Category: Heimdal Security Blog

Industry reports highlight the urgency: malicious actors can exploit a vulnerability within just 15 days of its discovery (CISA). The longer you wait, the larger the target on your back grows. Without proper vulnerability management, your business not only risks…

Read more →

Threat actors use EvilProxy phishing-as-a-service (PhaaS) toolkit to target senior executives in the U.S. in massive phishing campaigns. EvilProxy is an adversary-in-the-middle (AiTM) PhaaS designed to steal credentials and take over accounts. It mainly targets companies in the banking, financial…

Read more →

Okta announced that threat actors breached their customer support system and accessed some of their clients` files. Hackers used stolen credentials to intrude into the system. GitHub, Apple, Hewlett Packard, Zoom, FedEx, Mitsubishi Heavy Industries, etc. use Okta`s identity and…

Read more →

BHI Energy, a US energy services company linked to Westinghouse Electric Company, has revealed specifics about a cyberattack on their systems. The Akira ransomware group is responsible for the breach that took place on May 30, 2023. As a division…

Read more →

The University of Michigan recently announced a data breach that took place in August. Cyber attackers broke into the university’s network, gaining unauthorized access to systems containing data of students, applicants, alumni, donors, employees, patients, and research study participants. This…

Read more →

A deceptive email from ‘Booking.com’ targeted a victim, demanding credit card details to confirm a hotel reservation. This approach, part of a broader campaign, caught the recipient off-guard, prompting them to reach out to us to report the incident. Booking.com…

Read more →

As businesses have become increasingly susceptible to cyberattacks, the use of Cybersecurity-as-a-Service, or CSaaS, has become more important. In this article, I will outline what CSaaS is, and discuss some of the benefits it can offer to businesses. I will…

Read more →

When it comes to managing security vulnerabilities, it helps to know your enemy. That’s why businesses rely on a set of vulnerability management metrics to help quantify how resilient they are and better inform their decisions on how to respond.…

Read more →

Summary: With dozens of apps, systems and devices to keep up to date, many IT departments suffer from ‘patching paralysis’. Find out why patching paralysis happens, and how you can overcome it.  Key takeaways: Patching paralysis is very common It…

Read more →

Over 40,000 Cisco devices running the IOS XE operating system have been compromised after threat actors exploited a recently disclosed vulnerability, tracked as CVE-2023-20198. At the time of writing this article, there is neither a fix nor a solution for…

Read more →

Choosing the best patch management tool boils down to what your organization needs. Consider how complex your IT setup is and how much you’re willing to spend. For instance, large companies with diverse operating systems and applications will need a…

Read more →

Phishing-as-a-service, or PhaaS, platforms have evolved from the classic phishing attacks as a business model. Less experienced hackers embraced the opportunity of leading several phishing campaigns without necessarily owning the technical abilities for it. In this article, we will define Phishing-as-a-Service,…

Read more →

Considering the inherent complexity of the IT infrastructure, Windows servers stand as critical pillars for many enterprises. Their seamless function is vital, yet they’re susceptible to vulnerabilities. Robust patch management not only mitigates these risks but also ensures optimal performance,…

Read more →

D-Link leading global networking equipment company admitted suffering a data breach. Threat actors gained access to the company`s system after an employee clicked on a phishing link. The company discovered the data breach after the threat actors posted about it…

Read more →

Progress Software, the owner of the MOVEit file transfer tool, is dealing with dozens of class action lawsuits and investigations from U.S. agencies. This follows a significant security breach in May which led to the theft of a vast amount…

Read more →

The Women Political Leaders (WPL) Summit in Brussels, dedicated to the topics of gender equality and female leadership, became the target of a cyber-espionage campaign orchestrated by ‘Void Rabisu’. This group developed a replica of the official WPL site, leading…

Read more →

Threat Detection and Response (D&R) Solutions are an important part of the cybersecurity strategy, especially in the face of escalating cyber attacks. These security tools have seen significant evolution, adapting to more sophisticated threats over time. Extended Detection & Response…

Read more →

Fairfax healthcare organization from the United States has disclosed a data breach that could have compromised the medical records of approximately 250,000 patients. The Virginia-based supplier of facial and dental services announced the conclusion of an investigation, which revealed that…

Read more →

DarkGate, a piece of malware has been observed being spread via instant messaging platforms such as Microsoft Teams and Skype. How the Attack Works? In these attacks, a Visual Basic for Applications (VBA) loader script disguised as a PDF document…

Read more →

DarkGate, a piece of malware has been observed being spread via instant messaging platforms such as Microsoft Teams and Skype. How the Attack Works? In these attacks, a Visual Basic for Applications (VBA) loader script disguised as a PDF document…

Read more →

In a new joint cybersecurity advisory, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have released information on the AvosLocker ransomware gang, that has been linked to attacks against critical infrastructure sectors in…

Read more →

A new Balada Injector campaign used known WordPress plugin and theme vulnerabilities to hack over 17,000 websites during September 2023. Threat actors exploited the CVE-2023-3169 cross-site scripting (XSS) vulnerability in tagDiv Composer. Composer is a tool for the tagDiv’s Newspaper…

