LONDON, May 23, 2024 – Heimdal® is excited to announce its participation in Infosecurity Europe 2024, taking place from 4-6 June 2024 at ExCel London. Attendees are invited to visit Heimdal’s booth for an exclusive opportunity to engage with industry-leading cybersecurity experts, experience live demonstrations, and enjoy engaging presentations. Event Highlights Personalized Experience and Meet […]

The post Heimdal to Showcase Widest Cybersecurity Tech Stack at Infosecurity Europe 2024 appeared first on Heimdal Security Blog.

Only a few days left until InfoSecurity Europe kicks off and we can already feel the excitement of being there.   Starting June 4th, at ExCeL London, you’re up for three days of interacting with top names and brands in the information security industry. Get ready to see the latest cybersecurity tech in action, learn from […]

The post Top things to do at InfoSecurity Europe 2024 – Learn, Explore and Have Fun  appeared first on Heimdal Security Blog.

An authentication bypass vulnerability of maximum severity (CVSS V4 Score: 10.0) tracked as CVE-2024-4985 was recently fixed by GitHub. The vulnerability impacts GitHub Enterprise Server (GHES) instances using SAML single sign-on (SSO) authentication. What to Know About the Vulnerability By taking advantage of the vulnerability, a threat actor might spoof a SAML response and obtain […]

The post Critical SAML Auth Bypass Vulnerability Found in GitHub Enterprise Server appeared first on Heimdal Security Blog.

The Singing River Health System stated that the August 2023 ransomware attack impacted 895,204 individuals. The Mississippi-based healthcare provider operates multiple hospitals and medical facilities across the Gulf Coast region. What data was exposed in the breach? According to the data breached notice, the exposed information includes: full names dates of birth physical addresses Social […]

The post Singing River Health System Ransomware Attack Affects Nearly 900,000 appeared first on Heimdal Security Blog.

Click and execute! A new vulnerability in the open-source LibreOffice is being exploited by threat actors. As per reports, attackers can run malicious code on victims by deceiving them into opening and clicking on a maliciously crafted document. The LibreOffice developers warn users in a security advisory that the office software supports linking scripts to […]

The post Click to Hack? New LibreOffice Vulnerability Allows Threat Actors to Execute Malware With One Click appeared first on Heimdal Security Blog.

The notorious BreachForums has been seized by the FBI. The hacking forum is renowned for leaking and selling corporate data to other cybercriminals. The seizure occurred on Wednesday morning, shortly after the data leak of a Europol law enforcement portal. Now, the forum is displaying a message informing users that the FBI has taken possession […]

The post BreachForums Seized by the FBI! Investigations Ongoing appeared first on Heimdal Security Blog.

Google released a patch for a new zero-day this Monday, four days after addressing another vulnerability exploited in the wild. The latest Chrome zero-day is tracked as CVE-2024-4671. Security specialists described it as a high-severity out-of-bounds write flaw in the V8 JavaScript and WebAssembly engine. For the moment, Google won’t disclose details, to allow users […]

The post New Google Chrome Zero-Day in Less Than a Week. Update Your Browser Now! appeared first on Heimdal Security Blog.

Authorities investigating the Helsinki data breach revealed the attack originated in hackers exploiting an unpatched vulnerability. On May 2, 2024, the City of Helsinki announced that a data breach impacted its Education Division. The hackers got access to a network drive containing tens of millions of files belonging to tens of thousands of people. Considering […]

The post Unpatched Vulnerability Causes Massive Helsinki Data Breach appeared first on Heimdal Security Blog.

Computer company Dell Technologies revealed on Friday that it is looking into a data breach event involving a company site that contained limited customer information tied to sales. Dell informed consumers in a message that the results of its investigation indicate that unauthorized access was made to a database containing customer names, addresses, hardware, and […]

The post Dell Data Breach Affects 49 Million Customers appeared first on Heimdal Security Blog.

The City of Wichita, Kansas, fell victim to a ransomware attack, prompting the shutdown of its network to prevent further damage. The LockBit ransomware group has since claimed responsibility, adding the city to its list of targets on its Tor leak site and threatening to release stolen data. How is Wichita managing the ransomware incident? […]

The post Wichita Falls Victim to Ransomware Attack Claimed by LockBit appeared first on Heimdal Security Blog.

