to energy distribution pipelines. This is why having an idea of the main vector of ransomware attacks is hugely beneficial, not to say imperative for your organization’s safety. Did you know that…

Read more →

Last week, video game developer Riot Games, which is behind popular games such as League of Legends and Valorant had its development environment compromised by threat actors through a social engineering attack. This week, the attackers demanded a $10 million…

Read more →

Google has been sued by the U.S. Justice Department (DOJ) for exploiting its market dominance in online advertising. Tuesday, 24 January 2023, a lawsuit was filed by the DOJ along with eight states: Virginia, California, Colorado, Connecticut, New Jersey, New…

Read more →

The largest Russian ISP, Rostelecom, reports that DDoS attacks against Russian businesses hit an all-time high in 2022. In distributed denial of service attacks (DDoS), threat actors try to make a website or service that uses the internet inaccessible by…

Read more →

From securing e-commerce transactions to encrypting data sent via email and verifying software packages, Public Key Infrastructure (PKI) and encryption are essential to secure online communications. But what exactly is PKI, how does it work, and what role does it…

Read more →

On Thursday, 19 January 2023, The Irish Data Protection Commission (DPC) announced a fine of €5.5 million for WhatsApp over breaking privacy laws when handling users’ private information. Why the Fine Was Issued? The issue of the fine is an…

Read more →

An “expansive” adware operation that spoofs over 1,700 apps from 120 publishers and affects around 11 million devices has been stopped by researchers. Dubbed VASTFLUX, the malvertising attack injected malicious JavaScript code into digital ad creatives and allowed threat actors…

Read more →

Ransomware has come to be a customary instrument in the arsenal of cybercriminals who routinely attack individuals and organizations. Under such circumstances, their victims experience financial damage either by owning up to large ransomware payouts or by bearing the price…

Read more →

Brute force attacks are a persistent security threat that has evolved over the years as technology advances. In this article, we’ll explore what a brute force attack is, its modus operandi and variants, and what prevention strategies you can use…

Read more →

The increasing frequency and size of ransomware attacks are becoming a huge concern for thousands of organizations globally. All over the world, threat actors take advantage of security vulnerabilities and encrypt data belonging to all sorts of organizations: from private…

Read more →

T-Mobile announced a new data breach after a threat actor used one of its Application Programming Interfaces to steal personal data from 37 million active postpaid and prepaid customer accounts (APIs). 37 Million Accounts Impacted On Thursday, the telecommunication giant…

Read more →

A total of $456.8 million was extorted by ransomware groups from their victims in 2022, down by almost 40% from the previous two years’ record-breaking total of $765 million. Chainalysis, a company that analyzes blockchain data, has found that the…

Read more →

The Domain Name System, and the DNS zones that it is composed of, are not as simple as ”the internet`s phonebook” largely used definition for DNS suggests it would be. As good as this comprehensive metaphor of a complex amount…

Read more →

Microsoft Azure has discovered a critical remote code execution (RCE) flaw that could allow a malicious actor to control a targeted application completely. According to Ermetic researcher Liv Matan, attackers can exploit the vulnerability by deploying malicious ZIP files containing…

Read more →

One thing is certain in today’s cybersecurity landscape, managing cyber risk across enterprises is harder than it used to be previously, but why? It started with the explosion of cloud-based services and contact with third parties, which increase organizations’ overall…

Read more →

On January 18th, Yum! Brands closed almost 300 of its restaurants in the UK due to a ransomware attack launched by an unknown malicious group. The US-based company owns KFC, Pizza Hut, and Taco Bell fast-food restaurant chains, among others,…

Read more →

Pro-Russian hacktivist group Genesis Day claims to have breached Samsung’s internal servers over South Korea’s collaboration with NATO. The attackers posted an ad on a popular hacking forum, claiming they found their way into Samsung’s internal FTP service. Because South Korea…

Read more →

Wondering how does ransomware spread? We’re not surprised. There is no doubt that cybercriminals are constantly looking for new ways to hold your data hostage.  As a result, ransomware has emerged as one of the most serious cybersecurity threats to businesses in…

Read more →

DevSecOps practices can help you to avoid sinuous workflows when it comes to software development security, earning you more time. Security should not be an afterthought when you are creating your online product, especially if you want to work fast…

Read more →

Between July and late December 2022, BackdoorDiplomacy has been associated with a new wave of attacks targeting Iranian government entities. At least since 2010, the Chinese APT group has conducted cyberespionage campaigns against government and diplomatic entities across North America,…

