Tag: Heimdal Security Blog

The US Cybersecurity and Infrastructure Security Agency (CISA) added 6 flaws affecting Samsung smartphones to its Known Exploited Vulnerabilities Catalog. On the same day, CISA also added 2 other vulnerabilities impacting D-Link devices. Although security specialists released patches for all…

Read more →

Cybersecurity researchers recently published an advisory on the evolution of POWERSTAR backdoor malware and advanced spear-phishing techniques used by Charming Kitten, a threat actor believed to be from Iran. The most recent version of POWERSTAR has improved operational security measures,…

Read more →

A third-party security breach at the Department of Health and Human Services (HHS) may have exposed the personal information of at least 100,000 people, a department official stated last week, making it the latest US government agency to be hit…

Read more →

Identifying phishing emails and preventing phishing attacks continue to raise serious challenges for any company’s IT team. Although it`s been almost 30 years since the first phishing email was detected, threat actors still rely on this technique. Phishing attacks and…

Read more →

The BlackCat ransomware group claims they have breached Barts Health NHS Trust and stolen seven terabytes of internal documents. On the Dark Web, they call it “more bigger leak from the health care system in UK”. Now, the hackers are…

Read more →

The BlackCat ransomware group launched a malvertising campaign to push Cobalt Strike. They put up advertisements to attract people to fake WinSCP pages. Instead of the application, the victims download malware. WinSCP (Windows Secure Copy) is a well-known SFTP, FTP,…

Read more →

In today’s digital landscape, businesses face an ever-increasing array of cybersecurity threats. Protecting sensitive data and infrastructure from malicious actors requires expertise, advanced technologies, and round-the-clock vigilance. Training and maintaining an in-house cybersecurity team can be costly – that’s where…

Read more →

Organizations face an ongoing battle to protect their sensitive data and critical infrastructure in today’s increasingly sophisticated digital world. Security Information and Event Management (SIEM) has emerged as a powerful solution to help businesses detect and respond to security incidents…

Read more →

In the early months of 2023, the cybersecurity landscape faced an alarming surge in Distributed Denial of Service (DDoS) attacks, posing significant challenges for organizations worldwide. These attacks, aimed at disrupting online services and overwhelming network resources, have become more…

Read more →

In early February 2023, a new ransomware strain quietly made its way up the ranks. Earmarked Dark Power, the NIM-written ransomware leverages an advanced block cipher technique to bypass detection, stop system-critical services, and, finally to encrypt the victim’s file.…

Read more →

In May and June 2023, 8Base, a previously undetected ransomware threat, experienced a significant increase in its operations after remaining under the radar for over a year. According to a report by VMware, 8Base employs encryption and “name-and-shame” tactics to…

Read more →

Threat actors use a new strain of JavaScript dropper that deploys malware like Bumblebee and IcedID and has a low detection rate. Security researchers dubbed the malware PindOS. According to them, the new malware was likely built to retrieve the…

Read more →

Researchers found a new process injection technique dubbed Mockingjay that enables hackers to bypass EDR solutions. The method allows threat actors to execute malicious code on compromised systems. The research revealed that by using legitimate DLLs with read, write, execute…

Read more →

After parent company Suncor Energy revealed they were the target of a cyberattack, customers at Petro-Canada gas stations across Canada reported technical issues that prevented them from using credit cards or rewards points to pay. Suncor Energy is Canada’s leading…

Read more →

According to the New York City Department of Education (NYC DOE), threat actors broke into the NYC DOE’s MOVEit Transfer server and stole documents containing the personal information of up to 45,000 students. The NYC DOE used managed file transfer…

Read more →

In the ever-evolving landscape of cybersecurity threats, Managed EDR (MDR) enables organizations worldwide to safeguard their digital assets. During the past years, MDR services have demonstrated effectiveness against a variety of threats: ransomware, supply chain assaults, malware, data exfiltration, and…

