Freecycle, a global online platform promoting the exchange of used items, announced a significant data breach affecting over 7 million of its users. The nonprofit organization became aware of the intrusion on August 30th, though the stolen information had been…
Category: Heimdal Security Blog
5 Ways Heimdal® Protects You From DNS Attacks
As cyber-attacks continue to proliferate, it’s essential for organizations to stay ahead of the game when it comes to security. One area that requires particular attention is the Domain Name System (DNS). DNS attacks are more common than one might…
Heimdal Announces Expansion into the Indian Market
Mumbai, 31st August 2023 — Heimdal, a global leader in cybersecurity solutions, is thrilled to announce its official entry into the Indian market. This strategic expansion marks a significant milestone in Heimdal’s mission to provide cutting-edge cybersecurity services to businesses…
Why Is MDR Better Than EDR: Enhancing Cybersecurity in the Modern World
Cybersecurity has become a paramount concern for businesses and organizations in today’s interconnected world. The rise of sophisticated cyber threats and the increasing complexity of IT environments have made it crucial for companies to invest in robust security solutions. Managed…
7 Key MXDR Benefits
Protecting businesses has gotten increasingly difficult today. The sophistication of cyberattacks, the growth of distributed workforces, and the increased reliance on third-party providers have greatly expanded the attack surface, making it more complex than ever. In order to minimize the…
Sourcegraph’s Website Breached by Threat Actors
Popular AI-powered coding platform Sourcegraph reveals that its website was breached this week due to a leaked site-admin access token. The token leaked online on July 14th, but it took until the 28th of August for an attacker to use…
Malicious Generative AI Tools. Buzz, Threat, and Solution
After almost a year of generative AI euphoria and praising the Open.Ai ChatGPT model, it`s time to take a step back. Let`s assess how this amazing piece of technology changed the cyber threat landscape. Like any innovation, generative AI tools…
SapphireStealer: A New Open-Source Information Stealer Malware to Look Out For
A new malware is gaining traction in the cyber world. Dubbed SapphireStealer, this open-source .NET-based information-stealing malware has been observed to be used by threat groups, with some of them even creating their own customized variations. As reported by TheHackerNews,…
Ransomware-as-a-Service (RaaS) – The Rising Threat to Cybersecurity
Ransomware trends are on the rise, even more so today than in the previous years. According to Group-IB’s Hi-Tech Crime Trends Report 2021/2022, the increase of the ransomware industry happened due to a combination of poor corporate security and a thriving…
Weaknesses in Cisco ASA SSL VPNs Exploited Through Brute-Force Attacks
In a recent surge of cyber threats, hackers have targeted Cisco Adaptive Security Appliance (ASA) SSL VPNs using a combination of brute-force attacks and credential stuffing. These attacks have taken advantage of security vulnerabilities, particularly the absence of robust multi-factor…
Notorious QakBot Malware Dismantled: $8.6M Seized and 700K Computers Freed
On Tuesday, the U.S. Department of Justice announced the disruption of an international law enforcement operation that targeted the QakBot botnet and its related malware, which has been linked to numerous cyberattacks and caused nearly $60 million in global losses…
Heimdal’s MXDR Adapt, an Innovative Adaptive Control for Enhanced Threat Detection and Response
Heimdal® unveils MXDR Adapt, a transformative evolution of its Managed Extended Detection and Response (MXDR) solution. This revolutionary adaptive control enhances the capabilities of the existing MXDR (24×7 SOC) offering, reaffirming Heimdal’s commitment to equipping clients with unprecedented customization in…
Zero-Day Alert! Critical Flaw in Citrix ADC and Gateway Exploited in the Wild (Updated)
Citrix urged customers to patch NetScaler ADC and Gateway products after discovering a critical-severity zero-day vulnerability. The flaw was dubbed CVE-2023-3519, ranked 9.8 on the CVSS, and was observed exploited in the wild. The company released updated versions of the…
47,000 London Metropolitan Police Personnel Impacted by Data Breach
London`s Metropolitan Police announced bolstering cybersecurity measures after one of its suppliers detected a data breach. A contractor responsible for printing warrant cards and staff passes was the target of a cyberattack. Data belonging to 47,000 officers and police staff…
Enhancing Cybersecurity: How XDR Software Empowers CISOs
