Category: Heimdal Security Blog

As industry experts continuously predict that cybercrime will only get worse in the following years, we see that the digital world is keen to find and implement new strategies to bolster cybersecurity. Today I am going to talk about one…

Read more →

One of the most recent finds exposed the Aurora Stealer malware imitating popular applications to infect as many users as possible. Cyble researchers were able to determine that, in order to target a variety of well-known applications, the threat actors…

Read more →

As organizations are increasingly dealing with security concerns, there is a need for more sophisticated access control mechanisms to ensure only authorized personnel have access to sensitive information. But what exactly is the difference between Role-Based Access Control (RBAC), Attribute-Based…

Read more →

Federal authorities have taken down a website run by a notorious ransomware gang known to extort millions of dollars from victims as part of a global cybercrime operation. The FBI seized a cache of computer servers supporting the Hive group…

Read more →

Flaws found in the Galaxy App Store gave attackers the ability to install apps without the user’s knowledge and send them to malicious sites. Samsung was notified regarding flaws CVE-2023-21433 and CVE-2023-21434, in November and December 2022. After flagging the…

Read more →

The ever-changing landscape of cybersecurity makes it harder for companies to keep up with the malicious intents of threat actors. Each day, new vulnerabilities can appear in your systems, which can give threat actors the chance they needed to breach…

Read more →

SEO poisoning attacks have been on the rise in recent years, as more and more people are using search engines to find information online. Attackers are constantly coming up with new ways to exploit SEO vulnerabilities, so it’s important to…

Read more →

On January 25th, Killnet Russian activist threat group put several German websites offline after performing a DDoS attack. The hackers claimed they targeted government websites, banks, and airports as a reaction to Germany`s decision to supply Ukraine with 2 Leopard…

Read more →

The Federal Bureau of Investigation (FBI) has confirmed that the cyberattacks on Harmony Horizon, which resulted in the theft of $100 million worth of Ethereum, were coordinated by North Korean state-sponsored hacking group, Lazarus. The North Korean APT has moved…

Read more →

A phishing scam using legitimate remote monitoring and management (RMM) software was used to target at least two federal agencies in the U.S. Specifically, cyber-criminal actors sent phishing emails that led to the download of legitimate RMM software – ScreenConnect…

Read more →

Ransomware infiltrates and hinders everything from healthcare organizations to energy distribution pipelines. This is why having an idea of the main vector of ransomware attacks is hugely beneficial, not to say imperative for your organization’s safety. Did you know that…

Read more →

Last week, video game developer Riot Games, which is behind popular games such as League of Legends and Valorant had its development environment compromised by threat actors through a social engineering attack. This week, the attackers demanded a $10 million…

Read more →

Google has been sued by the U.S. Justice Department (DOJ) for exploiting its market dominance in online advertising. Tuesday, 24 January 2023, a lawsuit was filed by the DOJ along with eight states: Virginia, California, Colorado, Connecticut, New Jersey, New…

Read more →

The largest Russian ISP, Rostelecom, reports that DDoS attacks against Russian businesses hit an all-time high in 2022. In distributed denial of service attacks (DDoS), threat actors try to make a website or service that uses the internet inaccessible by…

Read more →

From securing e-commerce transactions to encrypting data sent via email and verifying software packages, Public Key Infrastructure (PKI) and encryption are essential to secure online communications. But what exactly is PKI, how does it work, and what role does it…

Read more →

On Thursday, 19 January 2023, The Irish Data Protection Commission (DPC) announced a fine of €5.5 million for WhatsApp over breaking privacy laws when handling users’ private information. Why the Fine Was Issued? The issue of the fine is an…

Read more →

An “expansive” adware operation that spoofs over 1,700 apps from 120 publishers and affects around 11 million devices has been stopped by researchers. Dubbed VASTFLUX, the malvertising attack injected malicious JavaScript code into digital ad creatives and allowed threat actors…

Read more →

Ransomware has come to be a customary instrument in the arsenal of cybercriminals who routinely attack individuals and organizations. Under such circumstances, their victims experience financial damage either by owning up to large ransomware payouts or by bearing the price…

Read more →

Brute force attacks are a persistent security threat that has evolved over the years as technology advances. In this article, we’ll explore what a brute force attack is, its modus operandi and variants, and what prevention strategies you can use…

Read more →

The increasing frequency and size of ransomware attacks are becoming a huge concern for thousands of organizations globally. All over the world, threat actors take advantage of security vulnerabilities and encrypt data belonging to all sorts of organizations: from private…

