Tag: Heimdal Security Blog

ONNX Store new PhaaS is targeting Microsoft 365 and Office 365 accounts in financial companies. The hackers use QR codes in PDF attachments to lure the employees into clicking malicious links. The phishing platform uses Telegram bots to spread and…

Read more →

A bastion host is a server placed between the public internet and a company’s private network.  It enhances security by allowing access only to specific, authorized users. If you know about jump servers, you’ll recognize this concept. If not, you…

Read more →

A 28-year-old Russian man has been taken into custody by the Ukraine cyber police in Kyiv for his involvement in the Conti and LockBit ransomware operations, which involved making their malware impervious to antivirus software and carrying out at least…

Read more →

In the last decade, cybersecurity has come a long way. Once upon a time, keeping your IT environment secure largely required passwords, firewalls, and antivirus. In the days since, the move to cloud technology has thrown up a whole range…

Read more →

Cleveland cyberattack shut down the City Hall and the Erieview offices for the last two days. Authorities revealed the incident on Monday June 10th and said public services were put offline until further notice. Emergency services and public utilities, like…

Read more →

On June 11th, Microsoft announced fixing a critical RCE vulnerability in their Message Queuing (MSMQ) technology. The flaw is tracked CVE-2024-30080 and has a CVSS score of 9.8 out of 10. Security researchers say threat hackers can exploit it remotely…

Read more →

In this article, we’ll answer your question: “What are the best RMM solutions for 2024?” We’ll explore the top 10 tools to help MSPs efficiently monitor and manage client systems. Here’s a quick glance for you: Heimdal XDR ConnectWise Automate…

Read more →

A growing number of MSPs are moving towards a platform approach for their cybersecurity tools. What’s behind the shift away from point solutions?  Imagine you’re packing your bag to go camping. You might need to cut some twigs for kindling,…

Read more →

LONDON, May 23, 2024 – Heimdal® is excited to announce its participation in Infosecurity Europe 2024, taking place from 3-4 June 2024 at ExCel London. Attendees are invited to visit Heimdal’s booth for an exclusive opportunity to engage with industry-leading…

Read more →

Only a few days left until InfoSecurity Europe kicks off and we can already feel the excitement of being there.   Starting June 4th, at ExCeL London, you’re up for three days of interacting with top names and brands in the…

Read more →

BeyondTrust and Delinea are some of the most popular privileged access management (PAM) products on the market. They each offer a sophisticated range of tools for managing access, identities, and endpoints. But like all security tools, they’re not for everybody.…

Read more →

An authentication bypass vulnerability of maximum severity (CVSS V4 Score: 10.0) tracked as CVE-2024-4985 was recently fixed by GitHub. The vulnerability impacts GitHub Enterprise Server (GHES) instances using SAML single sign-on (SSO) authentication. What to Know About the Vulnerability By…

Read more →

Privileged access management (PAM) tools have changed a lot over the last few years. Once, you could rely on a fairly standard set of features across all providers. Now, the unique security challenges of cloud technology have ushered in a…

Read more →

A recent  study by Cybersecurity Dive shows that nearly all companies (98%) use software integrations with third-party vendors that have suffered breaches in the past two years. Since not a single company can maintain ops integrity by solely relying on…

Read more →

Official Press Release Copenhagen, Denmark – May 8th, 2024 — Heimdal®, a global leader in cybersecurity solutions, is excited to announce the appointment of Jesper Frederiksen as its new Chief Executive Officer. Bringing a wealth of experience from the SaaS and cloud…

Read more →

Researchers warn that Xiaomi devices are vulnerable to over 20 critical issues affecting applications and system components. Security specialists notified the vendor regarding the flaws at the end of April 2023. For the moment, Xiaomi didn’t manage to fix all…

Read more →

If you’re in the market for an endpoint detection and response (XDR) solution, there’s a good chance you’ll find yourself wondering whether Sophos vs Palo Alto XDR is the right tool for you. These are some of the most popular…

