Tag: Heimdal Security Blog

Threat actors breached the DC Health Link network, the healthcare administrator that serves the U.S. House of Representatives. Researchers say the data breach impacted roughly 170,000 persons. Among those, there are hundreds of U.S. House members, their staff, top representatives,…

Read more →

Over the past year, the Lazarus Group has used flaws in an undisclosed software to breach a financial business entity in South Korea on two distinct occasions. As opposed to the first attack in May 2022, the re-infiltration in October 2022…

Read more →

Cybersecurity researchers uncovered a new, highly-advanced information stealer, dubbed SYS01 stealer, that has been deployed in attacks on critical government infrastructure employees, manufacturing companies, and other industries since November 2022. Morphisec researchers discovered similarities between the SYS01 stealer and another…

Read more →

A new Emotet campaign started infecting devices all over the world on Tuesday, 7 March 2023. After a three-month break, the botnet sends malicious spam emails again. Emotet malware reaches targets through emails with malicious attachments. When the user opens…

Read more →

Identity management has become an essential aspect of cybersecurity as businesses struggle to protect their sensitive data from cyber threats. To shed some light on this topic, in this article, we’ll help demystify the key differences between PIM (Privileged Identity…

Read more →

A threat actor claimed to have hacked Taiwanese multinational hardware and electronics business Acer, prompting the company to declare a data breach. The hacker announced the breach on a popular cybercrime forum, claiming to have stolen nearly 3,000 files of…

Read more →

Endpoint security seeks to protect every endpoint that connects to a network in order to prevent unauthorized access and other destructive behaviors at such entry points. The value of effective endpoint security solutions has expanded dramatically, partly as a result…

Read more →

Hospital Clinic de Barcelona, one of the main hospitals in the Spanish city, suffered a ransomware attack that crippled its computer system, causing 3,000 patient checkups and 150 non-urgent operations to be canceled. The incident occurred on Sunday, the 5th…

Read more →

Europol announced via a press release that core members of the cybercrime gang behind the DoppelPaymer ransomware operation have been detained. The operation was a joint effort made by the German and Ukrainian police, with help from the FBI and…

Read more →

An ongoing campaign is targeting business routers using a new malware, the HiatusRAT router malware. The Hiatus campaign affects DrayTek Vigor router models 2960 and 3900. The hackers aim to steal data and transform the infected device into a covert…

Read more →

The Play ransomware group has begun leaking data stolen in a recent cyberattack from the City of Oakland, California. The initial data leak consists of a 10GB multi-part RAR archive apparently comprising private documents, employee data, passports, and IDs, explains Bleeping Computer.…

Read more →

Domain generation algorithms (DGA) are software that creates large numbers of domain names. This helps hackers deploy malware easier. Let`s take a closer look at what DGA is, how it works, and why it’s still popular among threat actors after…

Read more →

The Federal Trade Commission (FTC) accused BetterHelp online counseling service of sharing customers’ mental health data with advertisers. The authorities want to ban the online platform from disclosing information to third parties like Facebook and Snapchat. After the accusations, FTC…

Read more →

A database containing over 2 million debit and credit cards was released for free by carding marketplace BidenCash, in celebration of its first anniversary. The threat actors advertised the massive leak on an underground cybercrime forum to attract as much…

Read more →

Threat actors breached WH Smith, the 1,700 locations UK retailer, and exposed data belonging to current and former employees. WH Smith has more than 12,500 employees and reported a revenue of $1.67 billion in 2022. What Kind of Data Was…

Read more →

This year, the Chinese cyberespionage group Mustang Panda began deploying a new custom backdoor named ‘MQsTTang’ in attacks. This advanced persistent threat (APT), also known as TA416 and Bronze President, targets organizations worldwide with customized versions of PlugX malware. In January…

Read more →

Earlier this year, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) released an advisory regarding the Royal Ransomware gang. The Royal Ransomware group first appeared in the United States in September 2022—the U.S. Health and Human Services Cybersecurity Coordination Center…

Read more →

A scanning attack is a method used by threat actors to identify vulnerabilities in a network or system. Scanning attacks typically involve using automated tools to scan for open ports, vulnerabilities, and other weaknesses that can be exploited to gain…

Read more →

We already know that patching is a practice of the utmost importance when it comes to the security of businesses. WSUS has been for a long time a great solution for patching Windows machines and apps inside the Microsoft ecosystem…

