In today’s digital age, it is crucial for businesses to protect their sensitive data and computer systems from cyber threats. One effective way of doing so is by implementing a software restriction policy. But what exactly is a software restriction…
Category: Heimdal Security Blog
Designing Your Threat Hunting Framework from Scratch – Core Essentials
A threat hunting framework is a collation of data-driven adversarial scenarios, backed up by hypothetical, field-tested, or time-honored TTPs (i.e., Tactics, Techniques, and Procedures). Serving a wide array of security-wise needs such as baselining, forecasting, threat modeling, vulnerability discovery, and…
Typhon Info-Stealing Malware Comes Back Harder to Detect
Threat actors upgraded Typhon info-stealer to a version that has improved evading features against analysis and anti-virtualization mechanisms. The new Typhon Reborn V2 malware is currently advertised on a dark web forum. Typhon was first discovered in August 2022 and…
What Is Scareware and How to Prevent It?
Are you one of those people who get easily scared by pop-up ads and warning messages on your computer? If so, then beware! You might be falling for a common cybercrime tactic known as scareware. Scareware is a type of…
International Cyber Operation Shuts Down Notorious Genesis Market
A global law enforcement crackdown, dubbed Operation Cookie Monster, has led to the take down of one of the world’s biggest criminal marketplaces used by online fraudsters to buy passwords – Genesis Market. An FBI-led operation involving more than a…
New Threat Uncovered: Rorschach Ransomware – The Fastest Encryptor
Researchers have unveiled a sophisticated and fast ransomware strain called Rorschach, previously undocumented. Malware experts discovered the new ransomware strain after a cyberattack on a U.S.-based company and described it as having “technically unique features”. Among the capabilities observed was the encryption…
New Rilide Malware Strikes Chromium-Based Browsers to Steal Cryptocurrency
Researchers discovered a new malware that fakes legitimate Google Drive extensions to inject malicious scripts and steal cryptocurrency. The new Rilide malware targets Chromium-based browsers like Google Chrome, Microsoft Edge, Brave, and Opera. How Is Rilide Different Just like other…
My Cloud Goes Down While Data Storage Giant Announces Network Breach
Western Digital announced that they discovered a network breach had affected their systems, starting March 26th. Threat actors managed to obtain unauthorized access to several of the Company’s systems. While law authorities are still investigating, Western Digital claims the intruder…
15 Million Systems Are Vulnerable to CISA KEV Flaws
Using the Shodan database, IT security researchers were able to track down 15 million vulnerable systems with vulnerabilities from the US cyber security authority CISA’s Known-Exploited-Vulnerabilities-Catalog (KEV). When KEV vulnerabilities are discovered, updates are usually available from the software manufacturer…
Microsoft Addresses a New Azure AD Vulnerability Affecting Bing Search & Key Apps
Microsoft has patched a misconfiguration issue affecting the Azure Active Directory (AAD) identity and access management service that allowed unauthorized access to many “high-impact” applications. The vulnerabilities were reported to Microsoft in January and February 2022, after which the company…
Money Message: The Newest Ransomware Gang that Threatens Organizations
A new online threat actor has emerged: the Money Message ransomware gang. These cybercriminals are attacking companies all over the world, demanding millions of dollars in ransom for the decryption key and not leaking the stolen data. When Did Money…
Elementor Pro Vulnerability Actively Exploited by Threat Actors
Threat actors are actively exploiting a high-severity vulnerability discovered in the popular plugin Elementor Pro. Elementor Pro is a WordPress page builder plugin with multiple functions that helps users to build professional-looking websites easily, without the need to know how…
SCCM Alternative for Patch Management
In today’s cybersecurity space, properly patching the machines and servers in your company can make the difference between a well-secured organization and a vulnerable one. SCCM is one of the most popular system management solutions on the market and has…
NATO and Diplomats’ Email Portals Targeted by Russian APT Winter Vivern
Winter Vivern (aka TA473), a Russian hacking group, has been exploiting vulnerabilities (CVE-2022-27926) in unpatched Zimbra instances to access the emails of NATO officials, governments, military people, and diplomats. The CVE-2022-27926 flaw affects versions 9.0.0 of Zimbra Collaboration, which is…
