Category: Heimdal Security Blog

Read the original article: Unified Endpoint Management Explained: (Why) Does Your Company Need One? Gone are the days when a lone system administrator would perch upon the ledge of your desk to help you with menial tasks such as connecting…

Read more →

Read the original article: Emotet Malware Over the Years: The History of an Active Cyber-Threat Malware strains come and go while Internet users become more and more accustomed to online threats being dealt with swiftly by the competent authorities. But…

Read more →

Read the original article: What is (an) Intrusion Prevention System? Intrusion Prevention System may very well be the next milestone in proactive network security. The reasoning behind the statement is not hard to grasp – a June 2020 study, focused…

Read more →

Read the original article: What is Vulnerability Management? Some people still believe their IT infrastructure is unflawed simply because they’ve never experienced a cybersecurity incident – until something goes wrong and the company becomes the victim of a malware attack…

Read more →

Read the original article: What Is Riskware? Cybersecurity Threats You Must Be Aware Of Whether we use it mostly at home or at work, the Internet is not always a safe place – clearly. As cybersecurity professionals, we know –…

Read more →

Read the original article: Patch Tuesday (August 2020): Microsoft patches 120 vulnerabilities. Two zero-days have been discovered Microsoft’s August 2020 Patch Tuesday security updates are now out. This month, the company has released patches for 120 vulnerabilities. Among them, there…

Read more →

Read the original article: Netwalker Ransomware Explained: What You Need to Know Even though ransomware has been around since 1996, it is as present of a threat today as it was two decades ago. The most chilling part is that…

Read more →

Read the original article: Web Application Security – A Complete Guide OCD or just very fond of structure, I must confess that I like pretty much everything around me to be in (a specific) order. Due to this habit, I…

Read more →

Read the original article: Privileged Account Management 101: How Can Privileged Accounts Compromise Your Security When it comes to privileged account management (PAM), you might want to know:  – what is a privileged account?  – does it have any connection…

Read more →

Read the original article: Secure DNS and DNSSEC – Threat Intelligence in a Drifting E-Threat Landscape The modern e-threat landscape (threatscape) has, once again, changed. We are no longer besieged by new (and dangerous) malicious strains, but by truisms. The…

Read more →

Read the original article: DNS Security 101: The Essentials You Need to Know to Keep Your Organization Safe DNS Security alludes to the protection measures that involve the DNS protocol. As you may already know, the DNS (Domain Name System)…

Read more →

Read the original article: Cloud Computing Threats: Beyond Vulnerabilities When you hear the term cloud computing, know that it has little to do with the famous cloud number 9 some sing about – it is a key concept in the…

Read more →

Read the original article: Intune vs. WSUS – Costs, Benefits, Ease of Use, and Deployment Patching has certainly gained a lot of momentum ever since research has proven that ‘unattended’ apps and software can quickly lead to a data leak.…

Read more →

Read the original article: What is Privileged Access Management (PAM)? Privileged Access Management ensures business safety through privileged accounts monitoring, preventing external and internal threats that result from the improper use of admin rights. It is based upon the Principle…

Read more →

Read the original article: What is Privileged Access Management (PAM)? Privileged Access Management ensures business safety through privileged accounts monitoring, preventing external and internal threats that result from the improper use of admin rights. It is based upon the Principle…

Read more →

Read the original article: Best IoT Security Management for your Business We might feel that technology plays a big part in our lives, always with our eyes on our phones or turning on the TV immediately after we got home…

Read more →

Read the original article: Patch Tuesday (July 2020): Microsoft Fixes a 17-Year-Old Flaw Found in Windows DNS Servers The recurring monthly security updates from Microsoft are now out. In the July 2020 Patch Tuesday, the Redmond giant released updates to…

Read more →

Read the original article: Patch Tuesday (July 2020): Microsoft Fixes a 17-Year-Old Flaw Found in Windows DNS Servers The recurring monthly security updates from Microsoft are now out. In the July 2020 Patch Tuesday, the Redmond giant released updates to…

Read more →

Read the original article: What Is a Man-in-the-Middle Attack? How It Works and How to Stay Safe from It While the nature of cyberattacks is constantly changing, and our lives become more and more influenced – if not affected –…

Read more →

Read the original article: Secure Video Conferencing 101 (For Business): Tools, Precautions and More If a company aims to be modern, innovative and, ultimately, effective, if some of its goals are growth and even globalization, using the progress of technology…

