Category: Heimdal Security Blog

According to a joint alert from CISA, the NSA, the FBI, and partner Five Eyes organizations, the Chinese cyberespionage group Volt Typhoon entered a critical infrastructure network in the United States and remained undiscovered for at least five years before…

Read more →

An insider data breach at Verizon has compromised the personal information of more than 63,000 employees, nearly half of the company’s global workforce. The telecommunications giant disclosed the incident in a Data Breach Notification with the Office of the Maine…

Read more →

Demand for Identity and Access Management tools is booming. According to data website Statista, the market for this technology is set to reach over USD $43 billion by 2029 – almost triple the 2022 level.  Today, there are dozens of…

Read more →

New Chainalysis warns of ransomware payments raised above above $1.1 billion in 2023 and reached a new record. The $983 million previous peak was set in 2021, while in 2022 the ransomware payments dropped to $567. Chainalysis puts the unusual…

Read more →

An effective cybersecurity incident response plan (IRP) can be the difference between a minor disruption and a major crisis. This article provides you with comprehensive IRP templates in PDF, Word, and Google Docs formats to ensure your organization can quickly…

Read more →

AnyDesk confirmed recently that a cyberattack has affected their product systems. The hackers accessed the source code and private code signing keys. Initially, the 170,000 customers remote access software company claimed an unplanned maintenance to explain why client logins failed…

Read more →

Securing digital assets has never been more critical. This guide offers direct access to indispensable cybersecurity risk assessment templates in PDF, Word, and Google Docs formats, enabling organizations and individuals to fortify their digital defenses effectively and efficiently. What are…

Read more →

Over the last decade, the cloud has gone from being a radical, disruptive new technology to becoming the default setting for organizations of all shapes and sizes. The days of enterprises and heavily regulated companies citing security as the main…

Read more →

Choosing between the different types of patch management solutions impacts the effort your IT team must make to keep the system safe. There’s no one-size-fits-all with patch management software, so you’ll need to evaluate your company’s profile first. Once you…

Read more →

Privileged accounts are one of the most common entry points for hackers. The profusion of accounts in an organization and the difficulty of managing them creates a unique target for malicious actors. Securing these accounts, therefore, is a key tenent…

Read more →

Cloudflare disclosed a security breach today, revealing that a suspected nation-state attacker infiltrated its internal Atlassian server. The attack, which began on November 14, compromised Cloudflare’s Confluence wiki, Jira bug database, and Bitbucket source code management system. How did attackers…

Read more →

We have partnered with Jupiter Technology Corporation, who will distribute our cybersecurity products across Japan as part of a long-term sales and distribution agreement. Jupiter Technology will sell the Heimdal XDR Unified Security Platform, marketed as the ‘Heimdal Security Suite’.…

Read more →

Looking to find the right privileged access management (PAM) solution for your organization? Well, you’ve certainly come to the right place… PAM tools play a key role in any modern cybersecurity strategy. Without them, you can’t hope to protect yourself…

Read more →

The Importance of Choosing the Right Privilege Identity Management Solution The essence of effective Privileged Identity Management (PIM) lies not in identity or management but in privilege. A robust PIM system focuses on identifying those who should, and equally importantly,…

Read more →

Threat and Vulnerability Management plays a crucial role in safeguarding information systems.  It involves identifying, assessing, and mitigating vulnerabilities in software, hardware, and organizational processes. Effective TVM not only anticipates and counters potential cyber threats but also ensures compliance with…

Read more →

Keenan data breach exposes sensitive data belonging to 1,509,616 individuals. The insurance broker company notified the impacted customers and employees on January 26th, 2024. According to the data breach notification, the hackers gained access to Keenan`s network on August 21st,…

Read more →

Cactus Ransomware claims responsibility for the January 17th Schneider Electric data breach. Schneider Electric confirms hackers got access to their Resource Advisor cloud platform. The French-based energy giant says the attack only hit their Sustainability Business division. The platform holds…

Read more →

The Heimdal Partner NEXUS program is now live. NEXUS, or the ‘Network of Excellence, Unity, and Safeguarding’ is a global initiative designed to enhance cybersecurity partnerships. Tailored for resellers, distributors, and MSP/MSSPs, it aims to improve customer security and expand…

Read more →

With data breaches on the rise, it’s important to limit access to your organization’s sensitive data. A user access review software can help you do so.  This article provides you with a comprehensive overview of the 10 best User Access…

