A notorious hacker, previously involved in high-profile data breaches of InfraGard and Twitter, has now leaked a substantial LinkedIn database on a clear web hacking forum. The scraped LinkedIn database was leaked in two parts: one containing 5 million user…
Category: Heimdal Security Blog
The Most Common Healthcare Cyberattacks
In the wrong hands, medical data can be used for a variety of crimes, such as patient identity theft, clinician identity theft, extortion, tax fraud, insurance fraud, and more. Geopolitical agendas further complicate the threat landscape, as cyberattacks such as…
Daixin Threat Group Claims Ransomware Attack on 5 Hospitals in Ontario
Daixin Team claimed responsibility for the ransomware attack that impacted 5 hospitals in Ontario, Canada, on October 23rd. TransForm, the shared service provider of the five healthcare organizations, confirmed the ransomware attack. The stolen database contains information on 5.6 million…
Hackers Exploit Atlassian Vulnerabilities for Cerber Ransomware Attacks
Threat groups exploited two recent Atlassian Confluence vulnerabilities to deploy Cerber ransomware. On October 31st, Atlassian released security updates for both flaws and urged users to patch. Both flaws, CVE-2023-22518 and CVE-2023-22515, are ranked 10 which is the maximum risk…
New DDoS Attacks Waves. Cybersecurity Expert Robertino Matausch Explains HTTP/2 Rapid Reset
If you switched from using HTTP/1 to HTTP/2 you`re a possible target of massive DDoS attacks. Hackers started recently to exploit a key feature of the HTTP/2 protocol. The vulnerability was called CVE-2023-44487. The HTTP/2 Rapid Reset DDoS attacks that targeted…
The Threat Is Real. MacOS Patching Keeps Your Apple Safe
Any device that runs code is vulnerable to hacking and so are MacOS machines. They need patching just as any other endpoint. Most Apple users would swear that Macs are immune to viruses and other malware. The truth is they`re…
How To Break The Metrics Mirage in Vulnerability Management
Meet Jeff. He’s the CISO of a mid-sized financial services company – and it’s his job to keep the organization safe from security attacks. Every week, he checks the graphs and dashboards in his SIEM (security information and event management)…
Privilege Overreach, the Lurking PAM Security Threat
Managing privileged access to internal resources is a challenge for organizations worldwide. If left unaddressed, it could lead to data breaches, downtime, and financial loss. Statistics show that 80% of data breaches seem to be caused by misuse of privileged…
Silent Safeguards – The Essence of ISO 27001 Controls
ISO 27001, sometimes referred to as ISO/IEC 27001 is an international standard that addresses organizational information security. Issued in 2005 and with a second revision in 2013, the ISO 27001 standard describes the Information Security Management Systems requirements for global…
Non-Bank Financial Firms Are to Report Breaches in Less Than 30 Days
The U.S. Federal Trade Commission (FTC) requires all non-banking financial institutions to report data breaches to FTC within 30 days. The amendment to the Safeguard Rule refers to security incidents that impact more than 500 people. Samuel Levine, Director of…
Lockbit Targeted Boeing with Ransomware. Data Breach Under Investigation
On October 27th, Lockbit claimed to have breached Boeing and threatened to leak a massive amount of sensitive data. Three days later, the threat group removed the aircraft company`s name from the victim list. At first, hackers posted a message…
Toronto Public Library Under Cyberattack
Canada’s largest public library system reported a cyberattack that took down its website, member services pages, and limited access to its digital collections. The Toronto Public Library provides more than 12 million items across 100 branches to more than 1.2…
Separation of Privilege (SoP) 101: Definition and Best Practices
Separation of privilege is splitting up tasks and assigning rights to different parts of a system. It means that user privileges are segmented between various users and accounts, but you can also apply it to applications, system sub-components, tasks, and processes.…
Heimdal® Announces New Partnership with ResenNet, displacing ResenNet’s long-standing RMM provider, N-able
[Copenhagen, Denmark – October 2023] – Heimdal, the pioneer and leading provider of unified cybersecurity solutions, is thrilled to announce its latest strategic partnership with renowned Danish managed service provider (MSP) ResenNet. This collaboration marks a significant milestone in the…