Read more →

Patching is the second most challenging and resource-consuming task of a System Administrator. That’s what Alex Panait told me when I wanted to know his opinion on the benefits and hurdles of patching.  Alex has been a System Administrator in…

Read more →

MITRE Corporation announced that state-backed hackers used Ivanti zero-day vulnerabilities to breach their system. The attack happened in January 2024 and impacted MITRE’s Networked Experimentation, Research, and Virtualization Environment (NERVE). NERVE is an unclassified collaborative network that researchers use. The…

Read more →

CrushFTP urges customers to patch servers with new versions due to discovering zero-day. The CrushFTP zero-day vulnerability is tracked tracked CVE-2024-4040 and enables hackers to escape VFS and download system files. Its CVSS is 9.8, which is critical. CrushFTP zero-day…

Read more →

Managing user accounts and ensuring the security of data and information systems are crucial for any business. To assist organizations in this task, we offer a comprehensive Account Management Policy Template designed to streamline the process of account creation, maintenance,…

Read more →

Choosing a cybersecurity solution is no easy task. Some solutions specialize in one thing, while others take a broader, unified approach. Finding the right balance for your company depends on many factors such as size, price, support, or complexity. Atera…

Read more →

Researchers discovered an overlooked vulnerability in Lighttpd web server that is used in Baseboard Management Controllers (BMCs). The flaw impacts hardware vendors that use AMI MegaRAC BMCs, like Intel, Lenovo and Supermicro. Although developers discovered and fixed the Lighttpd flaw…

Read more →

Researchers observed a rise in daily infection attempts leveraging old TP-Link Archer Command Injection Vulnerability. Since March 2024, six botnet malware operations showed interest in scanning TP-Link Archer AX21 (AX1800) routers for CVE-2023-1389. The daily number of attempts ranged between…

Read more →

Email serves as a fundamental communication tool in business operations, necessitating stringent security measures to protect sensitive information and maintain corporate integrity. Our email security policy template serves as a comprehensive guide for companies looking to implement robust email security…

Read more →

Two methods that researchers have found might allow attackers to get around audit logs or produce less serious entries when they download data from SharePoint. Due to the sensitivity of SharePoint data, a lot of businesses audit sensitive occurrences, such…

Read more →

Managed service providers often find themselves wearing many hats. Juggling various responsibilities and tasks that result from keeping client’s systems safe and functional leaves little time for learning and networking.   In IT and cybersecurity, tools and standards change fast. As…

Read more →

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued a warning on Thursday about a data breach at Sisense, a US business intelligence software. The agency strongly recommended that all Sisense users promptly change their passwords and any other potentially…

Read more →

A new emergency directive from CISA requires U.S. federal agencies to address the risks associated with the Russian hacking group APT29’s compromise of several Microsoft business email accounts. On April 2, Federal Civilian Executive Branch (FCEB) agencies received Emergency Directive…

Read more →

COPENHAGEN, Denmark, April 9, 2024 – Heimdal®, the world’s widest cybersecurity platform with 13 products, is thrilled to announce the launch of its latest innovation, the Privileged Account and Session Management (PASM) solution.  Designed to elevate the security of privileged…

Read more →

Rust standard library flaw dubbed BatBadBut lets hackers target Windows systems in command injection attacks. The vulnerability impacts all Rust versions before 1.77.2 on Windows, but only in case code or dependencies execute batch files with untrusted arguments. Rust Security…

Read more →

Researchers warn zero-day vulnerability exposes End-Of-Life (EOL) D-Link network attached storage devices (NAS) to remote code execution. CVE-2024-3273 enables hackers to backdoor the equipment and compromise sensitive data. The D-Link NAS vulnerability explained There are two security issues in the…

Read more →

We are proud to announce that we joined the Internet Watch Foundation (IWF) in a united effort to eliminate child sexual abuse imagery from the internet. The UK charity focused on child protection is working to create a safer online environment…