Ukrainian Authorities Stop a Phishing Scam Worth $4.3 million
Ukraine’s Cyberpolice Department announced an operation during which they busted a phishing gang. The police arrested two scammers and confiscated equipment used for phishing frauds. Threat actors managed to steal $4,300,000 from over a thousand victims across the EU. The…
Smart Grid Fragility, a Constant Threat for the European and American Way of Living
In today’s world, a multitude of smart devices helps us to improve our lives, as we rely more and more on technology for a comfortable and efficient lifestyle – smart appliances, smart cars, smartwatches. Life as we know it is…
Warning: Threat Actors Compromise 3CX Desktop App in a Supply Chain Attack
An ongoing supply chain attack allegedly uses a digitally signed and trojanized variant of the 3CX Voice Over Internet Protocol (VoIP) desktop client to target the company’s clients. The 3CX Phone System engineered by the VoIP IPBX software development company…
Best Practices for Effective Identity Lifecycle Management (ILM)
In today’s fast-paced world, identity management has become a crucial aspect of every organization. From securing sensitive data to ensuring compliance with regulations, effective Identity Lifecycle Management (ILM) is essential for businesses of all sizes. However, implementing an ILM strategy…
The UK Government Shares New Strategy to Boost NHS Cybersecurity by 2030
The Department of Health and Social Care has established a cyber security program aimed at improving cyber resilience across the NHS and social care sectors in England over the next seven years. The use of technology to access health and…
Companies Affected by Ransomware [2022-2023]
The increasing frequency and size of ransomware attacks are becoming a huge concern for thousands of organizations globally. All over the world, threat actors take advantage of security vulnerabilities and encrypt data belonging to all sorts of organizations: from private…
What Is User Provisioning?
User provisioning (also known as account provisioning) is a digital Identity and Access Management (IAM) process that involves creating employee/user accounts and their profiles and giving them appropriate rights and permissions across IT infrastructure and enterprise applications and systems. In…
APT43: A New Cyberthreat From North Korea
A new North Korean cyber operator has been attributed to a series of attacks conducted to gather strategic intelligence aligned with the state’s geopolitical interests. Security researchers, which are tracking the threat group’s activity under the moniker APT43, believe that…
The U.K. Police Hunts Cybercriminals with Fake DDoS-as-a-service Sites
The National Crime Agency (NCA) from the U.K. launched several fake DDoS-as-a-service sites. The aim is to gather the details of people who try to utilize such services. The deceiving sites infiltrate the cybercrime market, and several thousand individuals accessed…
Clop Ransomware Exploits Zero-Day Vulnerability to Breach Crown Resorts
A zero-day vulnerability in Crown Resorts’ GoAnywhere secure file-sharing server has led to a data breach at the largest gambling and entertainment company in Australia. The Blackstone-owned company operates complexes in Melbourne, Perth, Sydney, Macau, and London, and has an annual…
Command-and-Control Servers Explained. Techniques and DNS Security Risks
A command-and-control server (C&C) is a computer that threat actors use to send instructions to compromised systems. Their goal is to direct infected devices into performing further malicious activities on the host or network. Hackers can use C&C or C2…
Warning! 14 Million Customers Impacted by Latitude Financial`s Data Breach
Latitude Financial Services, the recently breached Australian loan giant, announces that the number of affected people reaches 14 million. On March 16, 2023, Latitude disclosed they were the victim of a cyberattack that resulted in 328,000 customer records being exfiltrated.…
The U.S. Government Restricts the Use of Spyware, White House Says
At least 50 US government officials are either suspected or confirmed to have been targeted by invasive commercial spyware designed to hack mobile phones, extract data, and track the movements of the victims. An executive order limiting the use of…
MacStealer MacOS Malware Steals Passwords from iCloud Keychain
Researchers discovered a new MacOS info-stealer that extracts documents, cookies, and login data from infected devices. MacStealer uses Telegram as a command-and-control platform to exploit MacOS machines from Catalina (10.15) and up to Ventura (13.2). It is delivered on the…
