ONNX Store new PhaaS is targeting Microsoft 365 and Office 365 accounts in financial companies. The hackers use QR codes in PDF attachments to lure the employees into clicking malicious links. The phishing platform uses Telegram bots to spread and includes mechanisms to bypass two-factor authentication (2FA). Researchers think ONNX Store is Caffeine phishing kit […]

The post ONNX Phishing Targets Financial Companies’ Microsoft 365 Accounts appeared first on Heimdal Security Blog.

A bastion host is a server placed between the public internet and a company’s private network.  It enhances security by allowing access only to specific, authorized users. If you know about jump servers, you’ll recognize this remote access security concept. If not, you will by the end of this article. Understanding the functionality, types, and […]

The post What Is a Bastion Host? Types, Use Cases, and Safety Measures  appeared first on Heimdal Security Blog.

On June 11th, Microsoft announced fixing a critical RCE vulnerability in their Message Queuing (MSMQ) technology. The flaw is tracked CVE-2024-30080 and has a CVSS score of 9.8 out of 10. Security researchers say threat hackers can exploit it remotely to take over Microsoft Servers. Why patch the MSMQ RCE vulnerability immediately The flaw only […]

The post MSMQ Vulnerability Allows Hackers to Takeover Microsoft Servers appeared first on Heimdal Security Blog.

Cleveland cyberattack shut down the City Hall and the Erieview offices for the last two days. Authorities revealed the incident on Monday June 10th and said public services were put offline until further notice. Emergency services and public utilities, like healthcare and trash collection remained functional, due to employees resuming to manual work. What we […]

The post Cleveland Cyberattack Turns Public Services Offline for Days appeared first on Heimdal Security Blog.

Zyxel urges users to apply patches for three critical vulnerabilities impacting two of its end-of-life NAS products Security researcher Timothy Hjort reported 5 vulnerabilities in Zyxel products: NAS326, version V5.21(AAZF.16)C0 and earlier NAS542, version V5.21(ABAG.13)C0 and earlier Three of the flaws are critical and enable command injection and remote code execution (RCE) attacks. End-of-life means […]

The post Zyxel Patches EOL NAS Devices Against Three Critical Flaws appeared first on Heimdal Security Blog.

A ransomware attack hit services provider Synnovis on June 3rd, causing activity disruption at several major NHS hospitals in London. Blood transfusions, surgeries, blood tests, and other procedures were postponed, redirected to other clinics, or canceled. The attack impacted Guy’s and St Thomas’, King’s College Hospital NHS Foundation Trusts, and primary care services in southeast […]

The post Synnovis Ransomware Attack Disrupts NHS London Hospitals’ Activity appeared first on Heimdal Security Blog.

Threat actors got access to sensitive information belonging to 2,812,336 people due to the Sav-Rx data breach. The prescriptions management company discovered the data leakage on October 8th, 2023, five days after the attackers had breached their system. It was a network disruption that raised awareness. While they didn`t reveal how the hackers gained initial […]

The post Sav-Rx Data Breach Exposes Sensitive Information of Over 2.8 Million People appeared first on Heimdal Security Blog.

Researchers warn that hackers target Check Point remote access VPNs in an attempt to breach corporate networks. Using password-only authentication on old local accounts enables attackers to gain initial access to the company’s network. Check Point released a security update on May 27th advising users to bolster VPN security. One day later, the vendor released […]

The post Check Point VPNs under Attack. Vendor releases Hotfix for CVE-2024-24919 appeared first on Heimdal Security Blog.

Researchers discovered that malicious actors launched a new malware campaign dubbed CLOUD#REVERSER. The infection chain uses notorious cloud storage services like Google Drive and Dropbox to deploy the malware. By updating operating scripts and retrieving commands from a remote server, the malware can steal data and perform remote code execution. For that it uses VBScript […]

The post CLOUD#REVERSER Malware Campaign Uses Google Drive and Dropbox  appeared first on Heimdal Security Blog.

Only a few days left until InfoSecurity Europe kicks off and we can already feel the excitement of being there.   Starting June 4th, at ExCeL London, you’re up for three days of interacting with top names and brands in the information security industry. Get ready to see the latest cybersecurity tech in action, learn from […]

The post Top things to do at InfoSecurity Europe 2024 – Learn, Explore and Have Fun  appeared first on Heimdal Security Blog.

