U.S. government service contracting giant Maximus has disclosed a data breach warning that threat actors stole the personal data (including Social Security numbers and protected health information) of 8 to 11 million people by exploiting a vulnerability in MOVEit Transfer.…
Tag: Heimdal Security Blog
The Road to Redemption: Ransomware Recovery Strategies for Businesses
Ransomware attacks have become one of the most significant cybersecurity threats facing businesses and organizations today. These malicious attacks encrypt valuable data, rendering it inaccessible to users until a ransom is paid to the attackers. Despite investing in robust cybersecurity…
Cyberattack Investigation Shuts Down Ambulance Patient Records System
A cyber attack on health software company Ortivus has led to the shutdown of the ambulance patient records system, affecting several UK NHS ambulance organizations. The attack occurred on July 18 and impacted UK customer systems within Ortivus’s hosted data…
Terrestrial Trunked Radio System Vulnerable to Leakage and Message Injection
Dutch researchers revealed 5 vulnerabilities in the Terrestrial Trunked Radio (TETRA) that could expose government organizations and critical infrastructure communication to third parties. Two of the collectively called TETRA:BURST flaws, CVE-2022-22401 and CVE-2022-22402, were rated critical. TETRA is used for…
Norwegian Government`s System Breached over Ivanti EPMM Zero-Day
The Norwegian National Security Authority (NSM) revealed that threat actors exploited the CVE-2023-35078 zero-day vulnerability in Ivanti’s Endpoint Manager Mobile (EPMM) to target the Norwegian Government. According to the Norwegian authorities, the attack did not impact the Prime Minister’s Office,…
Yamaha Confirms Cyber Attack on Its Canadian Division
Yamaha’s Canadian music division has confirmed that it fell victim to a recent cyberattack, as two separate ransomware groups claimed responsibility for targeting the company. Yamaha Corporation, a renowned Japanese manufacturer of musical instruments and audio equipment, experienced unauthorized access…
New Vulnerability Puts 926,000 MikroTik Routers at Risk! Users Urged to Patch
Researchers found a critical ‘Super Admin’ privilege elevation vulnerability that impacts MikroTik devices. Over 900,000 RouterOS routers are at risk and security specialists advise users to apply available patches immediately. CVE-2023-30799 enables remote and authenticated threat actors to escalate privileges…
Lazarus APT Group Targets Windows IIS Web Servers to Distribute Malware
Recently, cybersecurity specialists made a concerning discovery regarding the North Korean state-sponsored Lazarus APT group. The ASEC team found that the group is actively targeting Windows Internet Information Service (IIS) web servers as a means to distribute malware. Lazarus employs…
Open Source Software Supply Chain Attacks Spotted Targeting the Banking Sector
Analysts from Checkmarx uncovered a number of attacks on the banking industry’s open-source software supply chain in the first half of 2023. According to the experts, these attacks targeted specific components of web assets used by banks and employed sophisticated…
Patch Tuesday July 2023 – Microsoft Publishes Bug Fixes for 142 Vulnerabilities [UPDATED]
The second month of summer comes a-calling with a hefty list of bug fixes; throughout July, Microsoft has released no lesst than 142 patches for various types of vulnerabilities, with scores ranging from Important to Critical. Without further ado, here’s…
What Is Mobile Device Management? Role in Endpoint Security and Benefits
Mobile device management (MDM) is software that enables IT teams to supervise and secure all mobile endpoints in a company`s digital perimeter: laptops, tablets, smartphones, etc. In the age of remote & hybrid work, an MDM strategy is an essential…
Stolen Microsoft Key: The Impact Is Higher Than Expected
Earlier this month, Microsoft and CISA disclosed a security incident and attributed it to the Chinese threat group Storm-0558. The threat actors stole a Microsoft consumer signing key, which was initially thought to have provided them with access to Exchange…
Mallox Ransomware Witnessing Alarming Surge in Activity
The Mallox ransomware group, also known as TargetCompany, Fargo, and Tohnichi, has become increasingly active, signaling a significant shift in its operations. According to recent findings, Mallox’s ransomware activities in 2023 have seen a staggering 174% increase compared to the…
Critical Zyxel Firewall Vulnerability Exploited in DDOS Attacks
Multiple DDoS botnets have actively exploited a critical vulnerability discovered in Zyxel firewall models, as revealed by cybersecurity researchers. Tracked as CVE-2023-28771, this flaw explicitly impacts Linux platforms and enables remote attackers to gain unauthorized control over vulnerable systems, effectively…
New Severe Vulnerabilities Found in AMI MegaRAC BMC Software
