Read the original article: Unified Endpoint Management Explained: (Why) Does Your Company Need One? Gone are the days when a lone system administrator would perch upon the ledge of your desk to help you with menial tasks such as connecting…
Category: Heimdal Security Blog
Emotet Malware Over the Years: The History of an Active Cyber-Threat
Read the original article: Emotet Malware Over the Years: The History of an Active Cyber-Threat Malware strains come and go while Internet users become more and more accustomed to online threats being dealt with swiftly by the competent authorities. But…
What is (an) Intrusion Prevention System?
Read the original article: What is (an) Intrusion Prevention System? Intrusion Prevention System may very well be the next milestone in proactive network security. The reasoning behind the statement is not hard to grasp – a June 2020 study, focused…
What is Vulnerability Management?
Read the original article: What is Vulnerability Management? Some people still believe their IT infrastructure is unflawed simply because they’ve never experienced a cybersecurity incident – until something goes wrong and the company becomes the victim of a malware attack…
What Is Riskware? Cybersecurity Threats You Must Be Aware Of
Read the original article: What Is Riskware? Cybersecurity Threats You Must Be Aware Of Whether we use it mostly at home or at work, the Internet is not always a safe place – clearly. As cybersecurity professionals, we know –…
Patch Tuesday (August 2020): Microsoft patches 120 vulnerabilities. Two zero-days have been discovered
Read the original article: Patch Tuesday (August 2020): Microsoft patches 120 vulnerabilities. Two zero-days have been discovered Microsoft’s August 2020 Patch Tuesday security updates are now out. This month, the company has released patches for 120 vulnerabilities. Among them, there…
Netwalker Ransomware Explained: What You Need to Know
Read the original article: Netwalker Ransomware Explained: What You Need to Know Even though ransomware has been around since 1996, it is as present of a threat today as it was two decades ago. The most chilling part is that…
Web Application Security – A Complete Guide
Read the original article: Web Application Security – A Complete Guide OCD or just very fond of structure, I must confess that I like pretty much everything around me to be in (a specific) order. Due to this habit, I…
Privileged Account Management 101: How Can Privileged Accounts Compromise Your Security
Read the original article: Privileged Account Management 101: How Can Privileged Accounts Compromise Your Security When it comes to privileged account management (PAM), you might want to know: – what is a privileged account? – does it have any connection…
Secure DNS and DNSSEC – Threat Intelligence in a Drifting E-Threat Landscape
Read the original article: Secure DNS and DNSSEC – Threat Intelligence in a Drifting E-Threat Landscape The modern e-threat landscape (threatscape) has, once again, changed. We are no longer besieged by new (and dangerous) malicious strains, but by truisms. The…
DNS Security 101: The Essentials You Need to Know to Keep Your Organization Safe
Read the original article: DNS Security 101: The Essentials You Need to Know to Keep Your Organization Safe DNS Security alludes to the protection measures that involve the DNS protocol. As you may already know, the DNS (Domain Name System)…
Cloud Computing Threats: Beyond Vulnerabilities
Read the original article: Cloud Computing Threats: Beyond Vulnerabilities When you hear the term cloud computing, know that it has little to do with the famous cloud number 9 some sing about – it is a key concept in the…
Intune vs. WSUS – Costs, Benefits, Ease of Use, and Deployment
Read the original article: Intune vs. WSUS – Costs, Benefits, Ease of Use, and Deployment Patching has certainly gained a lot of momentum ever since research has proven that ‘unattended’ apps and software can quickly lead to a data leak.…
What is Privileged Access Management (PAM)?
Read the original article: What is Privileged Access Management (PAM)? Privileged Access Management ensures business safety through privileged accounts monitoring, preventing external and internal threats that result from the improper use of admin rights. It is based upon the Principle…
What is Privileged Access Management (PAM)?