Read more →

Vulnerability and patch management are vital cogs in an organization’s cyber-hygiene plan. According to a recent Verizon cyber-safety report, more than 40% of all data breaches recorded in 2022 stem from unpatched (i.e. vulnerable) Internet-facing applications. Moreover, the rate of…

Read more →

Dole Food Company, one of the world’s largest suppliers of fresh fruit and vegetables, has revealed that it has been hit by a ransomware attack that disrupted its operations. The company is still looking into “the scope of the incident,”…

Read more →

The Internet Control Message Protocol (ICMP) is a protocol built into the IP suite whose main function is to allow IP-based devices to communicate error messages and exchange information about network conditions. Network administrators mainly use ICMP for network traffic…

Read more →

Telus is now investigating the possibility of a data breach affecting its corporate data. The Canadian telecom company started looking for an incident after hackers posted samples of Telus’ information, as they pretend. The sample contains employee data, source code,…

Read more →

An attacker’s access to the network is often traced back to a succession of events, which network defenders must unravel. This is done by asking specific questions such as: How did the attackers enter the network? How did they gain…

Read more →

During the recent Rackspace ransomware attack, the company confirmed hackers accessed customer data. Rackspace staff and cybersecurity researchers have been investigating the incident since it occurred, and new information has emerged. The attack, which Rackspace first confirmed on December 6, 2022, …

Read more →

Game developer Activision confirms that it suffered a data breach in December 2022. The threat actors gained access to the company’s internal systems by tricking an employee with an SMS phishing text. The company declared that the incident has not…

Read more →

Managed Extended Detection and Response (MXDR) is yet another step toward the perfect security solution. Researchers designed MXDR with two major vectors in mind. First, it had to keep up with the latest internal and external threats. Second, to protect…

Read more →

A new S1deload Stealer malware campaign infects YouTube and Facebook users as hackers try to use their devices for cryptocurrency mining. After they get S1deload Stealer on the victim`s device and obtain a connection to the command-and-control server, threat actors…

Read more →

There has been a surge in cyber-attacks against cloud service providers (CSPs) and managed service providers (MSPs). Resecurity recently alerted several data center organizations about a malicious cyber campaign targeting both the organizations and their clients. Threat actors orchestrated all of…

Read more →

DNS records or resource records (RR) contain various types of data about domain names and IP addresses. They are stocked in DNS databases on authoritative DNS servers. DNS records offer information about what IP address is associated with what domain,…

Read more →

Cyber researchers warn OyeTalk users that the app`s database exposed their private data and conversations to data leakage. The database admins did not use a password to secure it, so all the data was open to the public. OyeTalk is…

Read more →

It’s easy to see why there has always been some skepticism and uncertainty about the emergence of AI technology. However, the moment we are faced with an advanced technology capable of doing its own thinking, we must take a necessary…

Read more →

Over 31 million people’s personal information was exposed as a result of a massive data breach at RailYatri, India’s government-approved online travel agency. An online database of private information has been released, and it is thought the breach occurred late…

Read more →

The increasing frequency and size of ransomware attacks are becoming a huge concern for thousands of organizations globally. All over the world, threat actors take advantage of security vulnerabilities and encrypt data belonging to all sorts of organizations: from private…

Read more →

According to a new report released by Google’s Threat Analysis Group (TAG) and Mandiant, Russia’s cyber attacks against Ukraine increased by 250% in 2022. Following the country’s invasion of Ukraine in February 2022, the targeting focused heavily on the Ukrainian…

Read more →

The second version of HardBit ransomware was observed trying to find out the victim`s insurance details. Their goal was to settle the ransom demand at a price that the victim`s insurance company could pay. Who Is HardBit HardBit is a…

Read more →

An updated version of a backdoor called ReverseRAT is being deployed through spear-phishing campaigns targeting Indian government entities. Cybersecurity firm ThreatMon attributed the activity to a threat actor called SideCopy. Known for copying the infection chains associated with SideWinder to deliver…

Read more →

Patch management tools are cybersecurity solutions that identify software applications running on outdated versions. They then proceed to deploy and install the corresponding patch, which can enhance security, fix bugs or add new functionalities, depending on the intent behind its…

Read more →

Europol put an end to the operations of a Franco-Israeli CEO fraud group. The threat actors used business email compromise (BEC) attacks to steal money. This led to €38,000,000 stolen in just a few days from one organization. Details About…

Read more →

GoDaddy, a major provider of web hosting services, claims that a multi-year attack on its cPanel shared hosting environment resulted in a breach where unidentified attackers stole source code and installed malware on its servers. While the attackers had access…

