Apple Zero-Day – Cybersecurity Advisory
May 4th, 2021: Apple has released IOS updates for 4 critical issues that impact all Mac, iOS, iPad, and Watch products. “Processing maliciously crafted web content may lead to arbitrary …
Apple AirDrop Vulnerability
Security researchers in Germany have put out a press release about research findings to be presented at Usenix 2021. They presented findings proving that “Apple AirDrop shares more than files”. …
CyberHoot Newsletter – Volume XV
Israel Launches ‘Stuxnet 3.0’ On Iran Iran blamed Israel for an alleged cyber-attack on its underground Natanz nuclear facility that damaged its centrifuges. While the Israeli government did not claim …
What Was 2020’s Most Expensive Cybercrime?
Reading the latest FBI report might convince you that Business Email Compromise was the largest cybercrime in 2020. Ransomware proves them wrong by a factor of at least 5 if not more. Both are scourges that SMBs need to protect themselves from. Become more aware to become more secure.
Rootkit
A Rootkit is a hacking program or collection of programs that give a threat actor remote access to and control over a computing device. While there have been legitimate uses …
Threat Intelligence
Threat Intelligence (TI) is information about current attack tactics and techniques (T&T) used by hackers to breach companies, their networks, and their data. Threat Intelligence collects, compares, and summarizes T&T …
Threat Hunting
Threat Hunting is proactive hunting or searching through networks, endpoints, and datasets to find malicious, suspicious, or risky activity, patterns, or files that evaded existing detection tools. This is different …
International Traffic in Arms Regulations (ITAR)
The International Traffic in Arms Regulations (ITAR) is United States regulation that controls the manufacture, sale, and distribution of defense and space-related products and services as defined in the United …
Third-Party Risk Management (TPRM)
Third-Party Risk Management (TPRM) is the process of identifying, assessing, and controlling risks presented throughout the lifecycle of your relationships with third parties. This oftentimes starts during procurement and extends …
BYOD
BYOD, also known as Bring Your Own Device, is a common practice of allowing employee-owned devices to connect to business networks. Smartphones are the most common example, but employees also …
Israel Launches ‘Stuxnet 3.0’ On Iran
Iran announced that a blackout occurred at its uranium enrichment facility in Natanz. Iran blamed Israel for a sabotage attack on its underground Natanz nuclear facility that damaged its centrifuges. Israel …
Personal Information Protection and Electronic Documents Act (PIPEDA)
The Personal Information Protection and Electronic Documents Act (PIPEDA) is Canada’s main government privacy law. Compliance with PIPEDA is essential for private sector businesses operating in Canada. Violation of PIPEDA can …
HowTo: Determine Roles in CyberHoot
Unique Roles (5) within the CyberHoot Tool: These five (5) roles are all mutually exclusive. Because you are a Manager, does not mean you are a user. Same for Administrators …
General Data Protection Regulation (GDPR)
The General Data Protection Regulation (GDPR) was passed in the European Union (EU) in 2016 and requires all businesses to protect an updated definition of personal and private data of EU …
Booking.com Fined Following Vishing Attack
Summary Message: Working out your Breach Notification during a Breach is a recipe for disaster. Back in December of 2018, Booking.com experienced a breach, where the company was exploited through …
Facebook Exploit – Cybersecurity Advisory
April 2021: CyberHoot received notification of a hacking forum publishing the stolen phone numbers and personal data of 533 million Facebook users. The data was initially part of a breach …
UK Census Smishing Attack
As many know, the United States had its decennial (every ten years) census in 2020, helping determine and record population statistics all over our country; questions around race, sex, and …
Instagram Scams: How To Avoid Them
Since Instagram’s official launch in 2010, it’s seen more than 1 billion accounts opened with users sharing close to 100 million photos every day. Instagram’s popularity skyrocketed since its launch …
CyberHoot Newsletter – Volume XIV