Avoiding the Pitfalls of Tax Season: Philadelphia Warns Against Sophisticated Phishing Attacks
According to the city of Philadelphia, cybersecurity recommendations have been issued in response to an Internal Revenue Service (IRS) warning against tax-based phishing attempts. On day two of the annual Dirty Dozen tax scams campaign, the IRS warns again about…
Parts of Twitter`s Source Code Were Leaked on GitHub, According to Elon Musk
On Friday, March 24th, Twitter sent GitHub a copyright infringement notice, claiming some of the platform`s users leaked parts of their source code. GitHub, the Microsoft-owned service for software developers, reacted promptly and took down the code the same day.…
Food Giant Dole, Victim of a Ransomware Attack [Updated]
Dole Food Company, one of the world’s largest suppliers of fresh fruit and vegetables, has revealed that it has been hit by a ransomware attack that disrupted its operations. The company is still looking into “the scope of the incident,”…
What Is Quishing: QR Code Phishing Explained
Are you aware of QR code phishing or “quishing”? This form of social engineering attack is gaining popularity among cybercriminals eager to steal your data. In this article, we will find out what quishing is, how it works, and how…
Chinese Hackers Infiltrate Middle Eastern Telecom Companies
New cyber attacks against Middle Eastern telecommunications operators emerged in the first quarter of 2023. Based on technical overlaps, the intrusion set was identified as being the work of a Chinese cyber espionage actor associated with a long-running campaign dubbed…
Find Out What Is a Logic Bomb. Definition, Characteristics, and Protection Measures
Today we are talking about one of the sneakiest cybersecurity threats out there: the logic bomb. The name might sound harmless, but this type of cyberattack can be hard to detect, can do all sorts of damage, and can even…
The Most Prevalent Types of Ransomware You Need to Know About
Cyberthieves of today are adaptable – they are excellent at finding new ways to survive and evolve, such as creating new types of ransomware to attack our devices. Knowing the different types of ransomware attacks helps you plan your defenses…
Enhanced Version of the BlackGuard Stealer Spotted in the Wild
A new variant of the BlackGuard stealer has been discovered in the wild, with new features such as USB propagation, persistence mechanisms, the ability to inject more payloads into memory, and the ability to target more crypto wallets. BlackGuard’s New…
The City of Toronto, Among This Week’s Victims of GoAnywhere Attacks
The City of Toronto announced a data breach caused by GoAnywhere attacks. Clop ransomware, the gang responsible for exploiting the vulnerability in GoAnywhere also impacted UK’s Virgin Red and Pension Protection Fund. This week’s victims ad up to the other…
Drive-by Download Attack – What It Is and How It Works
In today’s digital age, cybersecurity is more important than ever before. Unfortunately, cybercriminals are constantly finding new ways to infiltrate networks and steal data. One of the most insidious methods they use is known as a drive-by download attack. This…
37M Subscribers Streaming Platform Lionsgate Exposes User Data
Cybersecurity researchers found that Lionsgate, an entertainment industry giant, exposed the IP addresses and viewing habits of its subscribers. The investigators from Cybernews uncovered that the video-streaming service Lionsgate Play had exposed user information via a publicly accessible ElasticSearch instance.…
What Is Nmap and How to Use It to Enhance Network Security
Nmap is short for Network Mapper, an open-source tool used for IP and port scanning and app detection. System and network admins use it for network inventory, managing service upgrade schedules, and monitoring service uptime. At first, it was developed…
Another Fake ChatGPT Extension Found in Google Chrome Store
Researchers discovered a new fake ChatGPT extension for Chrome in the official Chrome Store. This version steals Facebook session cookies, hijacking accounts. The malicious extension is a copy of “ChatGPT for Google”, a Chrome add-on, but with additional malicious code.…
Threat Actors Use the MageCart Malware in New Credit Card Data Stealing Campaign
A new credit card hacking campaign is wreaking havoc, but this time it’s a little bit different. Instead of injecting the JavaScript code into the HTML of the store or of the checkout pages, this time threat actors are hiding…
