Tag: Heimdal Security Blog

CISA and FBI released an advisory on Androxgh0st malware IoCs (Indicators of Compromise) and warned about hackers using this threat to steal credentials. The advisory contains: a list of specific Androxgh0st IoCs examples of malicious activities linked to it details…

Read more →

The National Cyber Security Centre Finland announced a surge in Akira ransomware attacks. Threat actors used Akira malware in six out of the seven ransomware attacks reported in December 2023. The attackers used VPNs that lacked multi-factor authentication. They exploited…

Read more →

During his initial statements since becoming the National Cyber Director in December, Harry Coker stated that the White House plans to “reduce unnecessary barriers” that federal contractors have while trying to fill cybersecurity positions, such as the need for a…

Read more →

We all know that maintaining up-to-date systems is crucial. Patch management plays a vital role in this process. This article serves as a hub for various patch management templates, each designed to streamline and enhance the efficiency of your patch…

Read more →

Key takeaways: Why privileged access management requires a continuous approach; The common pitfalls of poor privileged access management; How to create an effective, end-to-end privileged access management lifecycle. Privileged access management (PAM) is an essential tool of any modern cybersecurity…

Read more →

I got to talk to Dragoș Roșioru, a seasoned MXDR expert, about incident response best practices and challenges.   Get an in-depth understanding of the do’s and don’ts in incident response as Dragoș explains how to avoid the most common mistakes…

Read more →

The Terrapin attack, a newly identified security threat, jeopardizes nearly 11 million SSH servers that are accessible online. Originating from academic research at Ruhr University Bochum in Germany, this attack specifically targets the SSH protocol, affecting both clients and servers.…

Read more →

HealthEC LLC, a leading provider in health management solutions, experienced a significant data breach, impacting approximately 4.5 million individuals. This incident affected patients who received care through one of HealthEC’s client organizations. The company’s population health management platform, used by…

Read more →

Security research and consulting firm SRLabs exploited a vulnerability in the encryption algorithm of a specific strain of Black Basta ransomware to develop and release a decryptor tool named Black Basta Buster. This tool, released in response to the activities…

Read more →

Transformative Healthcare announces Fallon Ambulance data breach exposed sensitive information of 911,757 customers. Fallon ceased operations in December 2022 but is still responsible for a data storage archive that hackers targeted with ransomware. The ALPHV threat group a.k.a. BlackCat, claimed…

Read more →

Over 1.3 million customers across the U.S. are being alerted by mortgage servicing company LoanCare that a data breach at its parent company, Fidelity National Financial, may have compromised their private information. With 1.2 million loans and $390 billion in…

Read more →

Katholische Hospitalvereinigung Ostwestfalen (KHO), a German hospital network, has confirmed that a cyberattack launched by the Lockbit ransomware group is the cause of recent service disruptions at three hospitals in its network. The attack occurred in the early morning of…

Read more →

Citrix bugs caused a lot of problems throughout the year, and as we’re closing down 2023, it seems it’s not over. This time, Xfinity, Comcast’s cable television and internet division has been the victim of a data breach caused by…

Read more →

ESO Solutions, a key software provider for healthcare and emergency services, was the victim of a ransomware attack. This cyberattack led to unauthorized data access and encryption of various company systems. The breach, initially identified on September 28th, marked the…

Read more →

The National Security Agency (NSA) has unveiled its ‘2023 Cybersecurity Year in Review’. This document highlights the agency’s achievements in enhancing national security through cybersecurity. It emphasizes the value of NSA’s collaborations with U.S. government agencies, international allies, and the…

Read more →

The antivirus software stands as a critical defense line against cyber-attacks. To fully understand how it operates, it’s vital to understand the four distinct layers of antivirus security. Each layer contributes to the detection and neutralization of threats, ensuring a…

Read more →

The U.S. Justice Department (DoJ) announced on December 19th that the Federal Bureau of Investigations had disrupted the BlackCat ransomware threat group’s activity. The FBI offered a decryption tool to more than 500 affected victims. They also encourage potentially unknown…

Read more →

The Exploit Prediction Scoring System (EPSS) is a data-driven tool highlighting what vulnerabilities hackers will likely exploit. EPSS was created by a group of experts at the Forum of Incident Response and Security Teams (FIRST). Its purpose is to make…

Read more →

In a perfect world, you’d have the resources to defend yourself against every possible cybersecurity threat and vulnerability. The reality, however, is that even the largest organizations have limited resources to dedicate to cybersecurity. An effective security strategy, therefore, needs…

Read more →

The purpose of Heimdal®’s exercise is to analyze the complex dynamics between endpoint-based attacks, code-based vulnerabilities, and cyberattacks that leverage DNS in an attempt to establish a baseline for detection and response framework. To this end, we have analyzed two…

Read more →