Fake Pokemon NFT card game website is used by threat actors to spread malware. Visitors are tricked to download the NetSupport remote access tool or RAT, a malicious software that takes over victims’ devices. Details About the Campaign Analysts at…
Category: Heimdal Security Blog
Turla Uses Old Malware Infrastructure to Attack Ukrainian Institutions
Turla Russian espionage group delivers KOPILUWAK reconnaissance utility and QUIETCANARY backdoor to ANDROMEDA malware victims in Ukraine. Cyber researchers track the operation as UNC4210. Turla is also known as Iron Hunter, Krypton, Uroburos, Venomous Bear, or Waterbug and is thought…
US Nuclear Research Labs Hit by Russian Hackers
Cold River, a Russian hacking collective, targeted three US nuclear research laboratories. Brookhaven, Argonne and Lawrence Livermore National Laboratories were all hit. Between August and September Cold River targeted the Brookhaven (BNL), Argonne (ANL) and Lawrence Livermore National Laboratories (LLNL), according…
Threat Actors Abuse Visual Studio Marketplace to Target Developers
Threat actors targeting the Visual Studio Code extensions use a new attack vector. They upload rogue extensions impersonating their legitimate counterparts with the goal of triggering supply chain attacks on the machines of developers. Curated via a marketplace made available…
Air France and KLM Alert Customers of Account Security Breach: What You Need to Know
Flying Blue customers have been informed that some of their personal information was exposed following a breach of their accounts. Clients of Air France, KLM, Transavia, Aircalin, Kenya Airways, and TAROM can exchange loyalty points for rewards through Flying Blue.…
Backdoor Malware: Definition, Risks, and Protection
When it comes to malware, knowing what types of malicious software lurk out there can help you enable efficient cybersecurity measures and stay protected. Backdoor malware is just one of many kinds of threats that you have to take into…
What Is Network Segmentation?
When it comes to network security, there are a lot of methods to help strenghten it. One such method, that will not only increase the overall security of your enterprise, but it will also simplify the monitorization and response to…
Looking Back: Reflections on the Cloudstar Ransomware Attack and Its Impact
It has been over a year since the Cloudstar ransomware attack, and Stephen Millstein, the CEO of Certified Title Corporation, still feels “something like PTSD” whenever he recalls what happened. In the cyber attack on the cloud storage provider, Millstein’s…
Apple Fined $8.0M in France for Data Collecting Issues
Commission Nationale de l’Informatique et des Libertés (CNIL), the French data protection authority, fined Apple €8,000,000 ($8.5M) for collecting user data without the user’s consent. The data was used to better target advertising in the App Store. These actions are…
Blind Eagle Is Back with New Tools and a Complex Infection Chain
Blind Eagle, a financially-motivated threat actor previously observed launching operations against organizations in Colombia and Ecuador, has reemerged with a sophisticated toolset and a complex infection chain. The latest findings from Check Point shed light on the group’s methods, such…
British Schools Have Their Data Leaked by Vice Society Ransomware Gang
The Vice Society gang has been behind a high-profile string of ransomware attacks on schools across the UK and the USA, with the most recently uncovered campaign involving 14 British schools. Source Vice Society – A Constant Threat Vice Society…
WhatsApp Adds Proxy Support to Bypass Internet Shutdowns
WhatsApp introduces a new feature in its latest released update. From now, users of the messaging app will be able to connect via proxy servers in case of Internet shutdowns or if the service is blocked in their country by…
Rackspace Has Fallen Victim to Ransomware: Here’s What You Need to Know
The Play ransomware operation was responsible for a cyberattack that brought Rackspace’s hosted Microsoft Exchange environment down in December. According to Rackspace, attackers behind last month’s incident gained access to some of its customers’ Personal Storage Table (PST) files, which…
Bluebottle Cybercrime Group Is Targeting Banks in African Countries
A cybercrime group going by the name of Bluebottle has been linked to a set of attacks aimed at the financial sector in Francophone countries located in Africa, in the timeline between July and September 2022. Symantec, a division of…
Warning! Spyware Attacks Targeting Banks Are on the Rise
The number of attacks targeting banks grew after the source code for CypherRat, a new SpyNote malware version, was offered for free on hacker groups. CypherRat has both spyware and banking trojan features impersonating banking institutions. It was initially sold…
Confidential Computing: What Is It and What Are Its Benefits?
