Tag: Heimdal Security Blog

In a sweeping global campaign, LinkedIn users are falling victim to a surge of account hijacks, leaving many locked out or held at ransom by threat actors. Rampant Account Hijacking and Extortion LinkedIn, the professional networking platform, is facing a…

Read more →

In a notable comeback, the creators of the notorious Raccoon Stealer information-stealing malware have reemerged after a six-month hiatus. This resurgence brings forth an upgraded version tailored to cater to the evolving needs of cybercriminals. Brief Overview Raccoon Stealer has maintained…

Read more →

With more and more businesses learning how to avoid paying huge amounts of money to ransomware actors by maintaining up-to-date backups and having disaster recovery plans in place, the number of victims forced to pay ransom started to decrease. Even…

Read more →

As the new face of Heimdal, I wanted to chat about the ‘product’ with our experts and find out why customers love us. So, I sat down with Nabil Nistar, our Head of Product Marketing, and talked about Heimdal Extended…

Read more →

An ongoing spam campaign spreads Knight ransomware among users. The fake emails imitate Tripadvisor complaint messages. Knight ransomware is the revamp of the Cyclop Ransomware-as-a-Service, starting with July 2023. The Knight Ransomware Spam Campaign A researcher at Sophos detected this…

Read more →

To understand what privileged access management is, we need to first understand what privileged access refers to. This article will cover many aspects of PAM, including definition, importance, functionality, statistics, best practices, and why our solution is the best for…

Read more →

Risk-Based Authentication (also known as RBA, context-based authentication, or adaptive authentication) is a security mechanism that looks at the profile (IP address, device, behavior, time of access, history, and so on) of the agent asking for access to the system…

Read more →

What to do if you don’t have the time, workforce, or knowledge to deal with Patch Management? We’ve got the solution for you. More and more vulnerability management vendors have begun to offer services that do all the heavy lifting.…

Read more →

Imagine having a superhero shield for your computers, network, users, and clouds. That’s what an XDR software solution does – it keeps a watchful eye on everything, non-stop! XDR solutions bring different security tools into one place, making it easier…

Read more →

Exploit databases are relevant intelligence sources for security specialists that need to keep an eye on the latest exploits and vulnerabilities. They also offer a long-time perspective over the past years’ threat landscape. An improper patch management policy still leads…

Read more →

In an increasingly interconnected digital landscape, the threat of ransomware has emerged as a formidable adversary, targeting organizations of all sizes and industries. Ransomware attacks can wreak havoc on businesses, leading to data breaches, financial losses, and operational disruptions.  As…

Read more →

The ransomware operation known as Rhysida has rapidly gained notoriety, especially following a series of attacks on healthcare organizations. This surge has led to heightened vigilance from government agencies and cybersecurity firms, prompting them to closely monitor Rhysida’s activities. Growing…

Read more →

In a recent development, it has come to light that an APT group managed to infiltrate the city of Dallas’ digital infrastructure, gaining unauthorized access to sensitive personal data belonging to a minimum of 26,212 residents of Texas. The data…

Read more →

The UK Electoral Commission revealed a cyberattack that exposed the personal data of all registered voters between 2014 and 2022. The attack took place in August 2021, but the Commission only discovered the breach in October 2022. Threat actors had…

Read more →

In an age where the internet is vital for business, cyberattacks, malware, and phishing attempts have evolved to exploit vulnerabilities within web browsers, making them a prime target for malicious actors. In response to this growing menace, cybersecurity experts have…

Read more →

Downfall vulnerability impacts various Intel microprocessors and enables encryption keys, passwords, and other sensitive data exfiltration. The flaw was dubbed CVE-2022-40982 and was reported to Intel by security researcher Daniel Moghimi. The researcher provided a proof-of-concept that leverages the Gather…

Read more →

A large healthcare network operating across multiple states recently experienced widespread network disruptions due to a cyberattack, confirmed by the FBI to be a ransomware incident. Prospect Medical Holdings, which oversees 16 hospitals spanning California, Connecticut, Pennsylvania, and Rhode Island,…