Official Press Release Copenhagen, Denmark – May 8th, 2024 — Heimdal®, a global leader in cybersecurity solutions, is excited to announce the appointment of Jesper Frederiksen as its new Chief Executive Officer. Bringing a wealth of experience from the SaaS and cloud security sectors, Frederiksen is renowned for his expertise in scaling IT technology organizations and enhancing […]

The post Heimdal Welcomes Jesper Frederiksen as Its New Chief Executive Officer appeared first on Heimdal Security Blog.

Researchers warn that Xiaomi devices are vulnerable to over 20 critical issues affecting applications and system components. Security specialists notified the vendor regarding the flaws at the end of April 2023. For the moment, Xiaomi didn’t manage to fix all of them. What are the vulnerable Xiaomi apps? The Xiaomi vulnerabilities impact applications that common […]

The post 20+ Xiaomi Vulnerabilities Put Users’ Data and Devices at Risk appeared first on Heimdal Security Blog.

We’re excited to announce our latest venture, a strategic partnership with DACTA that promises to strengthen cybersecurity defenses across the Asia-Pacific (APAC) region. This collaboration is a testament to Heimdal’s dedication to pushing the boundaries of cybersecurity and extending our innovative solutions to new markets, with DACTA’s unparalleled regional expertise leading the charge. The synergy […]

The post Heimdal Teams Up with DACTA to Strengthen Cybersecurity in the APAC Region appeared first on Heimdal Security Blog.

Kaiser Permanente, a healthcare service provider, just disclosed a data security incident that can impact over 13 million U.S. residents. Being one of the largest non-profit health plans in the U.S., it operates 40 hospitals and 618 medical facilities in California, Colorado, the District of Columbia, Georgia, Hawaii, Maryland, Oregon, Virginia, and Washington. What Do […]

The post Kaiser Permanente Breached: Over 13 Million Patients Possibly Impacted appeared first on Heimdal Security Blog.

Following a recent phishing attack that affected over two dozen employees, the Los Angeles County Department of Health Services revealed a data breach exposing thousands of patients’ personal and medical information. This is the second largest public health care system in the nation, behind NYC Health + Hospitals, and runs the public hospitals and clinics […]

The post The L.A. County Department of Health Services Breached appeared first on Heimdal Security Blog.

CrushFTP urges customers to patch servers with new versions due to discovering zero-day. The CrushFTP zero-day vulnerability is tracked tracked CVE-2024-4040 and enables hackers to escape VFS and download system files. Its CVSS is 9.8, which is critical. CrushFTP zero-day explained CrushFTP is vulnerable to a server-side template injection issue that affects versions before 10.7.1 […]

The post Patch Now! CrushFTP Zero-day Lets Attackers Download System Files appeared first on Heimdal Security Blog.

MITRE Corporation announced that state-backed hackers used Ivanti zero-day vulnerabilities to breach their system. The attack happened in January 2024 and impacted MITRE’s Networked Experimentation, Research, and Virtualization Environment (NERVE). NERVE is an unclassified collaborative network that researchers use. The two Ivanti vulnerabilities were: authentication bypass CVE-2023-46805 command injection CVE-2024-21887 None of them had an […]

The post MITRE Breached – Hackers Chained 2 Ivanti Zero-days to Compromise VPN appeared first on Heimdal Security Blog.

Cybersecurity researchers unveiled a new malvertising campaign that uses malicious Google ads to deliver a backdoor dubbed ‘MadMxShell’. The ads leverage a set of domains to push the backdoor and mimic legitimate IP scanner software. The 45 domains, registered between November 2023 and March 2024 pose as IP scanner software such as: Angry IP Scanner […]

The post Deceptive Google Ads Mimic IP Scanner Software to Push Backdoor appeared first on Heimdal Security Blog.

Researchers observed a rise in daily infection attempts leveraging old TP-Link Archer Command Injection Vulnerability. Since March 2024, six botnet malware operations showed interest in scanning TP-Link Archer AX21 (AX1800) routers for CVE-2023-1389. The daily number of attempts ranged between 40,000 – 50,000 during the month. Source – Bleeping Computer The vendor released a patch […]

The post Surge in Botnets Exploiting CVE-2023-1389 to Infect TP-Link Archer Routers appeared first on Heimdal Security Blog.

