Category: Heimdal Security Blog

In today’s digital age, it is crucial for businesses to protect their sensitive data and computer systems from cyber threats. One effective way of doing so is by implementing a software restriction policy. But what exactly is a software restriction…

Read more →

A threat hunting framework is a collation of data-driven adversarial scenarios, backed up by hypothetical, field-tested, or time-honored TTPs (i.e., Tactics, Techniques, and Procedures). Serving a wide array of security-wise needs such as baselining, forecasting, threat modeling, vulnerability discovery, and…

Read more →

Threat actors upgraded Typhon info-stealer to a version that has improved evading features against analysis and anti-virtualization mechanisms. The new Typhon Reborn V2 malware is currently advertised on a dark web forum. Typhon was first discovered in August 2022 and…

Read more →

Are you one of those people who get easily scared by pop-up ads and warning messages on your computer? If so, then beware! You might be falling for a common cybercrime tactic known as scareware. Scareware is a type of…

Read more →

A global law enforcement crackdown, dubbed Operation Cookie Monster, has led to the take down of one of the world’s biggest criminal marketplaces used by online fraudsters to buy passwords – Genesis Market. An FBI-led operation involving more than a…

Read more →

Researchers have unveiled a sophisticated and fast ransomware strain called Rorschach, previously undocumented. Malware experts discovered the new ransomware strain after a cyberattack on a U.S.-based company and described it as having “technically unique features”. Among the capabilities observed was the encryption…

Read more →

Researchers discovered a new malware that fakes legitimate Google Drive extensions to inject malicious scripts and steal cryptocurrency. The new Rilide malware targets Chromium-based browsers like Google Chrome, Microsoft Edge, Brave, and Opera. How Is Rilide Different Just like other…

Read more →

Western Digital announced that they discovered a network breach had affected their systems, starting March 26th. Threat actors managed to obtain unauthorized access to several of the Company’s systems. While law authorities are still investigating, Western Digital claims the intruder…

Read more →

Using the Shodan database, IT security researchers were able to track down 15 million vulnerable systems with vulnerabilities from the US cyber security authority CISA’s Known-Exploited-Vulnerabilities-Catalog (KEV). When KEV vulnerabilities are discovered, updates are usually available from the software manufacturer…

Read more →

Microsoft has patched a misconfiguration issue affecting the Azure Active Directory (AAD) identity and access management service that allowed unauthorized access to many “high-impact” applications. The vulnerabilities were reported to Microsoft in January and February 2022, after which the company…

Read more →

A new online threat actor has emerged: the Money Message ransomware gang. These cybercriminals are attacking companies all over the world, demanding millions of dollars in ransom for the decryption key and not leaking the stolen data. When Did Money…

Read more →

Threat actors are actively exploiting a high-severity vulnerability discovered in the popular plugin Elementor Pro. Elementor Pro is a WordPress page builder plugin with multiple functions that helps users to build professional-looking websites easily, without the need to know how…

Read more →

In today’s cybersecurity space, properly patching the machines and servers in your company can make the difference between a well-secured organization and a vulnerable one. SCCM is one of the most popular system management solutions on the market and has…

Read more →

Winter Vivern (aka TA473), a Russian hacking group, has been exploiting vulnerabilities (CVE-2022-27926) in unpatched Zimbra instances to access the emails of NATO officials, governments, military people, and diplomats. The CVE-2022-27926 flaw affects versions 9.0.0 of Zimbra Collaboration, which is…

Read more →

Ukraine’s Cyberpolice Department announced an operation during which they busted a phishing gang. The police arrested two scammers and confiscated equipment used for phishing frauds. Threat actors managed to steal $4,300,000 from over a thousand victims across the EU. The…

Read more →

In today’s world, a multitude of smart devices helps us to improve our lives, as we rely more and more on technology for a comfortable and efficient lifestyle – smart appliances, smart cars, smartwatches. Life as we know it is…

