CyberHoot Newsletter – March 2025
This newsletter summarizes cybersecurity news from March, and boy there are some big events that happened.
Polymorphic Extensions: A New Cyber Threat Impersonating Your Add-Ons
Discover how malicious browser extensions use polymorphic techniques to impersonate legitimate add-ons, posing serious cybersecurity risks.
The Sophisticated Malware-as-a-Service Ecosystem of EncryptHub
EncryptHub malware is a sophisticated cyber threat enabling data theft, remote access, and system compromise.
HowTo: Reauthorize Entra ID – Client Secret
Microsoft GCC Azure Sync requires an Enterprise Application currently within CyberHoot. This article explains how to set this up.
Advisory: Critical Microsoft Outlook Vulnerability
Critical Microsoft Outlook vulnerability allows attackers to bypass security using the ‘Moniker Link’ exploit.
Hackers Exploit CAPTCHA Trick on Webflow to Deliver Phishing Attacks
Cybercriminals are exploiting Webflow’s trusted infrastructure using fake CAPTCHA screens to deliver phishing attacks.
CyberHoot Newsletter – February 2025
This newsletter summarizes cybersecurity news from January, and boy there are some big events that happened.
USPS Text Scam: Cybercriminals Hiding Malicious PDFs
Beware of a new USPS text scam using malicious PDF links to bypass security filters. Learn how cybercriminals exploit trusted platforms and how to protect yourself from phishing attacks
U.S Navy Limits DeepSeek AI Over Cybersecurity Concerns
Discover why the U.S. Navy is restricting DeepSeek AI due to cybersecurity concerns, including data security risks, misinformation, and adversarial exploitation.
The Importance of Encrypted Apps in Today’s Cybersecurity Landscape
Learn why U.S. officials are urging Americans to use encrypted apps like Signal and WhatsApp to protect their privacy and security in the face of rising cyber threats.
Critical Advisory: FortiGate SSL VPN Breach
Urgent advisory on the Fortigate SSL VPN breach: Learn how to protect your organization by transitioning to secure, scalable cloud-based remote access solutions and eliminate risks associated with legacy VPN systems.
Beware of FireScam: Malware Masquerading as Telegram
FireScam malware disguises itself as Telegram, stealing sensitive data from Android users. Learn how to stay protected.
CyberHoot Newsletter – January 2025
This newsletter summarizes cybersecurity news from January, and boy there are some big events that happened.
New DoubleClickjacking Exploit: What It Is and How to Stay Protected
Learn about the DoubleClickjacking exploit, how it bypasses traditional security, and essential tips to protect your online safety.
How to Keep Your Text Messages Secure in an Era of Rising Cyber Threats
Protect your text messages from cyber threats with these essential tips, including encryption, avoiding smishing, and securing 2FA.
Critical Advisory: Google Chrome Extensions Hacked
Learn how over 2,000 Palo Alto Networks firewalls were hacked using critical zero-day vulnerabilities and how to stay protected
Brushing Scam
A brushing scam is a deceptive tactic where online sellers or scammers send unsolicited packages to individuals, often using their real names and addresses. At best, these “free gift” deliveries …
Beware of Brushing Scams: A Hidden Threat to Shoppers
Learn how brushing scams exploit your personal data through unsolicited packages and fake reviews. Stay alert and protect your privacy.
Microsoft’s Authquake MFA Flaw
Learn about Microsoft’s Authquake MFA flaw, how hackers bypassed authentication, and key steps to protect your accounts.
CyberHoot Newsletter – December 2024
This newsletter summarizes cybersecurity news from December, and boy there are some big events that happened.
Over 2,000 Palo Alto Networks Firewalls Hacked via Zero-Day Vulnerabilities
Learn how over 2,000 Palo Alto Networks firewalls were hacked using critical zero-day vulnerabilities and how to stay protected
AndroxGh0st Malware Hijacking IoT Devices
Discover how AndroxGh0st malware exploits IoT device vulnerabilities, creating powerful botnets for cyberattacks, and learn steps to protect your devices.
Midnight Blizzard: Spear-Phishing Campaign Using RDP Files
Learn about Midnight Blizzard’s spear-phishing campaign using malicious RDP files and discover practical tips to stay protected.
CyberHoot’s HootPhish Challenge
Learn how CyberHoot’s HootPhish Challenge gamifies phishing detection, helping users quickly and accurately identify phishing threats!
GitHub Config Breach Exposes Cloud Service Credential
Learn how to protect your Git repositories and cloud credentials following the massive global operation called EmeraldWhale.
HowTo: Avanan Allow-Listing in Google Workspace
This HowTo article shows how to allow-list Avanan in Google Workspace.