Security Researchers warn about finding new vulnerabilities in the AMI MegaRAC Baseboard Management Controller (BMC) software. The flaws, rated from high to critical, open the way for threat actors to deploy malware and succeed in remote code execution (RCE). Lots…
XDR vs EDR – A Comparison
Cybersecurity purchasers and providers must adopt a new way of thinking in response to the more sophisticated cyberthreats that keep emerging. The necessity for more thorough and integrated approaches to cybersecurity is highlighted by the fact that traditional cybersecurity solutions…
Adobe Releases Patches to Fix Three New ColdFusion Vulnerabilities
Adobe released an emergency ColdFusion security update meant to fix critical vulnerabilities, including a new zero-day vulnerability. Adobe fixed three vulnerabilities as part of their out-of-band update: CVE-2023-38204: a critical remote code execution (RCE) vulnerability (9.8 rating); CVE-2023-38205: a critical…
BlackCat and Clop Claim Cyberattack on Beauty Giant Estée Lauder
Cosmetic conglomerate Estée Lauder has been listed on the data leak sites of two of the most active threat groups today, ALPHV/BlackCat and Clop. The BlackCat gang mocked the security of Estée Lauder in a message to the company, saying…
Tampa General Hospital Reports Cybercriminals Stole 1.2M Patient Data
Tampa General Hospital announced on Wednesday evening that cybercriminals breached its network and stole files containing the personal health information (PHI) of about 1.2 million patients. Located on Davis Island in Tampa, Florida, Tampa General Hospital (TGH) is a not-for-profit,…
P2PInfect: A New Worm Targets Redis Servers on Linux and Windows
P2PInfect is a new cloud-targeting, peer-to-peer (P2P) worm recently discovered by cybersecurity researchers, that targets vulnerable Redis instances for follow-on exploitation. Researchers William Gamazo and Nathaniel Quist said that P2PInfect exploits Redis servers running on both Linux and Windows OS,…
The Crucial Role of Cyber Essentials in the UK Public Sector
The United Kingdom’s public sector is undergoing a digital transformation, relying increasingly on technology to enhance service delivery, streamline operations, and foster improved engagement with citizens. As government organizations continue to embrace technological advancements, they also face a growing array…
Zero-Day Alert! Critical Flaw in Citrix ADC and Gateway Exploited in the Wild
Citrix urged customers to patch NetScaler ADC and Gateway products after discovering a critical-severity zero-day vulnerability. The flaw was dubbed CVE-2023-3519, ranked 9.8 on the CVSS, and was observed exploited in the wild. The company released updated versions of the…
New Cloud Credential Stealing Campaign Targets Microsoft Azure and Google Cloud
In June 2023, a threat actor was linked to a cloud credential stealing campaign that targeted Microsoft Azure and Google Cloud Platform (GCP) services, expanding the adversary’s scope of attack beyond Amazon Web Services (AWS). After conducting investigations, security researchers…
BlackCat Alphv Ransomware
The ransomware operation known as BlackCat, also referred to as Alphv ransomware, has been utilized by members of the Alphv group since November 2021. During the last few years, BlackCat has demonstrated a clear upward trajectory in its operations. Their…
BlueKeep: Understanding the Critical RDP Vulnerability
What Is the BlueKeep Vulnerability? BlueKeep is a software vulnerability that affects older versions of Microsoft Windows. Also known as CVE-2019-0708, the vulnerability first emerged in 2019 and is a “wormable” remote code execution vulnerability, being noted first by the…
Just-in-Time Access Explained. What It Means, Benefits and Best Practices of JIT
The concept of Just-in-Time Access has been around for decades but it is only recently that it has become popular in the cybersecurity realm. One reason for this popularity is the increase in cyberattacks and data breaches. With more attacks…
Micro-Segmentation: Strengthening Network Security Through Granular Control
In the interconnected realm of digital technology, safeguarding cybersecurity has become an utmost priority for organizations. Traditional security approaches, such as relying solely on perimeter-based defenses, have proven insufficient in defending against sophisticated cyber threats. Consequently, a paradigm shift has…
Zoom Vulnerabilities Allow Attackers to Escalate Privileges
Six high-severity and one low-severity vulnerability patches have been released by Zoom. These flaws, if left unattended, would allow threat actors to escalate privileges and gain access to sensitive data. The vulnerabilities were assigned CVSS Scores ranging from 3.3 (low)…
Chinese Hackers Breach Government Email
Microsoft has revealed that Chinese hackers successfully accessed the email accounts of various government organizations. The breach was reportedly detected only weeks after the activity began. According to Microsoft, an entity based in China, named Storm-0558, managed to gain access…