Read more →

Read the original article: Secure Video Conferencing 101 (For Business): Tools, Precautions and More If a company aims to be modern, innovative and, ultimately, effective, if some of its goals are growth and even globalization, using the progress of technology…

Read more →

Read the original article: 5 Vulnerability Management Tools to Help Your Company Seek and Fix Security Gaps I remember reading once that, in this world, you can’t be certain of anything, except, of course, death and taxes. We should also…

Read more →

Read the original article: What is Patch Management? You can’t control the emergence of cyber threats. But you can have complete control over your organization’s vulnerabilities and efficiently manage them. Bad patch management has been one of the reasons behind…

Read more →

Read the original article: What is DNS Poisoning and How to Protect Your Enterprise Against it Modern enterprise cybersecurity has evolved – that’s a true statement. If we were to travel back in time – say, 10 or 20 years…

Read more →

Read the original article: All You Need to Know About DNS Spoofing to Keep Your Organization Safe The DNS in and of itself has never been secure. Being created in the ‘1980s when the Internet was a complete novelty, security…

Read more →

Read the original article: What is DNS Poisoning and to Protect Your Enterprise Against it Modern enterprise cybersecurity has evolved – that’s a true statement. If we were to travel back in time – say, 10 or 20 years –…

Read more →

Read the original article: How Does A Brute Force Attack Work and How to Keep Your Organization Safe TheCybersecurity has become a vital cog in any company, regardless of profile. Business-owners learned that malicious attacks and hackers are not be…

Read more →

Read the original article: Patch Tuesday: Microsoft Has Issued Fixes for 129 Vulnerabilities Microsoft has released its monthly security updates, with 129 patched vulnerabilities. Thus, June 2020 has become the fourth month in a row when the tech giant issued…

Read more →

Read the original article: Patch Tuesday: Microsoft Has Issued Fixes for 129 Vulnerabilities Microsoft has released its monthly security updates, with 129 patched vulnerabilities. Thus, June 2020 has become the fourth month in a row when the tech giant issued…

Read more →

Read the original article: How Does A Brute Force Attack Work and How to Keep Your Organization Safe TheCybersecurity has become a vital cog in any company, regardless of profile. Business-owners learned that malicious attacks and hackers are not be…

Read more →

Read the original article: Ten Open-Source EDR Tools to Enhance Your Cyber-Resilience Factor Today’s e-threats have evolved. We, the digital denizens of the Internet, are faced with such intricately-crafted malware, that makes us ponder whether ‘tis better to abandon all…

Read more →

Read the original article: Ten Open-Source EDR Tools to Enhance Your Cyber-Resilience Factor Today’s e-threats have evolved. We, the digital denizens of the Internet, are faced with such intricately-crafted malware, that makes us ponder whether ‘tis better to abandon all…

Read more →

Read the original article: What Is EDR and Why Is It Important? Oftentimes, your organization’s endpoints can become key entry points for cyber attackers. With the evolution of workplace mobility and employees connecting to the Internet from their off-site endpoints…

Read more →

Read the original article: What Is EDR and Why Is It Important? Oftentimes, your organization’s endpoints can become key entry points for cyber attackers. With the evolution of workplace mobility and employees connecting to the Internet from their off-site endpoints…

Read more →

Read the original article: Patch Tuesday: Microsoft Fixes 111 Vulnerabilities. Some Allow Remote Code Execution and Admin Rights Abuse The May 2020 Patch Tuesday security updates have recently been released, with 111 patched vulnerabilities related to 12 different Microsoft products,…

Read more →

Read the original article: Patch Tuesday: Microsoft Fixes 111 Vulnerabilities. Some Allow Remote Code Execution and Admin Rights Abuse The May 2020 Patch Tuesday security updates have recently been released, with 111 patched vulnerabilities related to 12 different Microsoft products,…

Read more →

Read the original article: Patch Tuesday: Microsoft Fixes 111 Vulnerabilities. Some Allow Remote Code Execution and Abuse Admin Rights The May 2020 Patch Tuesday security updates have recently been released, with 111 patched vulnerabilities related to 12 different Microsoft products,…

Read more →

Read the original article: Back to Work After Lockdown: Cyber Risks of the Post-Pandemic Era In the wake of China lifting some of its lockdown restrictions in the Wuhan province, most of the world is looking forward to getting back…