Google released a patch for a new zero-day this Monday, four days after addressing another vulnerability exploited in the wild. The latest Chrome zero-day is tracked as CVE-2024-4671. Security specialists described it as a high-severity out-of-bounds write flaw in the V8 JavaScript and WebAssembly engine. For the moment, Google won’t disclose details, to allow users […]

The post New Google Chrome Zero-Day in Less Than a Week. Update Your Browser Now! appeared first on Heimdal Security Blog.

Authorities investigating the Helsinki data breach revealed the attack originated in hackers exploiting an unpatched vulnerability. On May 2, 2024, the City of Helsinki announced that a data breach impacted its Education Division. The hackers got access to a network drive containing tens of millions of files belonging to tens of thousands of people. Considering […]

The post Unpatched Vulnerability Causes Massive Helsinki Data Breach appeared first on Heimdal Security Blog.

A jump server is a computer that acts as a safe bridge between networks in different security zones. It’s a hardened device that administrators use to safely bypass firewalls that isolate public networks from private ones. Another name for a jump server is a jump box or jump host. By using a jump server, a […]

The post What Is a Jump Server? Definition and Safety Measures appeared first on Heimdal Security Blog.

Researchers warn that Xiaomi devices are vulnerable to over 20 critical issues affecting applications and system components. Security specialists notified the vendor regarding the flaws at the end of April 2023. For the moment, Xiaomi didn’t manage to fix all of them. What are the vulnerable Xiaomi apps? The Xiaomi vulnerabilities impact applications that common […]

The post 20+ Xiaomi Vulnerabilities Put Users’ Data and Devices at Risk appeared first on Heimdal Security Blog.

CrowdStrike and Carbon Black have their fair share of users and supporters. They’ve also earned almost 5 stars on Gartner for their EDR solutions.   As always, the devil is in the details. Security operations differ depending on a company’s needs, infrastructure, and resources.  That’s why it’s tough to judge if an EDR tool is overpriced, […]

The post CrowdStrike vs Carbon Black – Which Cybersecurity Software Suits Your Needs?  appeared first on Heimdal Security Blog.

CrushFTP urges customers to patch servers with new versions due to discovering zero-day. The CrushFTP zero-day vulnerability is tracked tracked CVE-2024-4040 and enables hackers to escape VFS and download system files. Its CVSS is 9.8, which is critical. CrushFTP zero-day explained CrushFTP is vulnerable to a server-side template injection issue that affects versions before 10.7.1 […]

The post Patch Now! CrushFTP Zero-day Lets Attackers Download System Files appeared first on Heimdal Security Blog.

MITRE Corporation announced that state-backed hackers used Ivanti zero-day vulnerabilities to breach their system. The attack happened in January 2024 and impacted MITRE’s Networked Experimentation, Research, and Virtualization Environment (NERVE). NERVE is an unclassified collaborative network that researchers use. The two Ivanti vulnerabilities were: authentication bypass CVE-2023-46805 command injection CVE-2024-21887 None of them had an […]

The post MITRE Breached – Hackers Chained 2 Ivanti Zero-days to Compromise VPN appeared first on Heimdal Security Blog.

Patching is the second most challenging and resource-consuming task of a System Administrator. That’s what Alex Panait told me when I wanted to know his opinion on the benefits and hurdles of patching.  Alex has been a System Administrator in Internal IT at Heimdal for the last 8 years. He’s seen the company developing and […]

The post A System Administrator’s Challenges in Patch Management appeared first on Heimdal Security Blog.

Researchers observed a rise in daily infection attempts leveraging old TP-Link Archer Command Injection Vulnerability. Since March 2024, six botnet malware operations showed interest in scanning TP-Link Archer AX21 (AX1800) routers for CVE-2023-1389. The daily number of attempts ranged between 40,000 – 50,000 during the month. Source – Bleeping Computer The vendor released a patch […]

The post Surge in Botnets Exploiting CVE-2023-1389 to Infect TP-Link Archer Routers appeared first on Heimdal Security Blog.

Researchers discovered an overlooked vulnerability in Lighttpd web server that is used in Baseboard Management Controllers (BMCs). The flaw impacts hardware vendors that use AMI MegaRAC BMCs, like Intel, Lenovo and Supermicro. Although developers discovered and fixed the Lighttpd flaw back in 2018, the vulnerability didn’t get a CVE. Further on, Lighttpd users, like AMI […]

The post Years-Old Vulnerability in AMI MegaRAC BMCs Impacts Intel and Lenovo Hardware appeared first on Heimdal Security Blog.