Read more →

IxMetro Powerhost, a Chilean data center and hosting provider, has become the latest target of a cyberattack by a newly identified ransomware group dubbed SEXi. This malicious group successfully encrypted the company’s VMware ESXi servers, which host virtual private servers…

Read more →

Jackson County, Missouri, confirms ransomware attack after declaring a state of emergency on Tuesday. The FBI, federal Department of Homeland Security, Missouri Highway Patrol, and the county sheriff’s office are part of the ongoing investigation. We are currently in the early stages…

Read more →

The Incident Management Policy template serves as an essential tool for organizations aiming to fortify their defenses against digital threats. This document provides a structured approach to establishing and maintaining robust information security measures, tailored to meet the specific needs…

Read more →

Researchers discovered new version of the Vultur Android banking trojan upgraded its obfuscation and remote control features. Reportedly, the malware masquerades the McAfee Security app to trick the victim into installing it. The Vultur banking trojan infection chain explained The…

Read more →

When you’re running an MSP, it’s easy to lose sight of the bigger picture. You’re fighting fires, managing people, dealing with clients, and the million-and-one other things a business owner does. This means that weeks or even months can go…

Read more →

Hackers use phishing techniques to deploy NetSupport RAT through Microsoft Office documents. NetSupport RAT is an offshoot of NetSupport Manager, a remote support solution with over 21 million users worldwide. The remote access trojan (RAT) mimics the legitimate remote-control software…

Read more →

NIST’s National Vulnerability Database (NVD) stopped enriching with information most of the CVEs they register. Although they also consider other factors when deciding what to patch first, companies worldwide rely on NVD`s collection of vulnerability data for their research. For…

Read more →

An information security policy template serves as a comprehensive guide for organizations aiming to fortify their defenses against information breaches and cyber-attacks. It encompasses key areas such as purpose and objectives, authority, scope, organizational security management, functional responsibilities, and much…

Read more →

IBM and VU Amsterdam University researchers published on March 12th their study about the new GhostRace attack type. Apart from the technical paper, blog post and Proof of Concept (PoC) exploit, they also released scripts for scanning the Linux kernel for…

Read more →

MSPs handle IT management, while MSSPs specialize in cybersecurity. MSPs ensure smooth operations, while MSSPs maintain a security posture. Both are essential — each with its unique role. In this article, we’ll discuss their key differences! What Is an MSP…

Read more →

Midnight Blizzard hackers used Microsoft’s stolen authentication secrets to advance into their internal system and access source code. The Russian attackers initially used password spraying to get into a legacy non-production test tenant account. Microsoft disclosed this initial attack in…

Read more →

On Heimdal’s 10th Birthday, we want to thank everyone who shaped our journey from 2014 to today, and the future. Ours is a story of perseverance, innovation, and the relentless pursuit of excellence through community empowerment. What better way to…

Read more →

IAM and PAM refer to similar topics in the world of access management, and they’re often used interchangeably. However, it’s important to understand how and why they’re different and what that means for your wider cybersecurity strategy. If you want…

Read more →

This comprehensive cybersecurity risk management template provides a structured approach for identifying, assessing, and prioritizing cybersecurity risks. By offering a standardized framework, it enables organizations to systematically evaluate their vulnerabilities and the potential impact of various cyber threats. This streamlined…

Read more →

A data breach compromising customers’ personal information has been alerted by Bank of America to consumers following last year’s intrusion of Infosys McCamish Systems (IMS), one of its service partners. Data exposed in the security breach include the names, addresses,…

Read more →

Since the earliest days of technology, hackers and cybersecurity professionals have been locked in a cat-and-mouse game, each inventing more innovative ways of outsmarting the other. In 2024, that resulted in an increasingly complex landscape of privileged threat vectors for…

Read more →

The purpose of this document is to provide a comprehensive template for organizations seeking to assess their compliance with the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF). The NIST CSF is a voluntary framework that consists of…

