Multi-factor authentication can be one of the best protect measures companies can implement on their critical accounts. However, not all methods of MFA are equal and some, like SMS, carry inherent risks and should not be used.
There is a dark side to ChatGPT. Hacking tutorials abound on YouTube showing unskilled hackers how to hack with ChatGPT. ChatGPT can create convincing phishing attacks in a language of your choice, writing software code for them, which through trial and error can transform into novel and effective malware.
ConnectiWise Recover and R1Soft Server Backup software both leverage the ZK Framework. As such they need patching due to a vulnerability that can lead to remote code execution and potentially privilege escalation.
OpenSSL releases vulnerability patches containing 8 bug fixes in its latest releases available across three release train binaries. The criticality of bugs range from high to moderate. They all relate to memory handling issues stemming from the fact OpenSSL was written in C.
Over the last few months, CyberHoot has learned more and researched more opinions on Password Managers concerning the latest LastPass security breach. We have felt for some time we needed to migrate to a new solution. However, what criteria would we use and recommend in order to not hope from the frying pan into the fire? This article is our attempt to summarize how you should choose your replacement password manager for your company or yourself individually.
On Tues. Jan. 10th Microsoft and Adobe both released critical patches that should be applied to your environment with priority. Both are linked to remotely exploitable, privilege escalation vulnerabilities that could be exploited by hackers.
In August, LastPass was breached but they claimed that no client data was stolen only source code. In late December 2022 they updated their stance stating that encrypted client vaults were stolen but that default password length requirements protected most users. CyberHoot recommends you change your master password.
If you run Linux Kernel 5.15 or later you are potential at risk (10 out of 10) vulnerability in the ksmbd kernel module added in some versions of linux kernels or later. Perform an assessment asap and patch your kernel or remove the module if you’re impacted.
“InfraGard connects critical infrastructure owners, operators, and stakeholders with the FBI to provide education, networking, and information-sharing on security threats and risks,” the FBI’s InfraGard fact sheet reads.
Security Researcher from SafeBreach has revealed critical race conditions in EDR software that can lead to a compromise of the devices running the security software. Exploit code has been seen in the wild that delivers Wiper malware to destroy the infected hosts data and operating system. Immediate patching and reboot is required.
Microsoft O365 provides a more secure, feature rich, and consistent environment for email services than hosted exchange does today.
Citrix has announced multiple vulnerabilities in their ADS and Gateway products that require patching to mitigate. Learn what to do in this article.
Duplicate this article and then edit it to create easy to complete Blog articles.
The Morgan Stanley data breach of 2022 where surplus equipment was sent to a 3rd party for data destruction but ended up on eBay is a lesson’s learned treasure trove. From Data Retention and Destruction process failures to contract failures to 3rd party risk management failures, there are plenty of improvement opportunities for SMBs and MSPs to learn from here. This article highlights how you can improve your cybersecurity program from the failures of this breach.
CyberHoot Vulnerability Alert Management Process (VAMP) Rating: Critical/Red July 19th, 2022: CyberHoot has learned of multiple Microsoft and Adobe vulnerabilities that can allow for Remote Code Execution (RCE) on your devices that …
CyberHoot Vulnerability Alert Management Process Rating (VAMP): Critical/Red June 15th, 2022: CyberHoot has learned of multiple Adobe Product vulnerabilities, where the most severe of which could allow for arbitrary code …
CyberHoot Vulnerability Alert Management Process Rating (VAMP): Critical/Red June 7th, 2022: CyberHoot has learned of multiple critical Android vulnerabilities, affecting millions of Android smartphones, that have been patched today. Critical …
CyberHoot Vulnerability Alert Management Process Rating (VAMP): Critical/Red May 31st, 2022: CyberHoot has learned of a Remote Code Execution (RCE) bug that can be exploited in Microsoft Office files. Security researcher …
CyberHoot Vulnerability Alert Management Process Rating (VAMP): Critical/Red May 25th, 2022: CyberHoot has learned of multiple Google Chrome Web Browser vulnerabilities that could allow for arbitrary code execution. Successful exploitation of …
CyberHoot Vulnerability Alert Management Process Rating (VAMP): Critical/Red May 19th, 2022: CyberHoot has learned of a number of VMware software vulnerabilities tracked as CVE-2022-22954 (Base score: 9.8/10) and CVE-2022-22960 (Base score: …
May 16th, 2022: CyberHoot has investigated a SonicWall advisory warning of a trio of security flaws in its Secure Mobile Access (SMA) 1000 appliances, including a high-severity authentication bypass vulnerability. …
April 22nd, 2022: CyberHoot has investigated a Java Product vulnerability tracked as CVE-2022-21449 that allows accounts to be remotely exploitable without authentication. In other words, this vulnerability can be exploited …
March 22nd, 2022: CyberHoot is investigating a potential breach at Okta, developers of a cloud-based identity and access management solution used by thousands of companies world-wide. Okta is currently investigating, …
February 18th, 2022: If you’re using PHP in your network, check that you’re using the latest versions, currently 7.4.28 or 8.1.3. Released yesterday [2022-02-17], this version fixes various memory mismanagement …
February 2nd, 2022: CyberHoot has investigated a WordPress vulnerability tracked as CVE-2022-0320, whereby a security flaw can lead to data leakage and more importantly remote code execution. The security gap …
January 27th, 2022: CyberHoot has investigated a Linux vulnerability tracked as CVE-2021-4034 that is part of most Linux distributions, leads to escalation of privileges up to root, and is trivial …
January 7th, 2022: CyberHoot has investigated a new form of malware known as Malsmoke. This malware is taking advantage of a vulnerability in the way Microsoft digitally signs a specific …
January 12th, 2022: Today Microsoft sent a notification of a critical risk to those who use Windows devices. The critical bug is CVE-2022-21907, also known as HTTP Protocol Stack Remote …
Dec 22nd 2022: UPDATES to Log4j, Log4Shell vulnerability details CISA has just released a new advisory: https://www.cisa.gov/uscert/ncas/alerts/aa21-356a I cannot remember, in a 25+ year cybersecurity career, having to deal with …
October 13th, 2021: CyberHoot received notification of a Zero-Day Vulnerability on Apple’s iPhone and iPad very latest iOS version 15 which shipped pre-installed on the latest iPhones released in Oct. …
The Citizen Lab, a Canadian privacy and cybersecurity activist group, announced a zero-day security hole in Apple’s iPhone, iPad, and Mac operating systems. The lab gave the attack the nickname …
An anonymous Apple researcher found a security flaw in Macs and iPhones that hackers are actively exploiting. The vulnerability goes by CVE-2021-30807, with the researcher stating: “An application may be …
