Researchers discovered that a new rogue npm package installed the r77 open-source rootkit. This was the first time that a rogue package was observed delivering rootkit functionality. The “node-hide-console-windows” package forged the legitimate “node-hide-console-window” one. The forgery was first discovered in August 2023. “node-hide-console-windows” contained malicious code and was downloaded for 704 times before security […]

The post Researchers Found New Rogue npm Package Deploying Open-Source R77 Rootkit appeared first on Heimdal Security Blog.

ShellTorch vulnerabilities chain exposes tens of thousands of servers to remote code execution and data exfiltration. Researchers revealed that the TorchServe flaws (including CVE-2023-43654, CVSS: 9.8) can expose sensitive data, compromise AI models, and run a full server takeover. TorchServe is a famous open-source tool for serving and scaling PyTorch models in production. Organizations involved […]

The post ShellTorch Vulnerabilities Expose PyTorch Models to Remote Code Execution appeared first on Heimdal Security Blog.

The focus in this article will be on the challenges faced by midsize companies, defined here as organizations with 100-1000 employees, and how adopting a Zero Trust approach might help solve those problems. Why medium-sized businesses? Because mid-sized businesses are equally likely as large organizations to be impacted by a data breach or other security […]

The post Top 10 Reasons Mid-sized Businesses Need Zero Trust Security appeared first on Heimdal Security Blog.

Johnson Controls, a major provider of building automation solutions, has fallen victim to a ransomware attack by the Dark Angels ransomware gang, potentially compromising sensitive information related to the U.S. Department of Homeland Security (DHS). What Happened? Johnson Controls underwent a disruptive cyberattack, particularly impacting its operations in Asia. In response to the attack, company […]

The post Johnson Controls Faces Ransomware Attack, Risking DHS Security Data appeared first on Heimdal Security Blog.

EXECUTIVE SUMMARY: October 1st marked the commencement of the 20th annual Cyber Security Awareness Month, as sponsored by the Cybersecurity and Infrastructure Security Agency (CISA). This initiative is designed to underscore the significance of safeguarding business and personal data – year-round. In this article, we’re privileged to have three dynamic and forward-thinking CISOs from Check […]

The post Dynamic expert perspectives, cyber security awareness (2023) appeared first on CyberTalk.

Security experts have discovered BunnyLoader, a malware-as-a-service (MaaS) that is rapidly evolving and gaining popularity on different hacker platforms due to its ability to covertly infiltrate systems and manipulate their data, focusing in particular on system clipboards. Unveiled on September 4, BunnyLoader has witnessed rapid development, swiftly enhancing its malicious capabilities, which currently include: payload […]

The post New Malware-as-a-Service Gains Traction Among Cybercriminals appeared first on Heimdal Security Blog.

Compared to Windows, Linux it’s different in areas such as features, flexibility, operationality, and ease of use. Naturally, we can assume that there must exist differences between the two operating systems regarding patching. Today, we will take a deep dive into the process of Linux patch management, exploring what are its advantages, its challenges, and […]

The post Linux Patch Management: Benefits and Best Practices appeared first on Heimdal Security Blog.