European Governments Email Servers Targeted by Threat Actors
Since at least October 11, the Russian hacker organization Winter Vivern has been using a Roundcube Webmail zero-day vulnerability in attacks against think tanks and government agencies in Europe. According to security researchers, the cyberespionage group (also identified as TA473)…
12 Best Vulnerability Management Systems & Tools 2023
Industry reports highlight the urgency: malicious actors can exploit a vulnerability within just 15 days of its discovery (CISA). The longer you wait, the larger the target on your back grows. Without proper vulnerability management, your business not only risks…
Cybercriminals Target Senior U.S. Executives Using EvilProxy Phishing Kit
Threat actors use EvilProxy phishing-as-a-service (PhaaS) toolkit to target senior executives in the U.S. in massive phishing campaigns. EvilProxy is an adversary-in-the-middle (AiTM) PhaaS designed to steal credentials and take over accounts. It mainly targets companies in the banking, financial…
Hackers Breached Okta`s Customer Support System via Stolen Credentials
Okta announced that threat actors breached their customer support system and accessed some of their clients` files. Hackers used stolen credentials to intrude into the system. GitHub, Apple, Hewlett Packard, Zoom, FedEx, Mitsubishi Heavy Industries, etc. use Okta`s identity and…
US Energy Company Reveals How Akira Ransomware Compromised its Systems
BHI Energy, a US energy services company linked to Westinghouse Electric Company, has revealed specifics about a cyberattack on their systems. The Akira ransomware group is responsible for the breach that took place on May 30, 2023. As a division…
University of Michigan Faces Data Breach Impacting Many of its Affiliates
The University of Michigan recently announced a data breach that took place in August. Cyber attackers broke into the university’s network, gaining unauthorized access to systems containing data of students, applicants, alumni, donors, employees, patients, and research study participants. This…
What Are Booking.com Doing To Protect Customers From Huge Phishing Campaign?
A deceptive email from ‘Booking.com’ targeted a victim, demanding credit card details to confirm a hotel reservation. This approach, part of a broader campaign, caught the recipient off-guard, prompting them to reach out to us to report the incident. Booking.com…
What is Cybersecurity-as-a-Service (CSaaS) and How It Can Help Your Business?
As businesses have become increasingly susceptible to cyberattacks, the use of Cybersecurity-as-a-Service, or CSaaS, has become more important. In this article, I will outline what CSaaS is, and discuss some of the benefits it can offer to businesses. I will…
Vulnerability Management Metrics: It’s Time to Look Past the Metrics Mirage
When it comes to managing security vulnerabilities, it helps to know your enemy. That’s why businesses rely on a set of vulnerability management metrics to help quantify how resilient they are and better inform their decisions on how to respond.…
Cybersecurity And The Patching Paralysis Problem
Summary: With dozens of apps, systems and devices to keep up to date, many IT departments suffer from ‘patching paralysis’. Find out why patching paralysis happens, and how you can overcome it. Key takeaways: Patching paralysis is very common It…
Thousands of Cisco IOS XE Devices Compromised Due to Zero-Day Vulnerability
Over 40,000 Cisco devices running the IOS XE operating system have been compromised after threat actors exploited a recently disclosed vulnerability, tracked as CVE-2023-20198. At the time of writing this article, there is neither a fix nor a solution for…
Best Patch Management Software & Tools 2023
Choosing the best patch management tool boils down to what your organization needs. Consider how complex your IT setup is and how much you’re willing to spend. For instance, large companies with diverse operating systems and applications will need a…
What Is Phishing-as-a-Service (PhaaS) and How to Protect Against It
Phishing-as-a-service, or PhaaS, platforms have evolved from the classic phishing attacks as a business model. Less experienced hackers embraced the opportunity of leading several phishing campaigns without necessarily owning the technical abilities for it. In this article, we will define Phishing-as-a-Service,…
12 Best Windows Server Patch Management Software & Tools 2023
Considering the inherent complexity of the IT infrastructure, Windows servers stand as critical pillars for many enterprises. Their seamless function is vital, yet they’re susceptible to vulnerabilities. Robust patch management not only mitigates these risks but also ensures optimal performance,…