As modern threats surpass traditional security measures, XDR software steps in as a revolutionary solution. A software that empowers CISOs to proactively navigate the evolving threat landscape. Understanding the Challenge CISOs face a daunting task. Cybercriminals are becoming more sophisticated,…
DreamBus Malware Exploits Unpatched RocketMQ Servers
Threat actors exploit a known remote code vulnerability in RocketMQ servers to infect devices with DreamBus malware. CVE-2023-33246 was discovered in May 2023 and received a 9.8 score, which labels it as critical. It is a permission verification issue that…
Mom’s Meals Warns of Major Data Breach Affecting Over 1.2 Million Individuals
Mom’s Meals, a medical meal delivery service operated by PurFoods in the U.S., has alerted its users about a significant ransomware attack. The breach has compromised the personal information of approximately 1.2 million customers, employees, and independent contractors. The initial…
Nordic Users Targeted by National Danish Police Phishing Attack
A new type of cyber-attack is currently spreading like wildfire in the Nordics, targeting email addresses indiscriminate of user profiles (i.e., small office/home user, home user, mobile user, power user, and large business user). Earmarked the National Danish Police phishing…
How to Manage XDR Alerts with Heimdal
Heimdal XDR offers you full visibility into network traffic, user behavior, and endpoint activity. It makes investigating threats much easier, showing you how threats happened and when they occurred. This means you can quickly figure out why each alert was…
How to Implement an XDR Software?
Traditional security solutions are no longer enough to protect your business from sophisticated attacks. As a cybersecurity professional, you have probably heard of XDR (Extended Detection and Response), a strategy that is gaining popularity due to the numerous benefits it…
Global Privacy Agencies Urge Social Media to Protect User Data from Scraping
In a statement published online, 12 data protection and privacy authorities from around the world urge social media platforms to strengthen their defenses against data scrapers. The UK, Australia, Canada, Hong Kong/China, Switzerland, Norway, New Zealand, Columbia, Morocco, Argentina, and…
French Unemployment Agency Announces a Data Breach
Pole emploi, the government’s unemployment registration and financial assistance office in France, announced a data breach. The incident affected 10 million French citizens whose data were exposed. Details About the Pole Emploi Data Breach The agency disclosed a security event…
The 12 Best Endpoint Security Software Solutions and Tools [2023]
Choosing the right endpoint security software can feel overwhelming, especially in a market valued at 13.4 billion U.S. dollars in 2023 and expected to grow to 29 billion U.S. dollars by 2027 (Statista). Organizations worldwide turn to endpoint security solutions…
How to Choose the Best XDR Solution for Your Organization?
The fact that malicious software gets smarter and more sophisticated every day that goes by is no news to any IT professional. Add the fact that the attack surface continues to expand as our lives get highly connected to the…
What Is a Host Intrusion Detection System (HIDS) and How It Works
HIDS stands for host-based intrusion detection system and is an application that monitors a computer or network for suspicious activities. The monitored activities can include external actors` intrusions and also internal misuse of resources or data. A host intrusion detection…
How Does XDR Software Help Security Teams
XDR software collects and processes data from various security layers, networks, and endpoints in an organization`s IT environment. It is a fast and accurate tool that helps security teams detect and respond faster to cyber threats wherever they might be…
XDR Security for MSSPs
Given the complexity of today’s digital environment, organizations, especially Small and Medium-sized Enterprises (SMEs), are learning that maintaining a robust security posture is a top priority and are turning to Managed Security Service Providers (MSSPs) to help them secure their…
Thousands of Openfire Servers at Risk from Critical CVE
Over 3,000 Openfire servers have yet to be updated against a critical security vulnerability. Tracked as CVE-2023-32315, the flaw has been actively exploited for more than two months, putting unpatched servers at significant risk. Upon a Closer Look Openfire, a…
University of Minnesota Reports Massive Data Breach
The University of Minnesota is currently conducting an investigation into a substantial data breach that could potentially impact a large number of alumni and members of the university community. Millions Potentially Exposed The breach was brought to light last month…
Ransomware Vs. Malware: What’s The Difference?
