Category: Heimdal Security Blog

What Is a Software Restriction Policy?

In today’s digital age, it is crucial for businesses to protect their sensitive data and computer systems from cyber threats. One effective way of doing so is by implementing a software restriction policy. But what exactly is a software restriction…

Typhon Info-Stealing Malware Comes Back Harder to Detect

Threat actors upgraded Typhon info-stealer to a version that has improved evading features against analysis and anti-virtualization mechanisms. The new Typhon Reborn V2 malware is currently advertised on a dark web forum. Typhon was first discovered in August 2022 and…

What Is Scareware and How to Prevent It?

Are you one of those people who get easily scared by pop-up ads and warning messages on your computer? If so, then beware! You might be falling for a common cybercrime tactic known as scareware. Scareware is a type of…

New Threat Uncovered: Rorschach Ransomware – The Fastest Encryptor

Researchers have unveiled a sophisticated and fast ransomware strain called Rorschach, previously undocumented. Malware experts discovered the new ransomware strain after a cyberattack on a U.S.-based company and described it as having “technically unique features”. Among the capabilities observed was the encryption…

15 Million Systems Are Vulnerable to CISA KEV Flaws

Using the Shodan database, IT security researchers were able to track down 15 million vulnerable systems with vulnerabilities from the US cyber security authority CISA’s Known-Exploited-Vulnerabilities-Catalog (KEV). When KEV vulnerabilities are discovered, updates are usually available from the software manufacturer…

Elementor Pro Vulnerability Actively Exploited by Threat Actors

Threat actors are actively exploiting a high-severity vulnerability discovered in the popular plugin Elementor Pro. Elementor Pro is a WordPress page builder plugin with multiple functions that helps users to build professional-looking websites easily, without the need to know how…

SCCM Alternative for Patch Management

In today’s cybersecurity space, properly patching the machines and servers in your company can make the difference between a well-secured organization and a vulnerable one. SCCM is one of the most popular system management solutions on the market and has…

Ukrainian Authorities Stop a Phishing Scam Worth $4.3 million

Ukraine’s Cyberpolice Department announced an operation during which they busted a phishing gang. The police arrested two scammers and confiscated equipment used for phishing frauds. Threat actors managed to steal $4,300,000 from over a thousand victims across the EU. The…

Best Practices for Effective Identity Lifecycle Management (ILM)

In today’s fast-paced world, identity management has become a crucial aspect of every organization. From securing sensitive data to ensuring compliance with regulations, effective Identity Lifecycle Management (ILM) is essential for businesses of all sizes. However, implementing an ILM strategy…

Companies Affected by Ransomware [2022-2023]

The increasing frequency and size of ransomware attacks are becoming a huge concern for thousands of organizations globally. All over the world, threat actors take advantage of security vulnerabilities and encrypt data belonging to all sorts of organizations: from private…

What Is User Provisioning?

User provisioning (also known as account provisioning) is a digital Identity and Access Management (IAM) process that involves creating employee/user accounts and their profiles and giving them appropriate rights and permissions across IT infrastructure and enterprise applications and systems. In…

APT43: A New Cyberthreat From North Korea

A new North Korean cyber operator has been attributed to a series of attacks conducted to gather strategic intelligence aligned with the state’s geopolitical interests. Security researchers, which are tracking the threat group’s activity under the moniker APT43, believe that…

What Is Quishing: QR Code Phishing Explained

Are you aware of QR code phishing or “quishing”? This form of social engineering attack is gaining popularity among cybercriminals eager to steal your data. In this article, we will find out what quishing is, how it works, and how…

Chinese Hackers Infiltrate Middle Eastern Telecom Companies

New cyber attacks against Middle Eastern telecommunications operators emerged in the first quarter of 2023. Based on technical overlaps, the intrusion set was identified as being the work of a Chinese cyber espionage actor associated with a long-running campaign dubbed…

Drive-by Download Attack – What It Is and How It Works

In today’s digital age, cybersecurity is more important than ever before. Unfortunately, cybercriminals are constantly finding new ways to infiltrate networks and steal data. One of the most insidious methods they use is known as a drive-by download attack. This…

37M Subscribers Streaming Platform Lionsgate Exposes User Data

Cybersecurity researchers found that Lionsgate, an entertainment industry giant, exposed the IP addresses and viewing habits of its subscribers. The investigators from Cybernews uncovered that the video-streaming service Lionsgate Play had exposed user information via a publicly accessible ElasticSearch instance.…

Another Fake ChatGPT Extension Found in Google Chrome Store

Researchers discovered a new fake ChatGPT extension for Chrome in the official Chrome Store. This version steals Facebook session cookies, hijacking accounts. The malicious extension is a copy of “ChatGPT for Google”, a Chrome add-on, but with additional malicious code.…

HinataBot: The Latest Go-based Threat Is Launching DDoS Attacks

In January, a Go-based botnet named HinataBot (named after the character from the popular anime series Naruto) was discovered exploiting old vulnerabilities and weak credentials in HTTP and SSH honeypots. HinataBot Overview According to Akamai’s SIRT team, the botnet exploited arbitrary…

What Is Stack Smashing?

