Category: Heimdal Security Blog

The ADV airport association reported that the websites of seven German airports were hit by a suspected cyber attack on Thursday. Düsseldorf, Nuremberg, and Dortmund airports were among those impacted, but the websites for Germany’s three busiest airports: Frankfurt, Munich,…

Read more →

As a result of the ransomware attack that occurred on February 8, 2023, the city of Oakland has declared a local state of emergency. The ransomware attack against the City of Oakland was publicly disclosed last week; the date of…

Read more →

Heimdal® has recently launched an investigation into a massive smishing campaign, deliberately targeting Romanian telecom customers. The data collected so far reveals that the threat actor or APT behind the fake customs invoicing smishing campaign is attempting to maliciously collect…

Read more →

Vladislav Klyushin, a Russian citizen, was found guilty in the U.S. of stealing private earnings reports for a hack-to-trade scam. He was part of a global scheme that earned him $90,000,000. The defendant hacked the networks of two U.S.-based filing…

Read more →

Security breaches can have a devastating effect on an organization. That’s why developing an endpoint security plan is critical in protecting against malicious actors who seek to steal or damage the data and assets owned by a company. In this…

Read more →

South Korean automakers Hyundai and KIA are deploying an emergency software update to several of their car models. The update is meant to patch a vulnerability that made it possible for car thefts to hotwire vehicles using a USB cable.…

Read more →

Keep in mind that the primary goal of every cybercriminal is to make as much money as possible. So, the apparition of the cybercrime-as-a-service (CaaS) model was the next inevitable step in pursuing this goal. CaaS, as an organized action,…

Read more →

Transmission Control Protocol (TCP) is a fundamental communication protocol, used in computer networks, that does exactly what its name says: it controls how data is transmitted between two systems – the client and the server, and it makes sure this…

Read more →

Nslookup is a command-line tool that helps you perform DNS queries. The Name Server Lookup (nslookup) command helps server administrators check DNS records. By using it they can find out data like domain names, IP addresses, the ports in use,…

Read more →

Also known as operational security or procedural security, OPSEC is a security and risk management process that prevents sensitive information from falling into the hands of malicious actors. Originating in the military, OPSEC became a popular practice in the private…

Read more →

When your organization is facing a critical incident, having an effective way to manage it is essential for both managerial and financial outcomes. That’s why understanding how Critical Event Management works and how it can help you keep your organization…

Read more →

Protecting your computer from malicious attacks is an important part of keeping it safe and secure. But with the vast array of antivirus and anti-malware programs available, it can be difficult to determine which one is best for your needs.…

Read more →

On Monday, Microsoft attributed a China-based cyberespionage actor to a set of attacks targeting diplomatic entities in South America. Its Security Intelligence team is tracking the cluster under the emerging name DEV-0147. ShadowPad is said to be used by the threat actor…

Read more →

Community Health Systems (CHS) reported that an attack targeting a zero-day vulnerability in Fortra’s GoAnywhere platform exposed the data of 1 million of its patients. Fortra alerted them stating they had been victims of a cyberattack that compromised some of…

Read more →

Researchers discovered that the Tap Busters: Bounty Hunters app had left their database open to the public for at least five months, exposing users’ private conversations. Additionally, sensitive data was hardcoded into the client side of the app, making it…

Read more →

Patch Tuesday February comes with 13 new security patches for OS-based and browser-specific vulnerabilities. No zero-day bugs have been addressed this month. So, without further ado, here’s what the second month of 2023 looks like in terms of vulnerability management.…

Read more →

Spain’s National Police and the United States Secret Service have busted a Madrid-based international cybercrime ring of nine members who stole over €5 million from individuals and North American businesses. The cybercrime gang specializes in online scams, using social engineering,…

Read more →

Threat actors breached Pepsi Bottling Ventures LLC`s network and successfully installed info-stealing malware. The incident happened on or around December 23rd, 2022, and the team discovered it 18 days later, on January 10th, 2023. It took the IT team another…

Read more →

Blockchain analysts have discovered that North Korean hackers are laundering cryptocurrency proceeds from their heists despite U.S. sanctions. Through a single crypto-mixing service called Sinbad, the advanced persistent threat known as Lazarus Group has laundered about $100 million in stolen Bitcoin…

Read more →

Oakland was hit by a ransomware attack on Wednesday night, forcing the city to take all systems offline until the network can be secured and affected services restored. The good news is, that the city reported that 911 dispatch, fire,…