Cyber-attacks can come in many forms. In the world of cybersecurity, the terms “ransomware” and “malware” are often used interchangeably, leading to confusion about their distinct characteristics and implications. While both ransomware and malware fall under the broader category of…
Into the Heimdalverse
Hey there, fellow digital explorers! Welcome to a journey that promises to take your cybersecurity understanding to a whole new dimension. As the Stellar Strategist of Product Prowess (Head of Product Marketing) at Heimdal, I’m excited to guide you through…
Danish Cloud Hosting Companies Ravaged by Ransomware Attacks
CloudNordic and AzeroCloud, Danish hosting firms specializing in cloud services, have been hit hard by ransomware attacks, causing widespread data loss and operational disruptions. The companies are steadfast in their decision not to pay the ransom demanded by the hackers.…
New HiatusRAT Malware Campaign Targets U.S. Defense Department`s Server
Threat actors launched a reconnaissance attack against a server belonging to the U.S. Department of Defense, as part of HiatusRAT Malware Campaign. The adversaries also targeted Taiwan-based organizations, such as several companies and a municipal government institution. HiatusRAT was first…
An Essential Guide to XDR Software
In this comprehensive guide, we look into the topic of XDR (Extended Detection and Response) software, shedding light on its significance from various perspectives. Whether you’re seeking to strengthen your personal cybersecurity or your organization’s digital defenses, by the end…
Exploring the Top ManageEngine Competitors & Alternatives in 2023
ManageEngine has long been a prominent player in the IT management software landscape. However, several viable ManageEngine competitors and alternatives have emerged, each with unique features and capabilities that cater to different organizational needs. In this article, a roundup of the…
New Ivanti Zero-Day Vulnerability Allows Hackers to Access Sensitive APIs
Researchers observed a critical Ivanti Sentry API authentication bypass vulnerability exploited in the wild. The flaw was dubbed CVE-2023-38035 and it enables authentication bypass on Ivanti Sentry versions 9.18 and prior, due to improper Apache HTTPD configuration. According to the…
Threat Actors Leak 2.6 Million DuoLingo Users` Data on Hacking Forum
Malicious actors exposed 2.6 million DuoLingo users` data on the dark web. The announcement posted on August 22nd made the data available for a cost of only $2.13. The scraped DuoLingo data was previously for sale on another dark forum,…
Vulnerabilities in TP-Link IoT Devices Can Get You Hacked
Four new vulnerabilities have been discovered in the TP-Link Tapo L530E smart bulb and TP-Link’s Tapo app. Researchers from Universita di Catania and the University of London say that hackers could exploit these flaws to steal WiFi passwords. TP-Link Tapo…
Ten Ways an XDR Service Can Empower IT Managers
In today’s rapidly evolving digital landscape, cyber threats have become more sophisticated and pervasive than ever before. As businesses increasingly rely on technology, the role of IT managers has expanded to encompass not only network maintenance and system optimization but…
Cuba Ransomware Exploits Veeam Flaw, Targets U.S. and Latin American Entities
The Cuba ransomware gang has been seen launching attacks on critical infrastructure organizations in the U.S. and IT firms in Latin America, employing a mix of older and newer hacking tools. The latest campaign, identified by BlackBerry’s Threat Research and…
Introducing Heimdal XDR: A Game-Changer Disrupting the Market with the Widest Range of Next-Generation Solutions
Heimdal® has announced its entry into the Extended Detection and Response (XDR) market with a disruptive SaaS platform. The company offers the widest XDR suite in the industry, featuring 10-in-1 award-winning solutions, all in one unified, easy-to-use console. Discover Extended Detection…
WinRAR Vulnerability Allows Remote Code Execution
A vulnerability in WinRAR, the widely used file compression and archiving software for Windows, could allow remote attackers to execute arbitrary code on a user’s computer by exploiting a flaw in the processing of recovery volumes. The vulnerability, identified as…
What Is Network Access Control (NAC)?
Network Access Control (NAC) is a cybersecurity technology that regulates access to network resources based on predefined policies and regulations. By identifying, verifying, and assessing the compliance of devices and users trying to connect to a network, NAC helps guarantee…
BlackCat Sphynx: The Ransomware Operation Evolves Once Again
Researchers at Microsoft discovered a new version of the BlackCat ransomware. Dubbed ‘Sphynx’, this version embeds the Impacket networking framework and the Remcom hacking tool, both enabling spreading laterally across a breached network. Back in April, the cybersecurity researcher VX-Underground…
What Is Next-Generation Antivirus (NGAV) and How Does It Work?
