CrushFTP urges customers to patch servers with new versions due to discovering zero-day. The CrushFTP zero-day vulnerability is tracked tracked CVE-2024-4040 and enables hackers to escape VFS and download system files. Its CVSS is 9.8, which is critical. CrushFTP zero-day explained CrushFTP is vulnerable to a server-side template injection issue that affects versions before 10.7.1 […]

The post Patch Now! CrushFTP Zero-day Lets Attackers Download System Files appeared first on Heimdal Security Blog.

MITRE Corporation announced that state-backed hackers used Ivanti zero-day vulnerabilities to breach their system. The attack happened in January 2024 and impacted MITRE’s Networked Experimentation, Research, and Virtualization Environment (NERVE). NERVE is an unclassified collaborative network that researchers use. The two Ivanti vulnerabilities were: authentication bypass CVE-2023-46805 command injection CVE-2024-21887 None of them had an […]

The post MITRE Breached – Hackers Chained 2 Ivanti Zero-days to Compromise VPN appeared first on Heimdal Security Blog.

Patching is the second most challenging and resource-consuming task of a System Administrator. That’s what Alex Panait told me when I wanted to know his opinion on the benefits and hurdles of patching.  Alex has been a System Administrator in Internal IT at Heimdal for the last 8 years. He’s seen the company developing and […]

The post A System Administrator’s Challenges in Patch Management appeared first on Heimdal Security Blog.

Managing user accounts and ensuring the security of data and information systems are crucial for any business. To assist organizations in this task, we offer a comprehensive Account Management Policy Template designed to streamline the process of account creation, maintenance, and termination. This template is adaptable and available in three formats—PDF, Word, and Google Docs—to […]

The post Free and Downloadable Account Management Policy Template appeared first on Heimdal Security Blog.

Choosing a cybersecurity solution is no easy task. Some solutions specialize in one thing, while others take a broader, unified approach. Finding the right balance for your company depends on many factors such as size, price, support, or complexity. Atera and ConnectWise are some of the most common solutions, and in this article, we’ll compare […]

The post Atera vs. ConnectWise: Head-to-Head Comparison (And Alternative) appeared first on Heimdal Security Blog.

If you run an MSP business, choosing a remote monitoring and management (RMM) platform will be a critical business decision. A quality RMM allows you to oversee your customers’ IT environments, remediate issues, and manage everything from patches to software updates.  There are many RMM tools out there, so deciding which one is right for […]

The post NinjaOne vs. Atera: A Deep Comparison Between the Solutions appeared first on Heimdal Security Blog.

Cybersecurity researchers unveiled a new malvertising campaign that uses malicious Google ads to deliver a backdoor dubbed ‘MadMxShell’. The ads leverage a set of domains to push the backdoor and mimic legitimate IP scanner software. The 45 domains, registered between November 2023 and March 2024 pose as IP scanner software such as: Angry IP Scanner […]

The post Deceptive Google Ads Mimic IP Scanner Software to Push Backdoor appeared first on Heimdal Security Blog.

When it comes to endpoint detection tools, the cybersecurity market is a pretty crowded place. Finding the right one for your business can be a minefield. Some are designed to do one thing very well; others offer a broader, more unified solution. One product might be perfect for enterprises, but far too expensive and unwieldy […]

The post CrowdStrike vs. SentinelOne: Which One Is Better For Endpoint Security? appeared first on Heimdal Security Blog.

Researchers observed a rise in daily infection attempts leveraging old TP-Link Archer Command Injection Vulnerability. Since March 2024, six botnet malware operations showed interest in scanning TP-Link Archer AX21 (AX1800) routers for CVE-2023-1389. The daily number of attempts ranged between 40,000 – 50,000 during the month. Source – Bleeping Computer The vendor released a patch […]

The post Surge in Botnets Exploiting CVE-2023-1389 to Infect TP-Link Archer Routers appeared first on Heimdal Security Blog.