Read more →

Despite Microsoft Teams’ restrictions for files from sources outside one’s organization, researchers found a way to “trick” the application. They managed to deliver malware into an organization using the communication platform. More than 280 million people per month use Microsoft…

Read more →

American Airlines and Southwest Airlines disclosed a data breach affecting pilots’ data on Friday, June 23. The incident was caused by an attack targeting Pilot Credentials, a third-party vendor that handles several airlines’ pilot selection and application platforms. Details About…

Read more →

Canadian clients of international shipping company UPS are being warned that some of their personal information may have been stolen in phishing attacks after potentially being made public through its online package look-up tools. UPS is aware that some package…

Read more →

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added six new security flaws to its KEV list on Thursday. Governmental agencies have until July 13 to patch these vulnerabilities, but it is also advisable for other businesses to do so.…

Read more →

CIAM stands for Customer Identity and Access Management. It refers to a system or set of processes and tools created to manage and protect the online identities of external third parties (users or customers) across a business’s different platforms, apps,…

Read more →

The International Finance Corporation (IFC), a member of the World Bank Group and the largest development institution in the world, headquartered in Washington DC, has become the latest victim of Russian-allied hacktivist groups Killnet and Anonymous Sudan. These hackers have…

Read more →

The hacking group known as APT37, also referred to as StarCruft, Reaper, or RedEyes, has employed a new malware called FadeStealer to steal information. This sophisticated malware incorporates a ‘wiretapping’ feature that enables the threat actors to eavesdrop on and…

Read more →

RedClouds is a recently uncovered cyberespionage and hacking campaign that uses RDStealer malware to steal data from drives shared over Remote Desktop connections. The threat actors behind this campaign, whose identities remain unknown, exhibit advanced skills reminiscent of government-sponsored APT…

Read more →

Researchers observed state-sponsored threat group APT15 using a new backdoor dubbed `Graphican`. The Chinese hackers used the new malware in a campaign targeting foreign affairs ministries in the Americas, between 2022 – 2023. According to security researchers, among the other…

Read more →

Zyxel announced patches are available and should be applied immediately for the newly discovered vulnerability CVE-2023-27992. The flaw is a pre-authentication command injection issue that affects some of the network-attached storage (NAS) versions. More about CVE-2023-27992 According to the Common…

Read more →

Windows patching is essential for closing system and application vulnerabilities and certifying that everything works as it should. Read on to find more about Microsoft Windows patch management, how can you implement a proper windows vulnerability management strategy and how can…

Read more →

In today’s interconnected world, where cyber threats are constantly evolving and becoming more sophisticated, it is imperative for organizations to prioritize cybersecurity. One essential tool that aids in this endeavor is the Cyber Assessment Framework (CAF). Developed by the UK…

Read more →

Threat actors brute-forced Linux SSH servers to deploy Tsunami DDoS bot, ShellBot, log cleaners, privilege escalation tools, and an XMRig (Monero) coin miner. Hackers port scanned for publicly exposed Linux SSH servers and brute-forced username-password pairs to log in to…

Read more →

The BlackCat ransomware gang, also known as ALPHV, claims to have stolen 80GB of data from Reddit in a February cyberattack. Back in February, the social news aggregation platform Reddit experienced a security breach in which threat actors gained unauthorized…

Read more →

A new malware campaign employs fake OnlyFans content and adult lures to install the remote access trojan ‘DcRAT,’ enabling threat actors to steal data and credentials or deploy ransomware on infected devices. Using OnlyFans for malicious ends is nothing new;…

Read more →

Mystic Stealer is an information-stealing malware that first emerged on hacking forums on April 2023. The stealer gets more and more popular among cybercriminals as its features evolve. Details About Mystic Stealer The malware is rented for $150/month, or $390/…

Read more →

Several cybersecurity agencies have collaborated to release a comprehensive guide to address the increasing threat posed by the malicious use of remote access software. US Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Federal Bureau of Investigation (FBI),…

