Blog

Fake Email Phishing: More Harmful than Helpful

Fake Email Phishing is broken in many ways. Google researchers liken it to early fire drills that caused more harm than good. Empirical research shows users clicking more not less after fake email phish testing. End users universally complain as do IT departments when chaos breaks out after sanctioned fake email testing. Enter HootPhish, a solution that eliminates the negatives, and empowers end users to spot and avoid this scourge of modern internet email.

CyberHoot Release Notes
Power Release Notes / Release Notes

CyberHoot’s Power Platform: 2024 Release Notes

CyberHoot’s Power platform includes the most comprehensive set of cybersecurity program development features available on the market today. From our Govenance Policy module and templates to 1000s of videos on Product training and cybersecurity, to our innovative and patent-pending educational, and hype-realistic phishing simulations, the power platform has everything you need to succeed in teaching employees Cyber Literacy. Best of all, it also includes 100% automation for videos, phishing, and user management. Spend less time on cybersecurity and more time on your business with our power platform.

CyberHoot Release Notes
HootPhish Release Notes

HootPhish 2024: Release Notes

CyberHoot’s All Phishing Simulator is HootPhish. A positive, educational, hyper-realistic phishing test and simulator that provides better metrics, automation, and outcomes than any attack-based phishing test on the market, guaranteed, or you may cancel at any time.

AI in Cybersecurity - benefits and limitations
Blog

AI in Cybersecurity: Enhancing Threat Detection and Response

In the dynamic realm of cybersecurity, Artificial Intelligence (AI) stands as a game-changer, especially for Managed Service Providers (MSPs) and Small to Medium-sized Businesses (SMBs). This blog delves into how AI is reshaping threat detection and response, offering a new edge to cybersecurity strategies.

2024 Cybersecurity Predictions
Blog

Top 10 Cybersecurity Trends and Strategies in 2024

2024 is off to a great start, however, Small to Medium sized Businesses need to proactively address their cybersecurity program development as soon as possible. 2023 was a banner year for hacker attacks and this has only encouraged more and more hackers to enter the fray. The time is ripe for everyone to batten down the hatches and training and test their employees to build their cyber literacy skills.

AI Digital Assistant Collecting Everything
Blog

Navigating AI Assistant Cybersecurity Risks

AI Digital Assistants in platforms like Microsoft Teams and Zoom raise data privacy concerns, risking exposure of regulated, intellectual, or personal information. Despite claims of de-identifying sensitive data, significant risks like exposing proprietary information remain underappreciated.

Passkeys are a Bright Idea
Blog

Passkeys: The Path to a Passwordless Future

Passkeys provide better authentication for end users than traditional passwords which they seek to replace. They are based upon public and private cryptography, are resilient to phishing and hacker password database theft (since the private keys aren’t stored on the server or website), and represent an easier mechanism to identify users into online systems.

DNA Double-Helix Heist
Blog

DNA Double-Helix Hacker Heist: A Wake-Up Call for Cybersecurity Vigilance

A recent breach at 23andme resulted in the theft of immutable and irreplaceable data – our DNA! Companies with such critical data must take every precaution to limit the data they have become caretakers of, from theft my malicious actors. In this case, 23andme has lost our DNA! This needs to be a serious criminal offence that is punished with significant consequences.

Adding a Manager to an Employee in Azure AD
HowTo / MSP / Platform

HowTo: Add Managers to Employees in Microsoft Azure / Entra AD

Microsoft Azure / Entra allows you to define Managers for each employee entry in Azure AD. This helps CyberHoot and Clients maintain high compliance as CyberHoot will automatically notify Managers when employees are non-compliant both through weekly reports and by CC’ing Managers on a Due Date email sent to employees who have not completed their assignments.