Researchers discovered an overlooked vulnerability in Lighttpd web server that is used in Baseboard Management Controllers (BMCs). The flaw impacts hardware vendors that use AMI MegaRAC BMCs, like Intel, Lenovo and Supermicro. Although developers discovered and fixed the Lighttpd flaw back in 2018, the vulnerability didn’t get a CVE. Further on, Lighttpd users, like AMI […]

The post Years-Old Vulnerability in AMI MegaRAC BMCs Impacts Intel and Lenovo Hardware appeared first on Heimdal Security Blog.

Two methods that researchers have found might allow attackers to get around audit logs or produce less serious entries when they download data from SharePoint. Due to the sensitivity of SharePoint data, a lot of businesses audit sensitive occurrences, such as data downloads, to set off alarms in security information and event management platforms (SIEMs), […]

The post SharePoint Flaws Could Help Threat Actors Evade Detection Easier When Stealing Files appeared first on Heimdal Security Blog.

A new emergency directive from CISA requires U.S. federal agencies to address the risks associated with the Russian hacking group APT29’s compromise of several Microsoft business email accounts. On April 2, Federal Civilian Executive Branch (FCEB) agencies received Emergency Directive 24-02. They must look into potentially impacted emails, reset any compromised passwords, and take precautions […]

The post CISA Issues Emergency Directive and Orders Agencies to Mitigate the Risks of the Microsoft Hack appeared first on Heimdal Security Blog.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued a warning on Thursday about a data breach at Sisense, a US business intelligence software. The agency strongly recommended that all Sisense users promptly change their passwords and any other potentially compromised credentials used to access the company’s services. The agency also advised users to be […]

The post CISA Urges Sisense Customers to Reset Credentials and Report Suspicious Activity appeared first on Heimdal Security Blog.

Researchers warn zero-day vulnerability exposes End-Of-Life (EOL) D-Link network attached storage devices (NAS) to remote code execution. CVE-2024-3273 enables hackers to backdoor the equipment and compromise sensitive data. The D-Link NAS vulnerability explained There are two security issues in the EOL D-Link NAS models: a backdoor due to hardcoded credentials a command injection vulnerability via […]

The post 92,000 D-Link NAS Devices Vulnerable to Remote Code Execution appeared first on Heimdal Security Blog.

Rust standard library flaw dubbed BatBadBut lets hackers target Windows systems in command injection attacks. The vulnerability impacts all Rust versions before 1.77.2 on Windows, but only in case code or dependencies execute batch files with untrusted arguments. Rust Security urged users to upgrade to the latest version, 1.77.2. The new version includes patches that […]

The post Warning! Rust Standard Library Flaw Enables Windows Command Injection Attacks appeared first on Heimdal Security Blog.

A new phishing campaign targets Visa. The company is alerting users about an increase in JsOutProx malware detections, which is aimed at financial institutions and their clients. As per BleepingComputer, in the security alert released by their Payment Fraud Disruption unit, Visa says they became aware of the campaign distributing the remote access trojan (RAT) […]

The post Visa Warns: New Phishing Campaign Targets Financial Organizations appeared first on Heimdal Security Blog.

IxMetro Powerhost, a Chilean data center and hosting provider, has become the latest target of a cyberattack by a newly identified ransomware group dubbed SEXi. This malicious group successfully encrypted the company’s VMware ESXi servers, which host virtual private servers for their clients, as well as the backups, putting a significant portion of hosted websites […]

The post Powerhost’s ESXi Servers Encrypted with New SEXi Ransomware appeared first on Heimdal Security Blog.

Jackson County, Missouri, confirms ransomware attack after declaring a state of emergency on Tuesday. The FBI, federal Department of Homeland Security, Missouri Highway Patrol, and the county sheriff’s office are part of the ongoing investigation. We are currently in the early stages of our diagnostic procedures, working closely with our cybersecurity partners to thoroughly explore all possibilities […]

The post Jackson County, Missouri, Closes Offices Because of Ransomware Attack appeared first on Heimdal Security Blog.

Researchers discovered new version of the Vultur Android banking trojan upgraded its obfuscation and remote control features. Reportedly, the malware masquerades the McAfee Security app to trick the victim into installing it. The Vultur banking trojan infection chain explained The first step of the attack is sending the victim a phishing SMS warning about an […]

The post New Version of the Vultur Android Banking Trojan Spoofs Security App appeared first on Heimdal Security Blog.

Following a cyberattack on its IT systems on March 15, NHS Dumfries and Galloway, operating in the south of Scotland, revealed on the 27th of March that the data of a small number of patients has been made public by a known ransomware organization. NHS Dumfries and Galloway is aware that clinical data relating to […]

The post NHS Dumfries and Galloway Breached by INC Ransom appeared first on Heimdal Security Blog.