Employee Clicking on Phishing Link Leads to D-Link Data Breach
D-Link leading global networking equipment company admitted suffering a data breach. Threat actors gained access to the company`s system after an employee clicked on a phishing link. The company discovered the data breach after the threat actors posted about it…
Progress Software Under Legal and Financial Scrutiny After MOVEit Incident
Progress Software, the owner of the MOVEit file transfer tool, is dealing with dozens of class action lawsuits and investigations from U.S. agencies. This follows a significant security breach in May which led to the theft of a vast amount…
Women Political Leaders Summit Targeted with Backdoor Malware
The Women Political Leaders (WPL) Summit in Brussels, dedicated to the topics of gender equality and female leadership, became the target of a cyber-espionage campaign orchestrated by ‘Void Rabisu’. This group developed a replica of the official WPL site, leading…
XDR vs. EDR vs. NDR: A Comparison
Threat Detection and Response (D&R) Solutions are an important part of the cybersecurity strategy, especially in the face of escalating cyber attacks. These security tools have seen significant evolution, adapting to more sophisticated threats over time. Extended Detection & Response…
Fairfax Healthcare Company Announces Data Breach
Fairfax healthcare organization from the United States has disclosed a data breach that could have compromised the medical records of approximately 250,000 patients. The Virginia-based supplier of facial and dental services announced the conclusion of an investigation, which revealed that…
DarkGate Malware Spread via PDF Files Through Microsoft Teams and Skype
DarkGate, a piece of malware has been observed being spread via instant messaging platforms such as Microsoft Teams and Skype. How the Attack Works? In these attacks, a Visual Basic for Applications (VBA) loader script disguised as a PDF document…
DarkGate Malware Spreaded via PDF Files Through Microsoft Teams and Skype
DarkGate, a piece of malware has been observed being spread via instant messaging platforms such as Microsoft Teams and Skype. How the Attack Works? In these attacks, a Visual Basic for Applications (VBA) loader script disguised as a PDF document…
FBI, CISA: Beware of AvosLocker Ransomware Attacks
In a new joint cybersecurity advisory, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have released information on the AvosLocker ransomware gang, that has been linked to attacks against critical infrastructure sectors in…
Balada Injector Malware Hits More Than 17,000 WordPress Sites
A new Balada Injector campaign used known WordPress plugin and theme vulnerabilities to hack over 17,000 websites during September 2023. Threat actors exploited the CVE-2023-3169 cross-site scripting (XSS) vulnerability in tagDiv Composer. Composer is a tool for the tagDiv’s Newspaper…
XDR vs EDR – A Comparison
Cybersecurity purchasers and providers must adopt a new way of thinking in response to the more sophisticated cyber threats that keep emerging. The necessity for more thorough and integrated approaches to cyber security is highlighted by the fact that traditional…
What Is XDR (Extended Detection and Response)? Features, Benefits, and Beyond
As cyber attackers become more sophisticated, leveraging machine learning and other advanced techniques, the importance of robust XDR security solutions becomes paramount. But what exactly is XDR, and why is it crucial in today’s technology stack? Keep reading to find…
What Is Email Spoofing and How to Stay Protected
Email spoofing is a type of cyberattack in which a threat actor sends emails with a fake sender address. In email spoofing, attackers can make it seem like an email is sent by a familiar person such as a colleague,…
Air Europa Data Breach Exposes Customers` Credit Cards Information
Threat actors got unauthorized access to customers` credit card information due to Air Europa data breach. The Spanish airline urged its impacted clients to cancel their credit cards in order to limit potential damage. It is still unknown how many…
NDR vs EDR: A Comparison Between the Two Cybersecurity Solutions
NDR (Network Detection and Response) and EDR (Endpoint Detection and Response) are two approaches to cyber security that are similar but distinct and that address several common problems. NDR and EDR use machine learning and artificial intelligence to defend against…
What Is Privilege Management?