Read more →

In a joint LockBit ransomware advisory, U.S. and international cybersecurity officials reported that the group has successfully extorted over $91 million after committing almost 1,700 operations against American businesses since 2020. Details from the U.S. And International Cybersecurity Officials Joint…

Read more →

In analyzing the threatscape, regardless of the chosen timeframe, the unequivocal conclusion we face is that the reactionary dynamic between defender and threat actor compels each other to transform, evolve, and, ultimately, face one another on a different type of…

Read more →

Sensitive 3CX data was exposed when a third-party vendor of the well-known Voice over Internet Protocol (VoIP) communications service 3CX left an open server. Even though the corporation had lately been the target of North Korean hackers, the problem slipped…

Read more →

In the constantly changing cybersecurity world, organizations confront a variety of obstacles when trying to protect their digital assets. Businesses must rely on comprehensive security solutions to safeguard their sensitive data as attacks become more complex and breaches more frequent. …

Read more →

Security researchers have made a public disclosure about the identification of a new Advanced Persistent Threat (APT) group associated with Russia’s General Staff Main Intelligence Directorate (GRU). The experts have issued a warning, revealing that this threat actor has been…

Read more →

In a recent announcement, the Commonwealth Health System revealed that threat actors have successfully breached the computer network of a Scranton cardiology group, potentially compromising the private data of 181,764 patients. This incident marks the latest in a series of…

Read more →

As per usual, Microsoft rolled out its monthly updates on the second Tuesday of the month. 78 flaws, including 38 remote code execution vulnerabilities were fixed as part of this edition of Patch Tuesday. Microsoft only rated six problems as…

Read more →

Cybercriminals use fake accounts on Twitter and GitHub to spread fake proof-of-concept (PoC) exploits for zero-day vulnerabilities. They impersonate cybersecurity researchers to push Windows and Linux with malware. How the Scam Works These impersonators pretend to work at a fake…

Read more →

The American Cybersecurity & Infrastructure Security Agency (CISA) issued on June 13, 2023, a binding operational directive (BOD) requiring federal civilian agencies to safeguard networking equipment that is faulty or exposed to the Internet. Federal civilian executive branch (FCEB) agencies…

Read more →

The University of Manchester network was reportedly hit by a cyberattack and the security team suspects data was stolen. Researchers discovered the data breach on Tuesday, June 6th. Threat actors managed to gain unauthorized access to some of the university`s…

Read more →

User access review is an essential component of any organization’s Identity and Access Management (IAM) strategy. Also known as access audit, entitlement review, account attestation, or account recertification, it describes the process of periodically reviewing the access rights and privileges…

Read more →

Researchers discovered new critical SQL injection vulnerabilities in the MOVEit Transfer managed file transfer (MFT) solution. The flaws could enable threat actors to exfiltrate information from customers’ databases. In addition, they impact all MOVEit Transfer versions. An attacker could submit…

Read more →

The notorious Clop Ransomware gang has been looking for ways to exploit a now-patched zero-day in the MOVEit Transfer managed file transfer (MFT) solution since 2021, as reported by security researchers. During the examination of recent Clop data theft attacks…

Read more →

The principle of least privilege (POLP), also named the “principle of least authority” (POLA) or “the principle of minimal privilege” (POMP), stands for a cybersecurity best practice based upon granting the minimum required access that a user needs to perform…

Read more →

Kimsuky, the notorious North Korean nation-state threat actor, has been linked to a social engineering campaign targeting experts on North Korean affairs in order to steal Google credentials and deliver reconnaissance malware. Using spoofed URLs, websites imitating legitimate web platforms,…

Read more →

The testing phase of BlackSuit, a new encryptor developed by the Royal ransomware gang, has commenced. This encryptor bears striking resemblances to the typical encryptor used by the gang in their operations. Following the shutdown of the infamous Conti operation…

Read more →

Verizon published Tuesday, June 6th, the 2023 Data Breach Investigations Report (DBIR), one of the most highly regarded reports in cybersecurity. The report reveals details about the actors, actions, and patterns and is an important starting point for any organization`s…