Read more →

U.S. and South Korean cybersecurity and intelligence agencies warned in a joint advisory that North Korean hackers are launching ransomware attacks against healthcare and critical infrastructure facilities to fund illicit activities. The attacks, which demand cryptocurrency ransoms in exchange for…

Read more →

Technion Institute of Technology in Israel fell victim to a ransomware attack. The attack was claimed by DarkBit, a new ransomware group that aims to associate its actions with hacktivism. According to the ransomware note, the attack is a way…

Read more →

Remote Code Execution (RCE) is an attack technique used by black-hat hackers to run malicious code on the victim’s machine and is more than often confused with ACE (i.e., Arbitrary Code Execution), another code execution class attack technique, which primarily…

Read more →

Switching from Antivirus to an Endpoint security solution will offer you not only better cybersecurity but also a centralized and easy-to-handle security management system. These two may look the same to an inexperienced eye but take a closer look. Then…

Read more →

A new custom-made malware, the Screenshotter, surveils the victims before stealing data. The threat actor called TA886 is utilizing this malware to target users from the United States and Germany. Researchers first spotted the campaign in October 2022, but its…

Read more →

Indigo Books & Music, the largest bookstore chain in Canada, experienced a cyber attack, leading the company to temporarily shut down its website and only allow cash payments. The details of the incident have yet to be determined, but Indigo…

Read more →

Have you ever wondered what the concept of IT asset refers to and what is its importance to your business? Continue reading to find your answer! IT Asset: Definition By definition, an IT asset is a piece of hardware or…

Read more →

In today’s digital world, it is more important than ever to be able to identify and assess any potential threats to your business. That’s why User and Entity Behavior Analytics (UEBA) is becoming such an invaluable asset for businesses of…

Read more →

Are you on the lookout for threat-hunting tools? If so, you’ve come to the right place.  Compared to network security systems that include appliances such as firewalls that monitor traffic as it flows through a scenario, threat hunting is a…

Read more →

Popular website Reddit suffered a cyberattack Sunday evening, which allowed hackers to access internal business systems and to steal internal documents and source code. According to statements from the company, the threat actors used a phishing lure targeting Reddit employees…

Read more →

As part of a new coordinated action against international cybercrime, the UK and the US have sanctioned seven Russian cyber criminals today (Thursday, 9 February). Several ransomware strains have been developed or deployed by these individuals that have targeted the UK…

Read more →

Control-Alt-Delete is the combination of the Control key, the Alt key, and the Delete key that a user may press at the same time on a personal computer to end an application task or to reboot the operating system. What…

Read more →

The API is a fundamental component of innovation in the world of apps we live in today. APIs are an essential component of modern mobile, SaaS, and web apps and can be found in partner-facing, internal, and applications for banks,…

Read more →

Cybersecurity researchers published a list of proxy IP addresses used by the pro-Russian group Killnet to neutralize its attacks. The list, which contains over 17,746 IPs, was disclosed by SecurityScorecard researchers. Since March 2022, the Killnet group has launched DDoS attacks…

Read more →

Copenhagen, February 9th, 2023 – Heimdal unveils a consolidated new name with a bold and distinct new visual identity as a part of an extensive rebranding initiative. As of February 9th, 2023, we are consolidating our name and getting a brand-new…

Read more →

Four malicious Dota 2 game mods that were used by a threat actor to backdoor the players’ systems have been found by security experts. To target players, the threat actors published the mods for the wildly popular MOBA game on…

Read more →

The healthcare company AmerisourceBergen confirmed a data breach in the IT system of one of its subsidiaries. The announcement comes after the Lorenz ransomware posted what the threat actor claims to be exfiltrated data from the pharmaceutical distributor. AmerisourceBergen has…

Read more →

A new variant of the Mirai-based Medusa DDoS (distributed denial of service) botnet has been discovered in the wild, equipped with a ransomware module and a Telnet brute-forcer. The Medusa malware (not to be confused with the Android malware with the…

Read more →

An industrial control system (or ICS) is a type of computer system that monitors and controls industrial processes and infrastructure. ICSs are used in a variety of industries, including oil and gas, chemical, water and wastewater, energy, food and beverage,…

Read more →

On Tuesday, 6 February 2023, Denis Mihaqlovic Dubnikov, a Russian citizen, pleaded guilty to the accusations of laundering ransomware money. The money came from cyberattacks made by the Ryuk ransomware group in the span of three years. Dubnikov is a…