Read the original article: What is Privileged Access Management (PAM)? Privileged Access Management ensures business safety through privileged accounts monitoring, preventing external and internal threats that result from the improper use of admin rights. It is based upon the Principle…
Best IoT Security Management for your Business
Read the original article: Best IoT Security Management for your Business We might feel that technology plays a big part in our lives, always with our eyes on our phones or turning on the TV immediately after we got home…
Patch Tuesday (July 2020): Microsoft Fixes a 17-Year-Old Flaw Found in Windows DNS Servers
Read the original article: Patch Tuesday (July 2020): Microsoft Fixes a 17-Year-Old Flaw Found in Windows DNS Servers The recurring monthly security updates from Microsoft are now out. In the July 2020 Patch Tuesday, the Redmond giant released updates to…
Patch Tuesday (July 2020): Microsoft Fixes a 17-Year-Old Flaw Found in Windows DNS Servers
Read the original article: Patch Tuesday (July 2020): Microsoft Fixes a 17-Year-Old Flaw Found in Windows DNS Servers The recurring monthly security updates from Microsoft are now out. In the July 2020 Patch Tuesday, the Redmond giant released updates to…
What Is a Man-in-the-Middle Attack? How It Works and How to Stay Safe from It
Read the original article: What Is a Man-in-the-Middle Attack? How It Works and How to Stay Safe from It While the nature of cyberattacks is constantly changing, and our lives become more and more influenced – if not affected –…
Secure Video Conferencing 101 (For Business): Tools, Precautions and More
Read the original article: Secure Video Conferencing 101 (For Business): Tools, Precautions and More If a company aims to be modern, innovative and, ultimately, effective, if some of its goals are growth and even globalization, using the progress of technology…
Secure Video Conferencing 101 (For Business): Tools, Precautions and More
Read the original article: Secure Video Conferencing 101 (For Business): Tools, Precautions and More If a company aims to be modern, innovative and, ultimately, effective, if some of its goals are growth and even globalization, using the progress of technology…
5 Vulnerability Management Tools to Help Your Company Seek and Fix Security Gaps
Read the original article: 5 Vulnerability Management Tools to Help Your Company Seek and Fix Security Gaps I remember reading once that, in this world, you can’t be certain of anything, except, of course, death and taxes. We should also…
What is Patch Management?
Read the original article: What is Patch Management? You can’t control the emergence of cyber threats. But you can have complete control over your organization’s vulnerabilities and efficiently manage them. Bad patch management has been one of the reasons behind…
What is DNS Poisoning and How to Protect Your Enterprise Against it
Read the original article: What is DNS Poisoning and How to Protect Your Enterprise Against it Modern enterprise cybersecurity has evolved – that’s a true statement. If we were to travel back in time – say, 10 or 20 years…
All You Need to Know About DNS Spoofing to Keep Your Organization Safe
Read the original article: All You Need to Know About DNS Spoofing to Keep Your Organization Safe The DNS in and of itself has never been secure. Being created in the ‘1980s when the Internet was a complete novelty, security…
What is DNS Poisoning and to Protect Your Enterprise Against it
Read the original article: What is DNS Poisoning and to Protect Your Enterprise Against it Modern enterprise cybersecurity has evolved – that’s a true statement. If we were to travel back in time – say, 10 or 20 years –…
How Does A Brute Force Attack Work and How to Keep Your Organization Safe
Read the original article: How Does A Brute Force Attack Work and How to Keep Your Organization Safe TheCybersecurity has become a vital cog in any company, regardless of profile. Business-owners learned that malicious attacks and hackers are not be…
Patch Tuesday: Microsoft Has Issued Fixes for 129 Vulnerabilities
Read the original article: Patch Tuesday: Microsoft Has Issued Fixes for 129 Vulnerabilities Microsoft has released its monthly security updates, with 129 patched vulnerabilities. Thus, June 2020 has become the fourth month in a row when the tech giant issued…
Patch Tuesday: Microsoft Has Issued Fixes for 129 Vulnerabilities
Read the original article: Patch Tuesday: Microsoft Has Issued Fixes for 129 Vulnerabilities Microsoft has released its monthly security updates, with 129 patched vulnerabilities. Thus, June 2020 has become the fourth month in a row when the tech giant issued…
How Does A Brute Force Attack Work and How to Keep Your Organization Safe
Read the original article: How Does A Brute Force Attack Work and How to Keep Your Organization Safe TheCybersecurity has become a vital cog in any company, regardless of profile. Business-owners learned that malicious attacks and hackers are not be…
Ten Open-Source EDR Tools to Enhance Your Cyber-Resilience Factor
Read the original article: Ten Open-Source EDR Tools to Enhance Your Cyber-Resilience Factor Today’s e-threats have evolved. We, the digital denizens of the Internet, are faced with such intricately-crafted malware, that makes us ponder whether ‘tis better to abandon all…
Ten Open-Source EDR Tools to Enhance Your Cyber-Resilience Factor
Read the original article: Ten Open-Source EDR Tools to Enhance Your Cyber-Resilience Factor Today’s e-threats have evolved. We, the digital denizens of the Internet, are faced with such intricately-crafted malware, that makes us ponder whether ‘tis better to abandon all…
What Is EDR and Why Is It Important?