Managed service providers often find themselves wearing many hats. Juggling various responsibilities and tasks that result from keeping client’s systems safe and functional leaves little time for learning and networking.   In IT and cybersecurity, tools and standards change fast. As busy as you may be, you must keep up with new technology and make sure […]

The post Top MSP Events to Attend in 2024 – A Cybersecurity Expert’s Choice  appeared first on Heimdal Security Blog.

Researchers warn zero-day vulnerability exposes End-Of-Life (EOL) D-Link network attached storage devices (NAS) to remote code execution. CVE-2024-3273 enables hackers to backdoor the equipment and compromise sensitive data. The D-Link NAS vulnerability explained There are two security issues in the EOL D-Link NAS models: a backdoor due to hardcoded credentials a command injection vulnerability via […]

The post 92,000 D-Link NAS Devices Vulnerable to Remote Code Execution appeared first on Heimdal Security Blog.

Rust standard library flaw dubbed BatBadBut lets hackers target Windows systems in command injection attacks. The vulnerability impacts all Rust versions before 1.77.2 on Windows, but only in case code or dependencies execute batch files with untrusted arguments. Rust Security urged users to upgrade to the latest version, 1.77.2. The new version includes patches that […]

The post Warning! Rust Standard Library Flaw Enables Windows Command Injection Attacks appeared first on Heimdal Security Blog.

Jackson County, Missouri, confirms ransomware attack after declaring a state of emergency on Tuesday. The FBI, federal Department of Homeland Security, Missouri Highway Patrol, and the county sheriff’s office are part of the ongoing investigation. We are currently in the early stages of our diagnostic procedures, working closely with our cybersecurity partners to thoroughly explore all possibilities […]

The post Jackson County, Missouri, Closes Offices Because of Ransomware Attack appeared first on Heimdal Security Blog.

Researchers discovered new version of the Vultur Android banking trojan upgraded its obfuscation and remote control features. Reportedly, the malware masquerades the McAfee Security app to trick the victim into installing it. The Vultur banking trojan infection chain explained The first step of the attack is sending the victim a phishing SMS warning about an […]

The post New Version of the Vultur Android Banking Trojan Spoofs Security App appeared first on Heimdal Security Blog.

During the customer onboarding process, as an MSP, make sure all responsibilities, deadlines, and metrics are clear for everybody. Just like in any relationship, you want to set expectations and boundaries with new clients from the start. Key takeaways: Sign a Service Level Agreement (SLA). An SLA is a document that sets what, when, and […]

The post MSP Onboarding Process for Clients. Best Practices, Pitfalls & Checklist [Downloadable] appeared first on Heimdal Security Blog.

NIST’s National Vulnerability Database (NVD) stopped enriching with information most of the CVEs they register. Although they also consider other factors when deciding what to patch first, companies worldwide rely on NVD`s collection of vulnerability data for their research. For the past 2020, the National Vulnerability Database added the following information to vulnerabilities that got […]

The post NIST’s National Vulnerability Database Put CVE Enrichment on Hold appeared first on Heimdal Security Blog.

Hackers use phishing techniques to deploy NetSupport RAT through Microsoft Office documents. NetSupport RAT is an offshoot of NetSupport Manager, a remote support solution with over 21 million users worldwide. The remote access trojan (RAT) mimics the legitimate remote-control software to: evade detection monitor victim’s behavior capture keystrokes exfiltrate data take over system resources move […]

The post Phishing Campaign Uses Microsoft Office Docs to Spread NetSupport RAT appeared first on Heimdal Security Blog.

IBM and VU Amsterdam University researchers published on March 12th their study about the new GhostRace attack type. Apart from the technical paper, blog post and Proof of Concept (PoC) exploit, they also released scripts for scanning the Linux kernel for SCUAF gadgets. What’s at risk GhostRace exploits Speculative Race Conditions (SRCs) and is tracked as […]

The post Researchers Disclose Proof of Concept for New GhostRace Attack appeared first on Heimdal Security Blog.

Midnight Blizzard hackers used Microsoft’s stolen authentication secrets to advance into their internal system and access source code. The Russian attackers initially used password spraying to get into a legacy non-production test tenant account. Microsoft disclosed this initial attack in January 2024. The compromised account had access to an OAuth application with elevated privilege to […]

The post Russians Used Microsoft’s Stolen Authentication Secrets to Access Source Code appeared first on Heimdal Security Blog.