Read more →

A team of researchers has introduced an innovative approach referred to as a “deep learning-based acoustic side-channel attack,” designed to accurately classify laptop keystrokes recorded using a nearby smartphone, achieving an impressive 95% accuracy rate. In a recent study published…

Read more →

You might think that an air-gapped network will keep you safer from attackers, and you are right. It’s pretty obvious that isolating a computer or network and preventing it from establishing an external connection will leave threat actors with fewer…

Read more →

Heimdal® returns with yet another update from the patching and vulnerability management front. So far, Microsoft has slated for release 12 security and non-security improvements, touching upon the Edge browser. Without further ado, here’s what Patch Tuesday August has in…

Read more →

On Monday, the White House unveiled a series of new initiatives and federal resources designed to address cybersecurity concerns in the nation’s K-12 education system. This comes as a response to the increasing wave of cyberattacks that have targeted schools…

Read more →

With cyber threats evolving at an alarming pace, traditional passwords fall short when it comes to protecting our digital data. In the search for a more powerful defense against unauthorized access, an innovative approach has emerged: One-Time Passwords (OTPs), dynamic…

Read more →

Microsoft believes that Microsoft Teams chats were used into coaxing users to share their credentials with threat actors. The available evidence leads to a Russian government-linked hacking group known as Midnight Blizzard being responsible, after taking aim at dozens of…

Read more →

Exploit kits (Eks) are collections of exploits – pieces of code or sequences of commands – created to leverage vulnerabilities in software and attack a system. Their goal is to deploy malware onto the victim`s system. These toolkits are usually…

Read more →

CrowdStrike is pretty reliable when it comes to protecting you from attacks. But the thing is, it can be quite challenging to use and almost impossible to tweak to your specific needs. At the same time, the cybersecurity market is…

Read more →

As cyberattacks become more sophisticated and widespread, ransomware attacks have become one of the most common and costly threats facing companies today. In recent years, ransomware attacks have grown increasingly frequent, causing significant damage to businesses and organizations of all…

Read more →

We are seeing a landslide in the cybersecurity market, with more and more Managed Security Service Providers (MSSPs) working as intermediaries between cybersecurity vendors and businesses in need of beefing up their security. The global managed security services market was…

Read more →

Cybersecurity agencies in Australia and the U.S. issued an advisory that warns about security flaws in web applications that could result in large-scale data breaches. The advisory refers to a certain sort of vulnerability called Insecure Direct Object Reference (IDOR).…

Read more →

The Information Commissioner’s Office (ICO) revealed that 26 staff members of NHS Lanarkshire shared patients` information on a WhatsApp group. The group didn`t have the organization`s approval for processing data about the NHS patients. The team got access to the…

Read more →

The American clothing company Hot Topic announced they identified suspicious login activity on a series of Reword accounts. Hot Topic warns that a data breach might have compromised users` sensitive information. The retail chain has 675 stores across the U.S.…

Read more →

The U.S. Securities and Exchange Commission (SEC) has approved new rules requiring publicly traded companies to disclose cyberattack details within four days of identifying a “material” impact on their finances, signaling a significant change in breach disclosure practices. SEC Chair…

Read more →

Canon is cautioning users of home, office, and large format inkjet printers that their devices’ Wi-Fi connection settings are not properly wiped during initialization, posing a security and privacy risk. This flaw could potentially allow unauthorized individuals, such as repair…

Read more →

Due to the constantly changing nature of cyber threats, businesses must implement strong security solutions. Here is where CrowdStrike competitors come into play, providing cutting-edge cybersecurity services and solutions. There is a cybersecurity solution designed to match your specific requirements,…

Read more →

A fake Android app called ‘SafeChat’ is used by malicious actors to infect devices with spyware malware that allows them to steal call logs, text messages, and GPS locations from phones. The spyware appears to be a variant of “Coverlm,”…

Read more →

An exploit is a piece of software or code created to take advantage of a vulnerability. It is not malicious in essence, it is rather a method to prey on a software or hardware security flaw. Threat actors use exploits…

