Category: Heimdal Security Blog

DNS-Layer Security protects users from threats that arise from inbound and outbound traffic. It refers to monitoring communications between endpoints and the internet at a DNS-layer level. Imagine the DNS layer security as a gatekeeper who makes sure that all…

Read more →

The number of cyberattacks spreading EvilExtractor malware across Europe and the U.S. is raising. Researchers warn that threat actors used the data theft tool in a massive phishing campaign in March 2023. Hackers designed this malicious program to extract data…

Read more →

Discarded routers that are for sale on the secondary market are usually improperly wiped, an experiment shows. Threat actors can reboot sensitive data that haven’t been completely erased from them. Cybercriminals can use information about network configuration and details about…

Read more →

In today’s digital age, cyber threats are an ever-present danger to organizations of all sizes. From ransomware attacks to data breaches, the consequences of a successful cyberattack can be devastating. That’s why it’s essential for businesses to adopt a proactive…

Read more →

Shields Health Care Group (SHCG), a medical service provider in the United States, announced a data breach that compromised the personal information of more than 2.3 million people. Shields reported the breach to the Maine Attorney General on April 19,…

Read more →

Threat actors found a new method to inject malicious code into websites. They are now using an abandoned WordPress plugin, Eval PHP. The plugin is still available in the WordPress plugins repository and had approximately 4,000 malicious installations per day…

Read more →

ICICI Bank, an Indian multinational valued at more than $76 billion, with over 5,000 branches operating across India and 15 other countries worldwide has leaked millions of records with sensitive data, including financial information and personal documents of the bank’s…

Read more →

On the 20th of April, Heimdal®’s SOC team has discovered that an unknown APT has been launching smishing attacks against Nordea Bank customers. The data analyzed so far suggests that the threat actor takes advantage of the MitID authentication mechanism…

Read more →

The increasing frequency and size of ransomware attacks are becoming a huge concern for thousands of organizations globally. All over the world, threat actors take advantage of security vulnerabilities and encrypt data belonging to all sorts of organizations: from private…

Read more →

Mint Sandstorm, an Iranian government-backed actor, has been linked to attacks on critical infrastructure in the United States between late 2021 and mid-2022. The entities that were targeted include seaports, energy companies, transit systems, and a major U.S. utility and…

Read more →

The National Cyber Security Centre (NCSC) from the UK issued a warning about state-aligned Russian hacktivists shifting their interest to the business sector. Authorities recommend that all companies in the country tighten their security measures. The Russian Hacktivists Threat Usually,…

Read more →

Attackers are breaking into Microsoft SQL (MS-SQL) servers to install Trigona ransomware payloads and encrypt all files. These servers are not well protected and are exposed to the Internet. By using account credentials that are simple to guess, brute-force or…

Read more →

When trying to tie up your organization’s cybersecurity posture, you look for the perfect detection and response solution to keep you safe. With all the options available nowadays, this is when it can get confusing. In this article, we will…

Read more →

Researchers in US and UK warn that Russian state sponsored APT28 hackers deploy ”Jaguar Tooth” custom malware on routers in order to obtain unauthorized access. The APT28 threat group is known for a wide range of attacks and cyberespionage activities…

Read more →

Following a ransomware attack back in March, sensitive employee data was compromised at CommScope, a major US telecommunications and IT infrastructure company. The Vice Society ransom gang claims to have published CommScope employee data on its dark web leak site. The…

Read more →

A game-changer in the PAM market, PEDM is now on everybody’s lips when talking about more efficient methods to mitigate cybersec risk by properly controlling privileged permissions. Featuring three essential elements: appropriate privileges for appropriate users just at the appropriate…

Read more →

Rheinmetall, a leading German armaments and technology company, was targeted by a cyberattack over the weekend. The attack, however, did not affect company operations, according to officials. Rheinmetall, the largest arms company in Germany and one of the top three Western…

Read more →

Researchers recently discovered a new malware family named “Domino”, allegedly created by ITG14, also known as the FIN7 threat group. Reportedly, ex-Conti hackers have been using it since at least February 2023 to spread Project Nemesis info stealer or Cobalt…

Read more →

Security researchers and experts warn Windows admins about a critical vulnerability discovered in the Windows Message Queuing (MSMQ) middleware service, that can expose hundreds of thousands of systems to attacks. The vulnerability has been patched by Microsoft in this month’s…

Read more →

An ongoing supply chain attack allegedly uses a digitally signed and trojanized variant of the 3CX Voice Over Internet Protocol (VoIP) desktop client to target the company’s clients. The 3CX Phone System engineered by the VoIP IPBX software development company…

