Researchers warn that Xiaomi devices are vulnerable to over 20 critical issues affecting applications and system components. Security specialists notified the vendor regarding the flaws at the end of April 2023. For the moment, Xiaomi didn’t manage to fix all of them. What are the vulnerable Xiaomi apps? The Xiaomi vulnerabilities impact applications that common […]

The post 20+ Xiaomi Vulnerabilities Put Users’ Data and Devices at Risk appeared first on Heimdal Security Blog.

CrowdStrike and Carbon Black have their fair share of users and supporters. They’ve also earned almost 5 stars on Gartner for their EDR solutions.   As always, the devil is in the details. Security operations differ depending on a company’s needs, infrastructure, and resources.  That’s why it’s tough to judge if an EDR tool is overpriced, […]

The post CrowdStrike vs Carbon Black – Which Cybersecurity Software Suits Your Needs?  appeared first on Heimdal Security Blog.

CrushFTP urges customers to patch servers with new versions due to discovering zero-day. The CrushFTP zero-day vulnerability is tracked tracked CVE-2024-4040 and enables hackers to escape VFS and download system files. Its CVSS is 9.8, which is critical. CrushFTP zero-day explained CrushFTP is vulnerable to a server-side template injection issue that affects versions before 10.7.1 […]

The post Patch Now! CrushFTP Zero-day Lets Attackers Download System Files appeared first on Heimdal Security Blog.

MITRE Corporation announced that state-backed hackers used Ivanti zero-day vulnerabilities to breach their system. The attack happened in January 2024 and impacted MITRE’s Networked Experimentation, Research, and Virtualization Environment (NERVE). NERVE is an unclassified collaborative network that researchers use. The two Ivanti vulnerabilities were: authentication bypass CVE-2023-46805 command injection CVE-2024-21887 None of them had an […]

The post MITRE Breached – Hackers Chained 2 Ivanti Zero-days to Compromise VPN appeared first on Heimdal Security Blog.

Patching is the second most challenging and resource-consuming task of a System Administrator. That’s what Alex Panait told me when I wanted to know his opinion on the benefits and hurdles of patching.  Alex has been a System Administrator in Internal IT at Heimdal for the last 8 years. He’s seen the company developing and […]

The post A System Administrator’s Challenges in Patch Management appeared first on Heimdal Security Blog.

Researchers observed a rise in daily infection attempts leveraging old TP-Link Archer Command Injection Vulnerability. Since March 2024, six botnet malware operations showed interest in scanning TP-Link Archer AX21 (AX1800) routers for CVE-2023-1389. The daily number of attempts ranged between 40,000 – 50,000 during the month. Source – Bleeping Computer The vendor released a patch […]

The post Surge in Botnets Exploiting CVE-2023-1389 to Infect TP-Link Archer Routers appeared first on Heimdal Security Blog.

Researchers discovered an overlooked vulnerability in Lighttpd web server that is used in Baseboard Management Controllers (BMCs). The flaw impacts hardware vendors that use AMI MegaRAC BMCs, like Intel, Lenovo and Supermicro. Although developers discovered and fixed the Lighttpd flaw back in 2018, the vulnerability didn’t get a CVE. Further on, Lighttpd users, like AMI […]

The post Years-Old Vulnerability in AMI MegaRAC BMCs Impacts Intel and Lenovo Hardware appeared first on Heimdal Security Blog.

Managed service providers often find themselves wearing many hats. Juggling various responsibilities and tasks that result from keeping client’s systems safe and functional leaves little time for learning and networking.   In IT and cybersecurity, tools and standards change fast. As busy as you may be, you must keep up with new technology and make sure […]

The post Top MSP Events to Attend in 2024 – A Cybersecurity Expert’s Choice  appeared first on Heimdal Security Blog.

Researchers warn zero-day vulnerability exposes End-Of-Life (EOL) D-Link network attached storage devices (NAS) to remote code execution. CVE-2024-3273 enables hackers to backdoor the equipment and compromise sensitive data. The D-Link NAS vulnerability explained There are two security issues in the EOL D-Link NAS models: a backdoor due to hardcoded credentials a command injection vulnerability via […]

The post 92,000 D-Link NAS Devices Vulnerable to Remote Code Execution appeared first on Heimdal Security Blog.