Read the original article: What Is EDR and Why Is It Important? Oftentimes, your organization’s endpoints can become key entry points for cyber attackers. With the evolution of workplace mobility and employees connecting to the Internet from their off-site endpoints…
What Is EDR and Why Is It Important?
Read the original article: What Is EDR and Why Is It Important? Oftentimes, your organization’s endpoints can become key entry points for cyber attackers. With the evolution of workplace mobility and employees connecting to the Internet from their off-site endpoints…
Patch Tuesday: Microsoft Fixes 111 Vulnerabilities. Some Allow Remote Code Execution and Admin Rights Abuse
Read the original article: Patch Tuesday: Microsoft Fixes 111 Vulnerabilities. Some Allow Remote Code Execution and Admin Rights Abuse The May 2020 Patch Tuesday security updates have recently been released, with 111 patched vulnerabilities related to 12 different Microsoft products,…
Patch Tuesday: Microsoft Fixes 111 Vulnerabilities. Some Allow Remote Code Execution and Admin Rights Abuse
Read the original article: Patch Tuesday: Microsoft Fixes 111 Vulnerabilities. Some Allow Remote Code Execution and Admin Rights Abuse The May 2020 Patch Tuesday security updates have recently been released, with 111 patched vulnerabilities related to 12 different Microsoft products,…
Patch Tuesday: Microsoft Fixes 111 Vulnerabilities. Some Allow Remote Code Execution and Abuse Admin Rights
Read the original article: Patch Tuesday: Microsoft Fixes 111 Vulnerabilities. Some Allow Remote Code Execution and Abuse Admin Rights The May 2020 Patch Tuesday security updates have recently been released, with 111 patched vulnerabilities related to 12 different Microsoft products,…
Back to Work After Lockdown: Cyber Risks of the Post-Pandemic Era
Read the original article: Back to Work After Lockdown: Cyber Risks of the Post-Pandemic Era In the wake of China lifting some of its lockdown restrictions in the Wuhan province, most of the world is looking forward to getting back…
What Are the Main Vectors of Attack in Cybersecurity and How Do They Work?
Read the original article: What Are the Main Vectors of Attack in Cybersecurity and How Do They Work? Today’s dangerous cyber landscape demands all businesses to position themselves ahead of cybercriminals in order to maintain their safety. This always starts…
Oil Industry Targeted by Elaborate Spearphishing Attacks Amid Fuel Crisis
Read the original article: Oil Industry Targeted by Elaborate Spearphishing Attacks Amid Fuel Crisis With the cost of fuel hitting a new historic low, experts fear that this may be the beginning of a crisis unlike the world has ever…
Oil Industry Targeted by Elaborate Spearphishing Attacks Amid Fuel Crisis
Read the original article: Oil Industry Targeted by Elaborate Spearphishing Attacks Amid Fuel Crisis With the cost of fuel hitting a new historic low, experts fear that this may be the beginning of a crisis unlike the world has ever…
Ensuring Data Security with Business Process Outsourcing Companies
Read the original article: Ensuring Data Security with Business Process Outsourcing Companies The business processing outsourcing industry is known for generating savings and top-quality services for their clients. Enterprises in the West started the trend and has since relied on…
Why a Reliable Firewall is Essential to Enterprise Security?