Read more →

Heimdal and Texas-based renowned MSSP for MSPs, Service Provider Partners (SPP) have announced a new alliance aimed at delivering Heimdal’s innovative unified security platform to solution providers in the US market. As the rate and sophistication of cyber threats continue…

Read more →

The increasing frequency and size of ransomware attacks are becoming a huge concern for thousands of organizations globally. All over the world, threat actors take advantage of security vulnerabilities and encrypt data belonging to all sorts of organizations: from private…

Read more →

CISA included CVE-2023-33009 and CVE-2023-33010 Zyxel Firewalls flaws in its Known Exploited Vulnerabilities (KEV) catalog. The new CVEs could lead to a denial-of-service (DoS) condition and remote code execution. The flaws are buffer overflow vulnerabilities and were rated 9.8 out…

Read more →

Researchers announced finding a sample of the new PowerDrop malware in the network of a defense contractor in the U.S. The discovery indicates that threat actors use PowerShell-based malware to attack the U.S. aerospace defense industry. The new PowerDrop malware…

Read more →

The SpinOk malware was discovered in a new batch of Android apps on Google Play, where it was reportedly installed 30 million more times. The discovery was made by CloudSEK’s security team, who discovered a total of 193 apps containing…

Read more →

British Airways, Boots, and the British Broadcasting Corporation (BBC) all confirmed that tens of thousands of employees’ personal data was exposed due to a widespread breach that affected a popular file transfer tool. It seems Zellis, a payroll provider company…

Read more →

Cloud computing security risks are a shared responsibility of both the cloud service provider (CSP) and the organization using the services. It is crucial to assess this from the very beginning to understand the complex topic of cloud security we`re…

Read more →

In the digital age, where enterprises thrive on collaboration and smooth connectivity, user identities and access privileges management has become critical. It’s no secret that manually adding and managing users (also known as user provisioning) can prove a challenging, time-consuming,…

Read more →

A recent QBot malware campaign has been observed leveraging a DLL hijacking vulnerability in the WordPad utility application to evade detection by security measures. Exploiting Windows programs for malicious purposes is an increasingly prevalent trend observed among threat actors. According…

Read more →

HPHC has revealed that in April 2023, a ransomware attack impacted 2,550,922 people and stole their sensitive data. This information was shared by the Massachusetts-based non-profit health services provider with the US Department of Health and Human Services breach portal.…

Read more →

Researchers revealed that the largely used WordPress plugin ”Gravity Forms” is vulnerable to unauthenticated PHP Object Injection. The flaw was tracked as CVE-2023-28782 and affects all plugin versions from 2.73 and below. The vendor fixed the vulnerability with the release…

Read more →

Researchers discovered an Apple vulnerability that threat actors can use to deploy undeletable malware. In order to exploit CVE-2023-32369, hackers need to previously gain root privileges over the device. The Apple bug enables them to bypass System Integrity Protection (SIP)…

Read more →

The notorious Lazarus Group of North Korean state-sponsored threat actors is currently targeting vulnerable Windows Internet Information Services (IIS) web servers to obtain first access to business networks. Lazarus’ primary motivation is financial, and many observers think that the hackers’…

Read more →

Threat actors and security researchers now have access to a database for the notorious RaidForums hacking forums, giving them insight into the forum’s regulars. RaidForums was a very popular hacking and data leak forum known for hosting, leaking, and selling…

Read more →

A new phishing kit, “File Archivers in the Browser” abuses ZIP domains. The kit displays bogus WinRAR or Windows File Explorer windows in the browser. The goal is to convince users to launch malicious processes. Google just enabled this month…

Read more →

In today’s fast-changing digital landscape, ensuring strong network security has become a top priority for companies of all sizes. Given the rise of remote work, cloud computing, and increasingly complex cyber threats, conventional network architectures and perimeter-based security measures are…