As the cybercrime landscape evolves, you may wonder if the old Antivirus solution that you have installed on your organization’s endpoints still does the job. Traditional antivirus software initially offered sufficient defense against the majority of viruses before they evolved…
Short Staffed in Cybersecurity? It’s Time for MXDR!
In today’s rapidly evolving digital landscape, cybersecurity has become a paramount concern for businesses and individuals alike. The increasing frequency and sophistication of cyberattacks have left organizations struggling to keep up with the relentless threats. Enter the webinar titled “Short…
Ongoing Phishing Campaign Targets Zimbra Collaborations Email Servers Worldwide
Zimbra Collaboration email servers worldwide are being targeted by threat actors. Recently, cybersecurity researchers have uncovered an ongoing phishing campaign, that has been underway since at least April 2023. Threat actors are sending phishing emails to organizations worldwide, with no…
Cyber Alert: Global Campaign Targets LinkedIn Accounts
In a sweeping global campaign, LinkedIn users are falling victim to a surge of account hijacks, leaving many locked out or held at ransom by threat actors. Rampant Account Hijacking and Extortion LinkedIn, the professional networking platform, is facing a…
Raccoon Stealer 2.3.0 Malware – A Stealthier Comeback
In a notable comeback, the creators of the notorious Raccoon Stealer information-stealing malware have reemerged after a six-month hiatus. This resurgence brings forth an upgraded version tailored to cater to the evolving needs of cybercriminals. Brief Overview Raccoon Stealer has maintained…
Double Extortion Ransomware: The New Normal
With more and more businesses learning how to avoid paying huge amounts of money to ransomware actors by maintaining up-to-date backups and having disaster recovery plans in place, the number of victims forced to pay ransom started to decrease. Even…
Talking Heimdal XDR with Nabil Nistar, Head of Product Marketing
As the new face of Heimdal, I wanted to chat about the ‘product’ with our experts and find out why customers love us. So, I sat down with Nabil Nistar, our Head of Product Marketing, and talked about Heimdal Extended…
Fake Tripadvisor Emails to Distribute Knight Ransomware
An ongoing spam campaign spreads Knight ransomware among users. The fake emails imitate Tripadvisor complaint messages. Knight ransomware is the revamp of the Cyclop Ransomware-as-a-Service, starting with July 2023. The Knight Ransomware Spam Campaign A researcher at Sophos detected this…
What Is Privileged Access Management (PAM)?
To understand what privileged access management is, we need to first understand what privileged access refers to. This article will cover many aspects of PAM, including definition, importance, functionality, statistics, best practices, and why our solution is the best for…
Understanding Risk-Based Authentication (RBA)
Risk-Based Authentication (also known as RBA, context-based authentication, or adaptive authentication) is a security mechanism that looks at the profile (IP address, device, behavior, time of access, history, and so on) of the agent asking for access to the system…
What Is Patch Management as a Service (PMaaS) & What Can It Do For You?