Read more →

The BAZAN Group’s website is inaccessible since this weekend due to a DDoS attack. The Iranian hacktivist group, “Cyber Avengers” (“CyberAv3ngers”) claims to have breached the Group’s security systems and managed to exfiltrate data. Israel’s largest oil refinery operator is…

Read more →

In the fast-evolving landscape of cybersecurity threats, ransomware has consistently remained a top concern for individuals and organizations. Among the myriad ransomware strains, the notorious Locky Ransomware has struck fear into the hearts of victims. Initially appearing in 2016, Locky…

Read more →

An exploit is a piece of software or code created to take advantage of a vulnerability. It is not malicious in essence, it is rather a method to prey on a software or hardware security flaw. Threat actors use exploits…

Read more →

What Is Vulnerability Prioritization? Vulnerability prioritization is the process of identifying and ranking vulnerabilities based on the potential impact on the business, ease of exploitability, and other contextual factors. It represents one of the key steps in the vulnerability management…

Read more →

Picture this scenario: you’re browsing the internet, going about your business, when suddenly a malicious website pops up out of nowhere. Your heart races as you realize that your sensitive data and personal information may be at risk. You scramble…

Read more →

The term Managed Detection and Response (MDR) refers to an outsourced cybersecurity service that employs advanced technologies and human expertise. It can carry out threat hunting, monitoring, and response at the host, endpoint, and network levels. The vendor usually offers…

Read more →

HRM Enterprises, Inc., the owner of the US’s largest independent hardware store, was recently the victim of a cyberattack where the credit card information of more than 40,000 clients was stolen. Based in Hartville, Ohio, HRM Enterprises, Inc. is a…

Read more →

Secure remote access is an effective approach to cybersecurity that combines multiple technologies, such as encryption, multifactor authentication (MFA), VPNs, and endpoint protection, among others, to safeguard an organization’s network, mission-critical systems, or sensitive data from unauthorized access. Its strength…

Read more →

In a previously-published material, Heimdal® has analyzed the emergent Dark Power malware – a ransomware strain written in the NIM programming and capable leveraging advanced encryption techniques such as CTR for a better stranglehold on the victim’s device and, implicitly,…

Read more →

U.S. government service contracting giant Maximus has disclosed a data breach warning that threat actors stole the personal data (including Social Security numbers and protected health information) of 8 to 11 million people by exploiting a vulnerability in MOVEit Transfer.…

Read more →

Ransomware attacks have become one of the most significant cybersecurity threats facing businesses and organizations today. These malicious attacks encrypt valuable data, rendering it inaccessible to users until a ransom is paid to the attackers.  Despite investing in robust cybersecurity…

Read more →

A cyber attack on health software company Ortivus has led to the shutdown of the ambulance patient records system, affecting several UK NHS ambulance organizations. The attack occurred on July 18 and impacted UK customer systems within Ortivus’s hosted data…

Read more →

Dutch researchers revealed 5 vulnerabilities in the Terrestrial Trunked Radio (TETRA) that could expose government organizations and critical infrastructure communication to third parties. Two of the collectively called TETRA:BURST flaws, CVE-2022-22401 and CVE-2022-22402, were rated critical. TETRA is used for…

Read more →

The Norwegian National Security Authority (NSM) revealed that threat actors exploited the CVE-2023-35078 zero-day vulnerability in Ivanti’s Endpoint Manager Mobile (EPMM) to target the Norwegian Government. According to the Norwegian authorities, the attack did not impact the Prime Minister’s Office,…

Read more →

Yamaha’s Canadian music division has confirmed that it fell victim to a recent cyberattack, as two separate ransomware groups claimed responsibility for targeting the company. Yamaha Corporation, a renowned Japanese manufacturer of musical instruments and audio equipment, experienced unauthorized access…

Read more →

Researchers found a critical ‘Super Admin’ privilege elevation vulnerability that impacts MikroTik devices. Over 900,000 RouterOS routers are at risk and security specialists advise users to apply available patches immediately. CVE-2023-30799 enables remote and authenticated threat actors to escalate privileges…