Read more →

​​What Is Just-In-Time Access? Just-in-Time Access is the process that grants employees privileged access to applications and systems for a limited time, on an as-needed basis. A good security plan means giving people and systems exactly the access they need…

Read more →

Hackers targeted two French healthcare providers and generated the largest data breach in French history. The French Data Protection Agency (CNIL) said both Viamedis and Almerys data breaches exposed the data of 33 million people. The two medical insurance companies…

Read more →

The purpose of this document is to provide a comprehensive template for organizations seeking to assess their compliance with the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF). The NIST CSF is a voluntary framework that consists of…

Read more →

According to a joint alert from CISA, the NSA, the FBI, and partner Five Eyes organizations, the Chinese cyberespionage group Volt Typhoon entered a critical infrastructure network in the United States and remained undiscovered for at least five years before…

Read more →

An insider data breach at Verizon has compromised the personal information of more than 63,000 employees, nearly half of the company’s global workforce. The telecommunications giant disclosed the incident in a Data Breach Notification with the Office of the Maine…

Read more →

Demand for Identity and Access Management tools is booming. According to data website Statista, the market for this technology is set to reach over USD $43 billion by 2029 – almost triple the 2022 level.  Today, there are dozens of…

Read more →

New Chainalysis warns of ransomware payments raised above above $1.1 billion in 2023 and reached a new record. The $983 million previous peak was set in 2021, while in 2022 the ransomware payments dropped to $567. Chainalysis puts the unusual…

Read more →

An effective cybersecurity incident response plan (IRP) can be the difference between a minor disruption and a major crisis. This article provides you with comprehensive IRP templates in PDF, Word, and Google Docs formats to ensure your organization can quickly…

Read more →

AnyDesk confirmed recently that a cyberattack has affected their product systems. The hackers accessed the source code and private code signing keys. Initially, the 170,000 customers remote access software company claimed an unplanned maintenance to explain why client logins failed…

Read more →

Securing digital assets has never been more critical. This guide offers direct access to indispensable cybersecurity risk assessment templates in PDF, Word, and Google Docs formats, enabling organizations and individuals to fortify their digital defenses effectively and efficiently. What are…

Read more →

Over the last decade, the cloud has gone from being a radical, disruptive new technology to becoming the default setting for organizations of all shapes and sizes. The days of enterprises and heavily regulated companies citing security as the main…

Read more →

Choosing between the different types of patch management solutions impacts the effort your IT team must make to keep the system safe. There’s no one-size-fits-all with patch management software, so you’ll need to evaluate your company’s profile first. Once you…

Read more →

Privileged accounts are one of the most common entry points for hackers. The profusion of accounts in an organization and the difficulty of managing them creates a unique target for malicious actors. Securing these accounts, therefore, is a key tenent…

Read more →

Cloudflare disclosed a security breach today, revealing that a suspected nation-state attacker infiltrated its internal Atlassian server. The attack, which began on November 14, compromised Cloudflare’s Confluence wiki, Jira bug database, and Bitbucket source code management system. How did attackers…

Read more →

We have partnered with Jupiter Technology Corporation, who will distribute our cybersecurity products across Japan as part of a long-term sales and distribution agreement. Jupiter Technology will sell the Heimdal XDR Unified Security Platform, marketed as the ‘Heimdal Security Suite’.…

Read more →

Looking to find the right privileged access management (PAM) solution for your organization? Well, you’ve certainly come to the right place… PAM tools play a key role in any modern cybersecurity strategy. Without them, you can’t hope to protect yourself…

Read more →

The Importance of Choosing the Right Privilege Identity Management Solution The essence of effective Privileged Identity Management (PIM) lies not in identity or management but in privilege. A robust PIM system focuses on identifying those who should, and equally importantly,…