Read more →

A malware distribution operation known as Balada Injector has been active since 2017, and it is believed that it has infected over a million WordPress sites. According to GoDaddy’s Sucuri, the massive campaign “leverages all known and recently discovered theme…

Read more →

Apple is backporting two security patches released on Friday. The updated patches address zero-day vulnerabilities on iPhones, iPads, and Macs. Details About the Vulnerabilities The first flaw, tracked as CVE-2023-28206, is an out-of-bounds write issue. This bug may permit threat…

Read more →

Belgian company SD Worx shut down all IT systems for its UK and Ireland services after suffering a cyberattack. The European HR and payroll management company services 5.2 million employees for over 82,000 companies. The company started notifying customers that…

Read more →

Ensuring an efficient threat detection and response (D&R) strategy for your organization is vital for every sector of its activity. But growing workloads and limited resources are only two of the problems you encounter in your search for the best…

Read more →

The Round-robin DNS is a load-balancing technique that helps manage traffic and avoid overloading servers. Multiple IP addresses are assigned to a single domain name; each time the domain name is resolved, the returned IP address is picked in a…

Read more →

Almost 90,000 clients’ personal information was compromised in the cyberattack on the prestigious law firm Cadwalader, Wickersham & Taft. The law firm informed its clients on March 30, 2023, that on November 15, 2022, an unauthorized third party acquired remote…

Read more →

The Government of the Netherlands announced last week its intention to implement the Resource Public Key Infrastructure (RPKI) standard on all its networks. The measure is meant to upgrade de Internet routing safety, protecting the networks against route hijacks and…

Read more →

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added five new actively exploited vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. Three of the added vulnerabilities were found in the Veritas Backup Exec Agent software and were used by threat…

Read more →

Patch management is an essential practice for businesses to maintain the security and stability of their IT infrastructure. Patches are released by software vendors to fix vulnerabilities and enhance performance, and failing to manage these patches can lead to security…

Read more →

After weeks of silence, the UK’s Criminal Records Office (ACRO) has issued a statement saying that the issues with the website that have been ongoing since January 17 were caused by a “cyber security incident.” ACRO manages criminal record information,…

Read more →

A recent data breach affecting Taiwanese PC parts maker MSI (Micro-Star International) has been listed on the extortion portal of a new ransomware gang known as ‘Money Message’. The threat actors claim to have stolen source code from the company’s…

Read more →

In today’s digital age, it is crucial for businesses to protect their sensitive data and computer systems from cyber threats. One effective way of doing so is by implementing a software restriction policy. But what exactly is a software restriction…

Read more →

A threat hunting framework is a collation of data-driven adversarial scenarios, backed up by hypothetical, field-tested, or time-honored TTPs (i.e., Tactics, Techniques, and Procedures). Serving a wide array of security-wise needs such as baselining, forecasting, threat modeling, vulnerability discovery, and…

Read more →

Threat actors upgraded Typhon info-stealer to a version that has improved evading features against analysis and anti-virtualization mechanisms. The new Typhon Reborn V2 malware is currently advertised on a dark web forum. Typhon was first discovered in August 2022 and…

Read more →

Are you one of those people who get easily scared by pop-up ads and warning messages on your computer? If so, then beware! You might be falling for a common cybercrime tactic known as scareware. Scareware is a type of…

Read more →

A global law enforcement crackdown, dubbed Operation Cookie Monster, has led to the take down of one of the world’s biggest criminal marketplaces used by online fraudsters to buy passwords – Genesis Market. An FBI-led operation involving more than a…

Read more →

Researchers have unveiled a sophisticated and fast ransomware strain called Rorschach, previously undocumented. Malware experts discovered the new ransomware strain after a cyberattack on a U.S.-based company and described it as having “technically unique features”. Among the capabilities observed was the encryption…

Read more →

Researchers discovered a new malware that fakes legitimate Google Drive extensions to inject malicious scripts and steal cryptocurrency. The new Rilide malware targets Chromium-based browsers like Google Chrome, Microsoft Edge, Brave, and Opera. How Is Rilide Different Just like other…

Read more →

Western Digital announced that they discovered a network breach had affected their systems, starting March 26th. Threat actors managed to obtain unauthorized access to several of the Company’s systems. While law authorities are still investigating, Western Digital claims the intruder…

Read more →

Using the Shodan database, IT security researchers were able to track down 15 million vulnerable systems with vulnerabilities from the US cyber security authority CISA’s Known-Exploited-Vulnerabilities-Catalog (KEV). When KEV vulnerabilities are discovered, updates are usually available from the software manufacturer…