Read more →

Recently, cybersecurity specialists made a concerning discovery regarding the North Korean state-sponsored Lazarus APT group. The ASEC team found that the group is actively targeting Windows Internet Information Service (IIS) web servers as a means to distribute malware. Lazarus employs…

Read more →

Analysts from Checkmarx uncovered a number of attacks on the banking industry’s open-source software supply chain in the first half of 2023. According to the experts, these attacks targeted specific components of web assets used by banks and employed sophisticated…

Read more →

The second month of summer comes a-calling with a hefty list of bug fixes; throughout July, Microsoft has released no lesst than 142 patches for various types of vulnerabilities, with scores ranging from Important to Critical. Without further ado, here’s…

Read more →

Mobile device management (MDM) is software that enables IT teams to supervise and secure all mobile endpoints in a company`s digital perimeter: laptops, tablets, smartphones, etc. In the age of remote & hybrid work, an MDM strategy is an essential…

Read more →

Earlier this month, Microsoft and CISA disclosed a security incident and attributed it to the Chinese threat group Storm-0558. The threat actors stole a Microsoft consumer signing key, which was initially thought to have provided them with access to Exchange…

Read more →

The Mallox ransomware group, also known as TargetCompany, Fargo, and Tohnichi, has become increasingly active, signaling a significant shift in its operations. According to recent findings, Mallox’s ransomware activities in 2023 have seen a staggering 174% increase compared to the…

Read more →

Multiple DDoS botnets have actively exploited a critical vulnerability discovered in Zyxel firewall models, as revealed by cybersecurity researchers. Tracked as CVE-2023-28771, this flaw explicitly impacts Linux platforms and enables remote attackers to gain unauthorized control over vulnerable systems, effectively…

Read more →

Security Researchers warn about finding new vulnerabilities in the AMI MegaRAC Baseboard Management Controller (BMC) software. The flaws, rated from high to critical, open the way for threat actors to deploy malware and succeed in remote code execution (RCE). Lots…

Read more →

Cybersecurity purchasers and providers must adopt a new way of thinking in response to the more sophisticated cyberthreats that keep emerging. The necessity for more thorough and integrated approaches to cybersecurity is highlighted by the fact that traditional cybersecurity solutions…

Read more →

Adobe released an emergency ColdFusion security update meant to fix critical vulnerabilities, including a new zero-day vulnerability. Adobe fixed three vulnerabilities as part of their out-of-band update: CVE-2023-38204: a critical remote code execution (RCE) vulnerability (9.8 rating); CVE-2023-38205: a critical…

Read more →

Cosmetic conglomerate Estée Lauder has been listed on the data leak sites of two of the most active threat groups today, ALPHV/BlackCat and Clop. The BlackCat gang mocked the security of Estée Lauder in a message to the company, saying…

Read more →

Tampa General Hospital announced on Wednesday evening that cybercriminals breached its network and stole files containing the personal health information (PHI) of about 1.2 million patients. Located on Davis Island in Tampa, Florida, Tampa General Hospital (TGH) is a not-for-profit,…

Read more →

P2PInfect is a new cloud-targeting, peer-to-peer (P2P) worm recently discovered by cybersecurity researchers, that targets vulnerable Redis instances for follow-on exploitation. Researchers William Gamazo and Nathaniel Quist said that P2PInfect exploits Redis servers running on both Linux and Windows OS,…

Read more →

The United Kingdom’s public sector is undergoing a digital transformation, relying increasingly on technology to enhance service delivery, streamline operations, and foster improved engagement with citizens. As government organizations continue to embrace technological advancements, they also face a growing array…

Read more →

Citrix urged customers to patch NetScaler ADC and Gateway products after discovering a critical-severity zero-day vulnerability. The flaw was dubbed CVE-2023-3519, ranked 9.8 on the CVSS, and was observed exploited in the wild. The company released updated versions of the…