Read more →

The U.S. Federal Bureau of Investigation (FBI) is investigating potential cyber activity on their network. The agency stated that they have already contained the issue and are currently assessing the extent of the damage. The FBI has not released any…

Read more →

Scandinavian Airline SAS reported a cyber attack Tuesday evening and advised customers not to use its app, but later stated that the problem had been resolved. According to media reports, the hackers took down the carrier’s website and exposed customer…

Read more →

Single Sign-On (SSO) is an authentication method that allows a user to securely authenticate with multiple applications and websites by using solely one set of login information (eg. username & password). In a nutshell, SSO simplifies the user authentication process.…

Read more →

In the age of technological advancement, it’s not just tech-savvy online bad actors that you have to watch out for – fake videos created using AI-driven software known as “deepfakes” are becoming increasingly hard to spot. In this article, we’ll…

Read more →

Ransomware attacks affect everyone, from local governments to large corporations, therefore ransomware protection is critical. It is up to all of us to help prevent them from being jeopardized. Unfortunately, many victims are paying the ransom, and despite efforts to…

Read more →

The well-known snowboard manufacturer, Burton Snowboards, announced that a cyberattack targeted the organization. Due to what they called a “cyber incident”, the manufacturer canceled all online orders starting on 14 February 2023. What Do We Know Until Now Burton explained…

Read more →

Data obfuscation is an important tool for businesses in this digital age, but many are left wondering what it actually is and how to use it. In this article, we will be demystifying data obfuscation and exploring its potential benefits…

Read more →

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added four new vulnerabilities, exploited as zero-day vulnerabilities, to its KEV (Known Exploited Vulnerabilities) catalog. The vulnerabilities affect Windows and iOS devices. New Vulnerabilities Discovered As also mentioned by BleepingComputer, two…

Read more →

The ADV airport association reported that the websites of seven German airports were hit by a suspected cyber attack on Thursday. Düsseldorf, Nuremberg, and Dortmund airports were among those impacted, but the websites for Germany’s three busiest airports: Frankfurt, Munich,…

Read more →

As a result of the ransomware attack that occurred on February 8, 2023, the city of Oakland has declared a local state of emergency. The ransomware attack against the City of Oakland was publicly disclosed last week; the date of…

Read more →

Heimdal® has recently launched an investigation into a massive smishing campaign, deliberately targeting Romanian telecom customers. The data collected so far reveals that the threat actor or APT behind the fake customs invoicing smishing campaign is attempting to maliciously collect…

Read more →

Vladislav Klyushin, a Russian citizen, was found guilty in the U.S. of stealing private earnings reports for a hack-to-trade scam. He was part of a global scheme that earned him $90,000,000. The defendant hacked the networks of two U.S.-based filing…

Read more →

Security breaches can have a devastating effect on an organization. That’s why developing an endpoint security plan is critical in protecting against malicious actors who seek to steal or damage the data and assets owned by a company. In this…

Read more →

South Korean automakers Hyundai and KIA are deploying an emergency software update to several of their car models. The update is meant to patch a vulnerability that made it possible for car thefts to hotwire vehicles using a USB cable.…

Read more →

Keep in mind that the primary goal of every cybercriminal is to make as much money as possible. So, the apparition of the cybercrime-as-a-service (CaaS) model was the next inevitable step in pursuing this goal. CaaS, as an organized action,…

Read more →

Transmission Control Protocol (TCP) is a fundamental communication protocol, used in computer networks, that does exactly what its name says: it controls how data is transmitted between two systems – the client and the server, and it makes sure this…

Read more →

Nslookup is a command-line tool that helps you perform DNS queries. The Name Server Lookup (nslookup) command helps server administrators check DNS records. By using it they can find out data like domain names, IP addresses, the ports in use,…

Read more →

Also known as operational security or procedural security, OPSEC is a security and risk management process that prevents sensitive information from falling into the hands of malicious actors. Originating in the military, OPSEC became a popular practice in the private…

Read more →

When your organization is facing a critical incident, having an effective way to manage it is essential for both managerial and financial outcomes. That’s why understanding how Critical Event Management works and how it can help you keep your organization…

Read more →

Protecting your computer from malicious attacks is an important part of keeping it safe and secure. But with the vast array of antivirus and anti-malware programs available, it can be difficult to determine which one is best for your needs.…

Read more →

On Monday, Microsoft attributed a China-based cyberespionage actor to a set of attacks targeting diplomatic entities in South America. Its Security Intelligence team is tracking the cluster under the emerging name DEV-0147. ShadowPad is said to be used by the threat actor…

