On June 23rd, LockBit announced breaching the US Federal Reserve System, while security experts remained skeptical. The Russian threat group claimed to exfiltrate 33 terabytes of banking information from the USA’s central bank servers. They also threatened to publish the data in the following 48 hours unless the victims would pay ransom. Source – Cybernews.com […]

The post LockBit Claims Breaching the US Federal Reserve but Fails to Prove It appeared first on Heimdal Security Blog.

New GrimResource technique exploits a 2018-old, unpatched, Windows XSS flaw and crafted MSC files to deploy malware via the Microsoft Management Console (MMC). Researchers detected the new exploitation technique in the wild on June 6th, 2024. Exploiting the Microsoft Management Console could enable hackers to evade security measures and gain initial access. Although researchers reported […]

The post GrimResource Technique Exploits Years-Old Unpatched Windows XSS Flaw appeared first on Heimdal Security Blog.

Massive hack forces CDK Global, a provider of software-as-a-service for car dealerships, to shut down its servers, leaving customers unable to run their businesses as usual. A SaaS platform from CDK Global serves clients in the auto sector, managing all facets of vehicle dealership operations, such as inventory management, CRM, financing, payroll, support, and servicing. […]

The post CDK Group Falls Victim to Two Cyberattacks appeared first on Heimdal Security Blog.

ONNX Store new PhaaS is targeting Microsoft 365 and Office 365 accounts in financial companies. The hackers use QR codes in PDF attachments to lure the employees into clicking malicious links. The phishing platform uses Telegram bots to spread and includes mechanisms to bypass two-factor authentication (2FA). Researchers think ONNX Store is Caffeine phishing kit […]

The post ONNX Phishing Targets Financial Companies’ Microsoft 365 Accounts appeared first on Heimdal Security Blog.

A 28-year-old Russian man has been taken into custody by the Ukraine cyber police in Kyiv for his involvement in the Conti and LockBit ransomware operations, which involved making their malware impervious to antivirus software and carrying out at least one attack personally. The Dutch police, who responded to a ransomware attack and subsequent data […]

The post Crypter Specialist Involved in the Conti and LockBit Attack Arrested appeared first on Heimdal Security Blog.

On June 11th, Microsoft announced fixing a critical RCE vulnerability in their Message Queuing (MSMQ) technology. The flaw is tracked CVE-2024-30080 and has a CVSS score of 9.8 out of 10. Security researchers say threat hackers can exploit it remotely to take over Microsoft Servers. Why patch the MSMQ RCE vulnerability immediately The flaw only […]

The post MSMQ Vulnerability Allows Hackers to Takeover Microsoft Servers appeared first on Heimdal Security Blog.

Cleveland cyberattack shut down the City Hall and the Erieview offices for the last two days. Authorities revealed the incident on Monday June 10th and said public services were put offline until further notice. Emergency services and public utilities, like healthcare and trash collection remained functional, due to employees resuming to manual work. What we […]

The post Cleveland Cyberattack Turns Public Services Offline for Days appeared first on Heimdal Security Blog.

A new phishing kit known as ‘V3B’ is being promoted on Telegram by cybercriminals. It aims to trick clients of 54 significant financial institutions in Ireland, the Netherlands, Finland, Austria, Germany, France, Belgium, Greece, Luxembourg, and Italy. Priced between $130 and $450 per month depending on what is purchased, the phishing kit features advanced obfuscation, […]

The post The V3B Phishing Kit Affects Customers of 54 European Banks appeared first on Heimdal Security Blog.

The FBI has disclosed that it has acquired over 7,000 LockBit decryption keys that individuals can utilize to access encrypted data at no cost, but it is urging previous victims of LockBit ransomware attacks to come forward. This was announced by the FBI’s Cyber Division Assistant Director, Bryan Vorndran, at the 2024 Boston Conference on […]

The post 7,000 LockBit Keys Recovered by the FBI! appeared first on Heimdal Security Blog.

In an unprecedented coordinated effort, international law enforcement agencies have successfully dismantled several major botnets in what has been described as the largest ever operation against cybercrime. Dubbed ‘Operation Endgame’, this large-scale crackdown involved multiple countries and led to significant disruptions in the operations of cybercriminals worldwide. Details of the operation Between May 27 and […]

The post Operation Endgame, The Largest Ever Operation Against Botnets appeared first on Heimdal Security Blog.