Rust standard library flaw dubbed BatBadBut lets hackers target Windows systems in command injection attacks. The vulnerability impacts all Rust versions before 1.77.2 on Windows, but only in case code or dependencies execute batch files with untrusted arguments. Rust Security urged users to upgrade to the latest version, 1.77.2. The new version includes patches that […]

The post Warning! Rust Standard Library Flaw Enables Windows Command Injection Attacks appeared first on Heimdal Security Blog.

Jackson County, Missouri, confirms ransomware attack after declaring a state of emergency on Tuesday. The FBI, federal Department of Homeland Security, Missouri Highway Patrol, and the county sheriff’s office are part of the ongoing investigation. We are currently in the early stages of our diagnostic procedures, working closely with our cybersecurity partners to thoroughly explore all possibilities […]

The post Jackson County, Missouri, Closes Offices Because of Ransomware Attack appeared first on Heimdal Security Blog.

Researchers discovered new version of the Vultur Android banking trojan upgraded its obfuscation and remote control features. Reportedly, the malware masquerades the McAfee Security app to trick the victim into installing it. The Vultur banking trojan infection chain explained The first step of the attack is sending the victim a phishing SMS warning about an […]

The post New Version of the Vultur Android Banking Trojan Spoofs Security App appeared first on Heimdal Security Blog.

During the customer onboarding process, as an MSP, make sure all responsibilities, deadlines, and metrics are clear for everybody. Just like in any relationship, you want to set expectations and boundaries with new clients from the start. Key takeaways: Sign a Service Level Agreement (SLA). An SLA is a document that sets what, when, and […]

The post MSP Onboarding Process for Clients. Best Practices, Pitfalls & Checklist [Downloadable] appeared first on Heimdal Security Blog.

NIST’s National Vulnerability Database (NVD) stopped enriching with information most of the CVEs they register. Although they also consider other factors when deciding what to patch first, companies worldwide rely on NVD`s collection of vulnerability data for their research. For the past 2020, the National Vulnerability Database added the following information to vulnerabilities that got […]

The post NIST’s National Vulnerability Database Put CVE Enrichment on Hold appeared first on Heimdal Security Blog.

Hackers use phishing techniques to deploy NetSupport RAT through Microsoft Office documents. NetSupport RAT is an offshoot of NetSupport Manager, a remote support solution with over 21 million users worldwide. The remote access trojan (RAT) mimics the legitimate remote-control software to: evade detection monitor victim’s behavior capture keystrokes exfiltrate data take over system resources move […]

The post Phishing Campaign Uses Microsoft Office Docs to Spread NetSupport RAT appeared first on Heimdal Security Blog.

IBM and VU Amsterdam University researchers published on March 12th their study about the new GhostRace attack type. Apart from the technical paper, blog post and Proof of Concept (PoC) exploit, they also released scripts for scanning the Linux kernel for SCUAF gadgets. What’s at risk GhostRace exploits Speculative Race Conditions (SRCs) and is tracked as […]

The post Researchers Disclose Proof of Concept for New GhostRace Attack appeared first on Heimdal Security Blog.

Midnight Blizzard hackers used Microsoft’s stolen authentication secrets to advance into their internal system and access source code. The Russian attackers initially used password spraying to get into a legacy non-production test tenant account. Microsoft disclosed this initial attack in January 2024. The compromised account had access to an OAuth application with elevated privilege to […]

The post Russians Used Microsoft’s Stolen Authentication Secrets to Access Source Code appeared first on Heimdal Security Blog.

Microsoft took six months to patch an actively exploited Windows kernel zero-day. Successful exploitation of CVE-2024-21338 gives attackers system privileges over the infected device. The patch for this flaw is available in the February 2024 Patch Tuesday updates. Security researchers urge Windows users to apply patches as soon as possible, to avoid privilege escalation. Windows […]

The post Windows Kernel Zero-day Patched after Six Months of Active Exploitation appeared first on Heimdal Security Blog.