Read more →

SYN flood is a type of denial-of-service (DoS) attack in which a threat actor floods a server with several requests, but doesn’t acknowledge back the connection, leaving it half-opened, usually with the purpose of consuming server resources, which leads to…

Read more →

Weee!, a US-based grocery delivery platform, had been the victim of a cyberattack resulting in the data leakage of 11 million customers. Some of the logs included door codes that couriers use to enter buildings. Weee! is an online platform…

Read more →

Last summer, threat actors began using Sliver as an alternative to Cobalt Strike, employing it for network surveillance, command execution, reflective DLL loading, session spawning, and process manipulation. Recently observed attacks target two 2022 vulnerabilities in Sunlogin, a remote-control software…

Read more →

Pix is an instant payment platform developed and managed by the Central Bank of Brazil (BCB), which enables quick payment and transfer execution, with over 100 million registered accounts worldwide. A new strain of mobile malware targeting Brazil and other…

Read more →

The „Holy Souls” or NEPTUNIUM threat group is considered responsible for the recent attack on the satirical French magazine Charlie Hebdo. The group is known to be backed up by the Iranian state and was previously sanctioned by the U.S.…

Read more →

Container security is a vital factor for all companies that use containers for running their software, as an alternative to using virtual machines (VMs). Container security is a total of policies and tools that are applied to maintain a container…

Read more →

Endpoints are one of the hackers` favorite gates to attacking organizations` networks. Check out our top 10 endpoint security best practices that will keep you safe and help prevent cyberattacks. Setting foot into only one of the connected devices can…

Read more →

Threat actors breached Tallahassee Memorial HealthCare`s (TMH) security system last Thursday. As a result, the whole IT system had to be taken offline and thoroughly checked, while non-emergency procedures were suspended. All patients requiring emergency services were taken to other…

Read more →

A new wave of ransomware attacks is targeting ESXi hypervisors. VMware ESXi is a hypervisor developed by VMware that is enterprise-class and type-1. It is used to install and maintain virtual machines. A patch for CVE-2021-21974 has been available since February…

Read more →

Since September 2021, over a thousand vulnerable Redis servers online have been infected by a stealthy malware dubbed “HeadCrab”, designed to build a botnet that mines Monero cryptocurrency. At least 1,200 servers have been infected by the HeadCrab malware, which…

Read more →

According to the Dutch National Cybersecurity Center (NCSC), several hospitals from European countries supporting Ukraine have been targeted by pro-Russian threat actors, including their own UMCG hospital in Groningen. UMCG Groningen Shutdown The cause behind UMCG’s shutdown seems to be…

Read more →

In today’s digital world, security is a major concern for anyone interacting online. Have you ever seen a pop-up asking for permission to post on your social media feed, access your smart devices, or share files across different platforms? It’s…

Read more →

1,894 web injects (overlays of phishing windows) are for sale on Russian cybercrime forums. The threat actor that advertises them, called InTheBox, offers affordable deals and prices. The phishing windows are meant to steal credentials from banking, cryptocurrency exchange, and…

Read more →

Whether your company is subject to stringent cybersecurity regulatory requirements or you want to strengthen your overall security, encryption as a service is an effective way to protect sensitive data at rest and in transit. The thing is, many businesses…

Read more →

In a previous article, we talked about the core differences (and similarities) between SOAR and XDR. And because no SecOps specialist should be without an adequate toolkit, here are some SOAR tools you can try out to up your security…

Read more →

When you think of ‘hacking’, some things that might come to mind would be bad persons with criminal intent trying to infiltrate our systems and steal our data, or maybe ‘hacking’ scenes from popular movies. Hackers are usually the threat…

Read more →

A Server-Side Request Forgery attack (SSRF) is a security vulnerability in which a hacker tricks a server into accessing unintended resources on his behalf. An SSRF attack can lead to sensitive information being leaked or the attacker gaining control of…

Read more →

Before we dive in, you might have heard the good news. This past week, on January 26th, to be exact, the FBI successfully shut down the Hive ransomware group and saved victims over a hundred million dollars in ransom payments…

Read more →

New versions of Prilex point-of-sale (POS) malware have been spotted in the wild. Their new capabilities include blocking Near Field Communication (NFC) credit card transactions. This way clients are obliged to use the machine to pay, allowing the malicious code…

Read more →

Russian hackers have claimed responsibility for a cyberattack that took more than a dozen US hospitals’ websites offline on Monday morning. Killnet, a pro-Russian hacking group infamous for DDoS attacks over the last year, claims to have taken down the…