What Is Advanced Endpoint Protection. Key Features and Benefits
Advanced Endpoint Protection (AEP) is an AI-powered cybersecurity toolkit that focuses on detecting and preventing unknown cyber threats from harming a company`s endpoints. In today`s business landscape, where many employees work remotely, protecting assets turned out to be more and…
International Diplomats Targeted by Russian Hacking Group APT29
Russian state-sponsored hacking group ‘APT29,’ also known as Nobelium or Cloaked Ursa, has employed innovative tactics to target diplomats in Ukraine, using car listings as unconventional lures. APT29, which is associated with the Russian government‘s Foreign Intelligence Service (SVR), has…
11 Million Patients` Data Stolen in HCA Healthcare Data Breach
HCA Healthcare, one of the largest health companies in the USA, announced on July 10th it was the target of a huge data breach. The cyberattack impacted 1,038 hospitals and physician clinics across 20 states. All in all, 11 million…
EU Healthcare: ENISA Reports that 54% of Cyber Threats Are Ransomware
The European Union Agency for Cybersecurity (ENISA) has released its first cyber threat landscape report for the health sector, revealing that ransomware is responsible for 54% of cybersecurity threats in the industry. The comprehensive analysis, based on over two years…
Deutsche Bank, ING, and Postbank Customers` Data Exposed in Breach
Deutsche Bank, ING Bank, Postbank, and Comdirect recently announced they suffered customer data leaks. Reportedly, the four European giant banks were using the same third-party business vendor, who fell victim to a MOVEit data-theft attack. The Attack Revealed On July 3rd,…
Zero-day Alert! Microsoft Unpatched Vulnerability Exploited in NATO Summit Attacks
Microsoft warns that hackers are exploiting an unpatched zero-day present in several Windows and Office products. The bug enables malicious actors to gain remote code execution via malicious Office documents. Researchers claim the vulnerability was observed in attacks targeting organizations…
UK Cyber Extortion Rose by 39% in One Year, International Law Firm Reveals
The number of cases of online extortion reported to the police rose by almost 40% in 2022 compared to the previous year, according to Reynolds Porter Chamberlain, an international commercial law firm from the UK. Action Fraud, the UK’s national…
What Is a DNS Rebinding Attack? Vulnerabilities and Protection Measures
DNS rebinding compromises the way domain names are resolved and is a technique threat actors use in cyberattacks. In this type of DNS attack, a malicious website directs users to launch a client-side script that will attack other devices in…
New Ransomware Strain Discovered: Big Head
A new ransomware strain emerged: Big Head uses fake Windows updates and Microsoft Word installers to spread. Researchers analyzed three samples to establish the infection vector and how the malware executes. Although the variants may differ, they originate from the…
Automated Patch Management Explained: Benefits, Best Practices & More
There are premises outside of economic implications that draw attention to the importance of Automated Patch Management processes. Keeping systems well informed about the newly-released patches is no longer just a recommendation, it’s a necessity. As defined by our Cybersecurity…
A New Banking Trojan on the Rise: TOITOIN Banking Trojan
TOITOIN is a new Windows-based banking trojan active since 2023. The malware targets businesses operating in Latin America (LATAM), researchers at Zscaler say, employing a multi-stage infection chain and custom-made modules. These modules are custom designed to carry out malicious…
StackRot: A New Linux Kernel Flaw Allows Privilege Escalation
A new vulnerability has been found by security researchers. Dubbed StackRot, the Linux Kernel flaw is impacting versions 6.1 through 6.4. The flaw is tracked as CVE-2023-3269 and is a privilege escalation issue. An unprivileged local user can trigger the…
Top Data Breaches in 2023: Alarming Incidents Impacting Companies
The year 2023 has witnessed a surge in data breaches and cyberattacks, posing significant challenges for organizations striving to safeguard sensitive information. Recent high-profile attacks targeting various industries, including healthcare, finance, retail, government, manufacturing, and energy, highlight the evolving threat…
Malicious Insider Explained: The Call is Coming from Inside the House
For the most part, today’s modern workplace has grown accustomed to cyberattacks directed by third parties that are external to the organization. But what can you do when the call is coming from inside the house? How can you successfully…
CISA, FBI: A New Version of the Truebot Malware Is Actively Used in Attacks
A new warning was issued by CISA and the FBI! Organizations across the United States and Canada have been targeted in attacks that use a new variant of the Truebot malware. The malware takes advantage of a remote code execution…