CISA, the FBI, and MS-ISAC joined forces in a new advisory disclosing the latest Phobos ransomware IoCs and tactics. The update is rooted in recent investigations up to February 2024. The alert gives organizations a heads-up regarding how to prevent and mitigate a Phobos ransomware infection. The Phobos ransomware-as-a-service frequently targets government and critical infrastructure […]

The post CISA Updates Phobos Ransomware IoCs List in New Joint Advisory appeared first on Heimdal Security Blog.

SubDoMailing phishing campaign hijacked 8000 abandoned domains and 13,000 subdomains to avoid spam detection. Hackers sent 5 million malicious emails daily. The campaign exploited the credibility of big brands in tech, education, charity, e-commerce, and the press industry. MSN, VMware, McAfee, The Economist, Cornell University, CBS, NYC.gov, PWC, Pearson, Better Business Bureau, UNICEF, ACLU, Symantec, […]

The post Cornell, UNICEF, VMware and McAfee Subdomains Hijacked to Bypass Filters appeared first on Heimdal Security Blog.

A subdomain related to ScreenConnect appears as an Indicator of Compromise (IoC) on CISA`s #StopRansomware: ALPHV Blackcat joint advisory update. Fisa99.screenconnect[.]com, which is a ScreenConnect remote access domain, is listed in Table 4, as a network IoC. In their advisory, the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the […]

The post ConnectWise ScreenConnect Subdomain Listed as IoC in CISA’s BlackCat Ransomware Advisory appeared first on Heimdal Security Blog.

International law enforcement operation disrupts LockBit ransomware gang and offers victims free decryption tool. The campaign was dubbed Operation Cronos and was a collaboration between the U.K.’s National Crime Agency (NCA), the Europol, the FBI, and a coalition of international police agencies. On February 20th, police officers arrested two LockBit threat actors in Poland and […]

The post Lockbit Disrupted. Police Arrests Staff Members and Gives Victims Free Decryptor appeared first on Heimdal Security Blog.

A reboot in the middle of my presentation? Good job, IT team, perfect timing, as always. As an MSP, you’ve certainly had to deal with those moments when a customer pushes back against a mandatory rebooting policy. You’re left wondering, “Why all the fuss over a basic maintenance procedure?”. Skipping out on those reboots is […]

The post Dear Customer, Why Won’t You Listen? An MSP Guide to Mandatory Rebooting Policies appeared first on Heimdal Security Blog.

Hackers targeted two French healthcare providers and generated the largest data breach in French history. The French Data Protection Agency (CNIL) said both Viamedis and Almerys data breaches exposed the data of 33 million people. The two medical insurance companies announced at the beginning of February 2024 that they were victims of cybercrime. Hackers used […]

The post France Cyber Attack – Data Breaches Compromise 33 Million People’s Data appeared first on Heimdal Security Blog.

New Chainalysis warns of ransomware payments raised above above $1.1 billion in 2023 and reached a new record. The $983 million previous peak was set in 2021, while in 2022 the ransomware payments dropped to $567. Chainalysis puts the unusual dropping on threat actors changing focus to politically motivated cyberattacks, due to the war in […]

The post Ransomware Payments New Record Exceeds $905 Million Peak by over 11% appeared first on Heimdal Security Blog.

AnyDesk confirmed recently that a cyberattack has affected their product systems. The hackers accessed the source code and private code signing keys. Initially, the 170,000 customers remote access software company claimed an unplanned maintenance to explain why client logins failed between January 29th and February 1st. A few days later, on February 2nd, AnyDesk announced […]

The post AnyDesk System Breach Raises Concerns Among MSP Users appeared first on Heimdal Security Blog.

Choosing between the different types of patch management solutions impacts the effort your IT team must make to keep the system safe. There’s no one-size-fits-all with patch management software, so you’ll need to evaluate your company’s profile first. Once you decide, look at this list of best patch management software. Key takeaways  Assess the company’s […]

The post Main Types of Patch Management Solutions: A Decision-Making Guide appeared first on Heimdal Security Blog.