Researchers discovered an overlooked vulnerability in Lighttpd web server that is used in Baseboard Management Controllers (BMCs). The flaw impacts hardware vendors that use AMI MegaRAC BMCs, like Intel, Lenovo and Supermicro. Although developers discovered and fixed the Lighttpd flaw back in 2018, the vulnerability didn’t get a CVE. Further on, Lighttpd users, like AMI […]

The post Years-Old Vulnerability in AMI MegaRAC BMCs Impacts Intel and Lenovo Hardware appeared first on Heimdal Security Blog.

Patch management is one of the most effective, yet overlooked cybersecurity practices to keep your operations safe. And it’s not just me saying it, statistics do too. For example, were you aware that 80% of cyberattacks happen due to unpatched vulnerabilities? With 84% of companies and online businesses reporting suffering at least one cyberattack in […]

The post Your All-In Guide to MSP Patch Management Software in 2024 [Template Included] appeared first on Heimdal Security Blog.

Email serves as a fundamental communication tool in business operations, necessitating stringent security measures to protect sensitive information and maintain corporate integrity. Our email security policy template serves as a comprehensive guide for companies looking to implement robust email security practices. It’s written in three different formats (PDF, Word, Google Docs) to suit all business […]

The post Free and Downloadable Email Security Policy Template appeared first on Heimdal Security Blog.

Two methods that researchers have found might allow attackers to get around audit logs or produce less serious entries when they download data from SharePoint. Due to the sensitivity of SharePoint data, a lot of businesses audit sensitive occurrences, such as data downloads, to set off alarms in security information and event management platforms (SIEMs), […]

The post SharePoint Flaws Could Help Threat Actors Evade Detection Easier When Stealing Files appeared first on Heimdal Security Blog.

A new emergency directive from CISA requires U.S. federal agencies to address the risks associated with the Russian hacking group APT29’s compromise of several Microsoft business email accounts. On April 2, Federal Civilian Executive Branch (FCEB) agencies received Emergency Directive 24-02. They must look into potentially impacted emails, reset any compromised passwords, and take precautions […]

The post CISA Issues Emergency Directive and Orders Agencies to Mitigate the Risks of the Microsoft Hack appeared first on Heimdal Security Blog.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued a warning on Thursday about a data breach at Sisense, a US business intelligence software. The agency strongly recommended that all Sisense users promptly change their passwords and any other potentially compromised credentials used to access the company’s services. The agency also advised users to be […]

The post CISA Urges Sisense Customers to Reset Credentials and Report Suspicious Activity appeared first on Heimdal Security Blog.

Managed service providers often find themselves wearing many hats. Juggling various responsibilities and tasks that result from keeping client’s systems safe and functional leaves little time for learning and networking.   In IT and cybersecurity, tools and standards change fast. As busy as you may be, you must keep up with new technology and make sure […]

The post Top MSP Events to Attend in 2024 – A Cybersecurity Expert’s Choice  appeared first on Heimdal Security Blog.

Researchers warn zero-day vulnerability exposes End-Of-Life (EOL) D-Link network attached storage devices (NAS) to remote code execution. CVE-2024-3273 enables hackers to backdoor the equipment and compromise sensitive data. The D-Link NAS vulnerability explained There are two security issues in the EOL D-Link NAS models: a backdoor due to hardcoded credentials a command injection vulnerability via […]

The post 92,000 D-Link NAS Devices Vulnerable to Remote Code Execution appeared first on Heimdal Security Blog.

Rust standard library flaw dubbed BatBadBut lets hackers target Windows systems in command injection attacks. The vulnerability impacts all Rust versions before 1.77.2 on Windows, but only in case code or dependencies execute batch files with untrusted arguments. Rust Security urged users to upgrade to the latest version, 1.77.2. The new version includes patches that […]

The post Warning! Rust Standard Library Flaw Enables Windows Command Injection Attacks appeared first on Heimdal Security Blog.

COPENHAGEN, Denmark, April 9, 2024 – Heimdal®, the world’s widest cybersecurity platform with 13 products, is thrilled to announce the launch of its latest innovation, the Privileged Account and Session Management (PASM) solution.  Designed to elevate the security of privileged accounts, Heimdal’s PASM grants organizations the ability to meticulously monitor, record, and manage all privileged […]

The post Heimdal® Adds PASM to the World’s Widest Cybersecurity Platform appeared first on Heimdal Security Blog.