Read more →

Google Fi, the cell network provider of Google, recently confirmed a data breach. It is likely that the incident is related to the recent T-Mobile security incident, which allowed threat actors to steal the information of millions of customers. Based…

Read more →

The LockBit ransomware gang has resumed using encryptors based on other operations, switching to one based on the Conti ransomware‘s leaked source code. Since its inception, the LockBit operation has gone through several iterations of its encryptor, beginning with a…

Read more →

One of the major topics of cybersecurity is sheltering your data against data breaches. And while many Internet users have in place measures to protect their information from hackers’ hands while using them, once they delete the data, they might…

Read more →

A Google ads malvertising campaign was found using KoiVM virtualization technology to install the Formbook data stealer without being spotted by antiviruses. MalVirt loaders are promoted by threat actors in advertising that appears to be for the Blender 3D program.…

Read more →

Monday, GitHub announced that unidentified threat actors were able to exfiltrate encrypted code signing certificates for certain versions of the GitHub Desktop for Mac and Atom applications. Therefore, the company is taking the precautionary action of canceling the exposed certificates.…

Read more →

It was recently discovered that a U.S. No Fly list, containing over 1.5 million records of banned flyers and 250,000 ‘selectees’ has been found published on a hacking forum. According to BleepingComputer, it’s the same TSA No Fly list that…

Read more →

DHCP, or Dynamic Host Configuration Protocol, is a network protocol that allows devices on a network to be automatically assigned an IP address. DHCP is used extensively in both home and enterprise networks, as it simplifies the process of configuring…

Read more →

The U.K. sports-fashion retail company JD Sports announced that one of its servers suffered a data breach. The server was holding details about the online orders of 10 million customers. All the information stored in the attacked server related to…

Read more →

Since September 2021, over a thousand vulnerable Redis servers online have been infected by a stealthy malware dubbed “HeadCrab”, designed to build a botnet that mines Monero cryptocurrency. At least 1,200 servers have been infected by the HeadCrab malware, which…

Read more →

In today’s digital world, security is a major concern for anyone interacting online. Have you ever seen a pop-up asking for permission to post on your social media feed, access your smart devices, or share files across different platforms? It’s…

Read more →

According to the Dutch National Cybersecurity Center (NCSC), several hospitals from European countries supporting Ukraine have been targeted by pro-Russian threat actors, including their own UMCG hospital in Groningen. UMCG Groningen Shutdown The cause behind UMCG’s shutdown seems to be…

Read more →

1,894 web injects (overlays of phishing windows) are for sale on Russian cybercrime forums. The threat actor that advertises them, called InTheBox, offers affordable deals and prices. The phishing windows are meant to steal credentials from banking, cryptocurrency exchange, and…

Read more →

A Server-Side Request Forgery attack (SSRF) is a security vulnerability in which a hacker tricks a server into accessing unintended resources on his behalf. An SSRF attack can lead to sensitive information being leaked or the attacker gaining control of…

Read more →

When you think of ‘hacking’, some things that might come to mind would be bad persons with criminal intent trying to infiltrate our systems and steal our data, or maybe ‘hacking’ scenes from popular movies. Hackers are usually the threat…

Read more →

Before we dive in, you might have heard the good news. This past week, on January 26th, to be exact, the FBI successfully shut down the Hive ransomware group and saved victims over a hundred million dollars in ransom payments…

Read more →

New versions of Prilex point-of-sale (POS) malware have been spotted in the wild. Their new capabilities include blocking Near Field Communication (NFC) credit card transactions. This way clients are obliged to use the machine to pay, allowing the malicious code…

Read more →

Russian hackers have claimed responsibility for a cyberattack that took more than a dozen US hospitals’ websites offline on Monday morning. Killnet, a pro-Russian hacking group infamous for DDoS attacks over the last year, claims to have taken down the…

Read more →

Google Fi, the cell network provider of Google, recently confirmed a data breach. It is likely that the incident is related to the recent T-Mobile security incident, which allowed threat actors to steal the information of millions of customers. Based…

Read more →

Monday, GitHub announced that unidentified threat actors were able to exfiltrate encrypted code signing certificates for certain versions of the GitHub Desktop for Mac and Atom applications. Therefore, the company is taking the precautionary action of canceling the exposed certificates.…

Read more →

It was recently discovered that a U.S. No Fly list, containing over 1.5 million records of banned flyers and 250,000 ‘selectees’ has been found published on a hacking forum. According to BleepingComputer, it’s the same TSA No Fly list that…