What to do if you don’t have the time, workforce, or knowledge to deal with Patch Management? We’ve got the solution for you. More and more vulnerability management vendors have begun to offer services that do all the heavy lifting.…
The 9 Best XDR Software Solutions and Tools in 2023 [Features, Pricing & Reviews]
Imagine having a superhero shield for your computers, network, users, and clouds. That’s what an XDR software solution does – it keeps a watchful eye on everything, non-stop! XDR solutions bring different security tools into one place, making it easier…
Top Exploit Databases to Use in Bolstering Cybersecurity Posture
Exploit databases are relevant intelligence sources for security specialists that need to keep an eye on the latest exploits and vulnerabilities. They also offer a long-time perspective over the past years’ threat landscape. An improper patch management policy still leads…
Ransomware Prevention Checklist: Safeguarding Your Digital Assets
In an increasingly interconnected digital landscape, the threat of ransomware has emerged as a formidable adversary, targeting organizations of all sizes and industries. Ransomware attacks can wreak havoc on businesses, leading to data breaches, financial losses, and operational disruptions. As…
Rhysida Ransomware: The Rise of a New Threat for Healthcare Organizations
The ransomware operation known as Rhysida has rapidly gained notoriety, especially following a series of attacks on healthcare organizations. This surge has led to heightened vigilance from government agencies and cybersecurity firms, prompting them to closely monitor Rhysida’s activities. Growing…
The Aftermath: Dallas Ransomware Attack- 26K Residents Affected
In a recent development, it has come to light that an APT group managed to infiltrate the city of Dallas’ digital infrastructure, gaining unauthorized access to sensitive personal data belonging to a minimum of 26,212 residents of Texas. The data…
UK Electoral Commission Data Breach Exposes Information of 40 Million Voters
The UK Electoral Commission revealed a cyberattack that exposed the personal data of all registered voters between 2014 and 2022. The attack took place in August 2021, but the Commission only discovered the breach in October 2022. Threat actors had…
Enhancing Cybersecurity with Remote Browser Isolation (RBI)
In an age where the internet is vital for business, cyberattacks, malware, and phishing attempts have evolved to exploit vulnerabilities within web browsers, making them a prime target for malicious actors. In response to this growing menace, cybersecurity experts have…
Downfall Vulnerability Exposes Intel CPUs to Data and Encryption Keys Stealing
Downfall vulnerability impacts various Intel microprocessors and enables encryption keys, passwords, and other sensitive data exfiltration. The flaw was dubbed CVE-2022-40982 and was reported to Intel by security researcher Daniel Moghimi. The researcher provided a proof-of-concept that leverages the Gather…
The FBI Is Investigating a Ransomware Attack that Disrupted Hospital Operations in 4 States
A large healthcare network operating across multiple states recently experienced widespread network disruptions due to a cyberattack, confirmed by the FBI to be a ransomware incident. Prospect Medical Holdings, which oversees 16 hospitals spanning California, Connecticut, Pennsylvania, and Rhode Island,…
New Deep Learning Model Decodes Keyboard Sounds with 95% Accuracy
A team of researchers has introduced an innovative approach referred to as a “deep learning-based acoustic side-channel attack,” designed to accurately classify laptop keystrokes recorded using a nearby smartphone, achieving an impressive 95% accuracy rate. In a recent study published…
Isolated Systems at Risk: How Threat Actors Can Still Infect Your Systems With Malware
You might think that an air-gapped network will keep you safer from attackers, and you are right. It’s pretty obvious that isolating a computer or network and preventing it from establishing an external connection will leave threat actors with fewer…
Patch Tuesday August 2023 – Microsoft Releases 12 Security Patches for Chromium-based Edge Browser
Heimdal® returns with yet another update from the patching and vulnerability management front. So far, Microsoft has slated for release 12 security and non-security improvements, touching upon the Edge browser. Without further ado, here’s what Patch Tuesday August has in…
White House Announces New Actions to Strengthen K-12 Schools’ Cybersecurity
On Monday, the White House unveiled a series of new initiatives and federal resources designed to address cybersecurity concerns in the nation’s K-12 education system. This comes as a response to the increasing wave of cyberattacks that have targeted schools…
What Is a One-Time Password (OTP)?