Read more →

A new malware has been discovered in the wild by security researchers. Called CosmicEnergy, the malware is designed to disrupt industrial systems. Sources say that the Russian cybersecurity group Rostelecom-Solar (fka Solar Security) is behind the malware. IEC-104-compliant remote terminal…

Read more →

A new ransomware operation emerges. Named “Buhti”, the operation uses the leaked code of the LockBit and Babuk ransomware families to target machines running Windows and Linux. The group was first spotted in the wild by Palo Alto Networks’ Unit…

Read more →

In an era where cyber threats continue to evolve and grow in complexity, Heimdal has once again risen to the occasion and emerged as a leading force in the industry. Therefore, it is with great honor and gratitude that we…

Read more →

Threat actors breached Apria`s Healthcare LLC system and stole the credit card data of 1,869,598 patients and employees. Apria is one of the top US home medical equipment delivery and clinical support provider companies. Although the company discovered the attack…

Read more →

Rheinmetall AG announced they suffered a data breach after being a target of a BlackBasta ransomware attack. On May 20th, 2023, the threat group leaked samples of the stolen data on its extortion site. According to the German automotive and…

Read more →

Dish Network reported a data breach subsequent to the ransomware attack in February and started the process of notifying the affected parties. The broadcast company went offline on February 24, 2023, affecting Dish.com, Dish Anywhere, and many other Dish Network…

Read more →

Dish Network reported a data breach subsequent to the ransomware attack in February and started the process of notifying the affected parties. The broadcast company went offline on February 24, 2023, affecting Dish.com, Dish Anywhere, and many other Dish Network…

Read more →

It has been reported that the Royal ransomware group is enhancing its arsenal with new malware. This group is said to have surfaced following the dismantling of the notorious Conti group. Several other Conti-related groups have been observed using commercial…

Read more →

Privileged access management, PAM in short, is a crucial set of tools and technologies allowing organizations to maintain steadfast control and monitorization over the access to critical information and resources, as well as users, accounts and processes. Precisely because it is…

Read more →

The increase of cybersecurity incidents brings along a higher demand for enhanced security protections. Thus, in the attempt of preventing unauthorized third parties from accessing their accounts and sensitive data, companies are increasingly turning to biometric authentication. Contemporary Identity and…

Read more →

In today’s cyber world, threats are constantly lurking around every corner. As a result, businesses need to adapt and find the best approach to protect their networks and data from potential attacks. That’s where threat hunting and incident response come…

Read more →

Chinese researchers discovered a new type of attack targeting smartphones. BrutePrint is a brute-force attack that can bypass fingerprint authentication. They managed to breach security measures enabled for brute-force attacks like attempt limits and liveness detection. Brute-force attacks use numerous…

Read more →

Apple resolves three new zero-day vulnerabilities used to compromise iPhones and Macs. The flaws were all found in the multi-platform WebKit browser engine, as the company revealed in security advisories released to inform its clients about the active exploitation of…

Read more →

Nearly 9 million Android-based smartphones, watches, TVs, and TV boxes have been infected with the “Guerrilla” malware, pre-installed on the devices by Lemon Group. The threat actors use the malware to load additional payloads, intercept one-time passwords from SMS, set…

Read more →

Application control is part and parcel of the larger cybersecurity landscape of access control, as outlined by the National Institute of Standards and Technology (NIST). But what does the term mean? And, more importantly, why should companies be interested in…

Read more →

Researchers have uncovered previously unknown attack infrastructure used by Pakistani and Chinese entities operated by the state-sponsored group SideWinder. In a joint report, cybersecurity companies Group-IB and Bridewell say the threat actor uses 55 domains and IP addresses. At least since…

Read more →

A new ransomware operation has been observed hacking Zimbra servers to steal emails and encrypt files. Instead of demanding a ransom payment, the threat actors claim to require a donation to charity. In March 2023, a ransomware operation dubbed MalasLocker began encrypting…