Read more →

T-Mobile announced a new data breach after a threat actor used one of its Application Programming Interfaces to steal personal data from 37 million active postpaid and prepaid customer accounts (APIs). 37 Million Accounts Impacted On Thursday, the telecommunication giant…

Read more →

A total of $456.8 million was extorted by ransomware groups from their victims in 2022, down by almost 40% from the previous two years’ record-breaking total of $765 million. Chainalysis, a company that analyzes blockchain data, has found that the…

Read more →

The Domain Name System, and the DNS zones that it is composed of, are not as simple as ”the internet`s phonebook” largely used definition for DNS suggests it would be. As good as this comprehensive metaphor of a complex amount…

Read more →

Microsoft Azure has discovered a critical remote code execution (RCE) flaw that could allow a malicious actor to control a targeted application completely. According to Ermetic researcher Liv Matan, attackers can exploit the vulnerability by deploying malicious ZIP files containing…

Read more →

One thing is certain in today’s cybersecurity landscape, managing cyber risk across enterprises is harder than it used to be previously, but why? It started with the explosion of cloud-based services and contact with third parties, which increase organizations’ overall…

Read more →

On January 18th, Yum! Brands closed almost 300 of its restaurants in the UK due to a ransomware attack launched by an unknown malicious group. The US-based company owns KFC, Pizza Hut, and Taco Bell fast-food restaurant chains, among others,…

Read more →

Pro-Russian hacktivist group Genesis Day claims to have breached Samsung’s internal servers over South Korea’s collaboration with NATO. The attackers posted an ad on a popular hacking forum, claiming they found their way into Samsung’s internal FTP service. Because South Korea…

Read more →

Wondering how does ransomware spread? We’re not surprised. There is no doubt that cybercriminals are constantly looking for new ways to hold your data hostage.  As a result, ransomware has emerged as one of the most serious cybersecurity threats to businesses in…

Read more →

DevSecOps practices can help you to avoid sinuous workflows when it comes to software development security, earning you more time. Security should not be an afterthought when you are creating your online product, especially if you want to work fast…

Read more →

Between July and late December 2022, BackdoorDiplomacy has been associated with a new wave of attacks targeting Iranian government entities. At least since 2010, the Chinese APT group has conducted cyberespionage campaigns against government and diplomatic entities across North America,…

Read more →

A New York individual pleaded guilty to bank fraud conspiracy using stolen credit cards obtained on dark web cybercrime marketplaces. Trevor Osagie, a 31-year-old man from the Bronx, admitted that he was a key member of a group that ran…

Read more →

Access control is an important element of data security, and policy-based access control is gaining traction as one of the most robust methods for controlling who has access to what. In this article, we’ll dive into what Policy-Based Access Control…

Read more →

MailChimp announced it has been victim to a social engineering attack that threat actors successfully performed on the company`s employees and contractors. Hackers managed to obtain employee credentials and gain access to an internal customer support and account administration tool.…

Read more →

Anatoly Legkodymov, the founder of Hong Kong-registered cryptocurrency exchange Bitzlato, has been charged by the  U.S. Department of Justice with helping cybercriminals launder illegal funds. Legkodymov was arrested in Miami on Tuesday night and will be arraigned in U.S. District…

Read more →

A malware attack targeting the national news agency of Ukraine (Ukrinform) was recently stopped. The Computer Emergency Response Team of Ukraine (CERT-UA) attributed the data-wiper attack to Russian hackers. The Attack Was Not Successful CERT-U experts pinned the malware attack…

Read more →

In their latest update, Git has patched two new security flaws, both of them with a critical level of security. If left unpatched, the vulnerabilities could allow attackers to execute arbitrary code after successfully exploiting heap-based buffer overflow weaknesses. Git…

Read more →

On December 12, 2022, cybersecurity experts discovered a publicly accessible database containing 260GB of sensitive personal data from myrocket. co, which provides end-to-end recruitment solutions and HR services to Indian businesses. Nearly 200,000 employees and almost nine million job seekers…

Read more →

As time passes, threat actors are getting sneakier in their efforts. Security researchers discovered that lately a lot of fake websites impersonating popular free and open-source software have started to pop up in the sponsored section on Google search results.…

Read more →

Customers of Nissan North America had been announced of a data breach that might impact them. The notification informed the receivers that a third-party partner exposed customer information. The automobile manufacturer specified that the security incident suffered by its software…

Read more →

One of the largest providers of marine software, DNV, was hit by a ransomware attack that has affected around one thousand vessels. DNV is a Norwegian Company that provides services for 13,175 vessels and mobile offshore units totaling 265.4 million gross…