With cyber threats evolving at an alarming pace, traditional passwords fall short when it comes to protecting our digital data. In the search for a more powerful defense against unauthorized access, an innovative approach has emerged: One-Time Passwords (OTPs), dynamic…
Microsoft Teams Users Targeted by Russian Threat Group
Microsoft believes that Microsoft Teams chats were used into coaxing users to share their credentials with threat actors. The available evidence leads to a Russian government-linked hacking group known as Midnight Blizzard being responsible, after taking aim at dozens of…
Patch Against Exploit Kits. Understanding How Threat Actors Target Your Defenses
Exploit kits (Eks) are collections of exploits – pieces of code or sequences of commands – created to leverage vulnerabilities in software and attack a system. Their goal is to deploy malware onto the victim`s system. These toolkits are usually…
8 Best CrowdStrike Competitors & Alternatives in 2023 [Features, Pricing & Reviews]
CrowdStrike is pretty reliable when it comes to protecting you from attacks. But the thing is, it can be quite challenging to use and almost impossible to tweak to your specific needs. At the same time, the cybersecurity market is…
Locking Out Cybercriminals: Here’s How to Prevent Ransomware Attacks
As cyberattacks become more sophisticated and widespread, ransomware attacks have become one of the most common and costly threats facing companies today. In recent years, ransomware attacks have grown increasingly frequent, causing significant damage to businesses and organizations of all…
Managed Security Service Providers (MSSPs) on the Rise. A Vendor’s View on Current Landscape & Future Trends
We are seeing a landslide in the cybersecurity market, with more and more Managed Security Service Providers (MSSPs) working as intermediaries between cybersecurity vendors and businesses in need of beefing up their security. The global managed security services market was…
Eyes on IDOR Vulnerabilities! US and Australia Release Joint Advisory
Cybersecurity agencies in Australia and the U.S. issued an advisory that warns about security flaws in web applications that could result in large-scale data breaches. The advisory refers to a certain sort of vulnerability called Insecure Direct Object Reference (IDOR).…
Staff at NHS Lanarkshire Exposed Patient`s Data on Unauthorized WhatsApp Group
The Information Commissioner’s Office (ICO) revealed that 26 staff members of NHS Lanarkshire shared patients` information on a WhatsApp group. The group didn`t have the organization`s approval for processing data about the NHS patients. The team got access to the…
Hot Topic Announces Potential Data Breach Due to Stolen Account Credentials
The American clothing company Hot Topic announced they identified suspicious login activity on a series of Reword accounts. Hot Topic warns that a data breach might have compromised users` sensitive information. The retail chain has 675 stores across the U.S.…
New SEC Regulations: US Businesses Must Report Cyberattacks within 4 Days
The U.S. Securities and Exchange Commission (SEC) has approved new rules requiring publicly traded companies to disclose cyberattack details within four days of identifying a “material” impact on their finances, signaling a significant change in breach disclosure practices. SEC Chair…
Canon Advises Users to Reset Wi-Fi Settings When Discarding Inkjet Printers
Canon is cautioning users of home, office, and large format inkjet printers that their devices’ Wi-Fi connection settings are not properly wiped during initialization, posing a security and privacy risk. This flaw could potentially allow unauthorized individuals, such as repair…
8 Best CrowdStrike Competitors [2023]
Due to the constantly changing nature of cyber threats, businesses must implement strong security solutions. Here is where CrowdStrike competitors come into play, providing cutting-edge cybersecurity services and solutions. There is a cybersecurity solution designed to match your specific requirements,…
Fake Android App Used to Exfiltrate Signal and WhatsApp User Data
A fake Android app called ‘SafeChat’ is used by malicious actors to infect devices with spyware malware that allows them to steal call logs, text messages, and GPS locations from phones. The spyware appears to be a variant of “Coverlm,”…
What Is an Exploit? Definition, Types, and Prevention Measures
An exploit is a piece of software or code created to take advantage of a vulnerability. It is not malicious in essence, it is rather a method to prey on a software or hardware security flaw. Threat actors use exploits…
BAZAN Group, Israel’s Largest Oil Refinery, Had Its Website Hit by a DDoS Attack
The BAZAN Group’s website is inaccessible since this weekend due to a DDoS attack. The Iranian hacktivist group, “Cyber Avengers” (“CyberAv3ngers”) claims to have breached the Group’s security systems and managed to exfiltrate data. Israel’s largest oil refinery operator is…
Locky Ransomware 101: Everything You Need to Know
In the fast-evolving landscape of cybersecurity threats, ransomware has consistently remained a top concern for individuals and organizations. Among the myriad ransomware strains, the notorious Locky Ransomware has struck fear into the hearts of victims. Initially appearing in 2016, Locky…
What Is an Exploit? Definition, Types and Prevention Measures
An exploit is a piece of software or code created to take advantage of a vulnerability. It is not malicious in essence, it is rather a method to prey on a software or hardware security flaw. Threat actors use exploits…
How to Prioritize Vulnerabilities Effectively: Vulnerability Prioritization Explained
What Is Vulnerability Prioritization? Vulnerability prioritization is the process of identifying and ranking vulnerabilities based on the potential impact on the business, ease of exploitability, and other contextual factors. It represents one of the key steps in the vulnerability management…
DNS Protection: A Must-Have Defense Against Cyber Attacks
Picture this scenario: you’re browsing the internet, going about your business, when suddenly a malicious website pops up out of nowhere. Your heart races as you realize that your sensitive data and personal information may be at risk. You scramble…
What is Managed Detection and Response (MDR)? Benefits & Capabilities
The term Managed Detection and Response (MDR) refers to an outsourced cybersecurity service that employs advanced technologies and human expertise. It can carry out threat hunting, monitoring, and response at the host, endpoint, and network levels. The vendor usually offers…
40,000 HRM Enterprises Clients Had Their Credit Card Information Stolen Following Cyberattack
HRM Enterprises, Inc., the owner of the US’s largest independent hardware store, was recently the victim of a cyberattack where the credit card information of more than 40,000 clients was stolen. Based in Hartville, Ohio, HRM Enterprises, Inc. is a…
What Is Secure Remote Access?