ShellBot DDoS Malware Targets Poorly Managed Linux Servers
A new campaign is deploying variants of the ShellBot malware, specifically targeting poorly maintained Linux SSH servers. It seems the threat actors use scanner malware to find systems that have SSH port 22 open and proceed to install ShellBot on…
New PowerMagic and CommonMagic Malware Used by Threat Actors to Steal Data
A new backdoor dubbed PowerMagic and “a previously unseen malicious framework” named CommonMagic were utilized in assaults by an advanced threat actor, according to security researchers. Both malware pieces have been used since at least September 2021 in operations that…
Another GoAnywhere Attack Affects Japanese Giant Hitachi Energy
Hitachi Energy confirmed that it was the victim of a data breach, part of the GoAnywhere attacks. The Clop ransomware gang exploited a Fortra GoAnywhere MFT (Managed File Transfer) zero-day vulnerability to gain access. The Japanese engineering and technology giant…
Ferrari Announces Data Breach. Customers Risk Data Leakage
On March 20th, Ferrari announced they were victims of a cyberattack that could result in customers` data leakage. Threat actors claimed to have breached some of the Ferrari IT systems and sent a ransom demand. Ferrari N.V. announces that Ferrari…
Researchers Reveal Insights into CatB Ransomware’s Advanced Evasion Methods
To avoid detection and launch of the payload, threat actors behind CatB ransomware used a technique called DLL search order hijacking. Based on code-level similarities, CatB, also known as CatB99 and Baxtoy, emerged late last year and is said to…
Banking Trojan Mispadu Found Responsible for 90,000+ Credentials Stolen
Multiple spam campaigns targeting Bolivia, Chile, Mexico, Peru, and Portugal have been linked to a banking trojan called Mispadu that steals credentials and delivers other malicious payloads. Mispadu (aka URSA) can steal money, credentials, and act as a backdoor by taking…
A Cancer Patient’s Fight for Justice Against a Hospital Ransomware Attack
A cancer patient whose naked medical photos and records were stolen by a ransomware gang and posted online has sued her healthcare provider for allowing the “preventable” and “seriously damaging” data leak. The proposed class-action lawsuit stems from a February…
Emotet Malware Spreads Out Through Malicious Microsoft OneNote Attachments
Emotet malware returns after three months break and uses Microsoft OneNote attachments to avoid macro-based security restrictions. Threat actors initially tried to use Word and Excel docs for deploying the malware. But since Microsoft currently blocks macros by default for…
HinataBot: The Latest Go-based Threat Is Launching DDoS Attacks
In January, a Go-based botnet named HinataBot (named after the character from the popular anime series Naruto) was discovered exploiting old vulnerabilities and weak credentials in HTTP and SSH honeypots. HinataBot Overview According to Akamai’s SIRT team, the botnet exploited arbitrary…
What Is Stack Smashing?
Stack smashing is a type of vulnerability that can lead to serious security breaches. This vulnerability occurs when a hacker exploits a flaw in a program’s memory allocation, causing the program to crash or execute arbitrary code. In this article,…
5 Ways Heimdal® Protects You From DNS Attacks
As cyber-attacks continue to proliferate, it’s essential for organizations to stay ahead of the game when it comes to security. One area that requires particular attention is the Domain Name System (DNS). DNS attacks are more common than one might…
AI-Generated YouTube Videos Spread Raccoon, RedLine, and Vidar Info-stealers
Hackers use AI-generated YouTube videos to deploy Raccoon, RedLine, and Vidar malware. The videos look like tutorials on how to download Adobe Photoshop, Premiere Pro, Autodesk 3ds Max, AutoCAD, etc. for free. Some of the videos claim to show the…
Makop Ransomware: The Arsenal of Cybercriminals Becomes Known
In operation since 2020, the Makop ransomware gang is classified as a tier-B ransomware gang. The threat actor has successfully targeted companies in Europe and Italy with its hybrid arsenal of custom-developed and off-the-shelf software tools despite its low classification.…
BianLian Ransomware: The Dangerous Shift Toward Pure Data Extortion
BianLian is a ransomware group that first appeared in July 2022, successfully infiltrating several high-profile organizations. It seems that recently, the ransomware group has shifted its focus from encrypting its victims’ files to only exfiltrating and extorting data found on…
DDoS-as-a-service Attacks. What Are They and How Do They Work?