Read more →

An ongoing supply chain attack allegedly uses a digitally signed and trojanized variant of the 3CX Voice Over Internet Protocol (VoIP) desktop client to target the company’s clients. The 3CX Phone System engineered by the VoIP IPBX software development company…

Read more →

In today’s fast-paced world, identity management has become a crucial aspect of every organization. From securing sensitive data to ensuring compliance with regulations, effective Identity Lifecycle Management (ILM) is essential for businesses of all sizes. However, implementing an ILM strategy…

Read more →

The Department of Health and Social Care has established a cyber security program aimed at improving cyber resilience across the NHS and social care sectors in England over the next seven years. The use of technology to access health and…

Read more →

The increasing frequency and size of ransomware attacks are becoming a huge concern for thousands of organizations globally. All over the world, threat actors take advantage of security vulnerabilities and encrypt data belonging to all sorts of organizations: from private…

Read more →

User provisioning (also known as account provisioning) is a digital Identity and Access Management (IAM) process that involves creating employee/user accounts and their profiles and giving them appropriate rights and permissions across IT infrastructure and enterprise applications and systems. In…

Read more →

A new North Korean cyber operator has been attributed to a series of attacks conducted to gather strategic intelligence aligned with the state’s geopolitical interests. Security researchers, which are tracking the threat group’s activity under the moniker APT43, believe that…

Read more →

The National Crime Agency (NCA) from the U.K. launched several fake DDoS-as-a-service sites. The aim is to gather the details of people who try to utilize such services. The deceiving sites infiltrate the cybercrime market, and several thousand individuals accessed…

Read more →

A zero-day vulnerability in Crown Resorts’ GoAnywhere secure file-sharing server has led to a data breach at the largest gambling and entertainment company in Australia. The Blackstone-owned company operates complexes in Melbourne, Perth, Sydney, Macau, and London, and has an annual…

Read more →

A command-and-control server (C&C) is a computer that threat actors use to send instructions to compromised systems. Their goal is to direct infected devices into performing further malicious activities on the host or network. Hackers can use C&C or C2…

Read more →

Latitude Financial Services, the recently breached Australian loan giant, announces that the number of affected people reaches 14 million. On March 16, 2023, Latitude disclosed they were the victim of a cyberattack that resulted in 328,000 customer records being exfiltrated.…

Read more →

At least 50 US government officials are either suspected or confirmed to have been targeted by invasive commercial spyware designed to hack mobile phones, extract data, and track the movements of the victims. An executive order limiting the use of…

Read more →

Researchers discovered a new MacOS info-stealer that extracts documents, cookies, and login data from infected devices. MacStealer uses Telegram as a command-and-control platform to exploit MacOS machines from Catalina (10.15) and up to Ventura (13.2). It is delivered on the…

Read more →

According to the city of Philadelphia, cybersecurity recommendations have been issued in response to an Internal Revenue Service (IRS) warning against tax-based phishing attempts.  On day two of the annual Dirty Dozen tax scams campaign, the IRS warns again about…

Read more →

On Friday, March 24th, Twitter sent GitHub a copyright infringement notice, claiming some of the platform`s users leaked parts of their source code. GitHub, the Microsoft-owned service for software developers, reacted promptly and took down the code the same day.…

Read more →

Dole Food Company, one of the world’s largest suppliers of fresh fruit and vegetables, has revealed that it has been hit by a ransomware attack that disrupted its operations. The company is still looking into “the scope of the incident,”…

Read more →

Are you aware of QR code phishing or “quishing”? This form of social engineering attack is gaining popularity among cybercriminals eager to steal your data. In this article, we will find out what quishing is, how it works, and how…

Read more →

New cyber attacks against Middle Eastern telecommunications operators emerged in the first quarter of 2023. Based on technical overlaps, the intrusion set was identified as being the work of a Chinese cyber espionage actor associated with a long-running campaign dubbed…