Read more →

Community Health Systems (CHS) reported that an attack targeting a zero-day vulnerability in Fortra’s GoAnywhere platform exposed the data of 1 million of its patients. Fortra alerted them stating they had been victims of a cyberattack that compromised some of…

Read more →

Researchers discovered that the Tap Busters: Bounty Hunters app had left their database open to the public for at least five months, exposing users’ private conversations. Additionally, sensitive data was hardcoded into the client side of the app, making it…

Read more →

Patch Tuesday February comes with 13 new security patches for OS-based and browser-specific vulnerabilities. No zero-day bugs have been addressed this month. So, without further ado, here’s what the second month of 2023 looks like in terms of vulnerability management.…

Read more →

Spain’s National Police and the United States Secret Service have busted a Madrid-based international cybercrime ring of nine members who stole over €5 million from individuals and North American businesses. The cybercrime gang specializes in online scams, using social engineering,…

Read more →

Threat actors breached Pepsi Bottling Ventures LLC`s network and successfully installed info-stealing malware. The incident happened on or around December 23rd, 2022, and the team discovered it 18 days later, on January 10th, 2023. It took the IT team another…

Read more →

Blockchain analysts have discovered that North Korean hackers are laundering cryptocurrency proceeds from their heists despite U.S. sanctions. Through a single crypto-mixing service called Sinbad, the advanced persistent threat known as Lazarus Group has laundered about $100 million in stolen Bitcoin…

Read more →

Oakland was hit by a ransomware attack on Wednesday night, forcing the city to take all systems offline until the network can be secured and affected services restored. The good news is, that the city reported that 911 dispatch, fire,…

Read more →

U.S. and South Korean cybersecurity and intelligence agencies warned in a joint advisory that North Korean hackers are launching ransomware attacks against healthcare and critical infrastructure facilities to fund illicit activities. The attacks, which demand cryptocurrency ransoms in exchange for…

Read more →

Technion Institute of Technology in Israel fell victim to a ransomware attack. The attack was claimed by DarkBit, a new ransomware group that aims to associate its actions with hacktivism. According to the ransomware note, the attack is a way…

Read more →

Remote Code Execution (RCE) is an attack technique used by black-hat hackers to run malicious code on the victim’s machine and is more than often confused with ACE (i.e., Arbitrary Code Execution), another code execution class attack technique, which primarily…

Read more →

Switching from Antivirus to an Endpoint security solution will offer you not only better cybersecurity but also a centralized and easy-to-handle security management system. These two may look the same to an inexperienced eye but take a closer look. Then…

Read more →

A new custom-made malware, the Screenshotter, surveils the victims before stealing data. The threat actor called TA886 is utilizing this malware to target users from the United States and Germany. Researchers first spotted the campaign in October 2022, but its…

Read more →

Indigo Books & Music, the largest bookstore chain in Canada, experienced a cyber attack, leading the company to temporarily shut down its website and only allow cash payments. The details of the incident have yet to be determined, but Indigo…

Read more →

Have you ever wondered what the concept of IT asset refers to and what is its importance to your business? Continue reading to find your answer! IT Asset: Definition By definition, an IT asset is a piece of hardware or…

Read more →

In today’s digital world, it is more important than ever to be able to identify and assess any potential threats to your business. That’s why User and Entity Behavior Analytics (UEBA) is becoming such an invaluable asset for businesses of…

Read more →

Are you on the lookout for threat-hunting tools? If so, you’ve come to the right place.  Compared to network security systems that include appliances such as firewalls that monitor traffic as it flows through a scenario, threat hunting is a…

Read more →

Popular website Reddit suffered a cyberattack Sunday evening, which allowed hackers to access internal business systems and to steal internal documents and source code. According to statements from the company, the threat actors used a phishing lure targeting Reddit employees…

Read more →

As part of a new coordinated action against international cybercrime, the UK and the US have sanctioned seven Russian cyber criminals today (Thursday, 9 February). Several ransomware strains have been developed or deployed by these individuals that have targeted the UK…

Read more →

Control-Alt-Delete is the combination of the Control key, the Alt key, and the Delete key that a user may press at the same time on a personal computer to end an application task or to reboot the operating system. What…

Read more →

The API is a fundamental component of innovation in the world of apps we live in today. APIs are an essential component of modern mobile, SaaS, and web apps and can be found in partner-facing, internal, and applications for banks,…