RedEnergy Stealer Ransomware: A New Threat Targeting Critical Infrastructure
A new strain of ransomware called RedEnergy Stealer has recently emerged, posing a significant threat to critical infrastructure systems worldwide. This sophisticated malware has caught the attention of security experts due to its highly targeted approach and potential for devastating…
SMUGX Campaign Targets European Entities
In a recent cyberattack that has raised alarm bells across Europe, several entities in the region have become victims of a sophisticated campaign known as SMUGX. The attackers, believed to be Chinese hackers, have employed a novel technique called HTML…
Internal Threats: A Major Risk to Any Business
As Daniel Wanderson wrote for Security Boulevard, a CEO must consider every aspect of his/her business – and cybersecurity is one of the most important ones since anyone can become the victim of a cyber attack. At any minute, you…
Linux Ransomware Exposed: Not Just a Windows Problem Anymore
In the ever-evolving landscape of cyber threats, ransomware has emerged as a pervasive menace, causing widespread damage to individuals and organizations. While most ransomware attacks have historically targeted Windows systems, the rise of Linux ransomware has thrown a new curveball…
Ransomware Attackers Dump Students’ Data Online After School Hacks
In a disturbing trend, ransomware gangs have escalated their malicious activities by targeting schools and subsequently dumping students’ private files online. This alarming development has raised concerns among parents, educators, and cybersecurity experts worldwide. According to a recent report, these…
New Meduza Infostealer Designed for Windows Collects Users’ and Systems` Data
Security researchers discovered a new Windows-based data-stealing malware dubbed Meduza Stealer. The new info stealer allegedly has detection-evading features and can collect data about both Windows users and systems. However, it can only evade detection in a certain number of…
LockBit Ransomware Attack Freezes Japan`s Largest Port Activities
The Russian-based threat group LockBit targeted the Port of Nagoya in a ransomware attack. Japan’s largest port is currently unable to load and unload containers from trailers. According to the Nagoya Port Authorities, the attack was discovered on Tuesday, July…
What Is Passwordless Authentication?
In today’s interconnected world, where cyber threats loom large, the traditional password-based authentication method has shown its limitations and ceased to provide adequate security. Passwords pose serious challenges as they are difficult to remember, often reused across different apps, and…
Companies Affected by Ransomware [Updated 2023]
The increasing frequency and size of ransomware attacks are becoming a huge concern for thousands of organizations globally. All over the world, threat actors take advantage of security vulnerabilities and encrypt data belonging to all sorts of organizations: from private…
CISA Warning! 8 Actively Exploited Flaws in Samsung and D-Link Devices
The US Cybersecurity and Infrastructure Security Agency (CISA) added 6 flaws affecting Samsung smartphones to its Known Exploited Vulnerabilities Catalog. On the same day, CISA also added 2 other vulnerabilities impacting D-Link devices. Although security specialists released patches for all…
Charming Kitten’s POWERSTAR Malware Boosts its Techniques
Cybersecurity researchers recently published an advisory on the evolution of POWERSTAR backdoor malware and advanced spear-phishing techniques used by Charming Kitten, a threat actor believed to be from Iran. The most recent version of POWERSTAR has improved operational security measures,…
HHS Data at Risk After MOVEit Hack Impacted Third-Party Vendors
A third-party security breach at the Department of Health and Human Services (HHS) may have exposed the personal information of at least 100,000 people, a department official stated last week, making it the latest US government agency to be hit…
How to Identify Phishing Emails and Prevent an Attack Using DNS Filtering
Identifying phishing emails and preventing phishing attacks continue to raise serious challenges for any company’s IT team. Although it`s been almost 30 years since the first phishing email was detected, threat actors still rely on this technique. Phishing attacks and…
Massive Data Breach Affects UK Hospital Group
The BlackCat ransomware group claims they have breached Barts Health NHS Trust and stolen seven terabytes of internal documents. On the Dark Web, they call it “more bigger leak from the health care system in UK”. Now, the hackers are…
BlackCat Ransomware Gang to Launch Malicious WinSCP Ads
The BlackCat ransomware group launched a malvertising campaign to push Cobalt Strike. They put up advertisements to attract people to fake WinSCP pages. Instead of the application, the victims download malware. WinSCP (Windows Secure Copy) is a well-known SFTP, FTP,…
What Is a Managed Security Service Provider (MSSP)?