Ransomware Gang turns Whistleblower to the SEC
Blog

Hackers Turn SEC Snitches: The Evolution of Ransomware Tactics

Hackers have evolved into snitches leveraging recent SEC legislation which requires companies to disclose within 4 days that they have been hacked and hit with ransomware. When Meridian did not disclose to the SEC they had been hacked, the Hacker group “BlackCat” filed a complaint with the SEC informing them they had evidence that Meridian had been hacked.

Stakeholders ratifying a Written Information Security Policy (WISP).
Blog

The Nuts and Bolts of a WISP

A Written Information Security Plan is not meant to a bureaucratic policy collecting dust on the book shelf, but rather a living breathing document to guide companies on the safe collection, storage, manipulation, and destruction of non-public personal information on their employees, clients, or business services.

Cisco Critical Advisory Alert and Patch Now Notification
Advisory / Blog

CISCO Critical Advisory Alert – Patch Now

CISCO has announced and released patches for a critical bug in their product that could allow Internet hackers to create accounts remotely on CISCO devices via the HTTP management application. Patches have been released and workarounds documented for unpatched systems no longer supported. Take action to patch now.

CyberHoot's Ghoulish Offering pairing Halloween with Cybersecurity Month to take the Fright out of Cybersecurity and build Cyber Literacy.
Blog

Top Cybersecurity Questions of the Year: What Everyone Wants to Know

Cybersecurity Awareness Month is upon us. In our efforts to address all of the questions a business owner reviewing our blog might have, we’ve collected the most frequently asked questions and have tried to answer them with the most effective mitigating control available for a particular risk. There are undoubtedly many more mitigating controls one can put in place, but this is a great starting point.

CyberHoot's Ghoulish Offering pairing Halloween with Cybersecurity Month to take the Fright out of Cybersecurity and build Cyber Literacy.
Blog

Ghosts in the Machine: Spook-tacular Cybersecurity Basics for October

In the spooky season of October, Cybersecurity Awareness Month reminds us of the real threats lurking in the digital realm. CyberHoot sheds light on three cybersecurity fundamentals: Password Protection, Phishing Awareness, and Safe Browsing Practices. Fortify your digital domain with strong password practices, stay vigilant to phishing schemes, and navigate the web safely. Embrace the cybersecurity training and phishing testing offered by CyberHoot to morph into a digital wizard against the sinister specter of cyber threats. Venture to cyberhoot.com and make cybersecurity awareness a fun-filled endeavor!

Oracle Owl answers your most important questions on Cybersecurity.
Blog

Cybersecurity Awareness: Bridging the Gap Between Knowledge and Action

October marks the observance of Cybersecurity Awareness Month, a pivotal time for businesses and individuals to bolster their understanding and actions towards cybersecurity. This means it is time for you to put action to words and get your staff trained up on the cyber threats they face. Cyber Literacy is a critical skill for the 21st century. Are you doing your part to educate your employees on the threats they face and how to avoid them?

Zero Day present in WebP graphics formal - patch all browsers asap.
Advisory

Threat Intelligence Alert – Zero-Day in Common WebP Graphics Files – Patch all Browsers Immediately

Google’s efficient and compression based graphics file format WebP has been found to contain a critical zero-day vulnerability that can lead to a complete compromise of a computer that renders a malicious WebP graphics file on any website hosting such malware content. This could be anywhere. Most browser have been patched against this vulnerability, but may not have restarted yet to take effect. Please check and force reboots or browser restarts as soon as possible.

CyberHoot's Ghoulish Offering pairing Halloween with Cybersecurity Month to take the Fright out of Cybersecurity and build Cyber Literacy.
Blog / Offers

Save Your Staff with Cyber Literacy Skills. Use CyberHoot for Free During Cybersecurity Awareness Month

CyberHoot is offering any MSP free enrollment of any and all clients into CyberHoot for free until the end of October (31st), 2023. Enroll your prospects or existing customers in our platform and launch expedited Cybersecurity awareness training in the Month of Oct. using our fully automated system. We will credit you any users or clients enrolled for the entire month of Oct. Must be a new client to CyberHoot. If after the month ends you want to remove them, you absolutely may without penalty.