Read more →

CISA and FBI released an advisory on Androxgh0st malware IoCs (Indicators of Compromise) and warned about hackers using this threat to steal credentials. The advisory contains: a list of specific Androxgh0st IoCs examples of malicious activities linked to it details…

Read more →

The National Cyber Security Centre Finland announced a surge in Akira ransomware attacks. Threat actors used Akira malware in six out of the seven ransomware attacks reported in December 2023. The attackers used VPNs that lacked multi-factor authentication. They exploited…

Read more →

During his initial statements since becoming the National Cyber Director in December, Harry Coker stated that the White House plans to “reduce unnecessary barriers” that federal contractors have while trying to fill cybersecurity positions, such as the need for a…

Read more →

We all know that maintaining up-to-date systems is crucial. Patch management plays a vital role in this process. This article serves as a hub for various patch management templates, each designed to streamline and enhance the efficiency of your patch…

Read more →

Key takeaways: Why privileged access management requires a continuous approach; The common pitfalls of poor privileged access management; How to create an effective, end-to-end privileged access management lifecycle. Privileged access management (PAM) is an essential tool of any modern cybersecurity…

Read more →

I got to talk to Dragoș Roșioru, a seasoned MXDR expert, about incident response best practices and challenges.   Get an in-depth understanding of the do’s and don’ts in incident response as Dragoș explains how to avoid the most common mistakes…

Read more →

The Terrapin attack, a newly identified security threat, jeopardizes nearly 11 million SSH servers that are accessible online. Originating from academic research at Ruhr University Bochum in Germany, this attack specifically targets the SSH protocol, affecting both clients and servers.…

Read more →

HealthEC LLC, a leading provider in health management solutions, experienced a significant data breach, impacting approximately 4.5 million individuals. This incident affected patients who received care through one of HealthEC’s client organizations. The company’s population health management platform, used by…

Read more →

Security research and consulting firm SRLabs exploited a vulnerability in the encryption algorithm of a specific strain of Black Basta ransomware to develop and release a decryptor tool named Black Basta Buster. This tool, released in response to the activities…

Read more →

Transformative Healthcare announces Fallon Ambulance data breach exposed sensitive information of 911,757 customers. Fallon ceased operations in December 2022 but is still responsible for a data storage archive that hackers targeted with ransomware. The ALPHV threat group a.k.a. BlackCat, claimed…

Read more →

Over 1.3 million customers across the U.S. are being alerted by mortgage servicing company LoanCare that a data breach at its parent company, Fidelity National Financial, may have compromised their private information. With 1.2 million loans and $390 billion in…

Read more →

Katholische Hospitalvereinigung Ostwestfalen (KHO), a German hospital network, has confirmed that a cyberattack launched by the Lockbit ransomware group is the cause of recent service disruptions at three hospitals in its network. The attack occurred in the early morning of…

Read more →

Citrix bugs caused a lot of problems throughout the year, and as we’re closing down 2023, it seems it’s not over. This time, Xfinity, Comcast’s cable television and internet division has been the victim of a data breach caused by…

Read more →

ESO Solutions, a key software provider for healthcare and emergency services, was the victim of a ransomware attack. This cyberattack led to unauthorized data access and encryption of various company systems. The breach, initially identified on September 28th, marked the…

Read more →

The National Security Agency (NSA) has unveiled its ‘2023 Cybersecurity Year in Review’. This document highlights the agency’s achievements in enhancing national security through cybersecurity. It emphasizes the value of NSA’s collaborations with U.S. government agencies, international allies, and the…

Read more →

The antivirus software stands as a critical defense line against cyber-attacks. To fully understand how it operates, it’s vital to understand the four distinct layers of antivirus security. Each layer contributes to the detection and neutralization of threats, ensuring a…

Read more →

The U.S. Justice Department (DoJ) announced on December 19th that the Federal Bureau of Investigations had disrupted the BlackCat ransomware threat group’s activity. The FBI offered a decryption tool to more than 500 affected victims. They also encourage potentially unknown…

Read more →

The Exploit Prediction Scoring System (EPSS) is a data-driven tool highlighting what vulnerabilities hackers will likely exploit. EPSS was created by a group of experts at the Forum of Incident Response and Security Teams (FIRST). Its purpose is to make…

Read more →

In a perfect world, you’d have the resources to defend yourself against every possible cybersecurity threat and vulnerability. The reality, however, is that even the largest organizations have limited resources to dedicate to cybersecurity. An effective security strategy, therefore, needs…