Read more →

In June 2023, a threat actor was linked to a cloud credential stealing campaign that targeted Microsoft Azure and Google Cloud Platform (GCP) services, expanding the adversary’s scope of attack beyond Amazon Web Services (AWS). After conducting investigations, security researchers…

Read more →

The ransomware operation known as BlackCat, also referred to as Alphv ransomware, has been utilized by members of the Alphv group since November 2021. During the last few years, BlackCat has demonstrated a clear upward trajectory in its operations. Their…

Read more →

What Is the BlueKeep Vulnerability? BlueKeep is a software vulnerability that affects older versions of Microsoft Windows. Also known as CVE-2019-0708, the vulnerability first emerged in 2019 and is a “wormable” remote code execution vulnerability, being noted first by the…

Read more →

The concept of Just-in-Time Access has been around for decades but it is only recently that it has become popular in the cybersecurity realm. One reason for this popularity is the increase in cyberattacks and data breaches. With more attacks…

Read more →

In the interconnected realm of digital technology, safeguarding cybersecurity has become an utmost priority for organizations. Traditional security approaches, such as relying solely on perimeter-based defenses, have proven insufficient in defending against sophisticated cyber threats. Consequently, a paradigm shift has…

Read more →

Six high-severity and one low-severity vulnerability patches have been released by Zoom. These flaws, if left unattended, would allow threat actors to escalate privileges and gain access to sensitive data. The vulnerabilities were assigned CVSS Scores ranging from 3.3 (low)…

Read more →

Microsoft has revealed that Chinese hackers successfully accessed the email accounts of various government organizations. The breach was reportedly detected only weeks after the activity began. According to Microsoft, an entity based in China, named Storm-0558, managed to gain access…

Read more →

Advanced Endpoint Protection (AEP) is an AI-powered cybersecurity toolkit that focuses on detecting and preventing unknown cyber threats from harming a company`s endpoints. In today`s business landscape, where many employees work remotely, protecting assets turned out to be more and…

Read more →

Russian state-sponsored hacking group ‘APT29,’ also known as Nobelium or Cloaked Ursa, has employed innovative tactics to target diplomats in Ukraine, using car listings as unconventional lures. APT29, which is associated with the Russian government‘s Foreign Intelligence Service (SVR), has…

Read more →

HCA Healthcare, one of the largest health companies in the USA, announced on July 10th it was the target of a huge data breach. The cyberattack impacted 1,038 hospitals and physician clinics across 20 states. All in all, 11 million…

Read more →

The European Union Agency for Cybersecurity (ENISA) has released its first cyber threat landscape report for the health sector, revealing that ransomware is responsible for 54% of cybersecurity threats in the industry. The comprehensive analysis, based on over two years…

Read more →

Deutsche Bank, ING Bank, Postbank, and Comdirect recently announced they suffered customer data leaks. Reportedly, the four European giant banks were using the same third-party business vendor, who fell victim to a MOVEit data-theft attack. The Attack Revealed On July 3rd,…

Read more →

Microsoft warns that hackers are exploiting an unpatched zero-day present in several Windows and Office products. The bug enables malicious actors to gain remote code execution via malicious Office documents. Researchers claim the vulnerability was observed in attacks targeting organizations…

Read more →

The number of cases of online extortion reported to the police rose by almost 40% in 2022 compared to the previous year, according to Reynolds Porter Chamberlain, an international commercial law firm from the UK. Action Fraud, the UK’s national…

Read more →

DNS rebinding compromises the way domain names are resolved and is a technique threat actors use in cyberattacks. In this type of DNS attack, a malicious website directs users to launch a client-side script that will attack other devices in…

Read more →

A new ransomware strain emerged: Big Head uses fake Windows updates and Microsoft Word installers to spread. Researchers analyzed three samples to establish the infection vector and how the malware executes.  Although the variants may differ, they originate from the…

Read more →

There are premises outside of economic implications that draw attention to the importance of Automated Patch Management processes. Keeping systems well informed about the newly-released patches is no longer just a recommendation, it’s a necessity. As defined by our Cybersecurity…

