Tag: Heimdal Security Blog

Patch management involves distributing and applying updates to various endpoints, which is crucial in fixing software vulnerabilities or unforeseen system interactions.  60% of cyber incidents leading to covert data theft link to absent, misconfigured, or incompletely implemented patches.  A concerning…

Read more →

Organizations that want to avoid a security breach or attack naturally do everything in their power to avoid it from happening in the first place. The more proactive and preventative work you do, the higher your chance of avoiding an…

Read more →

Key Takeaways: Vulnerability prioritization is about deciding what to patch, and in what order.  Many organizations use unsatisfactory methods when prioritizing patches. Learn how a holistic, risk-based approach to vulnerability prioritization can improve patch management.  Find out how automated vulnerability…

Read more →

Researchers warn of an increase in NetSupport RAT (Remote Access Trojan) infections impacting education, government, and business services sectors. NetSupport Manager is a remote control and desktop management tool by NetSupport Ltd. Its initial role was to aid IT professionals…

Read more →

Threat actors target macOS systems with the Atomic Stealer malware in a new phase of the ClearFake campaign. Mac users are tricked into downloading the infostealer on their devices from fake browser updates. Hackers designed the Atomic Stealer (AMOS) malware…

Read more →

The cybersecurity solution of the future must be proactive and holistic, designed to face the most modern forms of attack. This is what we here at Heimdal are devoted to achieving through our endpoint protection, detection, and response suite with…

Read more →

Managing user privileges is a critical task for any organization. This article aims to guide you through the process of assigning user privileges in Heimdal, ensuring a secure and efficient management of your cybersecurity infrastructure.  Key Takeaway Summary  Understanding User…

Read more →

When it comes to information security, ISO 27001 is of paramount importance. As CISOs and IT administrators, you’re likely familiar with its significance. However, the journey from understanding to effectively implementing ISO 27001 controls is not without challenges.   This article…

Read more →

An effective Mac patch management strategy involves following a series of well-planned steps and best practices. Patch management strategies are not just about bug fixes, closing vulnerabilities, and improving system performance. Meeting compliance requirements is also on the goals list. …

Read more →

Heimdal has launched “Outliers Detection”, an AI-powered feature that upgrades its Email Fraud Protection platform. This tool uses AI to proactively spot and stop email threats early, keeping businesses safe. Our method is both innovative one-of-a-kind. We use anomaly detection…

Read more →

Researchers disclosed a new Intel CPU vulnerability that allows escalation of privileges, access to sensitive data, and denial of service via local access. CVE-2023-23583 has an 8.8 CVSS score and impacts various Intel desktop, mobile, and server CPUs. According to…

Read more →

Truepill data breach exposed sensitive information belonging to 2,364,359 people and risks multiple lawsuits. The B2B-focused pharmacy platform discovered the incident on August 31, 2023. They promptly launched an investigation and took additional security measures to contain the incident. However,…

Read more →

Samsung Electronics has informed its customers about a data breach impacting those who shopped at the Samsung UK online store from July 1, 2019, to June 30, 2020. This breach resulted in unauthorized access to personal information. Breach Traced to…

Read more →

Today, the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) have jointly issued a warning about the Rhysida ransomware group. This gang has been attacking various organizations in different sectors since May 2023. A detailed Cybersecurity Advisory (CSA) has…

Read more →

A notorious hacker, previously involved in high-profile data breaches of InfraGard and Twitter, has now leaked a substantial LinkedIn database on a clear web hacking forum. The scraped LinkedIn database was leaked in two parts: one containing 5 million user…

Read more →

In the wrong hands, medical data can be used for a variety of crimes, such as patient identity theft, clinician identity theft, extortion, tax fraud, insurance fraud, and more. Geopolitical agendas further complicate the threat landscape, as cyberattacks such as…

Read more →

Daixin Team claimed responsibility for the ransomware attack that impacted 5 hospitals in Ontario, Canada, on October 23rd. TransForm, the shared service provider of the five healthcare organizations, confirmed the ransomware attack. The stolen database contains information on 5.6 million…

Read more →

Threat groups exploited two recent Atlassian Confluence vulnerabilities to deploy Cerber ransomware. On October 31st, Atlassian released security updates for both flaws and urged users to patch. Both flaws, CVE-2023-22518 and CVE-2023-22515, are ranked 10 which is the maximum risk…

Read more →

If you switched from using HTTP/1 to HTTP/2 you`re a possible target of massive DDoS attacks. Hackers started recently to exploit a key feature of the HTTP/2 protocol. The vulnerability was called CVE-2023-44487.  The HTTP/2 Rapid Reset DDoS attacks that targeted…

Read more →

If you switched from using HTTP/1 to HTTP/2 you`re a possible target of massive DDoS attacks. Hackers started recently to exploit a key feature of the HTTP/2 protocol. The vulnerability was called CVE-2023-44487.  The HTTP/2 Rapid Reset DDoS attacks that targeted…

Read more →