Tag: Heimdal Security Blog

A command-and-control server (C&C) is a computer that threat actors use to send instructions to compromised systems. Their goal is to direct infected devices into performing further malicious activities on the host or network. Hackers can use C&C or C2…

Read more →

Latitude Financial Services, the recently breached Australian loan giant, announces that the number of affected people reaches 14 million. On March 16, 2023, Latitude disclosed they were the victim of a cyberattack that resulted in 328,000 customer records being exfiltrated.…

Read more →

At least 50 US government officials are either suspected or confirmed to have been targeted by invasive commercial spyware designed to hack mobile phones, extract data, and track the movements of the victims. An executive order limiting the use of…

Read more →

Researchers discovered a new MacOS info-stealer that extracts documents, cookies, and login data from infected devices. MacStealer uses Telegram as a command-and-control platform to exploit MacOS machines from Catalina (10.15) and up to Ventura (13.2). It is delivered on the…

Read more →

According to the city of Philadelphia, cybersecurity recommendations have been issued in response to an Internal Revenue Service (IRS) warning against tax-based phishing attempts.  On day two of the annual Dirty Dozen tax scams campaign, the IRS warns again about…

Read more →

On Friday, March 24th, Twitter sent GitHub a copyright infringement notice, claiming some of the platform`s users leaked parts of their source code. GitHub, the Microsoft-owned service for software developers, reacted promptly and took down the code the same day.…

Read more →

Dole Food Company, one of the world’s largest suppliers of fresh fruit and vegetables, has revealed that it has been hit by a ransomware attack that disrupted its operations. The company is still looking into “the scope of the incident,”…

Read more →

Are you aware of QR code phishing or “quishing”? This form of social engineering attack is gaining popularity among cybercriminals eager to steal your data. In this article, we will find out what quishing is, how it works, and how…

Read more →

New cyber attacks against Middle Eastern telecommunications operators emerged in the first quarter of 2023. Based on technical overlaps, the intrusion set was identified as being the work of a Chinese cyber espionage actor associated with a long-running campaign dubbed…

Read more →

Today we are talking about one of the sneakiest cybersecurity threats out there: the logic bomb. The name might sound harmless, but this type of cyberattack can be hard to detect, can do all sorts of damage, and can even…

Read more →

Cyberthieves of today are adaptable – they are excellent at finding new ways to survive and evolve, such as creating new types of ransomware to attack our devices. Knowing the different types of ransomware attacks helps you plan your defenses…

Read more →

A new variant of the BlackGuard stealer has been discovered in the wild, with new features such as USB propagation, persistence mechanisms, the ability to inject more payloads into memory, and the ability to target more crypto wallets. BlackGuard’s New…

Read more →

The City of Toronto announced a data breach caused by GoAnywhere attacks. Clop ransomware, the gang responsible for exploiting the vulnerability in GoAnywhere also impacted UK’s Virgin Red and Pension Protection Fund. This week’s victims ad up to the other…

Read more →

In today’s digital age, cybersecurity is more important than ever before. Unfortunately, cybercriminals are constantly finding new ways to infiltrate networks and steal data. One of the most insidious methods they use is known as a drive-by download attack. This…

Read more →

Cybersecurity researchers found that Lionsgate, an entertainment industry giant, exposed the IP addresses and viewing habits of its subscribers. The investigators from Cybernews uncovered that the video-streaming service Lionsgate Play had exposed user information via a publicly accessible ElasticSearch instance.…

Read more →

Nmap is short for Network Mapper, an open-source tool used for IP and port scanning and app detection. System and network admins use it for network inventory, managing service upgrade schedules, and monitoring service uptime. At first, it was developed…

Read more →

Researchers discovered a new fake ChatGPT extension for Chrome in the official Chrome Store. This version steals Facebook session cookies, hijacking accounts. The malicious extension is a copy of “ChatGPT for Google”, a Chrome add-on, but with additional malicious code.…

Read more →

A new credit card hacking campaign is wreaking havoc, but this time it’s a little bit different. Instead of injecting the JavaScript code into the HTML of the store or of the checkout pages, this time threat actors are hiding…

Read more →

A new campaign is deploying variants of the ShellBot malware, specifically targeting poorly maintained Linux SSH servers. It seems the threat actors use scanner malware to find systems that have SSH port 22 open and proceed to install ShellBot on…

Read more →

A new backdoor dubbed PowerMagic and “a previously unseen malicious framework” named CommonMagic were utilized in assaults by an advanced threat actor, according to security researchers. Both malware pieces have been used since at least September 2021 in operations that…