Read more →

Cybersecurity purchasers and providers must adopt a new way of thinking in response to the more sophisticated cyber threats that keep emerging. The necessity for more thorough and integrated approaches to cyber security is highlighted by the fact that traditional…

Read more →

As cyber attackers become more sophisticated, leveraging machine learning and other advanced techniques, the importance of robust XDR security solutions becomes paramount. But what exactly is XDR, and why is it crucial in today’s technology stack? Keep reading to find…

Read more →

Email spoofing is a type of cyberattack in which a threat actor sends emails with a fake sender address. In email spoofing, attackers can make it seem like an email is sent by a familiar person such as a colleague,…

Read more →

Threat actors got unauthorized access to customers` credit card information due to Air Europa data breach. The Spanish airline urged its impacted clients to cancel their credit cards in order to limit potential damage. It is still unknown how many…

Read more →

NDR (Network Detection and Response) and EDR (Endpoint Detection and Response) are two approaches to cyber security that are similar but distinct and that address several common problems. NDR and EDR use machine learning and artificial intelligence to defend against…

Read more →

As defined by Jericho Systems, privilege management also referred to as Privileged Account Management (PAM) is “the practice of controlling and administering digital user identities and the rights of those identities to perform actions on specified resources.” For cybercriminals, privileged…

Read more →

Flagstar Bank announced a data breach that affected over 800,000 US customers. The breach, involving a third-party service provider, led to the leak of users’ personal information. Flagstar is a financial services provider with total assets of over $31 billion. New…

Read more →

An attacker’s access to the network is often traced back to a succession of events, which network defenders must unravel. This is done by asking specific questions such as: How did the attackers enter the network? How did they gain…

Read more →

On the majority of Linux distributions, proof-of-concept attacks for a high-severity vulnerability in the dynamic loader of the GNU C Library have previously been made public online. Details About the Vulnerability The security vulnerability is known as “Looney Tunables” and…

Read more →

Lyca Mobile has released a statement about an unexpected disruption on its network caused by a cyberattack that may have also compromised customer data. The British company provides voice IP (VoIP) and mobile telecommunications services in 60 nations, including the…

Read more →

Windows patching is essential for closing system and application vulnerabilities and certifying that everything works as it should. Read on to find out more about the Microsoft Windows patch management process, how can you implement a proper Windows vulnerability management strategy and…

Read more →

In today’s digital age, cybersecurity is more important than ever before. Unfortunately, cybercriminals are constantly finding new ways to infiltrate networks and steal data. One of the most insidious methods they use is known as a drive-by download attack. This…

Read more →

Wondering what is SIEM, what are its benefits and limitations, and what are the best practices you can apply for your business? Read on to find out the answers to your questions! What is SIEM?  SIEM (Security Information and Event…

Read more →

Researchers discovered that a new rogue npm package installed the r77 open-source rootkit. This was the first time that a rogue package was observed delivering rootkit functionality. The “node-hide-console-windows” package forged the legitimate “node-hide-console-window” one. The forgery was first discovered…

Read more →

ShellTorch vulnerabilities chain exposes tens of thousands of servers to remote code execution and data exfiltration. Researchers revealed that the TorchServe flaws (including CVE-2023-43654, CVSS: 9.8) can expose sensitive data, compromise AI models, and run a full server takeover. TorchServe…

Read more →

The focus in this article will be on the challenges faced by midsize companies, defined here as organizations with 100-1000 employees, and how adopting a Zero Trust approach might help solve those problems. Why medium-sized businesses? Because mid-sized businesses are…

Read more →

An industrial control system (or ICS) is a type of computer system that monitors and controls industrial processes and infrastructure. ICSs are used in a variety of industries, including oil and gas, chemical, water and wastewater, energy, food and beverage,…

Read more →

Johnson Controls, a major provider of building automation solutions, has fallen victim to a ransomware attack by the Dark Angels ransomware gang, potentially compromising sensitive information related to the U.S. Department of Homeland Security (DHS). What Happened? Johnson Controls underwent…

Read more →

Security experts have discovered BunnyLoader, a malware-as-a-service (MaaS) that is rapidly evolving and gaining popularity on different hacker platforms due to its ability to covertly infiltrate systems and manipulate their data, focusing in particular on system clipboards. Unveiled on September…

Read more →

Compared to Windows, Linux it’s different in areas such as features, flexibility, operationality, and ease of use. Naturally, we can assume that there must exist differences between the two operating systems regarding patching. Today, we will take a deep dive…

Read more →

If you’re in the market for robust security solutions, chances are you’ve heard about Tenable. Their products are renowned for their capabilities in threat detection and vulnerability management. However, many users have encountered a common frustration – implementation woes and…

Read more →

The effectiveness of Cloudflare’s Firewall and DDoS prevention has been proven to be compromised by an attack technique that takes the use of logical vulnerabilities in cross-tenant security policies. This finding has sparked worries about possible vulnerabilities that could damage the…

Read more →