Secure remote access is an effective approach to cybersecurity that combines multiple technologies, such as encryption, multifactor authentication (MFA), VPNs, and endpoint protection, among others, to safeguard an organization’s network, mission-critical systems, or sensitive data from unauthorized access. Its strength…
Dark Power Ransomware Abusing Vulnerable Dynamic-Link Libraries in Resolved API Flow
In a previously-published material, Heimdal® has analyzed the emergent Dark Power malware – a ransomware strain written in the NIM programming and capable leveraging advanced encryption techniques such as CTR for a better stranglehold on the victim’s device and, implicitly,…
U.S. Government Contractor Maximus Hit by Massive Data Breach
U.S. government service contracting giant Maximus has disclosed a data breach warning that threat actors stole the personal data (including Social Security numbers and protected health information) of 8 to 11 million people by exploiting a vulnerability in MOVEit Transfer.…
The Road to Redemption: Ransomware Recovery Strategies for Businesses
Ransomware attacks have become one of the most significant cybersecurity threats facing businesses and organizations today. These malicious attacks encrypt valuable data, rendering it inaccessible to users until a ransom is paid to the attackers. Despite investing in robust cybersecurity…
Cyberattack Investigation Shuts Down Ambulance Patient Records System
A cyber attack on health software company Ortivus has led to the shutdown of the ambulance patient records system, affecting several UK NHS ambulance organizations. The attack occurred on July 18 and impacted UK customer systems within Ortivus’s hosted data…
Terrestrial Trunked Radio System Vulnerable to Leakage and Message Injection
Dutch researchers revealed 5 vulnerabilities in the Terrestrial Trunked Radio (TETRA) that could expose government organizations and critical infrastructure communication to third parties. Two of the collectively called TETRA:BURST flaws, CVE-2022-22401 and CVE-2022-22402, were rated critical. TETRA is used for…
Norwegian Government`s System Breached over Ivanti EPMM Zero-Day
The Norwegian National Security Authority (NSM) revealed that threat actors exploited the CVE-2023-35078 zero-day vulnerability in Ivanti’s Endpoint Manager Mobile (EPMM) to target the Norwegian Government. According to the Norwegian authorities, the attack did not impact the Prime Minister’s Office,…
Yamaha Confirms Cyber Attack on Its Canadian Division
Yamaha’s Canadian music division has confirmed that it fell victim to a recent cyberattack, as two separate ransomware groups claimed responsibility for targeting the company. Yamaha Corporation, a renowned Japanese manufacturer of musical instruments and audio equipment, experienced unauthorized access…
New Vulnerability Puts 926,000 MikroTik Routers at Risk! Users Urged to Patch
Researchers found a critical ‘Super Admin’ privilege elevation vulnerability that impacts MikroTik devices. Over 900,000 RouterOS routers are at risk and security specialists advise users to apply available patches immediately. CVE-2023-30799 enables remote and authenticated threat actors to escalate privileges…
Lazarus APT Group Targets Windows IIS Web Servers to Distribute Malware
Recently, cybersecurity specialists made a concerning discovery regarding the North Korean state-sponsored Lazarus APT group. The ASEC team found that the group is actively targeting Windows Internet Information Service (IIS) web servers as a means to distribute malware. Lazarus employs…
Open Source Software Supply Chain Attacks Spotted Targeting the Banking Sector
Analysts from Checkmarx uncovered a number of attacks on the banking industry’s open-source software supply chain in the first half of 2023. According to the experts, these attacks targeted specific components of web assets used by banks and employed sophisticated…