Read more →

Today we are talking about one of the sneakiest cybersecurity threats out there: the logic bomb. The name might sound harmless, but this type of cyberattack can be hard to detect, can do all sorts of damage, and can even…

Read more →

Cyberthieves of today are adaptable – they are excellent at finding new ways to survive and evolve, such as creating new types of ransomware to attack our devices. Knowing the different types of ransomware attacks helps you plan your defenses…

Read more →

A new variant of the BlackGuard stealer has been discovered in the wild, with new features such as USB propagation, persistence mechanisms, the ability to inject more payloads into memory, and the ability to target more crypto wallets. BlackGuard’s New…

Read more →

The City of Toronto announced a data breach caused by GoAnywhere attacks. Clop ransomware, the gang responsible for exploiting the vulnerability in GoAnywhere also impacted UK’s Virgin Red and Pension Protection Fund. This week’s victims ad up to the other…

Read more →

In today’s digital age, cybersecurity is more important than ever before. Unfortunately, cybercriminals are constantly finding new ways to infiltrate networks and steal data. One of the most insidious methods they use is known as a drive-by download attack. This…

Read more →

Cybersecurity researchers found that Lionsgate, an entertainment industry giant, exposed the IP addresses and viewing habits of its subscribers. The investigators from Cybernews uncovered that the video-streaming service Lionsgate Play had exposed user information via a publicly accessible ElasticSearch instance.…

Read more →

Nmap is short for Network Mapper, an open-source tool used for IP and port scanning and app detection. System and network admins use it for network inventory, managing service upgrade schedules, and monitoring service uptime. At first, it was developed…

Read more →

Researchers discovered a new fake ChatGPT extension for Chrome in the official Chrome Store. This version steals Facebook session cookies, hijacking accounts. The malicious extension is a copy of “ChatGPT for Google”, a Chrome add-on, but with additional malicious code.…

Read more →

A new credit card hacking campaign is wreaking havoc, but this time it’s a little bit different. Instead of injecting the JavaScript code into the HTML of the store or of the checkout pages, this time threat actors are hiding…

Read more →

A new campaign is deploying variants of the ShellBot malware, specifically targeting poorly maintained Linux SSH servers. It seems the threat actors use scanner malware to find systems that have SSH port 22 open and proceed to install ShellBot on…

Read more →

A new backdoor dubbed PowerMagic and “a previously unseen malicious framework” named CommonMagic were utilized in assaults by an advanced threat actor, according to security researchers. Both malware pieces have been used since at least September 2021 in operations that…

Read more →

Hitachi Energy confirmed that it was the victim of a data breach, part of the GoAnywhere attacks. The Clop ransomware gang exploited a Fortra GoAnywhere MFT (Managed File Transfer) zero-day vulnerability to gain access. The Japanese engineering and technology giant…

Read more →

On March 20th, Ferrari announced they were victims of a cyberattack that could result in customers` data leakage. Threat actors claimed to have breached some of the Ferrari IT systems and sent a ransom demand. Ferrari N.V. announces that Ferrari…

Read more →

To avoid detection and launch of the payload, threat actors behind CatB ransomware used a technique called DLL search order hijacking. Based on code-level similarities, CatB, also known as CatB99 and Baxtoy, emerged late last year and is said to…

Read more →

Multiple spam campaigns targeting Bolivia, Chile, Mexico, Peru, and Portugal have been linked to a banking trojan called Mispadu that steals credentials and delivers other malicious payloads. Mispadu (aka URSA) can steal money, credentials, and act as a backdoor by taking…

Read more →

A cancer patient whose naked medical photos and records were stolen by a ransomware gang and posted online has sued her healthcare provider for allowing the “preventable” and “seriously damaging” data leak. The proposed class-action lawsuit stems from a February…

