Heimdal? Cyber News Digest
Dear cyber enthusiast,
Welcome to another edition of our "Cyber News Digest" where you can get the scoop on all-things threat actors, industry shifts, cyberattacks, and data breaches from the last couple of months.
In this edition, we’re bringing you the most pressing cybersecurity developments and insights to help you understand the evolving landscape and protect your assets.
You'll find in-depth analyses, expert opinions, and practical tips to enhance your cybersecurity measures.
Read on to ensure you're always one step ahead in the cyber world.
News & Updates
Heimdal and Escom Bulgaria Partner to Strengthen Cybersecurity in Bulgaria
Heimdal has forged a long-term partnership with Escom Bulgaria, a leader in cybersecurity distribution, to enhance security technology across Bulgaria.
Managed by Alexander Zhekov, an expert with over a decade in security, the partnership focuses on tackling Europe’s increasing compliance and cybersecurity challenges.
It leverages Heimdal’s innovative technologies, which immediately meet over 80% of new compliance requirements, and emphasizes user-friendly systems like Heimdal Extended Detection and Response (XDR).
This initiative aims to simplify security management for businesses and position Heimdal for significant market growth in Bulgaria.
LockBit Claims Breaching The US Federal Reserve But Fails To Prove It
On June 23rd, LockBit, a Russian threat group, claimed to have breached the US Federal Reserve System, allegedly extracting 33 terabytes of sensitive banking data and threatening to release it unless a ransom was paid.
However, after their deadline on June 25th, only 21 links to files were published, not directly linked to the Federal Reserve but to Evolve Bank and Trust, which was recently penalized by the Federal Reserve for inadequate risk management and compliance practices.
In recent developments, law enforcement seized LockBit's operations in February 2024, but the group swiftly resumed activities by replicating their website. Continuing as a major player in ransomware-as-a-service, LockBit has been linked to 28 attacks in April 2024 alone.
Notably, Dmitry Yuryevich Khoroshev was identified and sanctioned by international law enforcement as the architect behind LockBit, with the FBI distributing decryption keys to affected parties in early June. As of now, there remains no verified evidence that LockBit successfully infiltrated the US Federal Reserve's systems.
GrimResource Technique Exploits Years-Old Unpatched Windows XSS Flaw
The GrimResource attack exploits an old, unpatched XSS flaw in Windows and crafted MSC files to deliver malware via the Microsoft Management Console (MMC).
Discovered in the wild on June 6th, 2024, this technique involves deceiving users into opening a disguised MSC file, allowing hackers to execute malicious JavaScript and deploy malware like Cobalt Strike. Despite being known since 2018, this vulnerability remains unpatched in Windows 11.
System administrators can detect potential GrimResource attacks by monitoring suspicious file and process activities related to mmc.exe and employing DNS filtering tools to block harmful connections.
领英推荐
CDK Group Falls Victim to Two Cyberattacks
CDK Global, a SaaS provider for car dealerships, experienced a severe cyberattack, forcing the shutdown of its servers and significantly disrupting operations for over 15,000 North American dealerships.
The attack compromised essential dealership services such as inventory management and CRM, leading many employees to revert to manual processes. A second attack occurred on June 19 while services were being restored, prompting another shutdown.
This has led to ongoing service outages with no estimated time for resolution, affecting major dealers like Penske Automotive Group and sparking concerns about security and the potential for further disruptions.
Latest Cybersecurity Videos
Check out our most recent cyber news videos on our YouTube channel, where we provide you in-depth information and practical advice on various aspects of digital security.
Reducing Your Attack Surface - Masterclass in Layered Defense
This masterclass, led by Andrei Hinodache from Heimdal's Cybersecurity Community, focuses on the evolving nature of cyber threats and the importance of a layered defense strategy to protect against them.
It covers a range of topics including different types of cyberattacks and their targets, specific attack vectors like email, internet traffic, and software vulnerabilities, and how to apply primary and secondary cybersecurity layers to each.
The session also includes analysis of common threats such as phishing, ransomware, and supply chain attacks, emphasizing effective strategies for each scenario.
Why Prioritize Patching? - Andrei Hinodache, Cybersecurity Community Leader at Heimdal?
In this video, Andrei provides a detailed explanation of the significance of effective patch management in cybersecurity. The video aims to help viewers understand how hackers exploit Common Vulnerabilities and Exposures (CVEs) to infiltrate systems, and teaches strategies to quickly close these vulnerabilities to stay ahead of potential attacks.
Additionally, it offers practical advice on avoiding typical mistakes in patch management and explains the risks associated with delayed patch application, including jeopardizing cybersecurity insurance coverage.
How to Protect Critical Infrastructure with Heimdal? PASM (Munich Airport Example)
Robertino Matausch, the pre-sales engineering manager at Heimdal, emphasizes the crucial role of Heimdal's Privileged Access Security Management (PASM) in safeguarding critical infrastructure.
Social Media Corner
Our social media profiles are the go-to places for the latest updates! There, you can discover highlights from events featuring the amazing Heimdalians, along with interviews, webinars, and much more.
Make sure you follow Heimdal? across all platforms.