Read more →

Threat and Vulnerability Management plays a crucial role in safeguarding information systems.  It involves identifying, assessing, and mitigating vulnerabilities in software, hardware, and organizational processes. Effective TVM not only anticipates and counters potential cyber threats but also ensures compliance with…

Read more →

Keenan data breach exposes sensitive data belonging to 1,509,616 individuals. The insurance broker company notified the impacted customers and employees on January 26th, 2024. According to the data breach notification, the hackers gained access to Keenan`s network on August 21st,…

Read more →

Cactus Ransomware claims responsibility for the January 17th Schneider Electric data breach. Schneider Electric confirms hackers got access to their Resource Advisor cloud platform. The French-based energy giant says the attack only hit their Sustainability Business division. The platform holds…

Read more →

The Heimdal Partner NEXUS program is now live. NEXUS, or the ‘Network of Excellence, Unity, and Safeguarding’ is a global initiative designed to enhance cybersecurity partnerships. Tailored for resellers, distributors, and MSP/MSSPs, it aims to improve customer security and expand…

Read more →

With data breaches on the rise, it’s important to limit access to your organization’s sensitive data. A user access review software can help you do so.  This article provides you with a comprehensive overview of the 10 best User Access…

Read more →

CISA and FBI released an advisory on Androxgh0st malware IoCs (Indicators of Compromise) and warned about hackers using this threat to steal credentials. The advisory contains: a list of specific Androxgh0st IoCs examples of malicious activities linked to it details…

Read more →

The National Cyber Security Centre Finland announced a surge in Akira ransomware attacks. Threat actors used Akira malware in six out of the seven ransomware attacks reported in December 2023. The attackers used VPNs that lacked multi-factor authentication. They exploited…

Read more →

During his initial statements since becoming the National Cyber Director in December, Harry Coker stated that the White House plans to “reduce unnecessary barriers” that federal contractors have while trying to fill cybersecurity positions, such as the need for a…

Read more →

We all know that maintaining up-to-date systems is crucial. Patch management plays a vital role in this process. This article serves as a hub for various patch management templates, each designed to streamline and enhance the efficiency of your patch…

Read more →

Key takeaways: Why privileged access management requires a continuous approach; The common pitfalls of poor privileged access management; How to create an effective, end-to-end privileged access management lifecycle. Privileged access management (PAM) is an essential tool of any modern cybersecurity…

Read more →

I got to talk to Dragoș Roșioru, a seasoned MXDR expert, about incident response best practices and challenges.   Get an in-depth understanding of the do’s and don’ts in incident response as Dragoș explains how to avoid the most common mistakes…

Read more →

The Terrapin attack, a newly identified security threat, jeopardizes nearly 11 million SSH servers that are accessible online. Originating from academic research at Ruhr University Bochum in Germany, this attack specifically targets the SSH protocol, affecting both clients and servers.…

Read more →

HealthEC LLC, a leading provider in health management solutions, experienced a significant data breach, impacting approximately 4.5 million individuals. This incident affected patients who received care through one of HealthEC’s client organizations. The company’s population health management platform, used by…

Read more →

Security research and consulting firm SRLabs exploited a vulnerability in the encryption algorithm of a specific strain of Black Basta ransomware to develop and release a decryptor tool named Black Basta Buster. This tool, released in response to the activities…

Read more →

Transformative Healthcare announces Fallon Ambulance data breach exposed sensitive information of 911,757 customers. Fallon ceased operations in December 2022 but is still responsible for a data storage archive that hackers targeted with ransomware. The ALPHV threat group a.k.a. BlackCat, claimed…

Read more →

Over 1.3 million customers across the U.S. are being alerted by mortgage servicing company LoanCare that a data breach at its parent company, Fidelity National Financial, may have compromised their private information. With 1.2 million loans and $390 billion in…

Read more →

Katholische Hospitalvereinigung Ostwestfalen (KHO), a German hospital network, has confirmed that a cyberattack launched by the Lockbit ransomware group is the cause of recent service disruptions at three hospitals in its network. The attack occurred in the early morning of…

