Tag: Heimdal Security Blog

A version of the Hive cyberattack kit created by the Central Intelligence Agency (CIA) was spotted in the wild. The pirated malicious code acts as spyware, secretly exfiltrating data from victims. The variant was nicknamed xdr33 after its digital certification…

Read more →

Pro-Russian group NoName057(16) continues to wreak havoc. Cybersecurity experts discovered that the group is behind a wave of DDoS attacks against organizations based in Ukraine and NATO countries. The attacks started in March 2022 and since then, governmental and critical…

Read more →

Authorities from Bulgaria, Cyprus, Germany, and Serbia, with help from Europol and Eurojust, worked together to break up a cybercrime ring that was involved in online investment fraud. Since June 2022, when German authorities first asked for help, the European…

Read more →

Threat Actors evade security measures by creating files that are a combination of polyglot and malicious Java archive (JAR). This way they can deploy malware without being discovered. How Does This Work? Polyglot files integrate vocabulary from two or more…

Read more →

On early Monday, numerous Danish smartphone users reported suspicious SMS-type content originating from a questionable source, allegedly related to Danske Spil. In all instances, a single message would be sent, informing the user of his enrollment in a monthly pay-to-win…

Read more →

The VPN market has grown considerably in the last few years due to the increasing popularity of VPN technologies. However, corrupted VPN installers have been used by threat actors to deliver a piece of spyware called EyeSpy, as part of a malware…

Read more →

Static and dynamic IP addresses are two ways of assigning an address to all IT equipment, usually by an Internet access provider (ISP), depending on the needs of its customers – regular users or businesses. In this article, we will…

Read more →

On Friday, DevOps platform CircleCI revealed that unidentified threat actors compromised an employee’s laptop and stole their two-factor authentication credentials to compromise the company’s systems and data. CI/CD service CircleCI said the “sophisticated attack” occurred on December 16, 2022, and…

Read more →

TikTok UK and TikTok Ireland have been fined €5,000,000 by France’s Commission Nationale de l’Informatique et des Libertés (CNIL) for making it impossible for platform users to reject cookies and for failing to adequately explain their function. Article 82 of…

Read more →

Threat actors injected malware that steals customers` private data on Canada`s largest alcohol retailer online store. On January 10th, 2023, the Liquor Control Board of Ontario (LCBO), a Canadian government enterprise, announced that unknown hackers had breached their website. Cyber…

Read more →

Fewer words are more used in cybersecurity than malware. The one that gives IT specialists nightmares, makes companies ramp up security tools, and constantly challenges software creators, malware targets every aspect of our daily used technologies and devices. Being so…

Read more →

The increasing frequency and size of ransomware attacks are becoming a huge concern for thousands of organizations globally. All over the world, threat actors take advantage of security vulnerabilities and encrypt data belonging to all sorts of organizations: from private…

Read more →

Last time, we got to know better what network segmentation means. We defined the concept, found out how it works, how to use it and what benefits its implementation can bring to your organization. You can check out the first…

Read more →

In order to deceive users into sending money to a scammer instead of the intended recipient, a new scam known as “Address Poisoning” has surfaced, according to cryptocurrency wallet service MetaMask. In contrast to other frauds, which frequently employ techniques…

Read more →

According to recent research into Raspberry Robin’s attack infrastructure, other threat actors may be able to repurpose the infections for their own malicious actions. Raspberry Robin, also known as “QNAP worm”, and linked to the threat actor DEV-0856, is a…

Read more →

A cyberattack on Royal Mail, the UK’s largest mail delivery service, has been linked to LockBit ransomware. The Royal Mail announced yesterday that it has been experiencing severe disruption to international export services as a result of a cyber incident.…

Read more →

Several crypto scams linked call centers that were functioning in multiple European countries were discovered and closed this week by Europol. Cybercriminals used these call centers to convince individuals to invest money in the “Pig Butchering” cryptocurrency scams. The cross-border…

Read more →

A system administrator discovered that the Android TV box bought from Amazon had pre-installed malware. According to him, the box was reaching out to a whole list of active malware addresses. Daniel Milisic is the person who found the malware…

Read more →

This new text-to-speech AI model from Microsoft can listen to a voice for just a few seconds, then mimic it, including its emotional tone and acoustics. Microsoft’s latest research in text-to-speech AI centers on a new model known as VALL-E. It’s…