Read more →

The purpose of Heimdal®’s exercise is to analyze the complex dynamics between endpoint-based attacks, code-based vulnerabilities, and cyberattacks that leverage DNS in an attempt to establish a baseline for detection and response framework. To this end, we have analyzed two…

Read more →

Security researchers discovered a new JaskaGO malware stealer that can infect both Windows and macOS. JaskaGO uses various methods to persist in the infected system. Researchers observed various malware versions impersonating installers for legitimate software like CapCut video editor, AnyConnect,…

Read more →

Dena, the reputed German Energy Agency, is said to have fallen victim to the notorious LockBit ransomware group. The Dena cyberattack was revealed through a post on the threat actor’s dark web platform, where they disclose data breach incidents and…

Read more →

Researchers warn Lazarus threat actors still exploit known Log4j vulnerability to infect devices with new DLang malware strains. The new campaign, dubbed Operation Blacksmith, became active on March 23. Hackers target manufacturing, agricultural, and physical security companies that failed to…

Read more →

Toyota Financial Services (TFS) reveals that hackers stole their customers’ sensitive data in the last cyberattack. In November 2023, the Medusa threat group claimed the Toyota data breach and asked for a $8,000,000 ransom. The company did not seem to…

Read more →

This post is authored by Heimdal’s Valentin Rusu – Machine Learning Research Engineer and overall cybersecurity guru here at Heimdal. As an incident response manager himself, Valentin regularly coordinates security responses for companies of all shapes and sizes – including…

Read more →

Heimdal in partnership with Microsoft is addressing the needs of our customers and managed service providers through an advanced Next-Gen Antivirus (NGAV) upgrade. By leveraging Microsoft Defender and enhancing it with Heimdal Extended Threat Protection (XTP), our customers are shielded…

Read more →

Notorious North Korean hacking group, Lazarus, breached Taiwanese multimedia software company CyberLink and trojanized an installer to instead push malware in a complex supply chain attack, with the possibility of a worldwide reach. Activity that may have been connected to…

Read more →

Welltok, a Healthcare SaaS provider, has issued a warning about a significant data breach that compromised the personal information of nearly 8.5 million patients in the U.S. This breach occurred due to a cyberattack on a file transfer program used…

Read more →

Patch management involves distributing and applying updates to various endpoints, which is crucial in fixing software vulnerabilities or unforeseen system interactions.  60% of cyber incidents leading to covert data theft link to absent, misconfigured, or incompletely implemented patches.  A concerning…

Read more →

Organizations that want to avoid a security breach or attack naturally do everything in their power to avoid it from happening in the first place. The more proactive and preventative work you do, the higher your chance of avoiding an…

Read more →

Key Takeaways: Vulnerability prioritization is about deciding what to patch, and in what order.  Many organizations use unsatisfactory methods when prioritizing patches. Learn how a holistic, risk-based approach to vulnerability prioritization can improve patch management.  Find out how automated vulnerability…

Read more →

Researchers warn of an increase in NetSupport RAT (Remote Access Trojan) infections impacting education, government, and business services sectors. NetSupport Manager is a remote control and desktop management tool by NetSupport Ltd. Its initial role was to aid IT professionals…

Read more →

Threat actors target macOS systems with the Atomic Stealer malware in a new phase of the ClearFake campaign. Mac users are tricked into downloading the infostealer on their devices from fake browser updates. Hackers designed the Atomic Stealer (AMOS) malware…

Read more →

The cybersecurity solution of the future must be proactive and holistic, designed to face the most modern forms of attack. This is what we here at Heimdal are devoted to achieving through our endpoint protection, detection, and response suite with…

Read more →

Managing user privileges is a critical task for any organization. This article aims to guide you through the process of assigning user privileges in Heimdal, ensuring a secure and efficient management of your cybersecurity infrastructure.  Key Takeaway Summary  Understanding User…

Read more →

When it comes to information security, ISO 27001 is of paramount importance. As CISOs and IT administrators, you’re likely familiar with its significance. However, the journey from understanding to effectively implementing ISO 27001 controls is not without challenges.   This article…

Read more →

An effective Mac patch management strategy involves following a series of well-planned steps and best practices. Patch management strategies are not just about bug fixes, closing vulnerabilities, and improving system performance. Meeting compliance requirements is also on the goals list. …

Read more →

Heimdal has launched “Outliers Detection”, an AI-powered feature that upgrades its Email Fraud Protection platform. This tool uses AI to proactively spot and stop email threats early, keeping businesses safe. Our method is both innovative one-of-a-kind. We use anomaly detection…