Read more →

TOITOIN is a new Windows-based banking trojan active since 2023. The malware targets businesses operating in Latin America (LATAM), researchers at Zscaler say, employing a multi-stage infection chain and custom-made modules. These modules are custom designed to carry out malicious…

Read more →

A new vulnerability has been found by security researchers. Dubbed StackRot, the Linux Kernel flaw is impacting versions 6.1 through 6.4. The flaw is tracked as CVE-2023-3269 and is a privilege escalation issue. An unprivileged local user can trigger the…

Read more →

The year 2023 has witnessed a surge in data breaches and cyberattacks, posing significant challenges for organizations striving to safeguard sensitive information. Recent high-profile attacks targeting various industries, including healthcare, finance, retail, government, manufacturing, and energy, highlight the evolving threat…

Read more →

For the most part, today’s modern workplace has grown accustomed to cyberattacks directed by third parties that are external to the organization. But what can you do when the call is coming from inside the house? How can you successfully…

Read more →

A new warning was issued by CISA and the FBI! Organizations across the United States and Canada have been targeted in attacks that use a new variant of the Truebot malware. The malware takes advantage of a remote code execution…

Read more →

A new strain of ransomware called RedEnergy Stealer has recently emerged, posing a significant threat to critical infrastructure systems worldwide. This sophisticated malware has caught the attention of security experts due to its highly targeted approach and potential for devastating…

Read more →

In a recent cyberattack that has raised alarm bells across Europe, several entities in the region have become victims of a sophisticated campaign known as SMUGX. The attackers, believed to be Chinese hackers, have employed a novel technique called HTML…

Read more →

As Daniel Wanderson wrote for Security Boulevard, a CEO must consider every aspect of his/her business – and cybersecurity is one of the most important ones since anyone can become the victim of a cyber attack. At any minute, you…

Read more →

In the ever-evolving landscape of cyber threats, ransomware has emerged as a pervasive menace, causing widespread damage to individuals and organizations. While most ransomware attacks have historically targeted Windows systems, the rise of Linux ransomware has thrown a new curveball…

Read more →

In a disturbing trend, ransomware gangs have escalated their malicious activities by targeting schools and subsequently dumping students’ private files online. This alarming development has raised concerns among parents, educators, and cybersecurity experts worldwide. According to a recent report, these…

Read more →

Security researchers discovered a new Windows-based data-stealing malware dubbed Meduza Stealer. The new info stealer allegedly has detection-evading features and can collect data about both Windows users and systems. However, it can only evade detection in a certain number of…

Read more →

The Russian-based threat group LockBit targeted the Port of Nagoya in a ransomware attack. Japan’s largest port is currently unable to load and unload containers from trailers. According to the Nagoya Port Authorities, the attack was discovered on Tuesday, July…

Read more →

In today’s interconnected world, where cyber threats loom large, the traditional password-based authentication method has shown its limitations and ceased to provide adequate security. Passwords pose serious challenges as they are difficult to remember, often reused across different apps, and…

Read more →

The increasing frequency and size of ransomware attacks are becoming a huge concern for thousands of organizations globally. All over the world, threat actors take advantage of security vulnerabilities and encrypt data belonging to all sorts of organizations: from private…

Read more →

The US Cybersecurity and Infrastructure Security Agency (CISA) added 6 flaws affecting Samsung smartphones to its Known Exploited Vulnerabilities Catalog. On the same day, CISA also added 2 other vulnerabilities impacting D-Link devices. Although security specialists released patches for all…

Read more →

Cybersecurity researchers recently published an advisory on the evolution of POWERSTAR backdoor malware and advanced spear-phishing techniques used by Charming Kitten, a threat actor believed to be from Iran. The most recent version of POWERSTAR has improved operational security measures,…

Read more →

A third-party security breach at the Department of Health and Human Services (HHS) may have exposed the personal information of at least 100,000 people, a department official stated last week, making it the latest US government agency to be hit…

Read more →