Read more →

Cyber researchers discovered last year that four of Microsoft Azure`s Services had security issues that made them vulnerable to server-side request forgery (SSRF) attacks. Two of the vulnerabilities did not request authentication, so threat actors had the opportunity to exploit…

Read more →

Since early 2020, over 250 domains have been used to spread information-stealing malware such as Raccoon and Vidar, according to an analysis recently published by cybersecurity researchers. As per the French research team, the domains are managed by a threat…

Read more →

There is no doubt that cybercriminals are constantly looking for new ways to hold your data hostage.  As a result, ransomware has emerged as one of the most serious cybersecurity threats to businesses in recent years. Because it’s so dangerous, understanding how…

Read more →

A November 2022 cyberattack on the University of Duisburg-Essen (UDE) by the Vice Society ransomware gang forced the university to reconstruct its IT infrastructure, which continues today. During the network breach, the threat actors allegedly stole files from the university,…

Read more →

Sewio, InHand Networks, SAUTER Controls, and Siemens Industrial Control Systems (ICS) are vulnerable to cyberattacks, according to the U.S. Cybersecurity and Infrastructure Security Agency (CISA). The advisories released on January 12th contain information on vulnerabilities, exploits, and other security flaws…

Read more →

Marked by significant geopolitical shifts and unrest, 2022 has galvanized the cybersecurity landscape as well; war-profiteering fueled by endless media disputes has allowed the threat actors not only to operate unhindered but also to find safe harbor with states that…

Read more →

Later this week, proof-of-concept exploit code will be made available for a serious vulnerability in multiple VMware products that permits remote code execution (RCE) without authentication. This pre-auth RCE security hole, identified as CVE-2022-47966, is brought on by the usage…

Read more →

A version of the Hive cyberattack kit created by the Central Intelligence Agency (CIA) was spotted in the wild. The pirated malicious code acts as spyware, secretly exfiltrating data from victims. The variant was nicknamed xdr33 after its digital certification…

Read more →

Pro-Russian group NoName057(16) continues to wreak havoc. Cybersecurity experts discovered that the group is behind a wave of DDoS attacks against organizations based in Ukraine and NATO countries. The attacks started in March 2022 and since then, governmental and critical…

Read more →

Authorities from Bulgaria, Cyprus, Germany, and Serbia, with help from Europol and Eurojust, worked together to break up a cybercrime ring that was involved in online investment fraud. Since June 2022, when German authorities first asked for help, the European…

Read more →

Threat Actors evade security measures by creating files that are a combination of polyglot and malicious Java archive (JAR). This way they can deploy malware without being discovered. How Does This Work? Polyglot files integrate vocabulary from two or more…

Read more →

On early Monday, numerous Danish smartphone users reported suspicious SMS-type content originating from a questionable source, allegedly related to Danske Spil. In all instances, a single message would be sent, informing the user of his enrollment in a monthly pay-to-win…

Read more →

The VPN market has grown considerably in the last few years due to the increasing popularity of VPN technologies. However, corrupted VPN installers have been used by threat actors to deliver a piece of spyware called EyeSpy, as part of a malware…

Read more →

Static and dynamic IP addresses are two ways of assigning an address to all IT equipment, usually by an Internet access provider (ISP), depending on the needs of its customers – regular users or businesses. In this article, we will…

Read more →

On Friday, DevOps platform CircleCI revealed that unidentified threat actors compromised an employee’s laptop and stole their two-factor authentication credentials to compromise the company’s systems and data. CI/CD service CircleCI said the “sophisticated attack” occurred on December 16, 2022, and…

Read more →

TikTok UK and TikTok Ireland have been fined €5,000,000 by France’s Commission Nationale de l’Informatique et des Libertés (CNIL) for making it impossible for platform users to reject cookies and for failing to adequately explain their function. Article 82 of…

Read more →

Threat actors injected malware that steals customers` private data on Canada`s largest alcohol retailer online store. On January 10th, 2023, the Liquor Control Board of Ontario (LCBO), a Canadian government enterprise, announced that unknown hackers had breached their website. Cyber…

Read more →

Fewer words are more used in cybersecurity than malware. The one that gives IT specialists nightmares, makes companies ramp up security tools, and constantly challenges software creators, malware targets every aspect of our daily used technologies and devices. Being so…

Read more →

The increasing frequency and size of ransomware attacks are becoming a huge concern for thousands of organizations globally. All over the world, threat actors take advantage of security vulnerabilities and encrypt data belonging to all sorts of organizations: from private…

Read more →

Last time, we got to know better what network segmentation means. We defined the concept, found out how it works, how to use it and what benefits its implementation can bring to your organization. You can check out the first…