A new phishing campaign targets Visa. The company is alerting users about an increase in JsOutProx malware detections, which is aimed at financial institutions and their clients. As per BleepingComputer, in the security alert released by their Payment Fraud Disruption unit, Visa says they became aware of the campaign distributing the remote access trojan (RAT) […]

The post Visa Warns: New Phishing Campaign Targets Financial Organizations appeared first on Heimdal Security Blog.

We are proud to announce that we joined the Internet Watch Foundation (IWF) in a united effort to eliminate child sexual abuse imagery from the internet. The UK charity focused on child protection is working to create a safer online environment by finding and taking down images and videos of child sexual abuse. By integrating IWF’s […]

The post Heimdal® Joins Internet Watch Foundation to Fight Child Sexual Abuse Imagery appeared first on Heimdal Security Blog.

IxMetro Powerhost, a Chilean data center and hosting provider, has become the latest target of a cyberattack by a newly identified ransomware group dubbed SEXi. This malicious group successfully encrypted the company’s VMware ESXi servers, which host virtual private servers for their clients, as well as the backups, putting a significant portion of hosted websites […]

The post Powerhost’s ESXi Servers Encrypted with New SEXi Ransomware appeared first on Heimdal Security Blog.

Jackson County, Missouri, confirms ransomware attack after declaring a state of emergency on Tuesday. The FBI, federal Department of Homeland Security, Missouri Highway Patrol, and the county sheriff’s office are part of the ongoing investigation. We are currently in the early stages of our diagnostic procedures, working closely with our cybersecurity partners to thoroughly explore all possibilities […]

The post Jackson County, Missouri, Closes Offices Because of Ransomware Attack appeared first on Heimdal Security Blog.

The Incident Management Policy template serves as an essential tool for organizations aiming to fortify their defenses against digital threats. This document provides a structured approach to establishing and maintaining robust information security measures, tailored to meet the specific needs of each organization while complying with relevant legal and federal guidelines. You cand find the […]

The post [Free & Downloadable] Incident Management Policy Template – 2024 appeared first on Heimdal Security Blog.

Researchers discovered new version of the Vultur Android banking trojan upgraded its obfuscation and remote control features. Reportedly, the malware masquerades the McAfee Security app to trick the victim into installing it. The Vultur banking trojan infection chain explained The first step of the attack is sending the victim a phishing SMS warning about an […]

The post New Version of the Vultur Android Banking Trojan Spoofs Security App appeared first on Heimdal Security Blog.

When you’re running an MSP, it’s easy to lose sight of the bigger picture. You’re fighting fires, managing people, dealing with clients, and the million-and-one other things a business owner does. This means that weeks or even months can go by, without taking the time to really assess the health of your business.  And this […]

The post The Top MSP KPIs and Metrics You Should Measure as a Managed Service Provider appeared first on Heimdal Security Blog.

As an MSP, you probably know just about everything there is to know about managing IT environments. But when it comes to MSP marketing, there’s a good chance it’s a very different story. For many MSPs, marketing is a whole new skill set – and there’s not much crossover with the skills that made you […]

The post MSP Marketing: What You Need to Know And Where to Start appeared first on Heimdal Security Blog.

Following a cyberattack on its IT systems on March 15, NHS Dumfries and Galloway, operating in the south of Scotland, revealed on the 27th of March that the data of a small number of patients has been made public by a known ransomware organization. NHS Dumfries and Galloway is aware that clinical data relating to […]

The post NHS Dumfries and Galloway Breached by INC Ransom appeared first on Heimdal Security Blog.

In light of reports of active exploitation in the wild, the US Cybersecurity and Infrastructure Security Agency (CISA) has added a Microsoft Sharepoint Server security flaw to its list of Known Exploited Vulnerabilities (KEV). This critical remote code execution vulnerability, with the tracking number CVE-2023-24955 and a CVSS score of 7.2, lets an authenticated attacker […]

The post Patch Now: CISA Adds New Microsoft SharePoint Server Vulnerability on its Catalog appeared first on Heimdal Security Blog.