Zyxel urges users to apply patches for three critical vulnerabilities impacting two of its end-of-life NAS products Security researcher Timothy Hjort reported 5 vulnerabilities in Zyxel products: NAS326, version V5.21(AAZF.16)C0 and earlier NAS542, version V5.21(ABAG.13)C0 and earlier Three of the flaws are critical and enable command injection and remote code execution (RCE) attacks. End-of-life means […]

The post Zyxel Patches EOL NAS Devices Against Three Critical Flaws appeared first on Heimdal Security Blog.

A ransomware attack hit services provider Synnovis on June 3rd, causing activity disruption at several major NHS hospitals in London. Blood transfusions, surgeries, blood tests, and other procedures were postponed, redirected to other clinics, or canceled. The attack impacted Guy’s and St Thomas’, King’s College Hospital NHS Foundation Trusts, and primary care services in southeast […]

The post Synnovis Ransomware Attack Disrupts NHS London Hospitals’ Activity appeared first on Heimdal Security Blog.

Hugging Face, a well-known AI company, reports that malicious actors have gained access to its members’ authentication secrets through a compromise on its Spaces platform. “Hugging Face Spaces” is a collection of AI apps made and submitted by community members, available for other members to test. Hugging Face alerted in a blog post: Earlier this […]

The post Hugging Face Spaces Platform Breached, Authentication Tokens Stolen appeared first on Heimdal Security Blog.

Ticketmaster has been breached and the data of over 500 million customers is listed for sale. A threat actor known as ShinyHunters is selling on the recently revived BreachForums hacking forum what they claim is the personal and financial information of Ticketmaster customers. The listing goes for $500,000. Details About the Breach: What Information Was […]

The post Ticketmaster Breached? Data of Over 500 Million Customers For Sale appeared first on Heimdal Security Blog.

The BBC has revealed that on May 21, a data security breach resulted in unauthorized access to files held on a cloud-based service, jeopardizing the confidentiality of members of the BBC Pension Scheme. What Do We Know About the Incident? The incident impacted roughly 25,000 people according to the reports, including former and current employees […]

The post BBC Breached! Current And Former Employees Impacted by the Attack appeared first on Heimdal Security Blog.

Threat actors got access to sensitive information belonging to 2,812,336 people due to the Sav-Rx data breach. The prescriptions management company discovered the data leakage on October 8th, 2023, five days after the attackers had breached their system. It was a network disruption that raised awareness. While they didn`t reveal how the hackers gained initial […]

The post Sav-Rx Data Breach Exposes Sensitive Information of Over 2.8 Million People appeared first on Heimdal Security Blog.

Researchers warn that hackers target Check Point remote access VPNs in an attempt to breach corporate networks. Using password-only authentication on old local accounts enables attackers to gain initial access to the company’s network. Check Point released a security update on May 27th advising users to bolster VPN security. One day later, the vendor released […]

The post Check Point VPNs under Attack. Vendor releases Hotfix for CVE-2024-24919 appeared first on Heimdal Security Blog.

Cybersecurity researchers identified several fake antivirus websites used by cybercriminals to distribute malware. These websites closely mimic legitimate antivirus sites but deliver malicious software instead of protection. In mid-April, Trellix’s Advanced Research Center discovered that these fake websites host malicious files, including .apk, .exe, and installer files created with Inno Setup. The malware includes espionage […]

The post Researchers Uncover Fake Antivirus Sites Spreading Malware appeared first on Heimdal Security Blog.

Researchers discovered that malicious actors launched a new malware campaign dubbed CLOUD#REVERSER. The infection chain uses notorious cloud storage services like Google Drive and Dropbox to deploy the malware. By updating operating scripts and retrieving commands from a remote server, the malware can steal data and perform remote code execution. For that it uses VBScript […]

The post CLOUD#REVERSER Malware Campaign Uses Google Drive and Dropbox  appeared first on Heimdal Security Blog.

LONDON, May 23, 2024 – Heimdal® is excited to announce its participation in Infosecurity Europe 2024, taking place from 4-6 June 2024 at ExCel London. Attendees are invited to visit Heimdal’s booth for an exclusive opportunity to engage with industry-leading cybersecurity experts, experience live demonstrations, and enjoy engaging presentations. Event Highlights Personalized Experience and Meet […]

The post Heimdal to Showcase Widest Cybersecurity Tech Stack at Infosecurity Europe 2024 appeared first on Heimdal Security Blog.