Read more →

Microsoft has patched a misconfiguration issue affecting the Azure Active Directory (AAD) identity and access management service that allowed unauthorized access to many “high-impact” applications. The vulnerabilities were reported to Microsoft in January and February 2022, after which the company…

Read more →

A new online threat actor has emerged: the Money Message ransomware gang. These cybercriminals are attacking companies all over the world, demanding millions of dollars in ransom for the decryption key and not leaking the stolen data. When Did Money…

Read more →

Threat actors are actively exploiting a high-severity vulnerability discovered in the popular plugin Elementor Pro. Elementor Pro is a WordPress page builder plugin with multiple functions that helps users to build professional-looking websites easily, without the need to know how…

Read more →

In today’s cybersecurity space, properly patching the machines and servers in your company can make the difference between a well-secured organization and a vulnerable one. SCCM is one of the most popular system management solutions on the market and has…

Read more →

Winter Vivern (aka TA473), a Russian hacking group, has been exploiting vulnerabilities (CVE-2022-27926) in unpatched Zimbra instances to access the emails of NATO officials, governments, military people, and diplomats. The CVE-2022-27926 flaw affects versions 9.0.0 of Zimbra Collaboration, which is…

Read more →

Ukraine’s Cyberpolice Department announced an operation during which they busted a phishing gang. The police arrested two scammers and confiscated equipment used for phishing frauds. Threat actors managed to steal $4,300,000 from over a thousand victims across the EU. The…

Read more →

In today’s world, a multitude of smart devices helps us to improve our lives, as we rely more and more on technology for a comfortable and efficient lifestyle – smart appliances, smart cars, smartwatches. Life as we know it is…

Read more →

An ongoing supply chain attack allegedly uses a digitally signed and trojanized variant of the 3CX Voice Over Internet Protocol (VoIP) desktop client to target the company’s clients. The 3CX Phone System engineered by the VoIP IPBX software development company…

Read more →

In today’s fast-paced world, identity management has become a crucial aspect of every organization. From securing sensitive data to ensuring compliance with regulations, effective Identity Lifecycle Management (ILM) is essential for businesses of all sizes. However, implementing an ILM strategy…

Read more →

The Department of Health and Social Care has established a cyber security program aimed at improving cyber resilience across the NHS and social care sectors in England over the next seven years. The use of technology to access health and…

Read more →

The increasing frequency and size of ransomware attacks are becoming a huge concern for thousands of organizations globally. All over the world, threat actors take advantage of security vulnerabilities and encrypt data belonging to all sorts of organizations: from private…

Read more →

User provisioning (also known as account provisioning) is a digital Identity and Access Management (IAM) process that involves creating employee/user accounts and their profiles and giving them appropriate rights and permissions across IT infrastructure and enterprise applications and systems. In…

Read more →

A new North Korean cyber operator has been attributed to a series of attacks conducted to gather strategic intelligence aligned with the state’s geopolitical interests. Security researchers, which are tracking the threat group’s activity under the moniker APT43, believe that…

Read more →

The National Crime Agency (NCA) from the U.K. launched several fake DDoS-as-a-service sites. The aim is to gather the details of people who try to utilize such services. The deceiving sites infiltrate the cybercrime market, and several thousand individuals accessed…

Read more →

A zero-day vulnerability in Crown Resorts’ GoAnywhere secure file-sharing server has led to a data breach at the largest gambling and entertainment company in Australia. The Blackstone-owned company operates complexes in Melbourne, Perth, Sydney, Macau, and London, and has an annual…

Read more →

A command-and-control server (C&C) is a computer that threat actors use to send instructions to compromised systems. Their goal is to direct infected devices into performing further malicious activities on the host or network. Hackers can use C&C or C2…

Read more →

Latitude Financial Services, the recently breached Australian loan giant, announces that the number of affected people reaches 14 million. On March 16, 2023, Latitude disclosed they were the victim of a cyberattack that resulted in 328,000 customer records being exfiltrated.…

Read more →

At least 50 US government officials are either suspected or confirmed to have been targeted by invasive commercial spyware designed to hack mobile phones, extract data, and track the movements of the victims. An executive order limiting the use of…

Read more →

Researchers discovered a new MacOS info-stealer that extracts documents, cookies, and login data from infected devices. MacStealer uses Telegram as a command-and-control platform to exploit MacOS machines from Catalina (10.15) and up to Ventura (13.2). It is delivered on the…

Read more →

According to the city of Philadelphia, cybersecurity recommendations have been issued in response to an Internal Revenue Service (IRS) warning against tax-based phishing attempts.  On day two of the annual Dirty Dozen tax scams campaign, the IRS warns again about…