This is the time to remind you again that online threats are always changing and so should your cybersecurity strategy. You know all the major types of cyberattacks that could impact your organization, but hackers took everything to another level…
Australia’s Latitude Financial Hit by Cyberattack, Exposing 328K Client Data
On Thursday, Latitude Group Holdings, an Australian company that handles digital payments and loans, revealed that a hacker had obtained the personal information of around 328,000 clients from two service providers by using staff login credentials. Around 103,000 identification documents…
SASE 101: Understanding the Fundamentals of Secure Access Service Edge
In today’s digital age, businesses are increasingly moving their operations to the cloud. However, with this shift comes numerous security risks that can compromise sensitive data and confidential information. That’s where Secure Access Service Edge (SASE) comes in: a cutting-edge…
SECURITY ALERT: Actively Exploited Microsoft Outlook Vulnerability Imperils Microsoft 365 Apps
The cyber-research community raises concerns over an unpatched vulnerability that puts the Microsoft 365 suite at risk. Earmarked CVE-2023-23397, the vulnerability allows an unauthenticated threat actor to obtain the user’s credentials by passing along a crafted email package. Research suggests…
CISA Warns of Adobe ColdFusion Vulnerability Exploited in the Wild
On March 15, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a new vulnerability to its Known Exploited Vulnerabilities (KEV) catalog. The said vulnerability impacts Adobe ColdFusion and is actively exploited by threat actors. Details on the Vulnerability The…
For Sale: Data Supposedly Coming from the US Marshals Service Hack
Threat actors are selling what they pretend to be data stolen from U.S. Marshals Service (USMS) servers in an incident that happened earlier this year. The post appeared on March 15 on a Russian-speaking hacking forum and advertises hundreds of…
Most Common Remote Work Security Risks
Remote work has become a highly popular and common practice around the world, especially now as companies allow a significant part of their employees to remain remote. However, while this practice increases flexibility, improves productivity, and enhances work-life balance, there’s…
SAP Fixes Five Critical Vulnerabilities With Newly Released Security Update
Software vendor SAP has released security updates to fix 19 vulnerabilities, five of which rated as critical. The patches released this month impact many products of the SAP suite, but the critical severity vulnerabilities affect SAP NetWeaver and SAP Business…
LockBit Ransomware Claims to Have Stolen SpaceX Data from One of Its Contractors
After breaching the systems of Maximum Industries, the LockBit ransomware group claims to have stolen sensitive information related to SpaceX. Maximum Industries is a full-service, piece-part production, and contract manufacturing facility. The company provides CNC machining, laser cutting and waterjet…
Security Organization Rubrik Affected by the GoAnywhere Zero-day Attacks
Rubrik, the cybersecurity giant, confirmed a data breach. The incident was caused by a large-scale attack using a zero-day vulnerability in the Fortra GoAnywhere platform. GoAnywhere is a secure data transfer business solution for encrypted files. The announcement comes after…
What Is Cyber Essentials and How Can Heimdal Help Your Organization Achieve CE Compliance?
Cyber Essentials is a practical, government-backed scheme that will assist you in protecting your UK-based organization, no matter how large or small, against a wide range of common cyber attacks. It assists the UK’s most critical organizations, the wider public…
FBI’s Report Shows: Investment Fraud Caused Loses of Over $3 Billion in 2022
According to the FBI’s annual Internet Crime Report, investment fraud was the most common kind of internet criminal activity in 2022. The $3.3 billion paid by victims increased from $1.45 billion in 2021, which is a 127% jump. The report…
KamikakaBot Malware Used to Attack Southeast Asian Government Agencies
The Dark Pink APT has been linked to a new wave of attacks using the KamiKakaBot malware against government and military entities in Southeast Asian countries. In January, Group-IB published an in-depth study of Dark Pink, also known as Saaiwc,…