Read more →

Emotet malware returns after three months break and uses Microsoft OneNote attachments to avoid macro-based security restrictions. Threat actors initially tried to use Word and Excel docs for deploying the malware. But since Microsoft currently blocks macros by default for…

Read more →

In January, a Go-based botnet named HinataBot (named after the character from the popular anime series Naruto) was discovered exploiting old vulnerabilities and weak credentials in HTTP and SSH honeypots. HinataBot Overview According to Akamai’s SIRT team, the botnet exploited arbitrary…

Read more →

Stack smashing is a type of vulnerability that can lead to serious security breaches. This vulnerability occurs when a hacker exploits a flaw in a program’s memory allocation, causing the program to crash or execute arbitrary code. In this article,…

Read more →

As cyber-attacks continue to proliferate, it’s essential for organizations to stay ahead of the game when it comes to security. One area that requires particular attention is the Domain Name System (DNS). DNS attacks are more common than one might…

Read more →

Hackers use AI-generated YouTube videos to deploy Raccoon, RedLine, and Vidar malware. The videos look like tutorials on how to download Adobe Photoshop, Premiere Pro, Autodesk 3ds Max, AutoCAD, etc. for free. Some of the videos claim to show the…

Read more →

In operation since 2020, the Makop ransomware gang is classified as a tier-B ransomware gang. The threat actor has successfully targeted companies in Europe and Italy with its hybrid arsenal of custom-developed and off-the-shelf software tools despite its low classification.…

Read more →

BianLian is a ransomware group that first appeared in July 2022, successfully infiltrating several high-profile organizations. It seems that recently, the ransomware group has shifted its focus from encrypting its victims’ files to only exfiltrating and extorting data found on…

Read more →

This is the time to remind you again that online threats are always changing and so should your cybersecurity strategy. You know all the major types of cyberattacks that could impact your organization, but hackers took everything to another level…

Read more →

On Thursday, Latitude Group Holdings, an Australian company that handles digital payments and loans, revealed that a hacker had obtained the personal information of around 328,000 clients from two service providers by using staff login credentials. Around 103,000 identification documents…

Read more →

In today’s digital age, businesses are increasingly moving their operations to the cloud. However, with this shift comes numerous security risks that can compromise sensitive data and confidential information. That’s where Secure Access Service Edge (SASE) comes in: a cutting-edge…

Read more →

The cyber-research community raises concerns over an unpatched vulnerability that puts the Microsoft 365 suite at risk. Earmarked CVE-2023-23397, the vulnerability allows an unauthenticated threat actor to obtain the user’s credentials by passing along a crafted email package. Research suggests…

Read more →

On March 15, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a new vulnerability to its Known Exploited Vulnerabilities (KEV) catalog. The said vulnerability impacts Adobe ColdFusion and is actively exploited by threat actors. Details on the Vulnerability The…

Read more →

Threat actors are selling what they pretend to be data stolen from U.S. Marshals Service (USMS) servers in an incident that happened earlier this year. The post appeared on March 15 on a Russian-speaking hacking forum and advertises hundreds of…

Read more →

Remote work has become a highly popular and common practice around the world, especially now as companies allow a significant part of their employees to remain remote. However, while this practice increases flexibility, improves productivity, and enhances work-life balance, there’s…

Read more →

Software vendor SAP has released security updates to fix 19 vulnerabilities, five of which rated as critical. The patches released this month impact many products of the SAP suite, but the critical severity vulnerabilities affect SAP NetWeaver and SAP Business…

Read more →

After breaching the systems of Maximum Industries, the LockBit ransomware group claims to have stolen sensitive information related to SpaceX. Maximum Industries is a full-service, piece-part production, and contract manufacturing facility. The company provides CNC machining, laser cutting and waterjet…

Read more →

Rubrik, the cybersecurity giant, confirmed a data breach. The incident was caused by a large-scale attack using a zero-day vulnerability in the Fortra GoAnywhere platform. GoAnywhere is a secure data transfer business solution for encrypted files. The announcement comes after…