Read more →

Hitachi Energy confirmed that it was the victim of a data breach, part of the GoAnywhere attacks. The Clop ransomware gang exploited a Fortra GoAnywhere MFT (Managed File Transfer) zero-day vulnerability to gain access. The Japanese engineering and technology giant…

Read more →

On March 20th, Ferrari announced they were victims of a cyberattack that could result in customers` data leakage. Threat actors claimed to have breached some of the Ferrari IT systems and sent a ransom demand. Ferrari N.V. announces that Ferrari…

Read more →

To avoid detection and launch of the payload, threat actors behind CatB ransomware used a technique called DLL search order hijacking. Based on code-level similarities, CatB, also known as CatB99 and Baxtoy, emerged late last year and is said to…

Read more →

Multiple spam campaigns targeting Bolivia, Chile, Mexico, Peru, and Portugal have been linked to a banking trojan called Mispadu that steals credentials and delivers other malicious payloads. Mispadu (aka URSA) can steal money, credentials, and act as a backdoor by taking…

Read more →

A cancer patient whose naked medical photos and records were stolen by a ransomware gang and posted online has sued her healthcare provider for allowing the “preventable” and “seriously damaging” data leak. The proposed class-action lawsuit stems from a February…

Read more →

Emotet malware returns after three months break and uses Microsoft OneNote attachments to avoid macro-based security restrictions. Threat actors initially tried to use Word and Excel docs for deploying the malware. But since Microsoft currently blocks macros by default for…

Read more →

In January, a Go-based botnet named HinataBot (named after the character from the popular anime series Naruto) was discovered exploiting old vulnerabilities and weak credentials in HTTP and SSH honeypots. HinataBot Overview According to Akamai’s SIRT team, the botnet exploited arbitrary…

Read more →

Stack smashing is a type of vulnerability that can lead to serious security breaches. This vulnerability occurs when a hacker exploits a flaw in a program’s memory allocation, causing the program to crash or execute arbitrary code. In this article,…

Read more →

As cyber-attacks continue to proliferate, it’s essential for organizations to stay ahead of the game when it comes to security. One area that requires particular attention is the Domain Name System (DNS). DNS attacks are more common than one might…

Read more →

Hackers use AI-generated YouTube videos to deploy Raccoon, RedLine, and Vidar malware. The videos look like tutorials on how to download Adobe Photoshop, Premiere Pro, Autodesk 3ds Max, AutoCAD, etc. for free. Some of the videos claim to show the…

Read more →

In operation since 2020, the Makop ransomware gang is classified as a tier-B ransomware gang. The threat actor has successfully targeted companies in Europe and Italy with its hybrid arsenal of custom-developed and off-the-shelf software tools despite its low classification.…

Read more →

BianLian is a ransomware group that first appeared in July 2022, successfully infiltrating several high-profile organizations. It seems that recently, the ransomware group has shifted its focus from encrypting its victims’ files to only exfiltrating and extorting data found on…

Read more →

This is the time to remind you again that online threats are always changing and so should your cybersecurity strategy. You know all the major types of cyberattacks that could impact your organization, but hackers took everything to another level…

Read more →

On Thursday, Latitude Group Holdings, an Australian company that handles digital payments and loans, revealed that a hacker had obtained the personal information of around 328,000 clients from two service providers by using staff login credentials. Around 103,000 identification documents…

Read more →

In today’s digital age, businesses are increasingly moving their operations to the cloud. However, with this shift comes numerous security risks that can compromise sensitive data and confidential information. That’s where Secure Access Service Edge (SASE) comes in: a cutting-edge…

Read more →

The cyber-research community raises concerns over an unpatched vulnerability that puts the Microsoft 365 suite at risk. Earmarked CVE-2023-23397, the vulnerability allows an unauthenticated threat actor to obtain the user’s credentials by passing along a crafted email package. Research suggests…

Read more →

On March 15, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a new vulnerability to its Known Exploited Vulnerabilities (KEV) catalog. The said vulnerability impacts Adobe ColdFusion and is actively exploited by threat actors. Details on the Vulnerability The…

Read more →

Threat actors are selling what they pretend to be data stolen from U.S. Marshals Service (USMS) servers in an incident that happened earlier this year. The post appeared on March 15 on a Russian-speaking hacking forum and advertises hundreds of…

Read more →

Remote work has become a highly popular and common practice around the world, especially now as companies allow a significant part of their employees to remain remote. However, while this practice increases flexibility, improves productivity, and enhances work-life balance, there’s…