Patch Tuesday March 2023 – Microsoft Releases Fixes for 23 Vulnerabilities
As part of the March vulnerability patching bout, Microsoft has released 23 fixes for Chromium- and OS-based security bugs. The list also features patches for non-Edge vulnerabilities such as the Windows MSHTML Remote Code Execution Vulnerability and the Power BI…
$197 Million in Cryptocurrency Stolen in Euler Finance Attack
On Sunday, a cryptocurrency flash loan attack on the lending platform Euler Finance resulted in the theft of $197 million in various digital assets by threat actors. The theft involved multiple tokens including $135.8 million in stETH, $33.85 million in…
The Dark Side of Eurovision 2023: How Scammers Are Targeting Fans
Tickets for the Eurovision Song Contest in Liverpool sold out in less than an hour on Tuesday (March 7), despite technical difficulties as the Ticketmaster website buckled under the pressure. However, those who were fortunate enough to obtain tickets are…
Air-Gapped Computers Vulnerable to Data Stealing Through Internal Speakers
South Korean researchers developed a new covert channel attack named CASPER. It uses internal speakers to leak data from air-gapped PCs to nearby smartphones at a rate of 20 bits per second. Until now, similar attacks used external speakers. But…
Fake Job Proposals Used to Deploy Malware – Security Researchers Targeted
North Korean based threat actors are believed to be actively seeking security researchers and media outlets with fake job proposals aimed at U.S. and European victims. Three different families of malware are deployed into the target’s environment, and social engineering techniques…
Deep Web vs. Dark Web: What is Each and How Do They Work
You may have heard these concepts being thrown around, but you don’t really know what they are, except that they sound ominous. You may suspect that it’s a place (or places) where malicious hackers roam. You may have also heard…
The Onion Patch – Best 20 Dark Web Websites You Shouldn’t Miss
So, you took my course on how to get on the dark web and want to explore your newfound superpower? Good for you and welcome to the dark web brotherhood. In this sequel, I’m going to show you some of…
The Intersection of Gender, Politics, and Cybersecurity: Iranian Hackers Target Women Advocating for Human Rights
Iranian state-sponsored actors continue to target researchers by impersonating US think tanks. SecureWorks Counter Threat Unit (CTU) stated in a report that the targets were all women active in political affairs and human rights in the Middle East region. Cybersecurity…
Netwire RAT Malware Infrastructure Seized Following Joint International Operation
An internet domain that was being used by criminals to steal data from and take control of victims’ computers was seized by U.S. authorities on Thursday. A collaborative international law enforcement operation involving the FBI and police agencies worldwide led…
Access Control-as-a-Service: What It Is and How Can Organizations Benefit from It?
In today’s fast-paced digital world, identity and access management has become a critical concern for organizations of all sizes. The challenge lies in ensuring that only authorized users have access to sensitive data while preventing unauthorized entry by cybercriminals. That’s…
Warning! BMW Security Flaw Jeopardises Business Secrets and Clients` Data
The famous BMW luxury cars brand unproperly secured its system and exposed extremely sensitive files to the public. Threat actors had enough time to exploit the data to steal source code and even get BMW customer data. How Were Clients`…
5 Ways Heimdal® Protects Your Endpoints
In the book about cybersecurity, protecting your endpoints must be the first and one of the most important chapters. Once an endpoint is breached, there is no way of telling what a cybercriminal will do next. Hackers can decide to…
Top 5 Must-Watch XDR Videos from Heimdal®
As we have seen in our previous articles, news, and webinars, in this increasingly complex threat landscape, malicious actors employ more and more sophisticated techniques to exploit traditional security parameters, safeguards, and countermeasures implemented to safeguard corporate data and infrastructure.…
Red Team vs. Blue Team: What Is It?