In today’s digital landscape, businesses face an ever-increasing array of cybersecurity threats. Protecting sensitive data and infrastructure from malicious actors requires expertise, advanced technologies, and round-the-clock vigilance. Training and maintaining an in-house cybersecurity team can be costly – that’s where…
Understanding Managed SIEM: Empowering Businesses with Proactive Security
Organizations face an ongoing battle to protect their sensitive data and critical infrastructure in today’s increasingly sophisticated digital world. Security Information and Event Management (SIEM) has emerged as a powerful solution to help businesses detect and respond to security incidents…
Cybersecurity Faces Challenges as DDoS Attacks Surge
In the early months of 2023, the cybersecurity landscape faced an alarming surge in Distributed Denial of Service (DDoS) attacks, posing significant challenges for organizations worldwide. These attacks, aimed at disrupting online services and overwhelming network resources, have become more…
Dark Power Ransomware on the Ascent – A Technical Insight into 2023’s Latest Ransomware Strain
In early February 2023, a new ransomware strain quietly made its way up the ranks. Earmarked Dark Power, the NIM-written ransomware leverages an advanced block cipher technique to bypass detection, stop system-critical services, and, finally to encrypt the victim’s file.…
8Base Ransomware Emerges from the Shadows
In May and June 2023, 8Base, a previously undetected ransomware threat, experienced a significant increase in its operations after remaining under the radar for over a year. According to a report by VMware, 8Base employs encryption and “name-and-shame” tactics to…
Hackers Use PindOS Javascript Dropper to Deploy Bumblebee, IcedID Malware
Threat actors use a new strain of JavaScript dropper that deploys malware like Bumblebee and IcedID and has a low detection rate. Security researchers dubbed the malware PindOS. According to them, the new malware was likely built to retrieve the…
New Mockingjay Process Injection Method Enables Malware Evade EDR Tools
Researchers found a new process injection technique dubbed Mockingjay that enables hackers to bypass EDR solutions. The method allows threat actors to execute malicious code on compromised systems. The research revealed that by using legitimate DLLs with read, write, execute…
Suncor Energy Cyberattack Impacts Petro-Canada Gas Station Payment Operations
After parent company Suncor Energy revealed they were the target of a cyberattack, customers at Petro-Canada gas stations across Canada reported technical issues that prevented them from using credit cards or rewards points to pay. Suncor Energy is Canada’s leading…
45,000 NYC Public School Students’ Data Stolen in MOVEit Breach
According to the New York City Department of Education (NYC DOE), threat actors broke into the NYC DOE’s MOVEit Transfer server and stole documents containing the personal information of up to 45,000 students. The NYC DOE used managed file transfer…
Top Managed EDR Benefits That Reduce Cybersecurity Risk
In the ever-evolving landscape of cybersecurity threats, Managed EDR (MDR) enables organizations worldwide to safeguard their digital assets. During the past years, MDR services have demonstrated effectiveness against a variety of threats: ransomware, supply chain assaults, malware, data exfiltration, and…
Microsoft Teams Allows Malware Delivery, Researchers Found
Despite Microsoft Teams’ restrictions for files from sources outside one’s organization, researchers found a way to “trick” the application. They managed to deliver malware into an organization using the communication platform. More than 280 million people per month use Microsoft…
American Airlines & Southwest Airlines Affected by a Data Breach
American Airlines and Southwest Airlines disclosed a data breach affecting pilots’ data on Friday, June 23. The incident was caused by an attack targeting Pilot Credentials, a third-party vendor that handles several airlines’ pilot selection and application platforms. Details About…
UPS Discloses Data Breach Caused by an SMS Phishing Campaign
Canadian clients of international shipping company UPS are being warned that some of their personal information may have been stolen in phishing attacks after potentially being made public through its online package look-up tools. UPS is aware that some package…
Governmental Agencies Ordered by CISA to Patch Vulnerabilities Exploited by Russian APT Groups
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added six new security flaws to its KEV list on Thursday. Governmental agencies have until July 13 to patch these vulnerabilities, but it is also advisable for other businesses to do so.…
What Is CIAM?