Read more →

Software vendor SAP has released security updates to fix 19 vulnerabilities, five of which rated as critical. The patches released this month impact many products of the SAP suite, but the critical severity vulnerabilities affect SAP NetWeaver and SAP Business…

Read more →

After breaching the systems of Maximum Industries, the LockBit ransomware group claims to have stolen sensitive information related to SpaceX. Maximum Industries is a full-service, piece-part production, and contract manufacturing facility. The company provides CNC machining, laser cutting and waterjet…

Read more →

Rubrik, the cybersecurity giant, confirmed a data breach. The incident was caused by a large-scale attack using a zero-day vulnerability in the Fortra GoAnywhere platform. GoAnywhere is a secure data transfer business solution for encrypted files. The announcement comes after…

Read more →

Cyber Essentials is a practical, government-backed scheme that will assist you in protecting your UK-based organization, no matter how large or small, against a wide range of common cyber attacks. It assists the UK’s most critical organizations, the wider public…

Read more →

According to the FBI’s annual Internet Crime Report, investment fraud was the most common kind of internet criminal activity in 2022. The $3.3 billion paid by victims increased from $1.45 billion in 2021, which is a 127% jump. The report…

Read more →

The Dark Pink APT has been linked to a new wave of attacks using the KamiKakaBot malware against government and military entities in Southeast Asian countries. In January, Group-IB published an in-depth study of Dark Pink, also known as Saaiwc,…

Read more →

As part of the March vulnerability patching bout, Microsoft has released 23 fixes for Chromium- and OS-based security bugs. The list also features patches for non-Edge vulnerabilities such as the Windows MSHTML Remote Code Execution Vulnerability and the Power BI…

Read more →

On Sunday, a cryptocurrency flash loan attack on the lending platform Euler Finance resulted in the theft of $197 million in various digital assets by threat actors. The theft involved multiple tokens including $135.8 million in stETH, $33.85 million in…

Read more →

Tickets for the Eurovision Song Contest in Liverpool sold out in less than an hour on Tuesday (March 7), despite technical difficulties as the Ticketmaster website buckled under the pressure. However, those who were fortunate enough to obtain tickets are…

Read more →

South Korean researchers developed a new covert channel attack named CASPER. It uses internal speakers to leak data from air-gapped PCs to nearby smartphones at a rate of 20 bits per second. Until now, similar attacks used external speakers. But…

Read more →

North Korean based threat actors are believed to be actively seeking security researchers and media outlets with fake job proposals aimed at U.S. and European victims. Three different families of malware are deployed into the target’s environment, and social engineering techniques…

Read more →

You may have heard these concepts being thrown around, but you don’t really know what they are, except that they sound ominous. You may suspect that it’s a place (or places) where malicious hackers roam. You may have also heard…

Read more →

So, you took my course on how to get on the dark web and want to explore your newfound superpower? Good for you and welcome to the dark web brotherhood. In this sequel, I’m going to show you some of…

Read more →

Iranian state-sponsored actors continue to target researchers by impersonating US think tanks. SecureWorks Counter Threat Unit (CTU) stated in a report that the targets were all women active in political affairs and human rights in the Middle East region. Cybersecurity…

Read more →

An internet domain that was being used by criminals to steal data from and take control of victims’ computers was seized by U.S. authorities on Thursday. A collaborative international law enforcement operation involving the FBI and police agencies worldwide led…

Read more →

In today’s fast-paced digital world, identity and access management has become a critical concern for organizations of all sizes. The challenge lies in ensuring that only authorized users have access to sensitive data while preventing unauthorized entry by cybercriminals. That’s…

Read more →

The famous BMW luxury cars brand unproperly secured its system and exposed extremely sensitive files to the public. Threat actors had enough time to exploit the data to steal source code and even get BMW customer data. How Were Clients`…

Read more →

In the book about cybersecurity, protecting your endpoints must be the first and one of the most important chapters. Once an endpoint is breached, there is no way of telling what a cybercriminal will do next. Hackers can decide to…

Read more →

As we have seen in our previous articles, news, and webinars, in this increasingly complex threat landscape, malicious actors employ more and more sophisticated techniques to exploit traditional security parameters, safeguards, and countermeasures implemented to safeguard corporate data and infrastructure.…

Read more →

With cyberattacks seemingly increasing at a high rate, companies have to make sure their details and information are secured and safe from threat actors creeping around. Today, we will talk about a popular approach used by companies to assess their…

Read more →

Russia continues its disinformation campaign around the Ukraine war through advanced social engineering tactics delivered by the TA499 threat group. Also known as Vovan and Lexus, TA499 is a Russian-aligned threat actor conducting aggressive email campaigns since at least 2021. They seem…