In light of reports of active exploitation in the wild, the US Cybersecurity and Infrastructure Security Agency (CISA) has added a Microsoft Sharepoint Server security flaw to its list of Known Exploited Vulnerabilities (KEV). This critical remote code execution vulnerability, with the tracking number CVE-2023-24955 and a CVSS score of 7.2, lets an authenticated attacker […]

The post Patch Now: CISA Adds New Microsoft SharePoint Server Vulnerability on its Catalog appeared first on Heimdal Security Blog.

The U.S. State Department has issued a call for information, offering up to $10 million for leads on the Blackcat ransomware group. This group is responsible for a massive cyberattack on UnitedHealth Group’s technology sector, causing widespread disruptions in insurance payments across the country. U.S. Department of State offers up to $10 million for information The announcement […]

The post U.S. Announces $10 Million Reward for Leads on Blackcat Ransomware Group appeared first on Heimdal Security Blog.

NIST’s National Vulnerability Database (NVD) stopped enriching with information most of the CVEs they register. Although they also consider other factors when deciding what to patch first, companies worldwide rely on NVD`s collection of vulnerability data for their research. For the past 2020, the National Vulnerability Database added the following information to vulnerabilities that got […]

The post NIST’s National Vulnerability Database Put CVE Enrichment on Hold appeared first on Heimdal Security Blog.

Hackers use phishing techniques to deploy NetSupport RAT through Microsoft Office documents. NetSupport RAT is an offshoot of NetSupport Manager, a remote support solution with over 21 million users worldwide. The remote access trojan (RAT) mimics the legitimate remote-control software to: evade detection monitor victim’s behavior capture keystrokes exfiltrate data take over system resources move […]

The post Phishing Campaign Uses Microsoft Office Docs to Spread NetSupport RAT appeared first on Heimdal Security Blog.

IBM and VU Amsterdam University researchers published on March 12th their study about the new GhostRace attack type. Apart from the technical paper, blog post and Proof of Concept (PoC) exploit, they also released scripts for scanning the Linux kernel for SCUAF gadgets. What’s at risk GhostRace exploits Speculative Race Conditions (SRCs) and is tracked as […]

The post Researchers Disclose Proof of Concept for New GhostRace Attack appeared first on Heimdal Security Blog.

Midnight Blizzard hackers used Microsoft’s stolen authentication secrets to advance into their internal system and access source code. The Russian attackers initially used password spraying to get into a legacy non-production test tenant account. Microsoft disclosed this initial attack in January 2024. The compromised account had access to an OAuth application with elevated privilege to […]

The post Russians Used Microsoft’s Stolen Authentication Secrets to Access Source Code appeared first on Heimdal Security Blog.

Capita, a British outsource company has reported a staggering annual loss of more than £106 million, significantly attributed to a ransomware attack by the Black Basta group last March. The hack was directly responsible for nearly a fourth of these losses, costing the corporation £25.3 million in related expenditures, according to the company’s annual report. Capita said […]

The post Capita Reports a Yearly Loss of about £106M Due to Cyberattack appeared first on Heimdal Security Blog.

Large-scale attacks on WordPress websites are being carried out by hackers to insert scripts that compel users’ browsers to try different websites’ passwords repeatedly. Cybersecurity researchers have been tracking a threat actor known for breaching sites to inject crypto wallet drainer scripts which steal all cryptocurrency and assets of victims when they connect to their […]

The post WordPress Websites Used by Threat Actor to Launch Brute-Force Attacks appeared first on Heimdal Security Blog.

A new critical-severity vulnerability in TeamCity On-Premises is being exploited by threat actors. CVE-2024-27198 is an authentication bypass vulnerability with a critical severity score of 9.8 out of 10. It affects all versions through 2023.11.4 of TeamCity’s on-premises edition software. The exploitation appears to be massive. Hundreds of new users created on unpatched instances of […]

The post Critical TeamCity On-Premises Vulnerability Actively Exploited by Threat Actors appeared first on Heimdal Security Blog.

Microsoft took six months to patch an actively exploited Windows kernel zero-day. Successful exploitation of CVE-2024-21338 gives attackers system privileges over the infected device. The patch for this flaw is available in the February 2024 Patch Tuesday updates. Security researchers urge Windows users to apply patches as soon as possible, to avoid privilege escalation. Windows […]

The post Windows Kernel Zero-day Patched after Six Months of Active Exploitation appeared first on Heimdal Security Blog.