In recent years, data has become a valuable asset that every business sector shouldn’t neglect. However, information exists in different states and constantly crosses numerous networks and devices, which can result in data breaches. Because of this, organizations should be…
Attention Developers: CircleCI Security Breach — Here’s What You Need to Know
The software development service CircleCI has disclosed a security incident and urged users to rotate their secrets. Over one million engineers rely on the CI/CD platform for the “speed and reliability” of their builds, according to its website. As per…
Cricket Platform Exposed over 100k Customer Data Entries
Over 100k user entries and administrative credentials were leaked from a cricket community social network. Cybernews researchers discovered that cricketsocial[.]com left an open database containing emails, phone numbers, names, hashed user passwords, dates of birth, and addresses. Most of the…
How to Prevent Identity Theft With 20 Essential Steps [Updated 2023]
Identity theft is a growing problem in today’s digital world. With more of our personal information available online, it can be difficult to protect ourselves from malicious actors who may use our data for malicious purposes. While it might seem…
Meta Fined $414 Million by Irish Regulators for Using Personal Data for Advertising
In what might be a severe blow to its ad-fueled business model, the Irish Data Protection Commission (DPC) has fined Facebook’s parent company Meta $414 million for its management of user data for distributing personalized ads. Privacy regulators ordered Meta…
200 Million Twitter Profiles Database Giveaway on Hacker Forum
Threat actors offer over 200 million Twitter users` profile data on the Breached hacker forum, asking no more than $2 for the whole database. Cyber researchers say this is the cleaned-up version of the 400 million profiles database spilled in…
Arnold Clark Auto Retail Giant Was Victim of a Cyberattack on Christmas Eve
Arnold Clark, the Scottish automotive retail giant, announced that it suffered a cyberattack. An external cybersecurity firm identified abnormal activity on the company’s network on Christmas Eve. What Damage Has Been Done As a precaution, after the attack, Arnold Clark…
Queensland University of Technology, Royal Ransomware’s Newest Target
Following a recent cyberattack on the Queensland University of Technology, the Royal ransomware gang has begun leaking data they allegedly stole during the intrusion. Queensland University of Technology (QUT) has 52,672 students and operates on a budget exceeding one billion…
Critical Vulnerabilities Expose Automotive Giants to Cyberthreats
Ferrari, BMW, Toyota, Ford, and other automotive companies have been found to have severe vulnerabilities. The disclosed vulnerabilities varied based on the manufacturer and their specifics. Researchers revealed that an AT&T system was fully compromised and, if exploited by threat actors,…
Growing Interest in Flipper Zero Capitalized by Cybercriminals in Phishing Campaign
Members of the security community are at risk. A new phishing campaign is taking advantage of the community’s growing interest in Flipper Zero to steal both their personal data and cryptocurrencies. The tool gives pen-testers and hacking enthusiasts, and researchers…
Threat Actors Use Stolen Bank Data for BitRAT Malware Campaign
Threat actors use data stolen from Columbian bank customers as lures in email phishing attacks. Cyber researchers warn that the campaign aims infecting endpoints with BitRAT remote access trojan. On the bright side, according to researchers, none of the sensitive…
Wabtec U.S. Rail Company Under Ransomware Attack
Wabtec Corporation announced that it was the victim of a ransomware attack. The attack caused a data breach, exposing personal and sensitive information. Wabtec Corporation is a U.S. company that produces locomotives and rail systems. With 25,000 employees in 50…
Poland Warns of Cyberattacks by the Russia-Linked Ghostwriter Group
Poland is warning of a spike in cyberattacks from Russia-linked hackers, including GhostWriter, a state-sponsored hacking group. Poland’s official website claims hostile cyber-activity has intensified, targeting public domains and state organizations, strategic energy and armament providers, and other critical entities.…
What Is Container Security? Definition, Benefits, and Risks
Container security is a vital factor for all companies that use containers for running their software, as an alternative to using virtual machines (VMs). A container is a software conglomeration that includes all the components required for the soft to…
Financial and Insurance Sectors in Europe Targeted by Raspberry Robin Worm
The Raspberry Robin worm has targeted the financial and insurance industries in Europe, and the virus is still evolving its post-exploitation capabilities while evading detection. The breaches, which have been seen in Spanish and Portuguese-speaking organizations, are notable for collecting…
Vulnerability in Google Home Speaker Allowed Eavesdropping
A vulnerability in Google Home speakers could have allowed threat actors to remotely listen in on user conversations. The issue was reported to Google by security researcher Matt Kunze, who won a bug bounty of $107,500. According to Kunze’s technical…
The One Ransomware Gang That Decided to Give Back
As a result of an attack against the Hospital for Sick Children (SickKids), the LockBit ransomware gang has formally apologized and released a free decryptor for the hospital. Toronto’s SickKids Hospital is a teaching and research hospital that treats sick children.…
PyTorch Dependency Chain Compromised During Winter Holidays
Users who installed PyTorch-Nightly during last week of December are warned to uninstall it and torchtriton immediately. The good news is those who use PyTorch stable package were not impacted by this problem. The open-source Python-based machine learning framework discovered…
Chinese Students in the U.K. Are Victims of RedZei Scam Calls
RedZei (or RedThief) Chinese-speaking hackers are targeting U.K.-based Chinese international students, a wealthy victim group, with scam calls. The campaign is ongoing for more than a year and shows that threat actors have meticulously selected and researched their victims. Details…
Ransomware Gang Clones Website to Leak Stolen Data
ALPHV ransomware operators published stolen data on a replica of a victim’s site as part of their extortion tactic. Also known as BlackCat ransomware, ALPHV is known for testing new ways to force their victims into paying. Even though these tactics have…
Canadian Mining Company Targeted by Ransomware
A cyberattack launched on December 27, 2022, caused the Canadian Copper Mountain Mining Corporation (CMMC) to shut down its operations. The IT team of the company from British Columbia quickly implemented the predefined risk management systems and protocols to contain…