Read more →

In the latest move by the Biden administration to strengthen cybersecurity protections for critical infrastructure operators, the Transportation Security Administration announced regulations this past Tuesday to compel airports, aircraft owners, and operators to improve their digital defenses in the face…

Read more →

Threat actors breached the DC Health Link network, the healthcare administrator that serves the U.S. House of Representatives. Researchers say the data breach impacted roughly 170,000 persons. Among those, there are hundreds of U.S. House members, their staff, top representatives,…

Read more →

Over the past year, the Lazarus Group has used flaws in an undisclosed software to breach a financial business entity in South Korea on two distinct occasions. As opposed to the first attack in May 2022, the re-infiltration in October 2022…

Read more →

Cybersecurity researchers uncovered a new, highly-advanced information stealer, dubbed SYS01 stealer, that has been deployed in attacks on critical government infrastructure employees, manufacturing companies, and other industries since November 2022. Morphisec researchers discovered similarities between the SYS01 stealer and another…

Read more →

A new Emotet campaign started infecting devices all over the world on Tuesday, 7 March 2023. After a three-month break, the botnet sends malicious spam emails again. Emotet malware reaches targets through emails with malicious attachments. When the user opens…

Read more →

Identity management has become an essential aspect of cybersecurity as businesses struggle to protect their sensitive data from cyber threats. To shed some light on this topic, in this article, we’ll help demystify the key differences between PIM (Privileged Identity…

Read more →

A threat actor claimed to have hacked Taiwanese multinational hardware and electronics business Acer, prompting the company to declare a data breach. The hacker announced the breach on a popular cybercrime forum, claiming to have stolen nearly 3,000 files of…

Read more →

Endpoint security seeks to protect every endpoint that connects to a network in order to prevent unauthorized access and other destructive behaviors at such entry points. The value of effective endpoint security solutions has expanded dramatically, partly as a result…

Read more →

Hospital Clinic de Barcelona, one of the main hospitals in the Spanish city, suffered a ransomware attack that crippled its computer system, causing 3,000 patient checkups and 150 non-urgent operations to be canceled. The incident occurred on Sunday, the 5th…

Read more →

Europol announced via a press release that core members of the cybercrime gang behind the DoppelPaymer ransomware operation have been detained. The operation was a joint effort made by the German and Ukrainian police, with help from the FBI and…

Read more →

An ongoing campaign is targeting business routers using a new malware, the HiatusRAT router malware. The Hiatus campaign affects DrayTek Vigor router models 2960 and 3900. The hackers aim to steal data and transform the infected device into a covert…

Read more →

The Play ransomware group has begun leaking data stolen in a recent cyberattack from the City of Oakland, California. The initial data leak consists of a 10GB multi-part RAR archive apparently comprising private documents, employee data, passports, and IDs, explains Bleeping Computer.…

Read more →

Domain generation algorithms (DGA) are software that creates large numbers of domain names. This helps hackers deploy malware easier. Let`s take a closer look at what DGA is, how it works, and why it’s still popular among threat actors after…

Read more →

The Federal Trade Commission (FTC) accused BetterHelp online counseling service of sharing customers’ mental health data with advertisers. The authorities want to ban the online platform from disclosing information to third parties like Facebook and Snapchat. After the accusations, FTC…

Read more →

A database containing over 2 million debit and credit cards was released for free by carding marketplace BidenCash, in celebration of its first anniversary. The threat actors advertised the massive leak on an underground cybercrime forum to attract as much…

Read more →

Threat actors breached WH Smith, the 1,700 locations UK retailer, and exposed data belonging to current and former employees. WH Smith has more than 12,500 employees and reported a revenue of $1.67 billion in 2022. What Kind of Data Was…

Read more →

This year, the Chinese cyberespionage group Mustang Panda began deploying a new custom backdoor named ‘MQsTTang’ in attacks. This advanced persistent threat (APT), also known as TA416 and Bronze President, targets organizations worldwide with customized versions of PlugX malware. In January…

Read more →

Earlier this year, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) released an advisory regarding the Royal Ransomware gang. The Royal Ransomware group first appeared in the United States in September 2022—the U.S. Health and Human Services Cybersecurity Coordination Center…

Read more →

A scanning attack is a method used by threat actors to identify vulnerabilities in a network or system. Scanning attacks typically involve using automated tools to scan for open ports, vulnerabilities, and other weaknesses that can be exploited to gain…