It’s no doubt in my mind that the threatscape has changed – new malicious strains rising to wreak havoc, traditional (and outdated) countermeasures failing, ML and AI stepping up to the plate to create actionable mediation (and remediation) strategies. In…
SECURITY ALERT: Twitter Data Cache on Firefox May Have Left Your Personal Data Visible on Shared Computers
Twitter recently revealed a data privacy issue caused by the way in which Mozilla Firefox cached data, meaning that the personal information of Twitter users may have been stored in Firefox’s cache. More specifically, private files shared via direct messages…
SECURITY ALERT: Zoom Under Scrutiny in Wake of UNC Patch Injection Issue Disclosure
Amid the coronavirus outbreak, Zoom Video Communication, the California-based video remote conferencing company that has become the backbone of the entire work-from-home effort, struggles to contain what can easily turn into a massive data leak. Coined the UNC patch injection…
Decision Making Before and During Times of Crisis: A Parallel Between Cybersecurity Incidents and the Current COVID-19 Pandemic
The coronavirus pandemic is not only the first time in history when a biological virus also affects the cybersecurity industry (through phishing attacks and COVID-19-themed malware) but the way the breakout has been handled so far also resembles how certain…
Decision Making Before and During Times of Crisis: A Parallel Between Cybersecurity Incidents and the Current COVID-19 Pandemic
The coronavirus pandemic is not only the first time in history when a biological virus also affects the cybersecurity industry (through phishing attacks and COVID-19-themed malware) but the way the breakout has been handled so far also resembles the way…
SECURITY ALERT: New Netflix Phishing Campaign Detected
A new Netflix phishing campaign was brought to my attention so I decided to share the news with all of you. It’s true that are more pressing matters to be worried about in the times we’re living through. Healthcare systems…
Traffic to Malicious Websites Spiking as more Employees Take Up Work from Home
Heimdal™ Security’s Incident Response and Research team have recently uncovered evidence of what could be a potentially dangerous campaign directed at employees working from home. With many cities under lockdown due to the COVID-19 pandemic, companies were mandated to allow…
Coping with Remote Work during the COVID-19 Pandemic: Tips, Tricks, and Actionable Advice
As the international health authorities struggle to contain the COVID-19 pandemic, more and more companies have begun to embrace the remote work style. It’s not everyone’s cup of tea, that’s for sure – a fact confirmed by not only by…
A Cybersecurity Guide for Small Businesses in Response to COVID-19
The ongoing COVID-19 pandemic has a significant effect on companies of all sizes around the world, with issues related to the supply chain, shutdowns, workforce shortages, and event cancelations. At the same time, this period can be lucrative for cybercriminals,…
Advantages of Distributed Workforce and Data under the COVID-19 Pandemic
As the COVID-19 pandemic engulf Europe, more and more cities have come under lockdown in desperate effort to stem the contagion. On Wednesday, Mette Frederiksen, Denmark’s PM has announced during a press conference that Copenhagen, along with all major city…
Patch Tuesday: Microsoft Releases 115 Security Updates, The Biggest Batch Ever Launched
Microsoft has released security updates that include 115 unique fixes for Windows, Edge, IE, Exchange Server, Office, Azure, Visual Studio, and Dynamics. Out of the 115 bug fixes, 26 are categorized as critical. If your company is running on Microsoft Windows, please take a few minutes to read…
SECURITY ALERT: New LinkedIn OneDrive Phishing Campaign Detected by Heimdal™ Security
Heimdal™ Security’s Incident Investigation and Response Department have recently discovered a new phishing campaign that aims to compromise LinkedIn accounts. The intel gathered so far, suggests that the malicious operation indiscriminately targets business and personal accounts in an attempt to…
SECURITY ALERT: TDC Phishing Campaign Spreads like Wildfire through Legitimate Google Ads
Heimdal™ Security’s Incident Investigation and Response Department have recently unearthed a new type of phishing campaign that randomly targets TDC customers. The forensic analysis performed on malicious samples retrieved from an anonymous client revealed that the perpetrator(s) lured in TDC…
Coronavirus Outbreak Compels More Companies to Endorse Remote Work Requests
As health authorities worldwide struggle to contain the coronavirus outbreak, numerous company owners have decided to implement voluntary work-from-home regimes, effective immediately. Coined the “largest remote work experiment” by Fortune, for all intent and purpose, the aim is to reduce…
Challenges in Software Security for IoT Devices (and How to Tackle Them)
The Internet of Things (IoT) is one of the trends in this phase of digital transformation. It is the core technology influencing self-driving cars, smart homes, and everything sophisticated around us. But what about the security for IoT devices? As…
Challenges in Software Security for IoT Devices (and How to Tackle Them)
The Internet of Things (IoT) is one of the trends in this phase of digital transformation. It is the core technology influencing self-driving cars, smart homes, and everything sophisticated around us. But what about the security for IoT devices? As…
How to Prevent a Botnet Attack from Compromising Your Business
If you’re one of our regular readers, you may have grown accustomed to our article series that address today’s most common cyber threats targeting organizations. In today’s blog post, I’m going to take a look at how a botnet attack…
Cyber Kill Chain (CKK) – APT Interception Methodologies and Advanced Malware Mitigation.
We are witnessing an epistemological shift in malware detection & mitigation methodologies. Spearheaded by Lockheed Martin, this initiative proposes a radically new approach – instead of dealing with a malicious attack in its aftermath & reinforcing the infrastructure after incursion…
Cyber Kill Chain (CKK) – APT Interception Methodologies and Advanced Malware Mitigation.
We are witnessing an epistemological shift in malware detection & mitigation methodologies. Spearheaded by Lockheed Martin, this initiative proposes a radically new approach – instead of dealing with a malicious attack in its aftermath & reinforcing the infrastructure after incursion…
Title: Cyber Kill Chain (CKK) – APT Interception Methodologies and Advanced Malware Mitigation.