Read more →

Read the original article: What Are the Main Vectors of Attack in Cybersecurity and How Do They Work? Today’s dangerous cyber landscape demands all businesses to position themselves ahead of cybercriminals in order to maintain their safety. This always starts…

Read more →

Read the original article: Oil Industry Targeted by Elaborate Spearphishing Attacks Amid Fuel Crisis With the cost of fuel hitting a new historic low, experts fear that this may be the beginning of a crisis unlike the world has ever…

Read more →

Read the original article: Oil Industry Targeted by Elaborate Spearphishing Attacks Amid Fuel Crisis With the cost of fuel hitting a new historic low, experts fear that this may be the beginning of a crisis unlike the world has ever…

Read more →

Read the original article: Ensuring Data Security with Business Process Outsourcing Companies The business processing outsourcing industry is known for generating savings and top-quality services for their clients. Enterprises in the West started the trend and has since relied on…

Read more →

It’s no doubt in my mind that the threatscape has changed – new malicious strains rising to wreak havoc, traditional (and outdated) countermeasures failing, ML and AI stepping up to the plate to create actionable mediation (and remediation) strategies. In…

Read more →

Twitter recently revealed a data privacy issue caused by the way in which Mozilla Firefox cached data, meaning that the personal information of Twitter users may have been stored in Firefox’s cache. More specifically, private files shared via direct messages…

Read more →

Amid the coronavirus outbreak, Zoom Video Communication, the California-based video remote conferencing company that has become the backbone of the entire work-from-home effort, struggles to contain what can easily turn into a massive data leak. Coined the UNC patch injection…

Read more →

The coronavirus pandemic is not only the first time in history when a biological virus also affects the cybersecurity industry (through phishing attacks and COVID-19-themed malware) but the way the breakout has been handled so far also resembles how certain…

Read more →

The coronavirus pandemic is not only the first time in history when a biological virus also affects the cybersecurity industry (through phishing attacks and COVID-19-themed malware) but the way the breakout has been handled so far also resembles the way…

Read more →

A new Netflix phishing campaign was brought to my attention so I decided to share the news with all of you. It’s true that are more pressing matters to be worried about in the times we’re living through. Healthcare systems…

Read more →

Heimdal™ Security’s Incident Response and Research team have recently uncovered evidence of what could be a potentially dangerous campaign directed at employees working from home. With many cities under lockdown due to the COVID-19 pandemic, companies were mandated to allow…

Read more →

As the international health authorities struggle to contain the COVID-19 pandemic, more and more companies have begun to embrace the remote work style. It’s not everyone’s cup of tea, that’s for sure – a fact confirmed by not only by…

Read more →

The ongoing COVID-19 pandemic has a significant effect on companies of all sizes around the world, with issues related to the supply chain, shutdowns, workforce shortages, and event cancelations. At the same time, this period can be lucrative for cybercriminals,…

Read more →

As the COVID-19 pandemic engulf Europe, more and more cities have come under lockdown in desperate effort to stem the contagion. On Wednesday, Mette Frederiksen, Denmark’s PM has announced during a press conference that Copenhagen, along with all major city…

Read more →

Microsoft has released security updates that include 115 unique fixes for Windows, Edge, IE, Exchange Server, Office, Azure, Visual Studio, and Dynamics. Out of the 115 bug fixes, 26 are categorized as critical. If your company is running on Microsoft Windows, please take a few minutes to read…

Read more →

Heimdal™ Security’s Incident Investigation and Response Department have recently discovered a new phishing campaign that aims to compromise LinkedIn accounts. The intel gathered so far, suggests that the malicious operation indiscriminately targets business and personal accounts in an attempt to…

Read more →

Heimdal™ Security’s Incident Investigation and Response Department have recently unearthed a new type of phishing campaign that randomly targets TDC customers. The forensic analysis performed on malicious samples retrieved from an anonymous client revealed that the perpetrator(s) lured in TDC…

Read more →

As health authorities worldwide struggle to contain the coronavirus outbreak, numerous company owners have decided to implement voluntary work-from-home regimes, effective immediately. Coined the “largest remote work experiment” by Fortune, for all intent and purpose, the aim is to reduce…

Read more →

The Internet of Things (IoT) is one of the trends in this phase of digital transformation. It is the core technology influencing self-driving cars, smart homes, and everything sophisticated around us. But what about the security for IoT devices? As…