The U.S. State Department has issued a call for information, offering up to $10 million for leads on the Blackcat ransomware group. This group is responsible for a massive cyberattack on UnitedHealth Group’s technology sector, causing widespread disruptions in insurance payments across the country. U.S. Department of State offers up to $10 million for information The announcement […]

The post U.S. Announces $10 Million Reward for Leads on Blackcat Ransomware Group appeared first on Heimdal Security Blog.

For MSPs, selecting the right software is crucial. This guide covers key factors across sales, marketing, cybersecurity, and business management tools.  Discover why each matters, standout features, pricing, and real-world insights to help you make informed decisions in a competitive market. Key Considerations When Choosing Your MSP Software Solution When picking MSP software, several key […]

The post The Best MSP Software: Building Your MSP Tool Stack [2024] appeared first on Heimdal Security Blog.

During the customer onboarding process, as an MSP, make sure all responsibilities, deadlines, and metrics are clear for everybody. Just like in any relationship, you want to set expectations and boundaries with new clients from the start. Key takeaways: Sign a Service Level Agreement (SLA). An SLA is a document that sets what, when, and […]

The post MSP Onboarding Process for Clients. Best Practices, Pitfalls & Checklist [Downloadable] appeared first on Heimdal Security Blog.

NIST’s National Vulnerability Database (NVD) stopped enriching with information most of the CVEs they register. Although they also consider other factors when deciding what to patch first, companies worldwide rely on NVD`s collection of vulnerability data for their research. For the past 2020, the National Vulnerability Database added the following information to vulnerabilities that got […]

The post NIST’s National Vulnerability Database Put CVE Enrichment on Hold appeared first on Heimdal Security Blog.

Hackers use phishing techniques to deploy NetSupport RAT through Microsoft Office documents. NetSupport RAT is an offshoot of NetSupport Manager, a remote support solution with over 21 million users worldwide. The remote access trojan (RAT) mimics the legitimate remote-control software to: evade detection monitor victim’s behavior capture keystrokes exfiltrate data take over system resources move […]

The post Phishing Campaign Uses Microsoft Office Docs to Spread NetSupport RAT appeared first on Heimdal Security Blog.

Running a managed service provider (MSP) business is hugely rewarding. MSPs give their customers the tools to be productive. They help solve problems so clients can achieve great things. And owning your own company means you decide what kind of work you want to do.  But it’s not all a bed of roses. There are […]

The post What Are the Top 10 MSP Challenges Today? (And Help Beating Them) appeared first on Heimdal Security Blog.

Getting the right pricing model can be make or break for a managed service provider or an MSSP. Whether you’re just starting, or you’re eyeing up the next stage of your growth journey – the way you’re pricing your managed services will make a huge difference to your business goals. Ultimately, the billing method you choose […]

The post MSP Pricing: The Complete Guide appeared first on Heimdal Security Blog.

An information security policy template serves as a comprehensive guide for organizations aiming to fortify their defenses against information breaches and cyber-attacks. It encompasses key areas such as purpose and objectives, authority, scope, organizational security management, functional responsibilities, and much more. Recognizing the diverse needs and preferences of different organizations, the information security policy template […]

The post [Free & Downloadable] Information Security Policy Template – 2024 appeared first on Heimdal Security Blog.

IBM and VU Amsterdam University researchers published on March 12th their study about the new GhostRace attack type. Apart from the technical paper, blog post and Proof of Concept (PoC) exploit, they also released scripts for scanning the Linux kernel for SCUAF gadgets. What’s at risk GhostRace exploits Speculative Race Conditions (SRCs) and is tracked as […]

The post Researchers Disclose Proof of Concept for New GhostRace Attack appeared first on Heimdal Security Blog.

MSPs handle IT management, while MSSPs specialize in cybersecurity. MSPs ensure smooth operations, while MSSPs maintain a security posture. Both are essential — each with its unique role. In this article, we’ll discuss their key differences! What Is an MSP (Managed Service Provider)? An MSP is a specialized company that oversees and maintains a client’s […]

The post MSP vs MSSP: What Is The Difference appeared first on Heimdal Security Blog.