Read more →

Mutual authentication, also known as two-way authentication or website-to-user authentication, is a security mechanism that requires the two sides of a communications channel to authenticate each other’s identities (instead of just one side verifying the other) before moving forward with…

Read more →

In today’s data-driven world, it is essential for businesses to protect their systems from malicious attacks. Insider threat mitigation is a security measure that helps to identify and mitigate threats posed by malicious insiders, such as employees or contractors with…

Read more →

Microsoft has kickstarted 2023 with a comprehensive list of vulnerabilities, including several issues that have been flagged as zero-day bugs.  This Patch Tuesday list covers over 90 common and uncommon exploits, with risk scores ranging from moderate to severe. Patch…

Read more →

Twitter claims there is no connection between former system vulnerabilities and a leaked dataset of 200 million users that was recently on sale online. On January 11th, 2023, the social media company declared this time its researchers found no evidence…

Read more →

UK’s leading mail service, the Royal Mail, has stopped its international shipping services due to “severe service disruption”. The company described the cause as a “cyber incident”. Although the event had no effect on delivery or pickup services in the…

Read more →

Recently, Australian hospitals have been hit by a wave of Gootkit malware loader attacks that leverage legitimate software like VLC Media Player as cover. To get initial access, Gootkit (also known as Gootloader) is reported to use search engine optimization (SEO)…

Read more →

Koko, a mental health company, announced on 6 January 2023, that it provided AI-generated counseling to 4,000 people. The information raised ethical and legal concerns about the regulation of the use of AI and the absence of consent from individuals…

Read more →

The open-source JsonWebToken (JWT) library has been confirmed to be affected by a high-severity security flaw that could lead to remote code execution. While investigating the popular open-source project, Unit 42 researchers discovered a new vulnerability, tracked as CVE-2022-23529.This flaw has…

Read more →

Researchers warn that patching critical vulnerabilities that allow network access is not enough to prevent ransomware attacks. Some gangs exploit the flaws to plan a backdoor malware while they still have the opportunity, and they may return long after the…

Read more →

Des Moines Public School put all networked systems offline and canceled classes on January 10th due to an undefined cyberattack. More than 31,000 kids from preschool through high school in more than 60 schools, as well as the school’s 5000…

Read more →

The Advanced Persistent Threat (APT) known as StrongPity has been observed distributing a fake Shagle chat app that is a trojanized version of the Telegram for Android app with an added backdoor. Shagle is a legitimate random-video-chat platform that allows strangers to…

Read more →

Multiple government agencies and military bodies in the APAC region have been targeted by what appears to be a new advanced threat actor that uses custom malware. Researchers refer to this group as Dark Pink (Group-IB) or Saaiwc Group (Anheng…

Read more →

Threat actors launched a massive malware campaign that spoofs the AnyDesk site to infect endpoints with Vidar stealer. More than 1,300 domains that impersonate the official AnyDesk site were found to redirect users to a Dropbox folder that pushes information-stealing…

Read more →

On January 10th, the Cybersecurity and Infrastructure Security Agency (CISA) added two more new vulnerabilities to its catalog of actively exploited bugs. CISA ordered agencies to patch the bugs as soon as possible to avoid exploitation by threat actors. The…

Read more →

The Department for Environment, Food & Rural Affairs (DEFRA) website in the U.K. was the victim of a redirect attack. Cybercriminals used an open redirect to send visitors to fake OnlyFans pages. What Happened Threat actors exploited an open redirect…

Read more →

A new research shows that threat actors are exploiting the increasingly popular ChatGTP to write usable malware and share their results on the dark web. The study was based on recent findings from Cybernews, and three distinct cases were profiled…

Read more →

A malicious IcedID malware campaign was identified recently. According to researchers, threat actors are actively spreading malware using modified versions of the Zoom application that have been trojanized. Zoom has become increasingly popular in recent years since the COVID-19 pandemic emerged…

Read more →

While containers and microservices keep gaining popularity among developers, it`s no wonder the interest in container security best practices has also grown. Although container-based architecture comes with a series of advantages: portability, lightweight, easy maintenance, and scalability, it also rises…