Read more →

In order to deceive users into sending money to a scammer instead of the intended recipient, a new scam known as “Address Poisoning” has surfaced, according to cryptocurrency wallet service MetaMask. In contrast to other frauds, which frequently employ techniques…

Read more →

According to recent research into Raspberry Robin’s attack infrastructure, other threat actors may be able to repurpose the infections for their own malicious actions. Raspberry Robin, also known as “QNAP worm”, and linked to the threat actor DEV-0856, is a…

Read more →

A cyberattack on Royal Mail, the UK’s largest mail delivery service, has been linked to LockBit ransomware. The Royal Mail announced yesterday that it has been experiencing severe disruption to international export services as a result of a cyber incident.…

Read more →

Several crypto scams linked call centers that were functioning in multiple European countries were discovered and closed this week by Europol. Cybercriminals used these call centers to convince individuals to invest money in the “Pig Butchering” cryptocurrency scams. The cross-border…

Read more →

A system administrator discovered that the Android TV box bought from Amazon had pre-installed malware. According to him, the box was reaching out to a whole list of active malware addresses. Daniel Milisic is the person who found the malware…

Read more →

This new text-to-speech AI model from Microsoft can listen to a voice for just a few seconds, then mimic it, including its emotional tone and acoustics. Microsoft’s latest research in text-to-speech AI centers on a new model known as VALL-E. It’s…

Read more →

Mutual authentication, also known as two-way authentication or website-to-user authentication, is a security mechanism that requires the two sides of a communications channel to authenticate each other’s identities (instead of just one side verifying the other) before moving forward with…

Read more →

In today’s data-driven world, it is essential for businesses to protect their systems from malicious attacks. Insider threat mitigation is a security measure that helps to identify and mitigate threats posed by malicious insiders, such as employees or contractors with…

Read more →

Microsoft has kickstarted 2023 with a comprehensive list of vulnerabilities, including several issues that have been flagged as zero-day bugs.  This Patch Tuesday list covers over 90 common and uncommon exploits, with risk scores ranging from moderate to severe. Patch…

Read more →

Twitter claims there is no connection between former system vulnerabilities and a leaked dataset of 200 million users that was recently on sale online. On January 11th, 2023, the social media company declared this time its researchers found no evidence…

Read more →

UK’s leading mail service, the Royal Mail, has stopped its international shipping services due to “severe service disruption”. The company described the cause as a “cyber incident”. Although the event had no effect on delivery or pickup services in the…

Read more →

Recently, Australian hospitals have been hit by a wave of Gootkit malware loader attacks that leverage legitimate software like VLC Media Player as cover. To get initial access, Gootkit (also known as Gootloader) is reported to use search engine optimization (SEO)…

Read more →

Koko, a mental health company, announced on 6 January 2023, that it provided AI-generated counseling to 4,000 people. The information raised ethical and legal concerns about the regulation of the use of AI and the absence of consent from individuals…

Read more →

The open-source JsonWebToken (JWT) library has been confirmed to be affected by a high-severity security flaw that could lead to remote code execution. While investigating the popular open-source project, Unit 42 researchers discovered a new vulnerability, tracked as CVE-2022-23529.This flaw has…

Read more →

Researchers warn that patching critical vulnerabilities that allow network access is not enough to prevent ransomware attacks. Some gangs exploit the flaws to plan a backdoor malware while they still have the opportunity, and they may return long after the…

Read more →

Des Moines Public School put all networked systems offline and canceled classes on January 10th due to an undefined cyberattack. More than 31,000 kids from preschool through high school in more than 60 schools, as well as the school’s 5000…

Read more →

The Advanced Persistent Threat (APT) known as StrongPity has been observed distributing a fake Shagle chat app that is a trojanized version of the Telegram for Android app with an added backdoor. Shagle is a legitimate random-video-chat platform that allows strangers to…

Read more →

Multiple government agencies and military bodies in the APAC region have been targeted by what appears to be a new advanced threat actor that uses custom malware. Researchers refer to this group as Dark Pink (Group-IB) or Saaiwc Group (Anheng…

Read more →

Threat actors launched a massive malware campaign that spoofs the AnyDesk site to infect endpoints with Vidar stealer. More than 1,300 domains that impersonate the official AnyDesk site were found to redirect users to a Dropbox folder that pushes information-stealing…

Read more →

On January 10th, the Cybersecurity and Infrastructure Security Agency (CISA) added two more new vulnerabilities to its catalog of actively exploited bugs. CISA ordered agencies to patch the bugs as soon as possible to avoid exploitation by threat actors. The…