Microsoft took six months to patch an actively exploited Windows kernel zero-day. Successful exploitation of CVE-2024-21338 gives attackers system privileges over the infected device. The patch for this flaw is available in the February 2024 Patch Tuesday updates. Security researchers urge Windows users to apply patches as soon as possible, to avoid privilege escalation. Windows […]

The post Windows Kernel Zero-day Patched after Six Months of Active Exploitation appeared first on Heimdal Security Blog.

CISA, the FBI, and MS-ISAC joined forces in a new advisory disclosing the latest Phobos ransomware IoCs and tactics. The update is rooted in recent investigations up to February 2024. The alert gives organizations a heads-up regarding how to prevent and mitigate a Phobos ransomware infection. The Phobos ransomware-as-a-service frequently targets government and critical infrastructure […]

The post CISA Updates Phobos Ransomware IoCs List in New Joint Advisory appeared first on Heimdal Security Blog.

SubDoMailing phishing campaign hijacked 8000 abandoned domains and 13,000 subdomains to avoid spam detection. Hackers sent 5 million malicious emails daily. The campaign exploited the credibility of big brands in tech, education, charity, e-commerce, and the press industry. MSN, VMware, McAfee, The Economist, Cornell University, CBS, NYC.gov, PWC, Pearson, Better Business Bureau, UNICEF, ACLU, Symantec, […]

The post Cornell, UNICEF, VMware and McAfee Subdomains Hijacked to Bypass Filters appeared first on Heimdal Security Blog.

A subdomain related to ScreenConnect appears as an Indicator of Compromise (IoC) on CISA`s #StopRansomware: ALPHV Blackcat joint advisory update. Fisa99.screenconnect[.]com, which is a ScreenConnect remote access domain, is listed in Table 4, as a network IoC. In their advisory, the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the […]

The post ConnectWise ScreenConnect Subdomain Listed as IoC in CISA’s BlackCat Ransomware Advisory appeared first on Heimdal Security Blog.

International law enforcement operation disrupts LockBit ransomware gang and offers victims free decryption tool. The campaign was dubbed Operation Cronos and was a collaboration between the U.K.’s National Crime Agency (NCA), the Europol, the FBI, and a coalition of international police agencies. On February 20th, police officers arrested two LockBit threat actors in Poland and […]

The post Lockbit Disrupted. Police Arrests Staff Members and Gives Victims Free Decryptor appeared first on Heimdal Security Blog.

A reboot in the middle of my presentation? Good job, IT team, perfect timing, as always. As an MSP, you’ve certainly had to deal with those moments when a customer pushes back against a mandatory rebooting policy. You’re left wondering, “Why all the fuss over a basic maintenance procedure?”. Skipping out on those reboots is […]

The post Dear Customer, Why Won’t You Listen? An MSP Guide to Mandatory Rebooting Policies appeared first on Heimdal Security Blog.

Hackers targeted two French healthcare providers and generated the largest data breach in French history. The French Data Protection Agency (CNIL) said both Viamedis and Almerys data breaches exposed the data of 33 million people. The two medical insurance companies announced at the beginning of February 2024 that they were victims of cybercrime. Hackers used […]

The post France Cyber Attack – Data Breaches Compromise 33 Million People’s Data appeared first on Heimdal Security Blog.

New Chainalysis warns of ransomware payments raised above above $1.1 billion in 2023 and reached a new record. The $983 million previous peak was set in 2021, while in 2022 the ransomware payments dropped to $567. Chainalysis puts the unusual dropping on threat actors changing focus to politically motivated cyberattacks, due to the war in […]

The post Ransomware Payments New Record Exceeds $905 Million Peak by over 11% appeared first on Heimdal Security Blog.

AnyDesk confirmed recently that a cyberattack has affected their product systems. The hackers accessed the source code and private code signing keys. Initially, the 170,000 customers remote access software company claimed an unplanned maintenance to explain why client logins failed between January 29th and February 1st. A few days later, on February 2nd, AnyDesk announced […]

The post AnyDesk System Breach Raises Concerns Among MSP Users appeared first on Heimdal Security Blog.

Choosing between the different types of patch management solutions impacts the effort your IT team must make to keep the system safe. There’s no one-size-fits-all with patch management software, so you’ll need to evaluate your company’s profile first. Once you decide, look at this list of best patch management software. Key takeaways  Assess the company’s […]

The post Main Types of Patch Management Solutions: A Decision-Making Guide appeared first on Heimdal Security Blog.