As defined by Jericho Systems, privilege management also referred to as Privileged Account Management (PAM) is “the practice of controlling and administering digital user identities and the rights of those identities to perform actions on specified resources.” For cybercriminals, privileged…
Flagstar Bank Breached for the Third Time in Two Years
Flagstar Bank announced a data breach that affected over 800,000 US customers. The breach, involving a third-party service provider, led to the leak of users’ personal information. Flagstar is a financial services provider with total assets of over $31 billion. New…
Access-as-a-Service: How to Keep Access Brokers Away from Your Organization
An attacker’s access to the network is often traced back to a succession of events, which network defenders must unravel. This is done by asking specific questions such as: How did the attackers enter the network? How did they gain…
PoC Exploits Released for Major Linux Flaw
On the majority of Linux distributions, proof-of-concept attacks for a high-severity vulnerability in the dynamic loader of the GNU C Library have previously been made public online. Details About the Vulnerability The security vulnerability is known as “Looney Tunables” and…
Lyca Mobile Affected by Cyberattack
Lyca Mobile has released a statement about an unexpected disruption on its network caused by a cyberattack that may have also compromised customer data. The British company provides voice IP (VoIP) and mobile telecommunications services in 60 nations, including the…
Windows Patch Management: How It Works and Why It Helps
Windows patching is essential for closing system and application vulnerabilities and certifying that everything works as it should. Read on to find out more about the Microsoft Windows patch management process, how can you implement a proper Windows vulnerability management strategy and…
Drive-by Download Attack – What It Is and How It Works
In today’s digital age, cybersecurity is more important than ever before. Unfortunately, cybercriminals are constantly finding new ways to infiltrate networks and steal data. One of the most insidious methods they use is known as a drive-by download attack. This…
Security Information and Event Management (SIEM). What It Is and How It Works.
Wondering what is SIEM, what are its benefits and limitations, and what are the best practices you can apply for your business? Read on to find out the answers to your questions! What is SIEM? SIEM (Security Information and Event…
Researchers Found New Rogue npm Package Deploying Open-Source R77 Rootkit
Researchers discovered that a new rogue npm package installed the r77 open-source rootkit. This was the first time that a rogue package was observed delivering rootkit functionality. The “node-hide-console-windows” package forged the legitimate “node-hide-console-window” one. The forgery was first discovered…
ShellTorch Vulnerabilities Expose PyTorch Models to Remote Code Execution
ShellTorch vulnerabilities chain exposes tens of thousands of servers to remote code execution and data exfiltration. Researchers revealed that the TorchServe flaws (including CVE-2023-43654, CVSS: 9.8) can expose sensitive data, compromise AI models, and run a full server takeover. TorchServe…
Top 10 Reasons Mid-sized Businesses Need Zero Trust Security
The focus in this article will be on the challenges faced by midsize companies, defined here as organizations with 100-1000 employees, and how adopting a Zero Trust approach might help solve those problems. Why medium-sized businesses? Because mid-sized businesses are…
Industrial Control System (ICS): Definition, Types, Security
An industrial control system (or ICS) is a type of computer system that monitors and controls industrial processes and infrastructure. ICSs are used in a variety of industries, including oil and gas, chemical, water and wastewater, energy, food and beverage,…
Johnson Controls Faces Ransomware Attack, Risking DHS Security Data
Johnson Controls, a major provider of building automation solutions, has fallen victim to a ransomware attack by the Dark Angels ransomware gang, potentially compromising sensitive information related to the U.S. Department of Homeland Security (DHS). What Happened? Johnson Controls underwent…
New Malware-as-a-Service Gains Traction Among Cybercriminals
Security experts have discovered BunnyLoader, a malware-as-a-service (MaaS) that is rapidly evolving and gaining popularity on different hacker platforms due to its ability to covertly infiltrate systems and manipulate their data, focusing in particular on system clipboards. Unveiled on September…
Linux Patch Management: Benefits and Best Practices
Compared to Windows, Linux it’s different in areas such as features, flexibility, operationality, and ease of use. Naturally, we can assume that there must exist differences between the two operating systems regarding patching. Today, we will take a deep dive…
10 Best Tenable Alternatives & Competitors in 2023 [Features, Pricing & Reviews]
If you’re in the market for robust security solutions, chances are you’ve heard about Tenable. Their products are renowned for their capabilities in threat detection and vulnerability management. However, many users have encountered a common frustration – implementation woes and…