Read more →

The Department for Environment, Food & Rural Affairs (DEFRA) website in the U.K. was the victim of a redirect attack. Cybercriminals used an open redirect to send visitors to fake OnlyFans pages. What Happened Threat actors exploited an open redirect…

Read more →

A new research shows that threat actors are exploiting the increasingly popular ChatGTP to write usable malware and share their results on the dark web. The study was based on recent findings from Cybernews, and three distinct cases were profiled…

Read more →

A malicious IcedID malware campaign was identified recently. According to researchers, threat actors are actively spreading malware using modified versions of the Zoom application that have been trojanized. Zoom has become increasingly popular in recent years since the COVID-19 pandemic emerged…

Read more →

While containers and microservices keep gaining popularity among developers, it`s no wonder the interest in container security best practices has also grown. Although container-based architecture comes with a series of advantages: portability, lightweight, easy maintenance, and scalability, it also rises…

Read more →

The American fast-food restaurant chain Chick-fil-A is looking into “suspicious activity” linked to some of its customers’ accounts. The company created a support page with advice for clients who notice any strange activity on their accounts, such as mobile orders…

Read more →

Fake Pokemon NFT card game website is used by threat actors to spread malware. Visitors are tricked to download the NetSupport remote access tool or RAT, a malicious software that takes over victims’ devices. Details About the Campaign Analysts at…

Read more →

Turla Russian espionage group delivers KOPILUWAK reconnaissance utility and QUIETCANARY backdoor to ANDROMEDA malware victims in Ukraine. Cyber researchers track the operation as UNC4210. Turla is also known as Iron Hunter, Krypton, Uroburos, Venomous Bear, or Waterbug and is thought…

Read more →

Cold River, a Russian hacking collective, targeted three US nuclear research laboratories. Brookhaven, Argonne and Lawrence Livermore National Laboratories were all hit. Between August and September Cold River targeted the Brookhaven (BNL), Argonne (ANL) and Lawrence Livermore National Laboratories (LLNL), according…

Read more →

Threat actors targeting the Visual Studio Code extensions use a new attack vector. They upload rogue extensions impersonating their legitimate counterparts with the goal of triggering supply chain attacks on the machines of developers. Curated via a marketplace made available…

Read more →

Flying Blue customers have been informed that some of their personal information was exposed following a breach of their accounts. Clients of Air France, KLM, Transavia, Aircalin, Kenya Airways, and TAROM can exchange loyalty points for rewards through Flying Blue.…

Read more →

When it comes to malware, knowing what types of malicious software lurk out there can help you enable efficient cybersecurity measures and stay protected. Backdoor malware is just one of many kinds of threats that you have to take into…

Read more →

When it comes to network security, there are a lot of methods to help strenghten it. One such method, that will not only increase the overall security of your enterprise, but it will also simplify the monitorization and response to…

Read more →

It has been over a year since the Cloudstar ransomware attack, and Stephen Millstein, the CEO of Certified Title Corporation, still feels “something like PTSD” whenever he recalls what happened. In the cyber attack on the cloud storage provider, Millstein’s…

Read more →

Commission Nationale de l’Informatique et des Libertés (CNIL), the French data protection authority, fined Apple €8,000,000 ($8.5M) for collecting user data without the user’s consent. The data was used to better target advertising in the App Store. These actions are…

Read more →

Blind Eagle, a financially-motivated threat actor previously observed launching operations against organizations in Colombia and Ecuador, has reemerged with a sophisticated toolset and a complex infection chain. The latest findings from Check Point shed light on the group’s methods, such…

Read more →

The Vice Society gang has been behind a high-profile string of ransomware attacks on schools across the UK and the USA, with the most recently uncovered campaign involving 14 British schools. Source Vice Society – A Constant Threat Vice Society…

Read more →

WhatsApp introduces a new feature in its latest released update. From now, users of the messaging app will be able to connect via proxy servers in case of Internet shutdowns or if the service is blocked in their country by…

Read more →

The Play ransomware operation was responsible for a cyberattack that brought Rackspace’s hosted Microsoft Exchange environment down in December. According to Rackspace, attackers behind last month’s incident gained access to some of its customers’ Personal Storage Table (PST) files, which…

Read more →

A cybercrime group going by the name of Bluebottle has been linked to a set of attacks aimed at the financial sector in Francophone countries located in Africa, in the timeline between July and September 2022. Symantec, a division of…

Read more →

The number of attacks targeting banks grew after the source code for CypherRat, a new SpyNote malware version, was offered for free on hacker groups. CypherRat has both spyware and banking trojan features impersonating banking institutions. It was initially sold…

Read more →