Read more →

Cybersecurity researchers published a list of proxy IP addresses used by the pro-Russian group Killnet to neutralize its attacks. The list, which contains over 17,746 IPs, was disclosed by SecurityScorecard researchers. Since March 2022, the Killnet group has launched DDoS attacks…

Read more →

Copenhagen, February 9th, 2023 – Heimdal unveils a consolidated new name with a bold and distinct new visual identity as a part of an extensive rebranding initiative. As of February 9th, 2023, we are consolidating our name and getting a brand-new…

Read more →

Four malicious Dota 2 game mods that were used by a threat actor to backdoor the players’ systems have been found by security experts. To target players, the threat actors published the mods for the wildly popular MOBA game on…

Read more →

The healthcare company AmerisourceBergen confirmed a data breach in the IT system of one of its subsidiaries. The announcement comes after the Lorenz ransomware posted what the threat actor claims to be exfiltrated data from the pharmaceutical distributor. AmerisourceBergen has…

Read more →

A new variant of the Mirai-based Medusa DDoS (distributed denial of service) botnet has been discovered in the wild, equipped with a ransomware module and a Telnet brute-forcer. The Medusa malware (not to be confused with the Android malware with the…

Read more →

An industrial control system (or ICS) is a type of computer system that monitors and controls industrial processes and infrastructure. ICSs are used in a variety of industries, including oil and gas, chemical, water and wastewater, energy, food and beverage,…

Read more →

On Tuesday, 6 February 2023, Denis Mihaqlovic Dubnikov, a Russian citizen, pleaded guilty to the accusations of laundering ransomware money. The money came from cyberattacks made by the Ryuk ransomware group in the span of three years. Dubnikov is a…

Read more →

SYN flood is a type of denial-of-service (DoS) attack in which a threat actor floods a server with several requests, but doesn’t acknowledge back the connection, leaving it half-opened, usually with the purpose of consuming server resources, which leads to…

Read more →

Weee!, a US-based grocery delivery platform, had been the victim of a cyberattack resulting in the data leakage of 11 million customers. Some of the logs included door codes that couriers use to enter buildings. Weee! is an online platform…

Read more →

Last summer, threat actors began using Sliver as an alternative to Cobalt Strike, employing it for network surveillance, command execution, reflective DLL loading, session spawning, and process manipulation. Recently observed attacks target two 2022 vulnerabilities in Sunlogin, a remote-control software…

Read more →

Pix is an instant payment platform developed and managed by the Central Bank of Brazil (BCB), which enables quick payment and transfer execution, with over 100 million registered accounts worldwide. A new strain of mobile malware targeting Brazil and other…

Read more →

The „Holy Souls” or NEPTUNIUM threat group is considered responsible for the recent attack on the satirical French magazine Charlie Hebdo. The group is known to be backed up by the Iranian state and was previously sanctioned by the U.S.…

Read more →

Container security is a vital factor for all companies that use containers for running their software, as an alternative to using virtual machines (VMs). Container security is a total of policies and tools that are applied to maintain a container…

Read more →

Endpoints are one of the hackers` favorite gates to attacking organizations` networks. Check out our top 10 endpoint security best practices that will keep you safe and help prevent cyberattacks. Setting foot into only one of the connected devices can…

Read more →

Threat actors breached Tallahassee Memorial HealthCare`s (TMH) security system last Thursday. As a result, the whole IT system had to be taken offline and thoroughly checked, while non-emergency procedures were suspended. All patients requiring emergency services were taken to other…

Read more →

A new wave of ransomware attacks is targeting ESXi hypervisors. VMware ESXi is a hypervisor developed by VMware that is enterprise-class and type-1. It is used to install and maintain virtual machines. A patch for CVE-2021-21974 has been available since February…

Read more →

Since September 2021, over a thousand vulnerable Redis servers online have been infected by a stealthy malware dubbed “HeadCrab”, designed to build a botnet that mines Monero cryptocurrency. At least 1,200 servers have been infected by the HeadCrab malware, which…

Read more →

According to the Dutch National Cybersecurity Center (NCSC), several hospitals from European countries supporting Ukraine have been targeted by pro-Russian threat actors, including their own UMCG hospital in Groningen. UMCG Groningen Shutdown The cause behind UMCG’s shutdown seems to be…

Read more →

In today’s digital world, security is a major concern for anyone interacting online. Have you ever seen a pop-up asking for permission to post on your social media feed, access your smart devices, or share files across different platforms? It’s…

Read more →