Read more →

On Friday, March 24th, Twitter sent GitHub a copyright infringement notice, claiming some of the platform`s users leaked parts of their source code. GitHub, the Microsoft-owned service for software developers, reacted promptly and took down the code the same day.…

Read more →

Dole Food Company, one of the world’s largest suppliers of fresh fruit and vegetables, has revealed that it has been hit by a ransomware attack that disrupted its operations. The company is still looking into “the scope of the incident,”…

Read more →

Are you aware of QR code phishing or “quishing”? This form of social engineering attack is gaining popularity among cybercriminals eager to steal your data. In this article, we will find out what quishing is, how it works, and how…

Read more →

New cyber attacks against Middle Eastern telecommunications operators emerged in the first quarter of 2023. Based on technical overlaps, the intrusion set was identified as being the work of a Chinese cyber espionage actor associated with a long-running campaign dubbed…

Read more →

Today we are talking about one of the sneakiest cybersecurity threats out there: the logic bomb. The name might sound harmless, but this type of cyberattack can be hard to detect, can do all sorts of damage, and can even…

Read more →

Cyberthieves of today are adaptable – they are excellent at finding new ways to survive and evolve, such as creating new types of ransomware to attack our devices. Knowing the different types of ransomware attacks helps you plan your defenses…

Read more →

A new variant of the BlackGuard stealer has been discovered in the wild, with new features such as USB propagation, persistence mechanisms, the ability to inject more payloads into memory, and the ability to target more crypto wallets. BlackGuard’s New…

Read more →

The City of Toronto announced a data breach caused by GoAnywhere attacks. Clop ransomware, the gang responsible for exploiting the vulnerability in GoAnywhere also impacted UK’s Virgin Red and Pension Protection Fund. This week’s victims ad up to the other…

Read more →

In today’s digital age, cybersecurity is more important than ever before. Unfortunately, cybercriminals are constantly finding new ways to infiltrate networks and steal data. One of the most insidious methods they use is known as a drive-by download attack. This…

Read more →

Cybersecurity researchers found that Lionsgate, an entertainment industry giant, exposed the IP addresses and viewing habits of its subscribers. The investigators from Cybernews uncovered that the video-streaming service Lionsgate Play had exposed user information via a publicly accessible ElasticSearch instance.…

Read more →

Nmap is short for Network Mapper, an open-source tool used for IP and port scanning and app detection. System and network admins use it for network inventory, managing service upgrade schedules, and monitoring service uptime. At first, it was developed…

Read more →

Researchers discovered a new fake ChatGPT extension for Chrome in the official Chrome Store. This version steals Facebook session cookies, hijacking accounts. The malicious extension is a copy of “ChatGPT for Google”, a Chrome add-on, but with additional malicious code.…

Read more →

A new credit card hacking campaign is wreaking havoc, but this time it’s a little bit different. Instead of injecting the JavaScript code into the HTML of the store or of the checkout pages, this time threat actors are hiding…

Read more →

A new campaign is deploying variants of the ShellBot malware, specifically targeting poorly maintained Linux SSH servers. It seems the threat actors use scanner malware to find systems that have SSH port 22 open and proceed to install ShellBot on…

Read more →

A new backdoor dubbed PowerMagic and “a previously unseen malicious framework” named CommonMagic were utilized in assaults by an advanced threat actor, according to security researchers. Both malware pieces have been used since at least September 2021 in operations that…

Read more →

Hitachi Energy confirmed that it was the victim of a data breach, part of the GoAnywhere attacks. The Clop ransomware gang exploited a Fortra GoAnywhere MFT (Managed File Transfer) zero-day vulnerability to gain access. The Japanese engineering and technology giant…

Read more →

On March 20th, Ferrari announced they were victims of a cyberattack that could result in customers` data leakage. Threat actors claimed to have breached some of the Ferrari IT systems and sent a ransom demand. Ferrari N.V. announces that Ferrari…

Read more →

To avoid detection and launch of the payload, threat actors behind CatB ransomware used a technique called DLL search order hijacking. Based on code-level similarities, CatB, also known as CatB99 and Baxtoy, emerged late last year and is said to…

Read more →

Multiple spam campaigns targeting Bolivia, Chile, Mexico, Peru, and Portugal have been linked to a banking trojan called Mispadu that steals credentials and delivers other malicious payloads. Mispadu (aka URSA) can steal money, credentials, and act as a backdoor by taking…

Read more →

A cancer patient whose naked medical photos and records were stolen by a ransomware gang and posted online has sued her healthcare provider for allowing the “preventable” and “seriously damaging” data leak. The proposed class-action lawsuit stems from a February…

