A Hardware Security Module (HSM) is a physical security device that safeguards and manages digital keys, performs encryption and decryption services, strong authentication, and often have tamper detection and prevention built …
WhatsApp, a Facebook-owned company, is a mobile application that allows users to send text messages, voice calls, and share documents with other WhatsApp users. You may wonder why the app …
The Citizen Lab, a Canadian privacy and cybersecurity activist group, announced a zero-day security hole in Apple’s iPhone, iPad, and Mac operating systems. The lab gave the attack the nickname …
In the spring and summer of 2021, hackers stealthily entered the United Nation’s (UN) proprietary project management software, Umoja, accessing the network and stealing critical data to be used in …
CyberHoot’s Co-Owner and Cybersecurity Expert Craig Taylor was on a video podcast with Mindwhirl, a business marketing platform. Check out what Craig had to say in his latest podcast! Watch …
Click the image below to view a larger version
T-Mobile, a self-proclaimed leader in 5G, is a CyberHoot worst of the worst for cybersecurity breaches. While preparing this article on the latest 54 million subscriber breach, we found no …
Recently, cryptocurrency exchanges, the place where you can buy and sell cryptocurrencies on the Internet, have been under active and successful attack. In one case, a Chinese cryptocurrency exchange called …
Microsoft’s Edge Vulnerability Research Team recently published details on a new feature in development called “Super Duper Secure Mode” (SDSM). SDSM is designed to improve security without notable performance losses. …
August 19th, 2021: CyberHoot has received notification of critical risks to our national cybersecurity. A critical vulnerability has been made public by CISA, known as “BadAlloc”. Details of the vulnerabilities …
A Mantrap is a small room with an entry door on one wall and an exit door on the opposite wall. One door of a mantrap cannot be unlocked and opened …
An Out-Of-Band (OOB) Patch is a security update released outside of the normal frequency. Typically, Microsoft releases patches on the second Tuesday of each month, called Patch Tuesday. When there …
BazarCaller is a new cybercrime gang that uses Vishing to trick its victims into handing over information or access to a device. Vishing is the malicious practice of making phone …
If you wish to watch our walkthrough video instead of reading through each step, click play below. Watch this video on YouTube HINT: If you can’t find something in Azure, …
If you wish to watch our walkthrough video instead of reading through each step, click play below. Watch this video on YouTube HINT: If you can’t find something in Azure, …
If you wish to watch our walkthrough video instead of reading through each step, click play below. Watch this video on YouTube HINT: If you can’t find something in Azure, …
Click the image below to view a larger version
A Managed Service Provider (MSP) is a third-party business that provides network, application, and system management services to companies. MSPs allow businesses without IT expertise to improve their cybersecurity framework …
On the second Tuesday of each month since 2003, Microsoft has released security-related updates to Windows (desktop and server), Office, and related products. Updates and patches aren’t only released on …
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) teamed up with the Australian Cyber Security Centre (ACSC), the United Kingdom’s National Cyber Security Centre (NCSC), and the U.S. Federal Bureau …
Pegasus Spyware NSO, an Israeli company has been selling governments spyware surveillance tools. National Public Radio, detailed this spyware, called Pegasus, allowing governments (hackers?) to access a victim’s cellphone to …
An anonymous Apple researcher found a security flaw in Macs and iPhones that hackers are actively exploiting. The vulnerability goes by CVE-2021-30807, with the researcher stating: “An application may be …
The news headlines seem to be filled with ransomware attacks of late. Business owners are taking note and asking their Managed Service Providers (MSPs) and IT departments to improve their …
NSO, the Israeli technology company has been working with governments around the world by selling them robust surveillance systems. The tool, named Pegasus, unlocks the contents of a victim’s cellphone …
Microsoft’s released an Out-Of-Band (OOB) emergency patch, affecting windows systems’ print-spooler subsystem. These printing issues are being called PrintNightmare by the media. The vulnerabilities are being tracked in CVE-2021-1675 and …
Starlink is a satellite Internet constellation constructed by SpaceX to provide satellite Internet access. The constellation will consist of thousands of mass-produced small satellites in low Earth orbit, which communicate …
Full-Disk Encryption (FDE) is the encryption of all data on a disk drive. It’s often done by disk encryption software installed on the hard drive during manufacturing. Users who operate …
On-Access Scanning refers to a security tool configured to deliver real-time scans of each file for malware as the file is downloaded, opened, or executed. Many different vendors offer on-access …
A new social media service, Nextdoor, is gaining steam as we come out of the COVID-19 pandemic. The platform is used to share trusted information about one’s neighborhood, to give …
Click the image below to view a larger version CyberHoot’s Press Releases are published on a monthly basis. To see the rest of our important announcements, head to our Press Releases page …
Quarantine in the cybersecurity world happens when files containing malware are placed into isolation for future disinfection or examination. This strategy puts the malware in a specific area of the …
A Transaction Lock refers to the step taken by mobile payment app users to secure their accounts and help prevent fraudulent activity. A form of Transaction Lock is commonly seen when …
Cash is King, for now. The use of electronic payment applications has been steadily growing, according to a recent survey by the US Federal Reserve, cash payments accounted for only …
Knowledge-Based Verification (KBV) is a strategy used to verify identities based on knowledge of private information associated with the claimed identity. This is often referred to as knowledge-based authentication (KBA) or …
Tactics, Techniques, and Procedures (TTP) is the method used by IT and military professionals to determine the behavior of a threat actor (hacker). These three elements help you understand your …
Prevention Absent: Congress Cybersecurity Bill Highly publicized ransomware breaches at Colonial Pipeline and JBS meats has congress seeking new federal legislation aimed at forcing government agencies, subcontractors, and suppliers to …
Lawmakers on Capitol Hill are scrambling to introduce legislation addressing overwhelming spikes in ransomware and other cyberattacks on critical organizations like Colonial Pipeline and JBS. Until recently, the US federal …
Stalkerware refers to tools, apps, software programs, and devices that let another person (a stalker) secretly watch and record information on another person’s device. Parents use this type of tool …
A Cryptocurrency Wallet, also known as a Crypto Coin Wallet, is an application that allows cryptocurrency users to store and retrieve their digital assets. With traditional currency, you don’t need a wallet …
In May of 2021, the United States’ largest pipeline, Colonial Pipeline, halted operations due to a ransomware attack. At the time, Colonial Pipeline carried 45% of the fuel used on the …
A Service Set Identifier (SSID) is a series of characters that uniquely names a Wireless Local Area Network (WLAN). An SSID is often referred to as a “network name.” This name …
Input Validation, also known as data validation, is the testing of any input (or data) provided by a user or application against expected criteria. Input validation prevents malicious or poorly …
[Update on JBS Ransomware attack: June 10, 2021 CyberHoot learned that backups and a strong disaster recovery plan weren’t responsible for a quick ransomware recovery at JBS meats as was …
Fake Job listings are collecting PII by the thousands of applicants. Be wary of offers too good to be true. Demand in person or video-based interviews and ask lots of questions.
The Cybersecurity Maturity Model Certification (CMMC) is a new universal standard set by the Department of Defense (DoD). The model was developed due to slow adoption of its predecessor, the Defense …
5G is the fifth generation of cellular data technology. It lives alongside 4G and related technologies, such as LTE. The first 5G cellular network was constructed in 2018, while 5G …