Only a few days left until InfoSecurity Europe kicks off and we can already feel the excitement of being there.   Starting June 4th, at ExCeL London, you’re up for three days of interacting with top names and brands in the information security industry. Get ready to see the latest cybersecurity tech in action, learn from […]

The post Top things to do at InfoSecurity Europe 2024 – Learn, Explore and Have Fun  appeared first on Heimdal Security Blog.

An authentication bypass vulnerability of maximum severity (CVSS V4 Score: 10.0) tracked as CVE-2024-4985 was recently fixed by GitHub. The vulnerability impacts GitHub Enterprise Server (GHES) instances using SAML single sign-on (SSO) authentication. What to Know About the Vulnerability By taking advantage of the vulnerability, a threat actor might spoof a SAML response and obtain […]

The post Critical SAML Auth Bypass Vulnerability Found in GitHub Enterprise Server appeared first on Heimdal Security Blog.

The Singing River Health System stated that the August 2023 ransomware attack impacted 895,204 individuals. The Mississippi-based healthcare provider operates multiple hospitals and medical facilities across the Gulf Coast region. What data was exposed in the breach? According to the data breached notice, the exposed information includes: full names dates of birth physical addresses Social […]

The post Singing River Health System Ransomware Attack Affects Nearly 900,000 appeared first on Heimdal Security Blog.

Click and execute! A new vulnerability in the open-source LibreOffice is being exploited by threat actors. As per reports, attackers can run malicious code on victims by deceiving them into opening and clicking on a maliciously crafted document. The LibreOffice developers warn users in a security advisory that the office software supports linking scripts to […]

The post Click to Hack? New LibreOffice Vulnerability Allows Threat Actors to Execute Malware With One Click appeared first on Heimdal Security Blog.

The notorious BreachForums has been seized by the FBI. The hacking forum is renowned for leaking and selling corporate data to other cybercriminals. The seizure occurred on Wednesday morning, shortly after the data leak of a Europol law enforcement portal. Now, the forum is displaying a message informing users that the FBI has taken possession […]

The post BreachForums Seized by the FBI! Investigations Ongoing appeared first on Heimdal Security Blog.

Google released a patch for a new zero-day this Monday, four days after addressing another vulnerability exploited in the wild. The latest Chrome zero-day is tracked as CVE-2024-4671. Security specialists described it as a high-severity out-of-bounds write flaw in the V8 JavaScript and WebAssembly engine. For the moment, Google won’t disclose details, to allow users […]

The post New Google Chrome Zero-Day in Less Than a Week. Update Your Browser Now! appeared first on Heimdal Security Blog.

Authorities investigating the Helsinki data breach revealed the attack originated in hackers exploiting an unpatched vulnerability. On May 2, 2024, the City of Helsinki announced that a data breach impacted its Education Division. The hackers got access to a network drive containing tens of millions of files belonging to tens of thousands of people. Considering […]

The post Unpatched Vulnerability Causes Massive Helsinki Data Breach appeared first on Heimdal Security Blog.

Computer company Dell Technologies revealed on Friday that it is looking into a data breach event involving a company site that contained limited customer information tied to sales. Dell informed consumers in a message that the results of its investigation indicate that unauthorized access was made to a database containing customer names, addresses, hardware, and […]

The post Dell Data Breach Affects 49 Million Customers appeared first on Heimdal Security Blog.

The City of Wichita, Kansas, fell victim to a ransomware attack, prompting the shutdown of its network to prevent further damage. The LockBit ransomware group has since claimed responsibility, adding the city to its list of targets on its Tor leak site and threatening to release stolen data. How is Wichita managing the ransomware incident? […]

The post Wichita Falls Victim to Ransomware Attack Claimed by LockBit appeared first on Heimdal Security Blog.

Official Press Release Copenhagen, Denmark – May 8th, 2024 — Heimdal®, a global leader in cybersecurity solutions, is excited to announce the appointment of Jesper Frederiksen as its new Chief Executive Officer. Bringing a wealth of experience from the SaaS and cloud security sectors, Frederiksen is renowned for his expertise in scaling IT technology organizations and enhancing […]

The post Heimdal Welcomes Jesper Frederiksen as Its New Chief Executive Officer appeared first on Heimdal Security Blog.