With cyberattacks seemingly increasing at a high rate, companies have to make sure their details and information are secured and safe from threat actors creeping around. Today, we will talk about a popular approach used by companies to assess their…
Putin’s Deepfake Campaign: A New Weapon in the War Against Dissent
Russia continues its disinformation campaign around the Ukraine war through advanced social engineering tactics delivered by the TA499 threat group. Also known as Vovan and Lexus, TA499 is a Russian-aligned threat actor conducting aggressive email campaigns since at least 2021. They seem…
Airlines and Airports Brace for New TSA Cybersecurity Measures Amidst Persistent Threats
In the latest move by the Biden administration to strengthen cybersecurity protections for critical infrastructure operators, the Transportation Security Administration announced regulations this past Tuesday to compel airports, aircraft owners, and operators to improve their digital defenses in the face…
Major Healthcare Data Breach Impacts U.S. House Members
Threat actors breached the DC Health Link network, the healthcare administrator that serves the U.S. House of Representatives. Researchers say the data breach impacted roughly 170,000 persons. Among those, there are hundreds of U.S. House members, their staff, top representatives,…
Lazarus Group Hacks South Korean Financial Entity via Zero-Day Vulnerability
Over the past year, the Lazarus Group has used flaws in an undisclosed software to breach a financial business entity in South Korea on two distinct occasions. As opposed to the first attack in May 2022, the re-infiltration in October 2022…
New Info Stealer SYS01 Targets Key Government Infrastructure
Cybersecurity researchers uncovered a new, highly-advanced information stealer, dubbed SYS01 stealer, that has been deployed in attacks on critical government infrastructure employees, manufacturing companies, and other industries since November 2022. Morphisec researchers discovered similarities between the SYS01 stealer and another…
A New Emotet Campaign Is Ongoing After a Three-month Break
A new Emotet campaign started infecting devices all over the world on Tuesday, 7 March 2023. After a three-month break, the botnet sends malicious spam emails again. Emotet malware reaches targets through emails with malicious attachments. When the user opens…
PIM vs PAM vs IAM: What’s The Difference?
Identity management has become an essential aspect of cybersecurity as businesses struggle to protect their sensitive data from cyber threats. To shed some light on this topic, in this article, we’ll help demystify the key differences between PIM (Privileged Identity…
Acer Discloses Data Breach: 160GB of Sensitive Information for Sale
A threat actor claimed to have hacked Taiwanese multinational hardware and electronics business Acer, prompting the company to declare a data breach. The hacker announced the breach on a popular cybercrime forum, claiming to have stolen nearly 3,000 files of…
XDR vs EDR – A Comparison
Endpoint security seeks to protect every endpoint that connects to a network in order to prevent unauthorized access and other destructive behaviors at such entry points. The value of effective endpoint security solutions has expanded dramatically, partly as a result…
Hospital Clinic de Barcelona Suffered a Ransomware Attack
Hospital Clinic de Barcelona, one of the main hospitals in the Spanish city, suffered a ransomware attack that crippled its computer system, causing 3,000 patient checkups and 150 non-urgent operations to be canceled. The incident occurred on Sunday, the 5th…
Core Members of the DoppelPaymer Ransomware Gang Detained by the Europol
Europol announced via a press release that core members of the cybercrime gang behind the DoppelPaymer ransomware operation have been detained. The operation was a joint effort made by the German and Ukrainian police, with help from the FBI and…
Find Out More About the New HiatusRAT Router Malware
An ongoing campaign is targeting business routers using a new malware, the HiatusRAT router malware. The Hiatus campaign affects DrayTek Vigor router models 2960 and 3900. The hackers aim to steal data and transform the infected device into a covert…
Play Ransomware Starts Leaking Oakland City Data
The Play ransomware group has begun leaking data stolen in a recent cyberattack from the City of Oakland, California. The initial data leak consists of a 10GB multi-part RAR archive apparently comprising private documents, employee data, passports, and IDs, explains Bleeping Computer.…
What Is Domain Generation Algorithm? Definition and Role in Malware Attacks
Domain generation algorithms (DGA) are software that creates large numbers of domain names. This helps hackers deploy malware easier. Let`s take a closer look at what DGA is, how it works, and why it’s still popular among threat actors after…
BetterHelp Accused of Sharing Mental Health Data with Advertisers
The Federal Trade Commission (FTC) accused BetterHelp online counseling service of sharing customers’ mental health data with advertisers. The authorities want to ban the online platform from disclosing information to third parties like Facebook and Snapchat. After the accusations, FTC…
BidenCash Leaks Database with Over 2 Million Stolen Credit Cards
A database containing over 2 million debit and credit cards was released for free by carding marketplace BidenCash, in celebration of its first anniversary. The threat actors advertised the massive leak on an underground cybercrime forum to attract as much…
Cyberattack on British Retailer WH Smith Exposes Employees` Data
Threat actors breached WH Smith, the 1,700 locations UK retailer, and exposed data belonging to current and former employees. WH Smith has more than 12,500 employees and reported a revenue of $1.67 billion in 2022. What Kind of Data Was…