Researchers observed a rise in daily infection attempts leveraging old TP-Link Archer Command Injection Vulnerability. Since March 2024, six botnet malware operations showed interest in scanning TP-Link Archer AX21 (AX1800) routers for CVE-2023-1389. The daily number of attempts ranged between 40,000 – 50,000 during the month. Source – Bleeping Computer The vendor released a patch […] The post Surge in Botnets Exploiting CVE-2023-1389 to Infect TP-Link Archer Routers appeared first on Heimdal Security Blog ..read more

Researchers discovered an overlooked vulnerability in Lighttpd web server that is used in Baseboard Management Controllers (BMCs). The flaw impacts hardware vendors that use AMI MegaRAC BMCs, like Intel, Lenovo and Supermicro. Although developers discovered and fixed the Lighttpd flaw back in 2018, the vulnerability didn’t get a CVE. Further on, Lighttpd users, like AMI […] The post Years-Old Vulnerability in AMI MegaRAC BMCs Impacts Intel and Lenovo Hardware appeared first on Heimdal Security Blog ..read more

Patch management is one of the most effective, yet overlooked cybersecurity practices to keep your operations safe. And it’s not just me saying it, statistics do too. For example, were you aware that 80% of cyberattacks happen due to unpatched vulnerabilities? With 84% of companies and online businesses reporting suffering at least one cyberattack in […] The post Your All-In Guide to MSP Patch Management Software in 2024 [Template Included] appeared first on Heimdal Security Blog ..read more

Email serves as a fundamental communication tool in business operations, necessitating stringent security measures to protect sensitive information and maintain corporate integrity. Our email security policy template serves as a comprehensive guide for companies looking to implement robust email security practices. It’s written in three different formats (PDF, Word, Google Docs) to suit all business […] The post Free and Downloadable Email Security Policy Template appeared first on Heimdal Security Blog ..read more

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued a warning on Thursday about a data breach at Sisense, a US business intelligence software. The agency strongly recommended that all Sisense users promptly change their passwords and any other potentially compromised credentials used to access the company’s services. The agency also advised users to be […] The post CISA Urges Sisense Customers to Reset Credentials and Report Suspicious Activity appeared first on Heimdal Security Blog ..read more

Researchers warn zero-day vulnerability exposes End-Of-Life (EOL) D-Link network attached storage devices (NAS) to remote code execution. CVE-2024-3273 enables hackers to backdoor the equipment and compromise sensitive data. The D-Link NAS vulnerability explained There are two security issues in the EOL D-Link NAS models: a backdoor due to hardcoded credentials a command injection vulnerability via […] The post 92,000 D-Link NAS Devices Vulnerable to Remote Code Execution appeared first on Heimdal Security Blog ..read more

Rust standard library flaw dubbed BatBadBut lets hackers target Windows systems in command injection attacks. The vulnerability impacts all Rust versions before 1.77.2 on Windows, but only in case code or dependencies execute batch files with untrusted arguments. Rust Security urged users to upgrade to the latest version, 1.77.2. The new version includes patches that […] The post Warning! Rust Standard Library Flaw Enables Windows Command Injection Attacks appeared first on Heimdal Security Blog ..read more

COPENHAGEN, Denmark, April 9, 2024 – Heimdal®, the world’s widest cybersecurity platform with 13 products, is thrilled to announce the launch of its latest innovation, the Privileged Account and Session Management (PASM) solution.  Designed to elevate the security of privileged accounts, Heimdal’s PASM grants organizations the ability to meticulously monitor, record, and manage all privileged […] The post Heimdal® Adds PASM to the World’s Widest Cybersecurity Platform appeared first on Heimdal Security Blog ..read more

We are proud to announce that we joined the Internet Watch Foundation (IWF) in a united effort to eliminate child sexual abuse imagery from the internet. The UK charity focused on child protection is working to create a safer online environment by finding and taking down images and videos of child sexual abuse. By integrating IWF’s […] The post Heimdal® Joins Internet Watch Foundation to Fight Child Sexual Abuse Imagery appeared first on Heimdal Security Blog ..read more

IxMetro Powerhost, a Chilean data center and hosting provider, has become the latest target of a cyberattack by a newly identified ransomware group dubbed SEXi. This malicious group successfully encrypted the company’s VMware ESXi servers, which host virtual private servers for their clients, as well as the backups, putting a significant portion of hosted websites […] The post Powerhost’s ESXi Servers Encrypted with New SEXi Ransomware appeared first on Heimdal Security Blog ..read more