Read more →

Researchers disclosed a new Intel CPU vulnerability that allows escalation of privileges, access to sensitive data, and denial of service via local access. CVE-2023-23583 has an 8.8 CVSS score and impacts various Intel desktop, mobile, and server CPUs. According to…

Read more →

Truepill data breach exposed sensitive information belonging to 2,364,359 people and risks multiple lawsuits. The B2B-focused pharmacy platform discovered the incident on August 31, 2023. They promptly launched an investigation and took additional security measures to contain the incident. However,…

Read more →

Samsung Electronics has informed its customers about a data breach impacting those who shopped at the Samsung UK online store from July 1, 2019, to June 30, 2020. This breach resulted in unauthorized access to personal information. Breach Traced to…

Read more →

Today, the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) have jointly issued a warning about the Rhysida ransomware group. This gang has been attacking various organizations in different sectors since May 2023. A detailed Cybersecurity Advisory (CSA) has…

Read more →

A notorious hacker, previously involved in high-profile data breaches of InfraGard and Twitter, has now leaked a substantial LinkedIn database on a clear web hacking forum. The scraped LinkedIn database was leaked in two parts: one containing 5 million user…

Read more →

In the wrong hands, medical data can be used for a variety of crimes, such as patient identity theft, clinician identity theft, extortion, tax fraud, insurance fraud, and more. Geopolitical agendas further complicate the threat landscape, as cyberattacks such as…

Read more →

Daixin Team claimed responsibility for the ransomware attack that impacted 5 hospitals in Ontario, Canada, on October 23rd. TransForm, the shared service provider of the five healthcare organizations, confirmed the ransomware attack. The stolen database contains information on 5.6 million…

Read more →

Threat groups exploited two recent Atlassian Confluence vulnerabilities to deploy Cerber ransomware. On October 31st, Atlassian released security updates for both flaws and urged users to patch. Both flaws, CVE-2023-22518 and CVE-2023-22515, are ranked 10 which is the maximum risk…

Read more →

If you switched from using HTTP/1 to HTTP/2 you`re a possible target of massive DDoS attacks. Hackers started recently to exploit a key feature of the HTTP/2 protocol. The vulnerability was called CVE-2023-44487.  The HTTP/2 Rapid Reset DDoS attacks that targeted…

Read more →

Any device that runs code is vulnerable to hacking and so are MacOS machines. They need patching just as any other endpoint. Most Apple users would swear that Macs are immune to viruses and other malware. The truth is they`re…

Read more →

Meet Jeff. He’s the CISO of a mid-sized financial services company – and it’s his job to keep the organization safe from security attacks. Every week, he checks the graphs and dashboards in his SIEM (security information and event management)…

Read more →

Managing privileged access to internal resources is a challenge for organizations worldwide. If left unaddressed, it could lead to data breaches, downtime, and financial loss. Statistics show that 80% of data breaches seem to be caused by misuse of privileged…

Read more →

ISO 27001, sometimes referred to as ISO/IEC 27001 is an international standard that addresses organizational information security. Issued in 2005 and with a second revision in 2013, the ISO 27001 standard describes the Information Security Management Systems requirements for global…

Read more →

The U.S. Federal Trade Commission (FTC) requires all non-banking financial institutions to report data breaches to FTC within 30 days. The amendment to the Safeguard Rule refers to security incidents that impact more than 500 people. Samuel Levine, Director of…

Read more →

On October 27th, Lockbit claimed to have breached Boeing and threatened to leak a massive amount of sensitive data. Three days later, the threat group removed the aircraft company`s name from the victim list. At first, hackers posted a message…

Read more →

Canada’s largest public library system reported a cyberattack that took down its website, member services pages, and limited access to its digital collections. The Toronto Public Library provides more than 12 million items across 100 branches to more than 1.2…

Read more →

Separation of privilege is splitting up tasks and assigning rights to different parts of a system. It means that user privileges are segmented between various users and accounts, but you can also apply it to applications, system sub-components, tasks, and processes.…

Read more →

[Copenhagen, Denmark – October 2023] – Heimdal, the pioneer and leading provider of unified cybersecurity solutions, is thrilled to announce its latest strategic partnership with renowned Danish managed service provider (MSP) ResenNet. This collaboration marks a significant milestone in the…

Read more →

Since at least October 11, the Russian hacker organization Winter Vivern has been using a Roundcube Webmail zero-day vulnerability in attacks against think tanks and government agencies in Europe. According to security researchers, the cyberespionage group (also identified as TA473)…

Read more →