Logic Flaws Let Attackers Bypass Cloudflare’s Firewall and DDoS Protection
The effectiveness of Cloudflare’s Firewall and DDoS prevention has been proven to be compromised by an attack technique that takes the use of logical vulnerabilities in cross-tenant security policies. This finding has sparked worries about possible vulnerabilities that could damage the…
Progress Software Releases Urgent Patches to Fix WS_FTP Server Vulnerabilities
Progress Software, the developer behind the MOVEit Transfer file-sharing platform recently issued a patch for a maximum severity vulnerability in its WS_FTP Server software and advises users to deploy the patch quickly. Details About the Vulnerabilities Discovered According to an…
9 Best Carbon Black Alternatives & Competitors in 2023
A quick search on the Internet retrieved a pack of VMware Carbon Black alternatives for endpoint protection services. I analyzed features, pros, cons and pricing and then I drew conclusions. So, here`s a list of 9 Best Carbon Black Alternatives…
12 Benefits of Zero Trust for Mid-Sized Businesses
Zero Trust security is evolving from “nice to have” to an absolute must for organizations everywhere. Fortunately, Zero Trust offers numerous advantages to companies of all sizes, including medium-sized ones. While achieving full Zero Trust is a long-term goal, even…
Why Organizations Struggle With Vulnerability Management?
Where Do Organizations Struggle With Vulnerability Management? With over 60% of companies having been the victims of cyberattacks in the last year, you can see that companies seem to be struggling with the way in which they manage vulnerabilities. Vulnerability…
Heimdal® Achieves ISAE 3000 SOC 2 Type II Certification, Demonstrating Compliance with the Highest Security Standards
Heimdal is delighted to announce that it has once again received accreditation for ISAE 3000 SOC 2 Type II for the 3rd time in a row, demonstrating its unwavering dedication to providing the highest level of data protection and security for…
Sony`s Systems Breached. Ransomed.vc Claims Stealing 260 GB of Data
Ransomed.vc threat group claims they`re responsible for an alleged Sony data breach and attempt to sell the stolen data on the dark web. While Ransomed.vc stated they compromised „all of Sony`s systems”, and stole 260 GB of data, the file…
Phobos Ransomware: Everything You Need to Know and More
In the ever-evolving landscape of cyber threats, ransomware remains a pervasive and destructive weapon in the arsenal of cybercriminals. Among the various ransomware strains, Phobos has gained notoriety for its sophisticated capabilities and devastating consequences. This article delves into Phobos…
NY College Must Spend $3.5M on Cybersecurity After Breach Affecting 200k Students
After a data breach in 2021 exposed the personal information of nearly 200,000 people, the attorney general of New York requested a university to invest $3.5 million in cybersecurity. The measure addresses the data security deficiencies that led to a…
7 Best Sophos Alternatives & Competitors in 2023 [Features, Pricing & Reviews]
In the ever-evolving cybersecurity landscape, businesses constantly seek robust security solutions to protect their digital assets. Sophos, a well-known name in the cybersecurity industry, has been a trusted choice for many organizations. However, with the market continuously expanding and new…
Apple Fixes 3 New Actively Exploited Zero-Day Vulnerabilities
Apple released an emergency security update to patch three newly identified zero-days exploited actively by threat actors. The vulnerabilities affected iPhone and Mac users, and with this, the total zero-days fixed by Apple this year rose to 16. What Do…
New Threat Group: Sandman Targets Telecommunication Companies Across the World With Infostealers
A previously unknown threat group known as “Sandman” is making its presence felt. The group uses a modular information-stealing malware called “LuaDream” to target telecommunication service providers in the Middle East, Western Europe, and South Asia. Sandman: How This New…
Computer Security Incident Response Team (CSIRT): How to Build One
According to the World Economic Forum, “widespread cybercrime and cyber insecurity” is rated as one of the greatest worldwide dangers for the following two and ten years. This means that your organization needs to constantly improve its cybersecurity posture. A…
International Criminal Court Reveals System Breach and Plans to Bolster Security
The International Criminal Court (ICC) announced on September 19th that hackers breached their computer systems. ICC storages highly sensitive information about war crimes and is thus one of the world`s most important public institutions. What We Know About the ICC…
Critical GitLab Pipeline Vulnerability Revealed. Users are urged to patch immediately
GitLab disclosed critical vulnerability that enables hackers to run pipelines as other users by leveraging scheduled security scan policies. The platform issued an advisory and urged users to apply available updates as soon as possible. The GitLab pipeline vulnerability was…
Improper Usage of SAS Token Leads to Massive Microsoft Data Leakage