Read more →

The American fast-food restaurant chain Chick-fil-A is looking into “suspicious activity” linked to some of its customers’ accounts. The company created a support page with advice for clients who notice any strange activity on their accounts, such as mobile orders…

Read more →

Fake Pokemon NFT card game website is used by threat actors to spread malware. Visitors are tricked to download the NetSupport remote access tool or RAT, a malicious software that takes over victims’ devices. Details About the Campaign Analysts at…

Read more →

Turla Russian espionage group delivers KOPILUWAK reconnaissance utility and QUIETCANARY backdoor to ANDROMEDA malware victims in Ukraine. Cyber researchers track the operation as UNC4210. Turla is also known as Iron Hunter, Krypton, Uroburos, Venomous Bear, or Waterbug and is thought…

Read more →

Cold River, a Russian hacking collective, targeted three US nuclear research laboratories. Brookhaven, Argonne and Lawrence Livermore National Laboratories were all hit. Between August and September Cold River targeted the Brookhaven (BNL), Argonne (ANL) and Lawrence Livermore National Laboratories (LLNL), according…

Read more →

Threat actors targeting the Visual Studio Code extensions use a new attack vector. They upload rogue extensions impersonating their legitimate counterparts with the goal of triggering supply chain attacks on the machines of developers. Curated via a marketplace made available…

Read more →

Flying Blue customers have been informed that some of their personal information was exposed following a breach of their accounts. Clients of Air France, KLM, Transavia, Aircalin, Kenya Airways, and TAROM can exchange loyalty points for rewards through Flying Blue.…

Read more →

When it comes to malware, knowing what types of malicious software lurk out there can help you enable efficient cybersecurity measures and stay protected. Backdoor malware is just one of many kinds of threats that you have to take into…

Read more →

When it comes to network security, there are a lot of methods to help strenghten it. One such method, that will not only increase the overall security of your enterprise, but it will also simplify the monitorization and response to…

Read more →

It has been over a year since the Cloudstar ransomware attack, and Stephen Millstein, the CEO of Certified Title Corporation, still feels “something like PTSD” whenever he recalls what happened. In the cyber attack on the cloud storage provider, Millstein’s…

Read more →

Commission Nationale de l’Informatique et des Libertés (CNIL), the French data protection authority, fined Apple €8,000,000 ($8.5M) for collecting user data without the user’s consent. The data was used to better target advertising in the App Store. These actions are…

Read more →

Blind Eagle, a financially-motivated threat actor previously observed launching operations against organizations in Colombia and Ecuador, has reemerged with a sophisticated toolset and a complex infection chain. The latest findings from Check Point shed light on the group’s methods, such…

Read more →

The Vice Society gang has been behind a high-profile string of ransomware attacks on schools across the UK and the USA, with the most recently uncovered campaign involving 14 British schools. Source Vice Society – A Constant Threat Vice Society…

Read more →

WhatsApp introduces a new feature in its latest released update. From now, users of the messaging app will be able to connect via proxy servers in case of Internet shutdowns or if the service is blocked in their country by…

Read more →

The Play ransomware operation was responsible for a cyberattack that brought Rackspace’s hosted Microsoft Exchange environment down in December. According to Rackspace, attackers behind last month’s incident gained access to some of its customers’ Personal Storage Table (PST) files, which…

Read more →

A cybercrime group going by the name of Bluebottle has been linked to a set of attacks aimed at the financial sector in Francophone countries located in Africa, in the timeline between July and September 2022. Symantec, a division of…

Read more →

The number of attacks targeting banks grew after the source code for CypherRat, a new SpyNote malware version, was offered for free on hacker groups. CypherRat has both spyware and banking trojan features impersonating banking institutions. It was initially sold…

Read more →

In recent years, data has become a valuable asset that every business sector shouldn’t neglect. However, information exists in different states and constantly crosses numerous networks and devices, which can result in data breaches. Because of this, organizations should be…

Read more →

The software development service CircleCI has disclosed a security incident and urged users to rotate their secrets. Over one million engineers rely on the CI/CD platform for the “speed and reliability” of their builds, according to its website. As per…

Read more →

Over 100k user entries and administrative credentials were leaked from a cricket community social network. Cybernews researchers discovered that cricketsocial[.]com left an open database containing emails, phone numbers, names, hashed user passwords, dates of birth, and addresses. Most of the…