Read more →

The Internet of Things (IoT) is one of the trends in this phase of digital transformation. It is the core technology influencing self-driving cars, smart homes, and everything sophisticated around us. But what about the security for IoT devices? As…

Read more →

If you’re one of our regular readers, you may have grown accustomed to our article series that address today’s most common cyber threats targeting organizations. In today’s blog post, I’m going to take a look at how a botnet attack…

Read more →

We are witnessing an epistemological shift in malware detection & mitigation methodologies. Spearheaded by Lockheed Martin, this initiative proposes a radically new approach – instead of dealing with a malicious attack in its aftermath & reinforcing the infrastructure after incursion…

Read more →

We are witnessing an epistemological shift in malware detection & mitigation methodologies. Spearheaded by Lockheed Martin, this initiative proposes a radically new approach – instead of dealing with a malicious attack in its aftermath & reinforcing the infrastructure after incursion…

Read more →

We are witnessing an epistemological shift in malware detection & mitigation methodologies. Spearheaded by Lockheed Martin, this initiative proposes a radically new approach – instead of dealing with a malicious attack in its aftermath & reinforcing the infrastructure after incursion…

Read more →

Recently, a large Danish company was hit by Emotet, a highly popular and dangerous type of malware, which is causing extensive and disruptive incidents. Emotet acts as a downloader/dropper, with multiple features, and in many cases, plants a secondary payload…

Read more →

Recently, a large Danish company was hit by Emotet, a highly popular and dangerous type of malware, which is causing extensive and disruptive incidents. Emotet acts as a downloader/dropper, with multiple features, and in many cases, plants a secondary payload…

Read more →

Isaac Asimov, one of the most influential science-fiction writers of all times, envisioned a future populated by sentient and ethically sound machines that have vowed never to let any harm fall upon a human. While we’re still far from hearing…

Read more →

Heimdal™ Security’s cybercrime research unit has recently uncovered a criminal infrastructure that employs multiple domains in order to release malware into the wild. Despite the domains being taken offline, per request, the malicious software distributed through them appears to elude…

Read more →

A new Corona Virus phishing scheme is taking the Western world by storm. Especially in the United States, but also in the UK and Western Europe or parts of Asia, hackers are using the Corona Virus scare for their own…

Read more →

As you may already know, Windows 7 has officially hit its end of support. Starting with January 14, Microsoft will no longer be providing updates, security patches or new features to what was once the most popular operating system in…

Read more →

Every online ‘novitiate’ begins with an exercise in security. By now, you must have stumbled upon alien-like concepts such as “SSL”, “TLS”, “handshake protocol”, “AES”, or “MD5-SHA-1”. To call them perplexing, would be a major understatement – unless you’ve majored…

Read more →

The Digital Quality of Life, or DQL, study examines the gaps between citizens’ online experiences on a society-to-society basis. In almost every aspect of life, the digital world impacts everyone. From day-to-day commutes to workplace computing, smartphones and computers are…

Read more →

I wanted to share a few insights with all the CIOs, CISOs, IT managers out there, reading our blog, regarding the main trends in IT security and what we’ve learned from them. Many of you give us a lot of…

Read more →

On January 22, 2020, Microsoft reported a security breach that involved one of its customer databases. Between December 5 and December 31, 2019, a change made to the database’s network security group contained misconfigured security rules that allowed the exposure…

Read more →

Over the past couple of years, increasingly more sysadmins have abandoned the more “traditional”, hands-on, approach to access and identity management in favor of IAG or Identity and Access Governance. The switch from hands-on to IAG is more than taking…

Read more →

A new malicious code is wreaking havoc in corporate IT networks by exploiting a 0-day vulnerability in Internet Explorer. Even if this browser is not the default one used by endpoints within your organization, you still have reason to be…

Read more →

As organizations and their partners are increasingly becoming interconnected, cyber security risks can endanger all parties involved. And even when your business is protected by sophisticated security tools, you may never be certain your suppliers also have the same methods…

Read more →

Microsoft released its regular patches on the second Tuesday of the month, and as always, they included fixes for multiple vulnerabilities. Namely, 49 security bugs have been now fixed, out of which eight are considered to be critical. Rumors started…

Read more →

Microsoft released its regular patches on the second Tuesday of the month, and as always, they included fixes for multiple vulnerabilities. Namely, 49 security bugs have been now fixed, out of which eight are considered to be critical. Rumors started…

Read more →