Read more →

We already know that patching is a practice of the utmost importance when it comes to the security of businesses. WSUS has been for a long time a great solution for patching Windows machines and apps inside the Microsoft ecosystem…

Read more →

Vulnerability and patch management are vital cogs in an organization’s cyber-hygiene plan. According to a recent Verizon cyber-safety report, more than 40% of all data breaches recorded in 2022 stem from unpatched (i.e. vulnerable) Internet-facing applications. Moreover, the rate of…

Read more →

Dole Food Company, one of the world’s largest suppliers of fresh fruit and vegetables, has revealed that it has been hit by a ransomware attack that disrupted its operations. The company is still looking into “the scope of the incident,”…

Read more →

The Internet Control Message Protocol (ICMP) is a protocol built into the IP suite whose main function is to allow IP-based devices to communicate error messages and exchange information about network conditions. Network administrators mainly use ICMP for network traffic…

Read more →

Telus is now investigating the possibility of a data breach affecting its corporate data. The Canadian telecom company started looking for an incident after hackers posted samples of Telus’ information, as they pretend. The sample contains employee data, source code,…

Read more →

An attacker’s access to the network is often traced back to a succession of events, which network defenders must unravel. This is done by asking specific questions such as: How did the attackers enter the network? How did they gain…

Read more →

During the recent Rackspace ransomware attack, the company confirmed hackers accessed customer data. Rackspace staff and cybersecurity researchers have been investigating the incident since it occurred, and new information has emerged. The attack, which Rackspace first confirmed on December 6, 2022, …

Read more →

Game developer Activision confirms that it suffered a data breach in December 2022. The threat actors gained access to the company’s internal systems by tricking an employee with an SMS phishing text. The company declared that the incident has not…

Read more →

Managed Extended Detection and Response (MXDR) is yet another step toward the perfect security solution. Researchers designed MXDR with two major vectors in mind. First, it had to keep up with the latest internal and external threats. Second, to protect…

Read more →

A new S1deload Stealer malware campaign infects YouTube and Facebook users as hackers try to use their devices for cryptocurrency mining. After they get S1deload Stealer on the victim`s device and obtain a connection to the command-and-control server, threat actors…

Read more →

There has been a surge in cyber-attacks against cloud service providers (CSPs) and managed service providers (MSPs). Resecurity recently alerted several data center organizations about a malicious cyber campaign targeting both the organizations and their clients. Threat actors orchestrated all of…

Read more →

DNS records or resource records (RR) contain various types of data about domain names and IP addresses. They are stocked in DNS databases on authoritative DNS servers. DNS records offer information about what IP address is associated with what domain,…

Read more →

Cyber researchers warn OyeTalk users that the app`s database exposed their private data and conversations to data leakage. The database admins did not use a password to secure it, so all the data was open to the public. OyeTalk is…

Read more →

It’s easy to see why there has always been some skepticism and uncertainty about the emergence of AI technology. However, the moment we are faced with an advanced technology capable of doing its own thinking, we must take a necessary…

Read more →

Over 31 million people’s personal information was exposed as a result of a massive data breach at RailYatri, India’s government-approved online travel agency. An online database of private information has been released, and it is thought the breach occurred late…

Read more →

The increasing frequency and size of ransomware attacks are becoming a huge concern for thousands of organizations globally. All over the world, threat actors take advantage of security vulnerabilities and encrypt data belonging to all sorts of organizations: from private…

Read more →

According to a new report released by Google’s Threat Analysis Group (TAG) and Mandiant, Russia’s cyber attacks against Ukraine increased by 250% in 2022. Following the country’s invasion of Ukraine in February 2022, the targeting focused heavily on the Ukrainian…

Read more →

The second version of HardBit ransomware was observed trying to find out the victim`s insurance details. Their goal was to settle the ransom demand at a price that the victim`s insurance company could pay. Who Is HardBit HardBit is a…

Read more →

An updated version of a backdoor called ReverseRAT is being deployed through spear-phishing campaigns targeting Indian government entities. Cybersecurity firm ThreatMon attributed the activity to a threat actor called SideCopy. Known for copying the infection chains associated with SideWinder to deliver…

Read more →

Patch management tools are cybersecurity solutions that identify software applications running on outdated versions. They then proceed to deploy and install the corresponding patch, which can enhance security, fix bugs or add new functionalities, depending on the intent behind its…

Read more →

Europol put an end to the operations of a Franco-Israeli CEO fraud group. The threat actors used business email compromise (BEC) attacks to steal money. This led to €38,000,000 stolen in just a few days from one organization. Details About…

Read more →