Read more →

A New York individual pleaded guilty to bank fraud conspiracy using stolen credit cards obtained on dark web cybercrime marketplaces. Trevor Osagie, a 31-year-old man from the Bronx, admitted that he was a key member of a group that ran…

Read more →

Access control is an important element of data security, and policy-based access control is gaining traction as one of the most robust methods for controlling who has access to what. In this article, we’ll dive into what Policy-Based Access Control…

Read more →

MailChimp announced it has been victim to a social engineering attack that threat actors successfully performed on the company`s employees and contractors. Hackers managed to obtain employee credentials and gain access to an internal customer support and account administration tool.…

Read more →

Anatoly Legkodymov, the founder of Hong Kong-registered cryptocurrency exchange Bitzlato, has been charged by the  U.S. Department of Justice with helping cybercriminals launder illegal funds. Legkodymov was arrested in Miami on Tuesday night and will be arraigned in U.S. District…

Read more →

A malware attack targeting the national news agency of Ukraine (Ukrinform) was recently stopped. The Computer Emergency Response Team of Ukraine (CERT-UA) attributed the data-wiper attack to Russian hackers. The Attack Was Not Successful CERT-U experts pinned the malware attack…

Read more →

In their latest update, Git has patched two new security flaws, both of them with a critical level of security. If left unpatched, the vulnerabilities could allow attackers to execute arbitrary code after successfully exploiting heap-based buffer overflow weaknesses. Git…

Read more →

On December 12, 2022, cybersecurity experts discovered a publicly accessible database containing 260GB of sensitive personal data from myrocket. co, which provides end-to-end recruitment solutions and HR services to Indian businesses. Nearly 200,000 employees and almost nine million job seekers…

Read more →

As time passes, threat actors are getting sneakier in their efforts. Security researchers discovered that lately a lot of fake websites impersonating popular free and open-source software have started to pop up in the sponsored section on Google search results.…

Read more →

Customers of Nissan North America had been announced of a data breach that might impact them. The notification informed the receivers that a third-party partner exposed customer information. The automobile manufacturer specified that the security incident suffered by its software…

Read more →

One of the largest providers of marine software, DNV, was hit by a ransomware attack that has affected around one thousand vessels. DNV is a Norwegian Company that provides services for 13,175 vessels and mobile offshore units totaling 265.4 million gross…

Read more →

Cyber researchers discovered last year that four of Microsoft Azure`s Services had security issues that made them vulnerable to server-side request forgery (SSRF) attacks. Two of the vulnerabilities did not request authentication, so threat actors had the opportunity to exploit…

Read more →

Since early 2020, over 250 domains have been used to spread information-stealing malware such as Raccoon and Vidar, according to an analysis recently published by cybersecurity researchers. As per the French research team, the domains are managed by a threat…

Read more →

There is no doubt that cybercriminals are constantly looking for new ways to hold your data hostage.  As a result, ransomware has emerged as one of the most serious cybersecurity threats to businesses in recent years. Because it’s so dangerous, understanding how…

Read more →

A November 2022 cyberattack on the University of Duisburg-Essen (UDE) by the Vice Society ransomware gang forced the university to reconstruct its IT infrastructure, which continues today. During the network breach, the threat actors allegedly stole files from the university,…

Read more →

Sewio, InHand Networks, SAUTER Controls, and Siemens Industrial Control Systems (ICS) are vulnerable to cyberattacks, according to the U.S. Cybersecurity and Infrastructure Security Agency (CISA). The advisories released on January 12th contain information on vulnerabilities, exploits, and other security flaws…

Read more →

Marked by significant geopolitical shifts and unrest, 2022 has galvanized the cybersecurity landscape as well; war-profiteering fueled by endless media disputes has allowed the threat actors not only to operate unhindered but also to find safe harbor with states that…

Read more →

Later this week, proof-of-concept exploit code will be made available for a serious vulnerability in multiple VMware products that permits remote code execution (RCE) without authentication. This pre-auth RCE security hole, identified as CVE-2022-47966, is brought on by the usage…

Read more →

A version of the Hive cyberattack kit created by the Central Intelligence Agency (CIA) was spotted in the wild. The pirated malicious code acts as spyware, secretly exfiltrating data from victims. The variant was nicknamed xdr33 after its digital certification…

Read more →