CIAM stands for Customer Identity and Access Management. It refers to a system or set of processes and tools created to manage and protect the online identities of external third parties (users or customers) across a business’s different platforms, apps,…
Threat Actors Claim International Finance Corporation (IFC) Attack
The International Finance Corporation (IFC), a member of the World Bank Group and the largest development institution in the world, headquartered in Washington DC, has become the latest victim of Russian-allied hacktivist groups Killnet and Anonymous Sudan. These hackers have…
North Korean APT37 Exploits New FadeStealer Malware
The hacking group known as APT37, also referred to as StarCruft, Reaper, or RedEyes, has employed a new malware called FadeStealer to steal information. This sophisticated malware incorporates a ‘wiretapping’ feature that enables the threat actors to eavesdrop on and…
RedClouds APT Deploys RDStealer Against Remote Desktop
RedClouds is a recently uncovered cyberespionage and hacking campaign that uses RDStealer malware to steal data from drives shared over Remote Desktop connections. The threat actors behind this campaign, whose identities remain unknown, exhibit advanced skills reminiscent of government-sponsored APT…
Chinese Hackers APT15 Use New Backdoor Malware to Target American Ministries
Researchers observed state-sponsored threat group APT15 using a new backdoor dubbed `Graphican`. The Chinese hackers used the new malware in a campaign targeting foreign affairs ministries in the Americas, between 2022 – 2023. According to security researchers, among the other…
Patch Alert! Critical Command Injection Flaw Discovered in NAS Devices
Zyxel announced patches are available and should be applied immediately for the newly discovered vulnerability CVE-2023-27992. The flaw is a pre-authentication command injection issue that affects some of the network-attached storage (NAS) versions. More about CVE-2023-27992 According to the Common…
Windows Patch Management: Definition, How It Works and Why It Helps
Windows patching is essential for closing system and application vulnerabilities and certifying that everything works as it should. Read on to find more about Microsoft Windows patch management, how can you implement a proper windows vulnerability management strategy and how can…
Strengthening Cybersecurity Defenses: Cyber Assessment Framework
In today’s interconnected world, where cyber threats are constantly evolving and becoming more sophisticated, it is imperative for organizations to prioritize cybersecurity. One essential tool that aids in this endeavor is the Cyber Assessment Framework (CAF). Developed by the UK…
Linux Servers Hacked to Launch DDoS Attacks and Mine Monero Cryptocurrency
Threat actors brute-forced Linux SSH servers to deploy Tsunami DDoS bot, ShellBot, log cleaners, privilege escalation tools, and an XMRig (Monero) coin miner. Hackers port scanned for publicly exposed Linux SSH servers and brute-forced username-password pairs to log in to…
BlackCat Ransomware Group Claims to Have Stolen 80GB of Data from Reddit
The BlackCat ransomware gang, also known as ALPHV, claims to have stolen 80GB of data from Reddit in a February cyberattack. Back in February, the social news aggregation platform Reddit experienced a security breach in which threat actors gained unauthorized…
Info Stealing Malware Dropped via Only Fans
A new malware campaign employs fake OnlyFans content and adult lures to install the remote access trojan ‘DcRAT,’ enabling threat actors to steal data and credentials or deploy ransomware on infected devices. Using OnlyFans for malicious ends is nothing new;…
New Stealer Malware on the Rise: Mystic Stealer
Mystic Stealer is an information-stealing malware that first emerged on hacking forums on April 2023. The stealer gets more and more popular among cybercriminals as its features evolve. Details About Mystic Stealer The malware is rented for $150/month, or $390/…
The Importance of Securing Remote Access: Insights from CISA’s Latest Guide
Several cybersecurity agencies have collaborated to release a comprehensive guide to address the increasing threat posed by the malicious use of remote access software. US Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Federal Bureau of Investigation (FBI),…
LockBit Ransomware Extorted $91 Million Dollars in 1,700 U.S. Attacks
In a joint LockBit ransomware advisory, U.S. and international cybersecurity officials reported that the group has successfully extorted over $91 million after committing almost 1,700 operations against American businesses since 2020. Details from the U.S. And International Cybersecurity Officials Joint…