Read more →

Emotet malware returns after three months break and uses Microsoft OneNote attachments to avoid macro-based security restrictions. Threat actors initially tried to use Word and Excel docs for deploying the malware. But since Microsoft currently blocks macros by default for…

Read more →

In January, a Go-based botnet named HinataBot (named after the character from the popular anime series Naruto) was discovered exploiting old vulnerabilities and weak credentials in HTTP and SSH honeypots. HinataBot Overview According to Akamai’s SIRT team, the botnet exploited arbitrary…

Read more →

Stack smashing is a type of vulnerability that can lead to serious security breaches. This vulnerability occurs when a hacker exploits a flaw in a program’s memory allocation, causing the program to crash or execute arbitrary code. In this article,…

Read more →

As cyber-attacks continue to proliferate, it’s essential for organizations to stay ahead of the game when it comes to security. One area that requires particular attention is the Domain Name System (DNS). DNS attacks are more common than one might…

Read more →

Hackers use AI-generated YouTube videos to deploy Raccoon, RedLine, and Vidar malware. The videos look like tutorials on how to download Adobe Photoshop, Premiere Pro, Autodesk 3ds Max, AutoCAD, etc. for free. Some of the videos claim to show the…

Read more →

In operation since 2020, the Makop ransomware gang is classified as a tier-B ransomware gang. The threat actor has successfully targeted companies in Europe and Italy with its hybrid arsenal of custom-developed and off-the-shelf software tools despite its low classification.…

Read more →

BianLian is a ransomware group that first appeared in July 2022, successfully infiltrating several high-profile organizations. It seems that recently, the ransomware group has shifted its focus from encrypting its victims’ files to only exfiltrating and extorting data found on…

Read more →

This is the time to remind you again that online threats are always changing and so should your cybersecurity strategy. You know all the major types of cyberattacks that could impact your organization, but hackers took everything to another level…

Read more →

On Thursday, Latitude Group Holdings, an Australian company that handles digital payments and loans, revealed that a hacker had obtained the personal information of around 328,000 clients from two service providers by using staff login credentials. Around 103,000 identification documents…

Read more →

In today’s digital age, businesses are increasingly moving their operations to the cloud. However, with this shift comes numerous security risks that can compromise sensitive data and confidential information. That’s where Secure Access Service Edge (SASE) comes in: a cutting-edge…

Read more →

The cyber-research community raises concerns over an unpatched vulnerability that puts the Microsoft 365 suite at risk. Earmarked CVE-2023-23397, the vulnerability allows an unauthenticated threat actor to obtain the user’s credentials by passing along a crafted email package. Research suggests…

Read more →

On March 15, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a new vulnerability to its Known Exploited Vulnerabilities (KEV) catalog. The said vulnerability impacts Adobe ColdFusion and is actively exploited by threat actors. Details on the Vulnerability The…

Read more →

Threat actors are selling what they pretend to be data stolen from U.S. Marshals Service (USMS) servers in an incident that happened earlier this year. The post appeared on March 15 on a Russian-speaking hacking forum and advertises hundreds of…

Read more →

Remote work has become a highly popular and common practice around the world, especially now as companies allow a significant part of their employees to remain remote. However, while this practice increases flexibility, improves productivity, and enhances work-life balance, there’s…

Read more →

Software vendor SAP has released security updates to fix 19 vulnerabilities, five of which rated as critical. The patches released this month impact many products of the SAP suite, but the critical severity vulnerabilities affect SAP NetWeaver and SAP Business…

Read more →

After breaching the systems of Maximum Industries, the LockBit ransomware group claims to have stolen sensitive information related to SpaceX. Maximum Industries is a full-service, piece-part production, and contract manufacturing facility. The company provides CNC machining, laser cutting and waterjet…

Read more →

Rubrik, the cybersecurity giant, confirmed a data breach. The incident was caused by a large-scale attack using a zero-day vulnerability in the Fortra GoAnywhere platform. GoAnywhere is a secure data transfer business solution for encrypted files. The announcement comes after…

Read more →

Cyber Essentials is a practical, government-backed scheme that will assist you in protecting your UK-based organization, no matter how large or small, against a wide range of common cyber attacks. It assists the UK’s most critical organizations, the wider public…

Read more →

According to the FBI’s annual Internet Crime Report, investment fraud was the most common kind of internet criminal activity in 2022. The $3.3 billion paid by victims increased from $1.45 billion in 2021, which is a 127% jump. The report…

Read more →

The Dark Pink APT has been linked to a new wave of attacks using the KamiKakaBot malware against government and military entities in Southeast Asian countries. In January, Group-IB published an in-depth study of Dark Pink, also known as Saaiwc,…

Read more →