Read more →

Cyber Essentials is a practical, government-backed scheme that will assist you in protecting your UK-based organization, no matter how large or small, against a wide range of common cyber attacks. It assists the UK’s most critical organizations, the wider public…

Read more →

According to the FBI’s annual Internet Crime Report, investment fraud was the most common kind of internet criminal activity in 2022. The $3.3 billion paid by victims increased from $1.45 billion in 2021, which is a 127% jump. The report…

Read more →

The Dark Pink APT has been linked to a new wave of attacks using the KamiKakaBot malware against government and military entities in Southeast Asian countries. In January, Group-IB published an in-depth study of Dark Pink, also known as Saaiwc,…

Read more →

As part of the March vulnerability patching bout, Microsoft has released 23 fixes for Chromium- and OS-based security bugs. The list also features patches for non-Edge vulnerabilities such as the Windows MSHTML Remote Code Execution Vulnerability and the Power BI…

Read more →

On Sunday, a cryptocurrency flash loan attack on the lending platform Euler Finance resulted in the theft of $197 million in various digital assets by threat actors. The theft involved multiple tokens including $135.8 million in stETH, $33.85 million in…

Read more →

Tickets for the Eurovision Song Contest in Liverpool sold out in less than an hour on Tuesday (March 7), despite technical difficulties as the Ticketmaster website buckled under the pressure. However, those who were fortunate enough to obtain tickets are…

Read more →

South Korean researchers developed a new covert channel attack named CASPER. It uses internal speakers to leak data from air-gapped PCs to nearby smartphones at a rate of 20 bits per second. Until now, similar attacks used external speakers. But…

Read more →

North Korean based threat actors are believed to be actively seeking security researchers and media outlets with fake job proposals aimed at U.S. and European victims. Three different families of malware are deployed into the target’s environment, and social engineering techniques…

Read more →

You may have heard these concepts being thrown around, but you don’t really know what they are, except that they sound ominous. You may suspect that it’s a place (or places) where malicious hackers roam. You may have also heard…

Read more →

So, you took my course on how to get on the dark web and want to explore your newfound superpower? Good for you and welcome to the dark web brotherhood. In this sequel, I’m going to show you some of…

Read more →

Iranian state-sponsored actors continue to target researchers by impersonating US think tanks. SecureWorks Counter Threat Unit (CTU) stated in a report that the targets were all women active in political affairs and human rights in the Middle East region. Cybersecurity…

Read more →

An internet domain that was being used by criminals to steal data from and take control of victims’ computers was seized by U.S. authorities on Thursday. A collaborative international law enforcement operation involving the FBI and police agencies worldwide led…

Read more →

In today’s fast-paced digital world, identity and access management has become a critical concern for organizations of all sizes. The challenge lies in ensuring that only authorized users have access to sensitive data while preventing unauthorized entry by cybercriminals. That’s…

Read more →

The famous BMW luxury cars brand unproperly secured its system and exposed extremely sensitive files to the public. Threat actors had enough time to exploit the data to steal source code and even get BMW customer data. How Were Clients`…

Read more →

In the book about cybersecurity, protecting your endpoints must be the first and one of the most important chapters. Once an endpoint is breached, there is no way of telling what a cybercriminal will do next. Hackers can decide to…

Read more →

As we have seen in our previous articles, news, and webinars, in this increasingly complex threat landscape, malicious actors employ more and more sophisticated techniques to exploit traditional security parameters, safeguards, and countermeasures implemented to safeguard corporate data and infrastructure.…

Read more →

With cyberattacks seemingly increasing at a high rate, companies have to make sure their details and information are secured and safe from threat actors creeping around. Today, we will talk about a popular approach used by companies to assess their…