Stack smashing is a type of vulnerability that can lead to serious security breaches. This vulnerability occurs when a hacker exploits a flaw in a program’s memory allocation, causing the program to crash or execute arbitrary code. In this article,…

5 Ways Heimdal® Protects You From DNS Attacks

As cyber-attacks continue to proliferate, it’s essential for organizations to stay ahead of the game when it comes to security. One area that requires particular attention is the Domain Name System (DNS). DNS attacks are more common than one might…

Makop Ransomware: The Arsenal of Cybercriminals Becomes Known

In operation since 2020, the Makop ransomware gang is classified as a tier-B ransomware gang. The threat actor has successfully targeted companies in Europe and Italy with its hybrid arsenal of custom-developed and off-the-shelf software tools despite its low classification.…

Most Common Remote Work Security Risks

Remote work has become a highly popular and common practice around the world, especially now as companies allow a significant part of their employees to remain remote. However, while this practice increases flexibility, improves productivity, and enhances work-life balance, there’s…

5 Ways Heimdal® Protects Your Endpoints

In the book about cybersecurity, protecting your endpoints must be the first and one of the most important chapters. Once an endpoint is breached, there is no way of telling what a cybercriminal will do next. Hackers can decide to…

Top 5 Must-Watch XDR Videos from Heimdal®

As we have seen in our previous articles, news, and webinars, in this increasingly complex threat landscape, malicious actors employ more and more sophisticated techniques to exploit traditional security parameters, safeguards, and countermeasures implemented to safeguard corporate data and infrastructure.…

Red Team vs. Blue Team: What Is It?

With cyberattacks seemingly increasing at a high rate, companies have to make sure their details and information are secured and safe from threat actors creeping around. Today, we will talk about a popular approach used by companies to assess their…

Major Healthcare Data Breach Impacts U.S. House Members

Threat actors breached the DC Health Link network, the healthcare administrator that serves the U.S. House of Representatives. Researchers say the data breach impacted roughly 170,000 persons. Among those, there are hundreds of U.S. House members, their staff, top representatives,…

New Info Stealer SYS01 Targets Key Government Infrastructure

Cybersecurity researchers uncovered a new, highly-advanced information stealer, dubbed SYS01 stealer, that has been deployed in attacks on critical government infrastructure employees, manufacturing companies, and other industries since November 2022. Morphisec researchers discovered similarities between the SYS01 stealer and another…

PIM vs PAM vs IAM: What’s The Difference?

Identity management has become an essential aspect of cybersecurity as businesses struggle to protect their sensitive data from cyber threats. To shed some light on this topic, in this article, we’ll help demystify the key differences between PIM (Privileged Identity…

XDR vs EDR – A Comparison

Endpoint security seeks to protect every endpoint that connects to a network in order to prevent unauthorized access and other destructive behaviors at such entry points. The value of effective endpoint security solutions has expanded dramatically, partly as a result…

Hospital Clinic de Barcelona Suffered a Ransomware Attack

Hospital Clinic de Barcelona, one of the main hospitals in the Spanish city, suffered a ransomware attack that crippled its computer system, causing 3,000 patient checkups and 150 non-urgent operations to be canceled. The incident occurred on Sunday, the 5th…

Find Out More About the New HiatusRAT Router Malware

An ongoing campaign is targeting business routers using a new malware, the HiatusRAT router malware. The Hiatus campaign affects DrayTek Vigor router models 2960 and 3900. The hackers aim to steal data and transform the infected device into a covert…

Play Ransomware Starts Leaking Oakland City Data

The Play ransomware group has begun leaking data stolen in a recent cyberattack from the City of Oakland, California. The initial data leak consists of a 10GB multi-part RAR archive apparently comprising private documents, employee data, passports, and IDs, explains Bleeping Computer.…

BetterHelp Accused of Sharing Mental Health Data with Advertisers

The Federal Trade Commission (FTC) accused BetterHelp online counseling service of sharing customers’ mental health data with advertisers. The authorities want to ban the online platform from disclosing information to third parties like Facebook and Snapchat. After the accusations, FTC…