Researchers warn that Xiaomi devices are vulnerable to over 20 critical issues affecting applications and system components. Security specialists notified the vendor regarding the flaws at the end of April 2023. For the moment, Xiaomi didn’t manage to fix all of them. What are the vulnerable Xiaomi apps? The Xiaomi vulnerabilities impact applications that common […]

The post 20+ Xiaomi Vulnerabilities Put Users’ Data and Devices at Risk appeared first on Heimdal Security Blog.

We’re excited to announce our latest venture, a strategic partnership with DACTA that promises to strengthen cybersecurity defenses across the Asia-Pacific (APAC) region. This collaboration is a testament to Heimdal’s dedication to pushing the boundaries of cybersecurity and extending our innovative solutions to new markets, with DACTA’s unparalleled regional expertise leading the charge. The synergy […]

The post Heimdal Teams Up with DACTA to Strengthen Cybersecurity in the APAC Region appeared first on Heimdal Security Blog.

Kaiser Permanente, a healthcare service provider, just disclosed a data security incident that can impact over 13 million U.S. residents. Being one of the largest non-profit health plans in the U.S., it operates 40 hospitals and 618 medical facilities in California, Colorado, the District of Columbia, Georgia, Hawaii, Maryland, Oregon, Virginia, and Washington. What Do […]

The post Kaiser Permanente Breached: Over 13 Million Patients Possibly Impacted appeared first on Heimdal Security Blog.

Following a recent phishing attack that affected over two dozen employees, the Los Angeles County Department of Health Services revealed a data breach exposing thousands of patients’ personal and medical information. This is the second largest public health care system in the nation, behind NYC Health + Hospitals, and runs the public hospitals and clinics […]

The post The L.A. County Department of Health Services Breached appeared first on Heimdal Security Blog.

CrushFTP urges customers to patch servers with new versions due to discovering zero-day. The CrushFTP zero-day vulnerability is tracked tracked CVE-2024-4040 and enables hackers to escape VFS and download system files. Its CVSS is 9.8, which is critical. CrushFTP zero-day explained CrushFTP is vulnerable to a server-side template injection issue that affects versions before 10.7.1 […]

The post Patch Now! CrushFTP Zero-day Lets Attackers Download System Files appeared first on Heimdal Security Blog.

MITRE Corporation announced that state-backed hackers used Ivanti zero-day vulnerabilities to breach their system. The attack happened in January 2024 and impacted MITRE’s Networked Experimentation, Research, and Virtualization Environment (NERVE). NERVE is an unclassified collaborative network that researchers use. The two Ivanti vulnerabilities were: authentication bypass CVE-2023-46805 command injection CVE-2024-21887 None of them had an […]

The post MITRE Breached – Hackers Chained 2 Ivanti Zero-days to Compromise VPN appeared first on Heimdal Security Blog.

Cybersecurity researchers unveiled a new malvertising campaign that uses malicious Google ads to deliver a backdoor dubbed ‘MadMxShell’. The ads leverage a set of domains to push the backdoor and mimic legitimate IP scanner software. The 45 domains, registered between November 2023 and March 2024 pose as IP scanner software such as: Angry IP Scanner […]

The post Deceptive Google Ads Mimic IP Scanner Software to Push Backdoor appeared first on Heimdal Security Blog.

Researchers observed a rise in daily infection attempts leveraging old TP-Link Archer Command Injection Vulnerability. Since March 2024, six botnet malware operations showed interest in scanning TP-Link Archer AX21 (AX1800) routers for CVE-2023-1389. The daily number of attempts ranged between 40,000 – 50,000 during the month. Source – Bleeping Computer The vendor released a patch […]

The post Surge in Botnets Exploiting CVE-2023-1389 to Infect TP-Link Archer Routers appeared first on Heimdal Security Blog.

Researchers discovered an overlooked vulnerability in Lighttpd web server that is used in Baseboard Management Controllers (BMCs). The flaw impacts hardware vendors that use AMI MegaRAC BMCs, like Intel, Lenovo and Supermicro. Although developers discovered and fixed the Lighttpd flaw back in 2018, the vulnerability didn’t get a CVE. Further on, Lighttpd users, like AMI […]

The post Years-Old Vulnerability in AMI MegaRAC BMCs Impacts Intel and Lenovo Hardware appeared first on Heimdal Security Blog.