Read more →

The US Department of Transportation (USDOT) recently revealed threat actors breached its system in a cyberattack. The data breach compromised the personal information of roughly 237,000 current and former agency employees. While it remains unclear when the attack happened or…

Read more →

Researchers revealed that the UNC3944 threat actors use phishing and SIM-swapping attacks to get control over Microsoft Azure admin accounts. Hackers maliciously used the Azure Serial Console on Azure Virtual Machines (VM) to deploy remote management software within client environments.…

Read more →

At the end of March, a cyberattack affected Capita’s systems, resulting in the theft of customer data. Six weeks after the attack was revealed, Capita warned Universities Superannuation Scheme (USS), the largest private pension scheme in the UK, to assume…

Read more →

PharMerica, the second largest provider of institutional pharmacy services in the United States, confirmed that it suffered a data breach that exposed the personal information of 5,815,591 people. The company started sending notices to the impacted individuals on the 12th…

Read more →

Discord messaging platform announced a data breach. The incident involved a third-party support agent whose account has been compromised. The notification warned customers about unauthorized access to the agent’s support ticket queue. The Exposed Data & Security Measures This incident…

Read more →

While this article aims to define what is endpoint privilege management, I will first begin to explain the circumstances of this process. Within any organization, privileges are usually split between two levels of hierarchy: standard users and administrators. The highest…

Read more →

Toyota Motor Corporation issued a notice on the company’s Japanese newsroom disclosing a data breach of ten years. A database misconfiguration in its cloud environment leads to exposing of the car-location data of 2,150,000 customers. Details from the Data Breach…

Read more →

In today’s digital age, software vulnerabilities are on the rise, and cyber threats are becoming more sophisticated. As a result, businesses must be proactive in their approach to cybersecurity to minimize the risk of a data breach. One way to…

Read more →

A remote code execution (RCE) attack consists of adversaries remotely running code on an enterprise`s assets. Threat actors remotely inject and execute code in the victim`s device or system by using local (LAN), or wide area networks (WAN). The code…

Read more →

ABB, a leading provider of electrification and automation technology, has been hit by a Black Basta ransomware attack, which has reportedly affected business operations. As part of its services, ABB develops industrial control systems (ICS) and SCADA systems for manufacturers…

Read more →

When we talk about Privileged Access Management (PAM), Privileged Identity Management (PIM), Identity and Access Management (IAM), and other access management terms, we think of technologies for protecting a company’s critical assets. These phrases refer to maintaining the security of…

Read more →

With the “detect early” and “respond fast” capabilities in your mind, you may wonder what to choose from the XDR vs SIEM vs SOAR options. A good Detection and Response (D&R) solution is essential for your company’s cybersecurity posture. As…

Read more →

The Federal Bureau of Investigation disrupted a Russian government-controlled Snake malware network that compromised hundreds of computers belonging to NATO-member governments and other Russian targets. According to the Justice Department, the disruption effort, called Operation MEDUSA, took the malware offline…

Read more →

There is a new Linux NetFilter kernel flaw that allows unprivileged local users to escalate their privileges to root level, giving them complete control over the system. The vulnerability has been assigned the CVE-2023-32233 identifier, but its severity level has not…

Read more →

The Aurora information-stealing malware was delivered through an in-browser Windows update simulation in a recent malvertising campaign. For more than a year, Aurora has been advertised on various hacker forums as an info stealer with extensive capabilities and low antivirus…

Read more →

Researchers warn Cactus Ransomware exploits VPN Flaws to compromise networks and encrypts itself to avoid detection. The new ransomware strain targets large commercial entities that use remote access services and scans after unpatched vulnerabilities for initial access. How Is Cactus…

Read more →

AndoryuBot new malware aims to infect unpatched Wi-Fi access points to enlist them in DDoS attacks. To this end, threat actors exploit a critical Ruckus vulnerability in the Wireless Admin panel. The flaw is tracked as CVE-2023-25717 and enables hackers…

Read more →