We are witnessing an epistemological shift in malware detection & mitigation methodologies. Spearheaded by Lockheed Martin, this initiative proposes a radically new approach – instead of dealing with a malicious attack in its aftermath & reinforcing the infrastructure after incursion…
SECURITY ALERT: Emotet Infected A Large Danish Company
Recently, a large Danish company was hit by Emotet, a highly popular and dangerous type of malware, which is causing extensive and disruptive incidents. Emotet acts as a downloader/dropper, with multiple features, and in many cases, plants a secondary payload…
Emotet Infected A Large Danish Company
Recently, a large Danish company was hit by Emotet, a highly popular and dangerous type of malware, which is causing extensive and disruptive incidents. Emotet acts as a downloader/dropper, with multiple features, and in many cases, plants a secondary payload…
Machine Learning Business Breach (MBB): How Hackers can Use Artificial Intelligence (AI) to Break In
Isaac Asimov, one of the most influential science-fiction writers of all times, envisioned a future populated by sentient and ethically sound machines that have vowed never to let any harm fall upon a human. While we’re still far from hearing…
Heimdal™ Security Discovers Gangs Hiding Behind Multiple Domains to Avoid TTPC Detection
Heimdal™ Security’s cybercrime research unit has recently uncovered a criminal infrastructure that employs multiple domains in order to release malware into the wild. Despite the domains being taken offline, per request, the malicious software distributed through them appears to elude…
SECURITY ALERT: US Users Targeted with Corona Virus Phishing Attacks
A new Corona Virus phishing scheme is taking the Western world by storm. Especially in the United States, but also in the UK and Western Europe or parts of Asia, hackers are using the Corona Virus scare for their own…
Windows 7 End of Support: What Does It Mean for Your Organizations?
As you may already know, Windows 7 has officially hit its end of support. Starting with January 14, Microsoft will no longer be providing updates, security patches or new features to what was once the most popular operating system in…
What is Transport Layer Security (TLS)? Strengths and Vulnerabilities Explained
Every online ‘novitiate’ begins with an exercise in security. By now, you must have stumbled upon alien-like concepts such as “SSL”, “TLS”, “handshake protocol”, “AES”, or “MD5-SHA-1”. To call them perplexing, would be a major understatement – unless you’ve majored…
What Is the Country with Highest Digital Quality of Life?
The Digital Quality of Life, or DQL, study examines the gaps between citizens’ online experiences on a society-to-society basis. In almost every aspect of life, the digital world impacts everyone. From day-to-day commutes to workplace computing, smartphones and computers are…
The Trends in IT Security, As You See It
I wanted to share a few insights with all the CIOs, CISOs, IT managers out there, reading our blog, regarding the main trends in IT security and what we’ve learned from them. Many of you give us a lot of…
SECURITY ALERT: Microsoft Accidentally Exposed 250 Million Customer Support Records
On January 22, 2020, Microsoft reported a security breach that involved one of its customer databases. Between December 5 and December 31, 2019, a change made to the database’s network security group contained misconfigured security rules that allowed the exposure…
Access Governance Strategy and Technology: How to Plan It Well
Over the past couple of years, increasingly more sysadmins have abandoned the more “traditional”, hands-on, approach to access and identity management in favor of IAG or Identity and Access Governance. The switch from hands-on to IAG is more than taking…
SECURITY ALERT: 0-Day Vulnerability in Internet Explorer Is Abused in Targeted Attacks
A new malicious code is wreaking havoc in corporate IT networks by exploiting a 0-day vulnerability in Internet Explorer. Even if this browser is not the default one used by endpoints within your organization, you still have reason to be…
Supply Chain Cyber Security: What Are the Risks?
As organizations and their partners are increasingly becoming interconnected, cyber security risks can endanger all parties involved. And even when your business is protected by sophisticated security tools, you may never be certain your suppliers also have the same methods…
SECURITY ALERT: Microsoft releases critical security updates to fix major vulnerabilities
Microsoft released its regular patches on the second Tuesday of the month, and as always, they included fixes for multiple vulnerabilities. Namely, 49 security bugs have been now fixed, out of which eight are considered to be critical. Rumors started…
SECURITY ALERT: Microsoft releases critical security updates to fix major vulnerabilities
Microsoft released its regular patches on the second Tuesday of the month, and as always, they included fixes for multiple vulnerabilities. Namely, 49 security bugs have been now fixed, out of which eight are considered to be critical. Rumors started…