Microsoft researchers leaked 38TB of sensitive data to a public GitHub repository while training open-source AI learning models. The Microsoft data leakage occurred starting July 2020 and white hat hackers only discovered and reported it on June 22nd, 2023. Consequently,…
Cryptocurrency Scams to Heavily Target TikTok Users
Cybercriminals heavily target TikTok users with cryptocurrency giveaway scams. The vast majority of the posts impersonate Elon Musk and relate to Tesla or SpaceX. These types of posts have been on other social media platforms – Instagram and Twitter –…
EDR for Banking: 6 Ways EDR Can Help Financial Organizations
There are financial advantages to investing in cybersecurity, especially in Endpoint Detection and Response (EDR) solutions. Breaching one financial institution can bring threat actors access to a variety of companies’ assets. That is because banks store money and data for…
Best Practices for Endpoint Security in Healthcare Institutions
While achieving compliance with industry standards is the minimum, it’s not enough to prevent insider threats, supply chain attacks, DDoS, or sophisticated cyberattacks such as double-extortion ransomware, phishing, business email compromise (BEC), info-stealing malware or attacks that leverage the domain…
How DNS Layer Security Stops Ransomware and Other Cyberattacks
DNS-Layer Security protects users from threats that arise from inbound and outbound traffic. It refers to monitoring communications between endpoints and the internet at a DNS-layer level. Imagine the DNS layer security as a gatekeeper who makes sure that all…
Two New York Hospitals Breached by the LockBit Ransomware Group
The notorious LockBit ransomware group claims to have breached two major hospitals from upstate New York, the Carthage Area Hospital and Claxton-Hepburn Medical Center. The two hospitals serve hundreds of thousands of patients. Details on the Attack: The Hospitals Are…
What Effect Does Firm Size Have on Ransomware Threats?
In an increasingly digital world, the threat of ransomware looms large over organizations of all sizes. However, the impact of ransomware attacks can vary significantly depending on the size of the targeted firm. This article delves into the effects of…
5 Examples of DNS IoCs That Are Red Flags for Cyberattacks
In the increasingly digitalized world that we live in, doing business without being connected 24/7 is almost unthinkable. Any medium to large organization needs to have an online way of displaying its products or services. It also needs a fast…
Companies Affected by Ransomware [Updated 2023]
The increasing frequency and size of ransomware attacks are becoming a huge concern for thousands of organizations globally. All over the world, threat actors take advantage of security vulnerabilities and encrypt data belonging to all sorts of organizations: from private…
Banking Cybersecurity: The Risks Faced by Financial Institutions
A data breach in the financial sector is one of the most impactful events in the cybersecurity landscape. That is because Banking, Financial Services, and Insurance (BFSI) institutions/ financial institutions safeguard and store not only our money but also very…
How to Use DNS IoCs to Prevent Ransomware Attacks
As malware and attack techniques continue to evolve in sophistication, DNS IoCs help threat hunting teams to prevent ransomware attacks. Prioritizing threat hunting to prevent and mitigate advanced threats is critical to safeguarding an organization`s data and assets. The red…
GitHub Vulnerability Exposes Over 4,000 Repositories to Repojacking Attacks
New vulnerability in GitHub puts more than 4,000 repositories at risk. The flaw turns the code packages vulnerable to repojacking attacks. After researchers reported the vulnerability to GitHub, the code hosting platform released a fix. Repository hijacking (repojacking) is a…
Microsoft Teams Phishing Attacks: Ransomware Group Shifts Tactics
Microsoft revealed a shift in tactics by an initial access broker known for its ties to ransomware groups. The threat actor is known as Storm-0324 and had formerly spread Sage and GandCrab ransomware. Storm-0324 recently moved from deploying ransomware to…
Ransomware Trends and Predictions for 2023 and Beyond
New ransomware trends are on the rise as ransomware has emerged as one of the most formidable cyber threats in recent years, causing significant disruptions to businesses, governments, and individuals worldwide. As we step into 2023 and beyond, it’s crucial…
Patch Now! Mozilla Releases Security Updates For Firefox Zero Day Vulnerability
On September 12th, 2023, Mozilla released crucial security updates to address a critical Firefox zero day vulnerability. Security researchers also detected the flaw in the Thunderbird application. The zero-day was dubbed CVE-2023-4863 and has been actively exploited in the wild.…
MGM Resorts Suspends IT Systems Following Cyber Incident
MGM Resorts International confirmed that a cyber incident has disrupted several of its critical systems, affecting its main website, online reservations, and in-casino services, including ATMs, slot machines, and credit card machines. The company revealed this via a statement on…
What Is Managed Extended Detection and Response (MXDR)?