CyberHoot's Owl sharing five ways It adds value to MSPs
Blog

The Fabulous Five: How CyberHoot Makes Managed Service Providers Shine Brighter

CyberHoot has been shown to improve customer retention for MSPs. It lowers the cost of supporting clients through fewer security incidents, better product training, and educational phish testing. We know it works because MSPs tell us emails to support asking “Is this a Phish?” or “Is this an Attack?” go away. Start a 30 day free trial and month-to-month forever afterwards.

Owl Imparting Knowledge
Blog

Top 5 Emerging Cybersecurity Threats Businesses Must Be Aware Of

Cybersecurity threats continue to evolve and expand in both sophistication and impact. Businesses must choose how to address these top 5 emerging threats proactively, when they control the playing field and have high ground instead of reactively, after an incident when they have been knocked down and are struggling to get up.

Risk Assessment Results
Blog

Risk Assessment: A Game Changer for Your Business

For most businesses, balancing time and money is a constant struggle. A risk assessment is designed to simplify your conversations by identifying both the most critical risks and rank ordering them, enabling you to determine what to work on first and then work your way down the list of critical threats to your business.

Business Ninja's Interview
Blog / VLOG

Business Ninja Interview of CyberHoot Co-Founder

Business Ninja’s interviewed CyberHoot’s co-Founder Craig Taylor. This interview outlines CyberHoot’s unique and positive outcome approach to cybersecurity program development at your company. Our Co-Founder details what’s working and what’s broken in the emergency Cybersecurity industry. Business owners need to watch to learn what they should be doing to protect their businesses from compromise. Doing so provides much needed peace of mind.

10 Ways to Grow my MSP
Blog

10 Ways to Help Grow your MSP

Growing your MSP is not as hard as you might think. It require a laser focus on differentiation, adding cybersecurity services, and fanatical attention to customer service to name a few of the top 10 items lists in this article.

Passkey Authentication to replace Passwords
Blog

Passkeys are the first steps on the Long Road to a Passwordless Future

The FIDO alliance is a high-powered tech alliance seeking to eliminate passwords from our online lives by replacing them with a much more secure public and private key authentication solution. Backed by Google, Microsoft, and Apple, it is a strong foray into the elimination of passwords from our everyday lives.

Cybersecurity SaaS Platform Failures
Blog

10 Ways Your Security Awareness Training is Failing You

Cybersecurity platforms are designed to build robust, layered defenses for your organization. However, too often they fall short of their lofty and critical goals. This articles delves into 10 common failure points and provides unique perspectives on how to avoid them.

Voice cloning is becoming a threat to families from fake ransom attacks.
Blog

Voice Cloning is Becoming a Ransom Threat

Voice impersonation, also known as voice cloning, are becoming an increasingly prevalent threat in the digital landscape. Sophisticated artificial intelligence (AI) technologies can now imitate voices with remarkable accuracy, leading to threats against our privacy and security.

Attack-Based Phish Testing is Fundamentally Flawed
Blog

3 Ways Attack-Based Phish Testing is Failing Us

Attack-based phish testing creates fear, anxiety, and doubt in end users.  It does not create awareness, harms IT, and misinforms management. Despite representing a billion dollar industry, traditional attack-based phish testing is fundamentally flawed. It causes untold problems for IT departments, individual users, and Managed Service Providers. Studies have shown it can even lead to more clicks by end users! This article outlines the fundamental flaws in attack-based phishing. It goes on to outline improvements from educational, positive outcome phish testing assignments that teach users how to finally spot every phishing attack and delete or avoid it.

ChatGPT - help me hack.
Advisory / Blog

Five Ways ChatGPT Helps You Hack

There is a dark side to ChatGPT. Hacking tutorials abound on YouTube showing unskilled hackers how to hack with ChatGPT. ChatGPT can create convincing phishing attacks in a language of your choice, writing software code for them, which through trial and error can transform into novel and effective malware.