Read more →

DHCP, or Dynamic Host Configuration Protocol, is a network protocol that allows devices on a network to be automatically assigned an IP address. DHCP is used extensively in both home and enterprise networks, as it simplifies the process of configuring…

Read more →

The U.K. sports-fashion retail company JD Sports announced that one of its servers suffered a data breach. The server was holding details about the online orders of 10 million customers. All the information stored in the attacked server related to…

Read more →

Researchers have identified the real-world identity of the threat actor behind Golden Chickens Malware-as-a-Service (MaaS), known as “badbullzvenom.” A 16-month-long investigation by eSentire’s Threat Response Unit revealed multiple instances of the badbullzvenom account being shared between two individuals. The second threat…

Read more →

Researchers discovered a new attack on a Ukrainian target performed by Russian threat actors that used a new wiper malware that compromises the Windows operating system. SwiftSlicer, as the new malware was named, is attributed to the Sandworm malicious group…

Read more →

Cybersecurity researchers uncovered a new strain of ransomware named Mimic. Mimic uses Everything API, a file search tool for Windows, to search for files to encrypt. Some of the code in Mimic is similar to that found in Conti, whose…

Read more →

Threat detection and response (TDR) is an increasingly important approach to security as organizations struggle to keep up with the growing number of cyberattacks. TDR combines several technologies and processes to detect, analyze, and respond to malicious activity on networks,…

Read more →

Windows’ celebrated CLI (i.e., Command-Line Interpreter) is, without a doubt, a treasure trove of hidden features, tools, and settings. Although a bit off-putting given its lackluster GUI, Command Prompt lets you tap into every area of your Operating System, from…

Read more →

We are sure that you already heard of spyware, but are you curious to dive deeper into the consequences and types of this malware infection? This sneaky malicious software may be collecting your data as we speak, with only a…

Read more →

As industry experts continuously predict that cybercrime will only get worse in the following years, we see that the digital world is keen to find and implement new strategies to bolster cybersecurity. Today I am going to talk about one…

Read more →

One of the most recent finds exposed the Aurora Stealer malware imitating popular applications to infect as many users as possible. Cyble researchers were able to determine that, in order to target a variety of well-known applications, the threat actors…

Read more →

As organizations are increasingly dealing with security concerns, there is a need for more sophisticated access control mechanisms to ensure only authorized personnel have access to sensitive information. But what exactly is the difference between Role-Based Access Control (RBAC), Attribute-Based…

Read more →

Federal authorities have taken down a website run by a notorious ransomware gang known to extort millions of dollars from victims as part of a global cybercrime operation. The FBI seized a cache of computer servers supporting the Hive group…

Read more →

Flaws found in the Galaxy App Store gave attackers the ability to install apps without the user’s knowledge and send them to malicious sites. Samsung was notified regarding flaws CVE-2023-21433 and CVE-2023-21434, in November and December 2022. After flagging the…

Read more →

The ever-changing landscape of cybersecurity makes it harder for companies to keep up with the malicious intents of threat actors. Each day, new vulnerabilities can appear in your systems, which can give threat actors the chance they needed to breach…

Read more →

SEO poisoning attacks have been on the rise in recent years, as more and more people are using search engines to find information online. Attackers are constantly coming up with new ways to exploit SEO vulnerabilities, so it’s important to…

Read more →

On January 25th, Killnet Russian activist threat group put several German websites offline after performing a DDoS attack. The hackers claimed they targeted government websites, banks, and airports as a reaction to Germany`s decision to supply Ukraine with 2 Leopard…

Read more →

The Federal Bureau of Investigation (FBI) has confirmed that the cyberattacks on Harmony Horizon, which resulted in the theft of $100 million worth of Ethereum, were coordinated by North Korean state-sponsored hacking group, Lazarus. The North Korean APT has moved…

Read more →

A phishing scam using legitimate remote monitoring and management (RMM) software was used to target at least two federal agencies in the U.S. Specifically, cyber-criminal actors sent phishing emails that led to the download of legitimate RMM software – ScreenConnect…

Read more →

Ransomware infiltrates and hinders everything from healthcare organizations to energy distribution pipelines. This is why having an idea of the main vector of ransomware attacks is hugely beneficial, not to say imperative for your organization’s safety. Did you know that…

Read more →

Last week, video game developer Riot Games, which is behind popular games such as League of Legends and Valorant had its development environment compromised by threat actors through a social engineering attack. This week, the attackers demanded a $10 million…

Read more →