Close Quarters Encounters with Third Generation Malware Compels UK and Danish Municipalities to Remodel Vulnerability Management Safeguards
In analyzing the threatscape, regardless of the chosen timeframe, the unequivocal conclusion we face is that the reactionary dynamic between defender and threat actor compels each other to transform, evolve, and, ultimately, face one another on a different type of…
More 3CX Data Exposed! Third-Party Vendor to Blame for the Leak
Sensitive 3CX data was exposed when a third-party vendor of the well-known Voice over Internet Protocol (VoIP) communications service 3CX left an open server. Even though the corporation had lately been the target of North Korean hackers, the problem slipped…
MDR vs. MSSP: Decoding the Differences Between Cybersecurity Solutions
In the constantly changing cybersecurity world, organizations confront a variety of obstacles when trying to protect their digital assets. Businesses must rely on comprehensive security solutions to safeguard their sensitive data as attacks become more complex and breaches more frequent. …
New Russian APT Group Responsible for Wiper Attacks in Ukraine Exposed
Security researchers have made a public disclosure about the identification of a new Advanced Persistent Threat (APT) group associated with Russia’s General Staff Main Intelligence Directorate (GRU). The experts have issued a warning, revealing that this threat actor has been…
Private Data Compromised in Healthcare Breach
In a recent announcement, the Commonwealth Health System revealed that threat actors have successfully breached the computer network of a Scranton cardiology group, potentially compromising the private data of 181,764 patients. This incident marks the latest in a series of…
Patch Tuesday June 2023 – 78 Flaws and 38 RCE Bugs Fixed
As per usual, Microsoft rolled out its monthly updates on the second Tuesday of the month. 78 flaws, including 38 remote code execution vulnerabilities were fixed as part of this edition of Patch Tuesday. Microsoft only rated six problems as…
Fake Security Researchers Deliver Malicious Zero-Day Exploits
Cybercriminals use fake accounts on Twitter and GitHub to spread fake proof-of-concept (PoC) exploits for zero-day vulnerabilities. They impersonate cybersecurity researchers to push Windows and Linux with malware. How the Scam Works These impersonators pretend to work at a fake…
Agencies Are Compelled to Secure All Internet-exposed Equipment by CISA Orders
The American Cybersecurity & Infrastructure Security Agency (CISA) issued on June 13, 2023, a binding operational directive (BOD) requiring federal civilian agencies to safeguard networking equipment that is faulty or exposed to the Internet. Federal civilian executive branch (FCEB) agencies…
Threat Actors Target the University of Manchester in Cyberattack
The University of Manchester network was reportedly hit by a cyberattack and the security team suspects data was stolen. Researchers discovered the data breach on Tuesday, June 6th. Threat actors managed to gain unauthorized access to some of the university`s…
What Is User Access Review?
User access review is an essential component of any organization’s Identity and Access Management (IAM) strategy. Also known as access audit, entitlement review, account attestation, or account recertification, it describes the process of periodically reviewing the access rights and privileges…
Patching Required! New Critical SQL Injection Vulnerabilities Found in MOVEit
Researchers discovered new critical SQL injection vulnerabilities in the MOVEit Transfer managed file transfer (MFT) solution. The flaws could enable threat actors to exfiltrate information from customers’ databases. In addition, they impact all MOVEit Transfer versions. An attacker could submit…
Clop Ransomware Is Likely Behind the MOVEit Zero-Day Vulnerability Attacks
The notorious Clop Ransomware gang has been looking for ways to exploit a now-patched zero-day in the MOVEit Transfer managed file transfer (MFT) solution since 2021, as reported by security researchers. During the examination of recent Clop data theft attacks…
What Is the Principle of Least Privilege (POLP)?
The principle of least privilege (POLP), also named the “principle of least authority” (POLA) or “the principle of minimal privilege” (POMP), stands for a cybersecurity best practice based upon granting the minimum required access that a user needs to perform…