Read more →

Russia continues its disinformation campaign around the Ukraine war through advanced social engineering tactics delivered by the TA499 threat group. Also known as Vovan and Lexus, TA499 is a Russian-aligned threat actor conducting aggressive email campaigns since at least 2021. They seem…

Read more →

In the latest move by the Biden administration to strengthen cybersecurity protections for critical infrastructure operators, the Transportation Security Administration announced regulations this past Tuesday to compel airports, aircraft owners, and operators to improve their digital defenses in the face…

Read more →

Threat actors breached the DC Health Link network, the healthcare administrator that serves the U.S. House of Representatives. Researchers say the data breach impacted roughly 170,000 persons. Among those, there are hundreds of U.S. House members, their staff, top representatives,…

Read more →

Over the past year, the Lazarus Group has used flaws in an undisclosed software to breach a financial business entity in South Korea on two distinct occasions. As opposed to the first attack in May 2022, the re-infiltration in October 2022…

Read more →

Cybersecurity researchers uncovered a new, highly-advanced information stealer, dubbed SYS01 stealer, that has been deployed in attacks on critical government infrastructure employees, manufacturing companies, and other industries since November 2022. Morphisec researchers discovered similarities between the SYS01 stealer and another…

Read more →

A new Emotet campaign started infecting devices all over the world on Tuesday, 7 March 2023. After a three-month break, the botnet sends malicious spam emails again. Emotet malware reaches targets through emails with malicious attachments. When the user opens…

Read more →

Identity management has become an essential aspect of cybersecurity as businesses struggle to protect their sensitive data from cyber threats. To shed some light on this topic, in this article, we’ll help demystify the key differences between PIM (Privileged Identity…

Read more →

A threat actor claimed to have hacked Taiwanese multinational hardware and electronics business Acer, prompting the company to declare a data breach. The hacker announced the breach on a popular cybercrime forum, claiming to have stolen nearly 3,000 files of…

Read more →

Endpoint security seeks to protect every endpoint that connects to a network in order to prevent unauthorized access and other destructive behaviors at such entry points. The value of effective endpoint security solutions has expanded dramatically, partly as a result…

Read more →

Hospital Clinic de Barcelona, one of the main hospitals in the Spanish city, suffered a ransomware attack that crippled its computer system, causing 3,000 patient checkups and 150 non-urgent operations to be canceled. The incident occurred on Sunday, the 5th…

Read more →

Europol announced via a press release that core members of the cybercrime gang behind the DoppelPaymer ransomware operation have been detained. The operation was a joint effort made by the German and Ukrainian police, with help from the FBI and…

Read more →

An ongoing campaign is targeting business routers using a new malware, the HiatusRAT router malware. The Hiatus campaign affects DrayTek Vigor router models 2960 and 3900. The hackers aim to steal data and transform the infected device into a covert…

Read more →

The Play ransomware group has begun leaking data stolen in a recent cyberattack from the City of Oakland, California. The initial data leak consists of a 10GB multi-part RAR archive apparently comprising private documents, employee data, passports, and IDs, explains Bleeping Computer.…

Read more →

Domain generation algorithms (DGA) are software that creates large numbers of domain names. This helps hackers deploy malware easier. Let`s take a closer look at what DGA is, how it works, and why it’s still popular among threat actors after…

Read more →

The Federal Trade Commission (FTC) accused BetterHelp online counseling service of sharing customers’ mental health data with advertisers. The authorities want to ban the online platform from disclosing information to third parties like Facebook and Snapchat. After the accusations, FTC…

Read more →

A database containing over 2 million debit and credit cards was released for free by carding marketplace BidenCash, in celebration of its first anniversary. The threat actors advertised the massive leak on an underground cybercrime forum to attract as much…

Read more →

Threat actors breached WH Smith, the 1,700 locations UK retailer, and exposed data belonging to current and former employees. WH Smith has more than 12,500 employees and reported a revenue of $1.67 billion in 2022. What Kind of Data Was…

Read more →