Read more →

Identity theft is a growing problem in today’s digital world. With more of our personal information available online, it can be difficult to protect ourselves from malicious actors who may use our data for malicious purposes. While it might seem…

Read more →

In what might be a severe blow to its ad-fueled business model, the Irish Data Protection Commission (DPC) has fined Facebook’s parent company Meta $414 million for its management of user data for distributing personalized ads. Privacy regulators ordered Meta…

Read more →

Threat actors offer over 200 million Twitter users` profile data on the Breached hacker forum, asking no more than $2 for the whole database. Cyber researchers say this is the cleaned-up version of the 400 million profiles database spilled in…

Read more →

Arnold Clark, the Scottish automotive retail giant, announced that it suffered a cyberattack. An external cybersecurity firm identified abnormal activity on the company’s network on Christmas Eve. What Damage Has Been Done As a precaution, after the attack, Arnold Clark…

Read more →

Following a recent cyberattack on the Queensland University of Technology, the Royal ransomware gang has begun leaking data they allegedly stole during the intrusion. Queensland University of Technology (QUT) has 52,672 students and operates on a budget exceeding one billion…

Read more →

Ferrari, BMW, Toyota, Ford, and other automotive companies have been found to have severe vulnerabilities. The disclosed vulnerabilities varied based on the manufacturer and their specifics. Researchers revealed that an AT&T system was fully compromised and, if exploited by threat actors,…

Read more →

Members of the security community are at risk. A new phishing campaign is taking advantage of the community’s growing interest in Flipper Zero to steal both their personal data and cryptocurrencies. The tool gives pen-testers and hacking enthusiasts, and researchers…

Read more →

Threat actors use data stolen from Columbian bank customers as lures in email phishing attacks. Cyber researchers warn that the campaign aims infecting endpoints with BitRAT remote access trojan. On the bright side, according to researchers, none of the sensitive…

Read more →

Wabtec Corporation announced that it was the victim of a ransomware attack. The attack caused a data breach, exposing personal and sensitive information. Wabtec Corporation is a U.S. company that produces locomotives and rail systems. With 25,000 employees in 50…

Read more →

Poland is warning of a spike in cyberattacks from Russia-linked hackers, including GhostWriter, a state-sponsored hacking group. Poland’s official website claims hostile cyber-activity has intensified, targeting public domains and state organizations, strategic energy and armament providers, and other critical entities.…

Read more →

Container security is a vital factor for all companies that use containers for running their software, as an alternative to using virtual machines (VMs). A container is a software conglomeration that includes all the components required for the soft to…

Read more →

The Raspberry Robin worm has targeted the financial and insurance industries in Europe, and the virus is still evolving its post-exploitation capabilities while evading detection. The breaches, which have been seen in Spanish and Portuguese-speaking organizations, are notable for collecting…

Read more →

A vulnerability in Google Home speakers could have allowed threat actors to remotely listen in on user conversations. The issue was reported to Google by security researcher Matt Kunze, who won a bug bounty of $107,500. According to Kunze’s technical…

Read more →

As a result of an attack against the Hospital for Sick Children (SickKids), the LockBit ransomware gang has formally apologized and released a free decryptor for the hospital. Toronto’s SickKids Hospital is a teaching and research hospital that treats sick children.…

Read more →

Users who installed PyTorch-Nightly during last week of December are warned to uninstall it and torchtriton immediately. The good news is those who use PyTorch stable package were not impacted by this problem. The open-source Python-based machine learning framework discovered…

Read more →

RedZei (or RedThief) Chinese-speaking hackers are targeting U.K.-based Chinese international students, a wealthy victim group, with scam calls. The campaign is ongoing for more than a year and shows that threat actors have meticulously selected and researched their victims. Details…

Read more →

ALPHV ransomware operators published stolen data on a replica of a victim’s site as part of their extortion tactic. Also known as BlackCat ransomware, ALPHV is known for testing new ways to force their victims into paying. Even though these tactics have…

Read more →

A cyberattack launched on December 27, 2022, caused the Canadian Copper Mountain Mining Corporation (CMMC) to shut down its operations. The IT team of the company from British Columbia quickly implemented the predefined risk management systems and protocols to contain…

Read more →