Managed Extended Detection and Response (MXDR) is yet another step toward the perfect security solution. Researchers designed MXDR with two major vectors in mind. First, it had to keep up with the latest internal and external threats. Second, to protect…
Patch Management Policy: A Practical Guide
Patching, a highly necessary, yet sometimes neglected practice of resolving security risks related to vulnerabilities, can prove difficult for organizations of all sizes. You probably already know that a regular and well-defined patch management routine proactively ensures your systems function…
Ragnar Locker Claims Israel Hospital Cyberattack
The Ragnar Locker ransomware gang claims responsibility for the cyberattack on Mayanei Hayeshua hospital from Israel. The incident occurred in August 2023, and cybercriminals allegedly managed to steal 1TB of data. Now, the criminal gang threatens to leak all that…
Navigating PAM Implementation Risks: A Comprehensive Guide for CISOs
Chief Information Security Officers (CISOs) bear the responsibility of safeguarding their organizations against an ever-evolving array of cyber threats. Among a myriad of other challenges, Privileged Access Management (PAM) emerges as a pivotal domain. However, implementing PAM solutions involves navigating…
What Is Token-Based Authentication?
Secured authentication to databases and systems is essential to enterprise cybersecurity management. According to the 2023 Data Breach Investigations Report, 82% of all breaches stem from human error, often due to mishandled or compromised login details that allow malicious entities…
Cisco BroadWorks Is Affected by a Critical-Severity Vulnerability
The Cisco BroadWorks Application Delivery Platform and Cisco BroadWorks Xtended Services Platform are both affected by a serious vulnerability that might allow remote attackers to counterfeit credentials and bypass authentication. Cisco BroadWorks is a cloud communication services platform used by…
Warning: RocketMQ Vulnerability Actively Exploited by Threat Actors
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a new critical-severity vulnerability to its KEV catalog. The issue is tracked as CVE-2023-33246 and it affects Apache’s RocketMQ distributed messaging and streaming platform. Exploiting the vulnerability is possible without authentication…
Minneapolis School District Reveals Full Extent of Data Breach
Minneapolis Public Schools (MPS) recently disclosed the full extent of a data breach from earlier this year, affecting more than 105,000 individuals. The breach, initially attributed to the Medusa ransomware group, compromised a wide range of personal information. The Breach…
Vulnerabilities Uncovered: Critical Remote Code Execution Risks in ASUS Routers
ASUS routers have come under the spotlight due to three critical remote code execution vulnerabilities. These vulnerabilities pose a significant threat, with all three receiving a CVSS v3.1 score of 9.8 out of 10.0. They can be exploited remotely and…
Heimdal®’s Semiannual Rundown of the Most Exploited Vulnerabilities of 2023
In the ever-evolving threascape, staying ahead of the latest vulnerabilities is crucial for individuals, organizations, and government institutions. This year, we have witnessed a plethora of vulnerabilities stretched across various software, hardware, and platforms. In this article, we will deep-dive…
University of Sydney Reports Data Breach
The University of Sydney (USYD) has reported a data breach involving a third-party service provider, leading to the exposure of personal information for a subset of international applicants. The breach did not affect local students, staff, alumni, or donors. Upon…