Midnight Blizzard hackers used Microsoft’s stolen authentication secrets to advance into their internal system and access source code. The Russian attackers initially used password spraying to get into a legacy non-production test tenant account. Microsoft disclosed this initial attack in January 2024. The compromised account had access to an OAuth application with elevated privilege to […]

The post Russians Used Microsoft’s Stolen Authentication Secrets to Access Source Code appeared first on Heimdal Security Blog.

On Heimdal’s 10th Birthday, we want to thank everyone who shaped our journey from 2014 to today, and the future. Ours is a story of perseverance, innovation, and the relentless pursuit of excellence through community empowerment. What better way to celebrate than by sharing that story with you? 2011 – Heimdal® wins CTF Championship. Source: […]

The post Heimdal’s 10th Anniversary – Our Finest Hours appeared first on Heimdal Security Blog.

It’s a good time to be a Managed Service Provider. According to analysis by Mordor Intelligence, the global MSP market is set to rise from $281bn in 2024 to $411bn in 2028. The need for skilled IT support is continually growing, and MSPs are perfectly placed to meet this demand. Understanding what MSPs can offer […]

The post What Is An MSP (Managed Service Provider)? A Vendor and Buyer Guide appeared first on Heimdal Security Blog.

Capita, a British outsource company has reported a staggering annual loss of more than £106 million, significantly attributed to a ransomware attack by the Black Basta group last March. The hack was directly responsible for nearly a fourth of these losses, costing the corporation £25.3 million in related expenditures, according to the company’s annual report. Capita said […]

The post Capita Reports a Yearly Loss of about £106M Due to Cyberattack appeared first on Heimdal Security Blog.

Large-scale attacks on WordPress websites are being carried out by hackers to insert scripts that compel users’ browsers to try different websites’ passwords repeatedly. Cybersecurity researchers have been tracking a threat actor known for breaching sites to inject crypto wallet drainer scripts which steal all cryptocurrency and assets of victims when they connect to their […]

The post WordPress Websites Used by Threat Actor to Launch Brute-Force Attacks appeared first on Heimdal Security Blog.

A new critical-severity vulnerability in TeamCity On-Premises is being exploited by threat actors. CVE-2024-27198 is an authentication bypass vulnerability with a critical severity score of 9.8 out of 10. It affects all versions through 2023.11.4 of TeamCity’s on-premises edition software. The exploitation appears to be massive. Hundreds of new users created on unpatched instances of […]

The post Critical TeamCity On-Premises Vulnerability Actively Exploited by Threat Actors appeared first on Heimdal Security Blog.

The rise of GenAI (Generative AI) gives leeway to malicious content creators with 80% of all phishing campaigns discovered in the wild being generated by AI tools such as ChatGPT or similar. In this article, we are going to explore the latest phishing techniques that capitalize on GenAI. A new milestone in phishing Why is […]

The post There’s Something Phishy About Generative AI appeared first on Heimdal Security Blog.

Keeping your clients’ IT systems operational and secure is important for a Managed Service Provider (MSP), and having the right tools at your disposal isn’t just important, it’s mandatory for thriving the MSP space. There are tens of solutions to choose from but from these, a few stood out in particular, and one of these […]

The post 8 Best N-Able Alternatives & Competitors in 2024 (for MSPs) appeared first on Heimdal Security Blog.

Microsoft took six months to patch an actively exploited Windows kernel zero-day. Successful exploitation of CVE-2024-21338 gives attackers system privileges over the infected device. The patch for this flaw is available in the February 2024 Patch Tuesday updates. Security researchers urge Windows users to apply patches as soon as possible, to avoid privilege escalation. Windows […]

The post Windows Kernel Zero-day Patched after Six Months of Active Exploitation appeared first on Heimdal Security Blog.

CISA, the FBI, and MS-ISAC joined forces in a new advisory disclosing the latest Phobos ransomware IoCs and tactics. The update is rooted in recent investigations up to February 2024. The alert gives organizations a heads-up regarding how to prevent and mitigate a Phobos ransomware infection. The Phobos ransomware-as-a-service frequently targets government and critical infrastructure […]

The post CISA Updates Phobos Ransomware IoCs List in New Joint Advisory appeared first on Heimdal Security Blog.