Two methods that researchers have found might allow attackers to get around audit logs or produce less serious entries when they download data from SharePoint. Due to the sensitivity of SharePoint data, a lot of businesses audit sensitive occurrences, such as data downloads, to set off alarms in security information and event management platforms (SIEMs), […]

The post SharePoint Flaws Could Help Threat Actors Evade Detection Easier When Stealing Files appeared first on Heimdal Security Blog.

A new emergency directive from CISA requires U.S. federal agencies to address the risks associated with the Russian hacking group APT29’s compromise of several Microsoft business email accounts. On April 2, Federal Civilian Executive Branch (FCEB) agencies received Emergency Directive 24-02. They must look into potentially impacted emails, reset any compromised passwords, and take precautions […]

The post CISA Issues Emergency Directive and Orders Agencies to Mitigate the Risks of the Microsoft Hack appeared first on Heimdal Security Blog.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued a warning on Thursday about a data breach at Sisense, a US business intelligence software. The agency strongly recommended that all Sisense users promptly change their passwords and any other potentially compromised credentials used to access the company’s services. The agency also advised users to be […]

The post CISA Urges Sisense Customers to Reset Credentials and Report Suspicious Activity appeared first on Heimdal Security Blog.

Researchers warn zero-day vulnerability exposes End-Of-Life (EOL) D-Link network attached storage devices (NAS) to remote code execution. CVE-2024-3273 enables hackers to backdoor the equipment and compromise sensitive data. The D-Link NAS vulnerability explained There are two security issues in the EOL D-Link NAS models: a backdoor due to hardcoded credentials a command injection vulnerability via […]

The post 92,000 D-Link NAS Devices Vulnerable to Remote Code Execution appeared first on Heimdal Security Blog.

Rust standard library flaw dubbed BatBadBut lets hackers target Windows systems in command injection attacks. The vulnerability impacts all Rust versions before 1.77.2 on Windows, but only in case code or dependencies execute batch files with untrusted arguments. Rust Security urged users to upgrade to the latest version, 1.77.2. The new version includes patches that […]

The post Warning! Rust Standard Library Flaw Enables Windows Command Injection Attacks appeared first on Heimdal Security Blog.

A new phishing campaign targets Visa. The company is alerting users about an increase in JsOutProx malware detections, which is aimed at financial institutions and their clients. As per BleepingComputer, in the security alert released by their Payment Fraud Disruption unit, Visa says they became aware of the campaign distributing the remote access trojan (RAT) […]

The post Visa Warns: New Phishing Campaign Targets Financial Organizations appeared first on Heimdal Security Blog.

IxMetro Powerhost, a Chilean data center and hosting provider, has become the latest target of a cyberattack by a newly identified ransomware group dubbed SEXi. This malicious group successfully encrypted the company’s VMware ESXi servers, which host virtual private servers for their clients, as well as the backups, putting a significant portion of hosted websites […]

The post Powerhost’s ESXi Servers Encrypted with New SEXi Ransomware appeared first on Heimdal Security Blog.

Jackson County, Missouri, confirms ransomware attack after declaring a state of emergency on Tuesday. The FBI, federal Department of Homeland Security, Missouri Highway Patrol, and the county sheriff’s office are part of the ongoing investigation. We are currently in the early stages of our diagnostic procedures, working closely with our cybersecurity partners to thoroughly explore all possibilities […]

The post Jackson County, Missouri, Closes Offices Because of Ransomware Attack appeared first on Heimdal Security Blog.

Researchers discovered new version of the Vultur Android banking trojan upgraded its obfuscation and remote control features. Reportedly, the malware masquerades the McAfee Security app to trick the victim into installing it. The Vultur banking trojan infection chain explained The first step of the attack is sending the victim a phishing SMS warning about an […]

The post New Version of the Vultur Android Banking Trojan Spoofs Security App appeared first on Heimdal Security Blog.

Following a cyberattack on its IT systems on March 15, NHS Dumfries and Galloway, operating in the south of Scotland, revealed on the 27th of March that the data of a small number of patients has been made public by a known ransomware organization. NHS Dumfries and Galloway is aware that clinical data relating to […]

The post NHS Dumfries and Galloway Breached by INC Ransom appeared first on Heimdal Security Blog.