HowTo: Avanan Allow-Listing in Microsoft O365
This HowTo article shows how to allow-list Avanan in Microsoft O365.
CyberHoot Newsletter – November 2024
This newsletter summarizes cybersecurity news from November, and boy there are some big events that happened.
Reducing SaaS Security Risks in 2024
Explore 5 essential strategies for SaaS security, including identity management, data encryption, SSPM tools and more!
The Meta Breach: Game of Thrones Level Walk of Shame
This article dives into the Meta lawsuit for the 2019 breach that exposed 600 million unencrypted passwords in plain text.
Securing Social Media: How SSPM Protects Against Cyber Threats
Learn how social media accounts pose a cybersecurity risk and how SSPM can protect your business through multiple different ways!
CyberHoot Newsletter – October 2024
This newsletter summarizes cybersecurity news from October, and boy there are some big events that happened.
Session Hijacking: How Cybercriminals Take Over Your Online Sessions
Learn how to protect yourself from evolving Session Hijacking threats with expert tips on secure connections, encryption, 2FA, and more.
How to Spot a Phishing Link: Tips to Keep You Safe
Learn expert tips to spot phishing links and protect yourself from cyber threats, including how to check URLs, avoid scams, and stay secure online.
The Passwordless and Keyless Future of Authentication
Explore the shift toward passwordless and keyless authentication, its benefits for cybersecurity, and how businesses can prepare for this future
Airplane Wi-Fi Security Risks: How to Protect Your Data
Learn about the cybersecurity risks of using in-flight Wi-Fi and discover essential tips to protect your data while traveling, from VPNs to device updates.
CyberHoot Newsletter – August 2024
This newsletter summarizes cybersecurity news from August, and boy there are some big events that happened.
Dual Critical Advisory: Critical Vulnerabilities in Veeam Backup & Replication and SonicWall SonicOS
Learn about critical vulnerabilities in Veeam Backup & Replication and SonicWall SonicOS, including active exploits. Apply patches and follow key security measures to protect your systems.
New Rust-Based Cicada 3301 Ransomware
Learn how to protect your business from the new Rust-based Cicada 3301 ransomware. Discover key strategies to safeguard your data and prevent ransomware attacks.
Protect Your Business from Zero-Day Exploits:
Learn how to protect your business from zero-day exploits like those recently used by Chinese hackers targeting U.S. internet providers. Discover key cybersecurity strategies to stay ahead of emerging threats.
New Qilin Ransomware Attack
Learn how to protect your organization from the new Qilin ransomware attack, which exploits VPN vulnerabilities. Discover essential tips for strengthening your cybersecurity defenses and preventing ransomware threats
NPD Breach Exposes 3 Billion Personal Records
Discover the extensive impact of the NPD breach that exposed 3 billion personal records, underscoring significant privacy risks and highlighting essential steps for safeguarding personal information against identity theft and cyber fraud.
Prevention Techniques for Top 10 Common Cyber Attacks
Discover prevention techniques for the top 10 common cyber attacks. Learn how to identify the attacks through scenarios and then take steps to mitigate the damage and protect your business and data from harm.
CyberHoot Newsletter – June and July 2024
This newsletter summarizes cybersecurity news from June and July, and boy there are some big events that happened. From CrowdStrike’s global outage to increased focus on credential stuffing attacks, hackers were hard at work during this period.
Top 10 Cyber Attacks and How to Respond
Discover the top 10 cyber attacks. Learn how to identify the attacks through scenarios and then take steps to mitigate the damage and protect your business and data from harm.
Understanding the CrowdStrike Global Outage
Learn about the CrowdStrike global outage, its potential causes, and essential risk mitigation strategies to protect your organization from similar cyber threats.
Cybersecurity Perspective on the Ticketmaster-Taylor Swift Incident
A unique ransomware scheme is seeking to extort money from Ticketmaster to prevent the release of printable tickets and concert chaos.
How MFA Failures and Rising Ransomware Costs are Threatening Cybersecurity
Discover how MFA failures are contributing to a 500% surge in ransomware costs and learn how adopting Passkeys can enhance your cybersecurity defenses.
Critical Advisory: OpenSSH Remote Code Execution Vulnerability
Learn about the critical OpenSSH vulnerability CVE-2023-38408 that allows remote code execution via the ssh-agent’s forwarding feature. Discover immediate steps to protect your systems, including upgrading to OpenSSH 9.3p2, restricting PKCS#11 providers, and enhancing security measures.
The Evolving Kill Chain (On-Premise vs. SaaS)
Learn how to protect your business from the evolving SaaS kill chain by understanding the stages of cyber attacks, or kill chain links, and the nuances of on-premise vs. SaaS models of the kill-chain.