Read more →

Citrix bugs caused a lot of problems throughout the year, and as we’re closing down 2023, it seems it’s not over. This time, Xfinity, Comcast’s cable television and internet division has been the victim of a data breach caused by…

Read more →

ESO Solutions, a key software provider for healthcare and emergency services, was the victim of a ransomware attack. This cyberattack led to unauthorized data access and encryption of various company systems. The breach, initially identified on September 28th, marked the…

Read more →

The National Security Agency (NSA) has unveiled its ‘2023 Cybersecurity Year in Review’. This document highlights the agency’s achievements in enhancing national security through cybersecurity. It emphasizes the value of NSA’s collaborations with U.S. government agencies, international allies, and the…

Read more →

The antivirus software stands as a critical defense line against cyber-attacks. To fully understand how it operates, it’s vital to understand the four distinct layers of antivirus security. Each layer contributes to the detection and neutralization of threats, ensuring a…

Read more →

The U.S. Justice Department (DoJ) announced on December 19th that the Federal Bureau of Investigations had disrupted the BlackCat ransomware threat group’s activity. The FBI offered a decryption tool to more than 500 affected victims. They also encourage potentially unknown…

Read more →

The Exploit Prediction Scoring System (EPSS) is a data-driven tool highlighting what vulnerabilities hackers will likely exploit. EPSS was created by a group of experts at the Forum of Incident Response and Security Teams (FIRST). Its purpose is to make…

Read more →

In a perfect world, you’d have the resources to defend yourself against every possible cybersecurity threat and vulnerability. The reality, however, is that even the largest organizations have limited resources to dedicate to cybersecurity. An effective security strategy, therefore, needs…

Read more →

The purpose of Heimdal®’s exercise is to analyze the complex dynamics between endpoint-based attacks, code-based vulnerabilities, and cyberattacks that leverage DNS in an attempt to establish a baseline for detection and response framework. To this end, we have analyzed two…

Read more →

Security researchers discovered a new JaskaGO malware stealer that can infect both Windows and macOS. JaskaGO uses various methods to persist in the infected system. Researchers observed various malware versions impersonating installers for legitimate software like CapCut video editor, AnyConnect,…

Read more →

Dena, the reputed German Energy Agency, is said to have fallen victim to the notorious LockBit ransomware group. The Dena cyberattack was revealed through a post on the threat actor’s dark web platform, where they disclose data breach incidents and…

Read more →

Researchers warn Lazarus threat actors still exploit known Log4j vulnerability to infect devices with new DLang malware strains. The new campaign, dubbed Operation Blacksmith, became active on March 23. Hackers target manufacturing, agricultural, and physical security companies that failed to…

Read more →

Toyota Financial Services (TFS) reveals that hackers stole their customers’ sensitive data in the last cyberattack. In November 2023, the Medusa threat group claimed the Toyota data breach and asked for a $8,000,000 ransom. The company did not seem to…

Read more →

This post is authored by Heimdal’s Valentin Rusu – Machine Learning Research Engineer and overall cybersecurity guru here at Heimdal. As an incident response manager himself, Valentin regularly coordinates security responses for companies of all shapes and sizes – including…

Read more →

Heimdal in partnership with Microsoft is addressing the needs of our customers and managed service providers through an advanced Next-Gen Antivirus (NGAV) upgrade. By leveraging Microsoft Defender and enhancing it with Heimdal Extended Threat Protection (XTP), our customers are shielded…

Read more →

Notorious North Korean hacking group, Lazarus, breached Taiwanese multimedia software company CyberLink and trojanized an installer to instead push malware in a complex supply chain attack, with the possibility of a worldwide reach. Activity that may have been connected to…

Read more →

Welltok, a Healthcare SaaS provider, has issued a warning about a significant data breach that compromised the personal information of nearly 8.5 million patients in the U.S. This breach occurred due to a cyberattack on a file transfer program used…

Read more →