CISA, the FBI, and MS-ISAC joined forces in a new advisory disclosing the latest Phobos ransomware IoCs and tactics. The update is rooted in recent investigations up to February 2024. The alert gives organizations a heads-up regarding how to prevent and mitigate a Phobos ransomware infection. The Phobos ransomware-as-a-service frequently targets government and critical infrastructure […]

The post CISA Updates Phobos Ransomware IoCs List in New Joint Advisory appeared first on Heimdal Security Blog.

The popular Cybersecurity Framework (CSF), a seminal guideline paper from the National Institute of Standards and Technology (NIST) for lowering cybersecurity risk, has been updated. Regardless of the level of cybersecurity competence, the new 2.0 edition is intended for all audiences, industry sectors, and organization types, from the tiniest organizations and schools to the biggest […]

The post NIST Releases the 2.0 Version of their Cybersecurity Framework (CSF 2.0) appeared first on Heimdal Security Blog.

Change Healthcare, a subsidiary of UnitedHealth Group, has fallen victim to a ransomware attack orchestrated by the notorious cybercrime gang ALPHV/BlackCat. The attack, which began on February 21, has caused widespread disruptions, affecting thousands of pharmacies and hospitals across the United States, and stalling prescriptions and healthcare services for millions of Americans. Change Healthcare is […]

The post Massive Ransomware Attack Disrupts US Healthcare: Behind it, ALPHV/BlackCat appeared first on Heimdal Security Blog.

Pepco Group, a leading European retailer, recently disclosed a significant financial loss due to a phishing attack on its Hungarian operations. The incident, which led to a €15 million setback, sparks a conversation about the sophistication of cyber-attacks and the measures companies must take to protect themselves. What happened to Pepco? Pepco, operating across 21 […]

The post Pepco Group Falls Victim to Multi-Million Euro Phishing Scam appeared first on Heimdal Security Blog.

SubDoMailing phishing campaign hijacked 8000 abandoned domains and 13,000 subdomains to avoid spam detection. Hackers sent 5 million malicious emails daily. The campaign exploited the credibility of big brands in tech, education, charity, e-commerce, and the press industry. MSN, VMware, McAfee, The Economist, Cornell University, CBS, NYC.gov, PWC, Pearson, Better Business Bureau, UNICEF, ACLU, Symantec, […]

The post Cornell, UNICEF, VMware and McAfee Subdomains Hijacked to Bypass Filters appeared first on Heimdal Security Blog.

A subdomain related to ScreenConnect appears as an Indicator of Compromise (IoC) on CISA`s #StopRansomware: ALPHV Blackcat joint advisory update. Fisa99.screenconnect[.]com, which is a ScreenConnect remote access domain, is listed in Table 4, as a network IoC. In their advisory, the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the […]

The post ConnectWise ScreenConnect Subdomain Listed as IoC in CISA’s BlackCat Ransomware Advisory appeared first on Heimdal Security Blog.

Researchers in security are issuing warnings about threat actors misusing Google Cloud Run to spread large amounts of banking trojans, such as Astaroth, Mekotio, and Ousaban. With Google Cloud Run, customers can manage workloads and launch front-end and back-end services, websites, and apps without having to worry about scaling or maintaining an infrastructure. Reports from […]

The post Google Cloud Run Abused in Massive Banking Trojan Operation appeared first on Heimdal Security Blog.

A new version of the LockBit ransomware seems to be on the horizon. The developers of the file-encrypting malware were secretly working on a project dubbed LockBit-NG-Dev, believed to be the 4.0 version of the tool. This information surfaced recently when law enforcement took down the cybercriminal’s infrastructure earlier this week. The New LockBit Tool […]

The post LockBit 4.0? The Ransomware Operation’s Secret Project appeared first on Heimdal Security Blog.

President Joe Biden has signed an executive order to enhance cybersecurity at U.S. ports. $20 billion will be invested in port upgrades, including a shift to trusted crane suppliers. This measure counteracts risks posed by the use of cranes made by China, and aims to expand the Coast Guard’s authority. Strengthening U.S. Port Cybersecurity The […]

The post Biden Signs Executive Order to Boost Maritime Cybersecurity Amid China Concerns appeared first on Heimdal Security Blog.