Twitter Steganography Risks Steganography is the interesting but potentially dangerous technique of hiding data or malware code secretly within an ordinary, non-secret file or message to avoid detection. The use of …
Data Sanitization
Data Sanitization is the process of permanently and irreversibly destroying data on a storage device in a deliberate manner, often for compliance or cybersecurity purposes. After data sanitization, a storage …
Deep Learning
Deep Learning is a type of Machine Learning and Artificial Intelligence (AI) that mimics the way people gain certain forms of knowledge. It’s extremely beneficial to data scientists who are tasked …
Artificial Intelligence (AI)
Artificial Intelligence (AI) refers to human-like intelligence presented by a computer, robot, or other machines. AI mimics human learning by building iterative learning capabilities into a computer. AI machines learn …
HowTo: Add/Edit Human Resources (HR) Contacts
HR Contacts are edited and assigned under each Group. The processes to edit the HR contact for your MSP or your customers are below: Adding/Editing HR Contacts for Your …
Hadoop
Hadoop is a software platform that makes it possible for users to manage large amounts of data. Hadoop processes extensive amounts of structured, semi-structured, and unstructured data. Some examples of data …
User Behavior Analytics (UBA)
User Behavior Analytics (UBA) is the tracking, collecting, and assessment of user data and activities using monitoring systems. UBA examine archived data from network and authentication logs collected and stored …
Twitter Steganography Risks
Steganography is the interesting but potentially dangerous technique of hiding data or malware code secretly within an ordinary, non-secret file or message to avoid detection. The use of steganography can …
Blockchain
Blockchain is a digital record of transactions. The name comes from its structure where specific records called blocks are linked together in a single list, called a chain. Blockchains are used …
Why NFTs Are The Future
The popular musician Grimes sold some animations she made with her brother Mac on a website called ‘Nifty Gateway’. Some were one-offs, while others were authentic limited editions, all were …
RFC 1918
RFC 1918, also known as Request for Comment 1918, is the Internet Engineering Task Force (IETF) record on methods of assigning private IP addresses on TCP/IP networks. RFC 1918 outlines the usable private …
Bogon
A Bogon is an IP address (IPv4 or IPv6) that has yet to be officially assigned for use by the Internet Assigned Number Authority (IANA). As such they are unassigned …
Non-Fungible Token (NFT)
Non-Fungible Tokens (NFTs) are unique, easily verifiable digital assets that can represent items such as GIFs, images, videos, music albums, and more. Anything that exists online can be purchased as an …
US Treasury Bans Ransomware Payments
Oct.1st, 2020: The US Treasury Department’s Office of Foreign Assets Control (OFAC) warned organizations that making ransomware payments is illegal. These payments violate US economic sanctions banning the support of …
Geotagging
Geotagging adds geographical information to media through the use of metadata. Geotagging data often includes latitude and longitude coordinates, but may also include altitude, distance, and physical location names. Geotagging …
Jailbreaking
Jailbreaking is the exploiting of manufacturer or carrier operating systems, often by removing restrictions from a device like an iPhone. The exploit usually involves running a privilege escalation attack on …
Mean Time to Failure (MTTF)
Mean Time to Failure (MTTF) and sometimes references as Mean Time For Failure (MTFF) is the length of time a device or software is expected to last in operation. MTTF …
Role-Based Access Control (RBAC)
Role-Based Access Control (RBAC) is a strategy of limiting network access based on the roles of individual users within a business. RBAC lets employees have access rights only to the …
Apple’s New Privacy Initiative
Apple’s tracking-optional iOS 14.5 update provides privacy-preserving features, giving users the ability to opt-out of being followed around the Internet via “trackers” in their apps. This privacy-driven iOS 14.5 update …
Leakware
Leakware, also known as Doxware, is a new more potent, and dangerous form of ransomware. When a ransomware Attack containing Leakware occurs, the attacker threatens to publicize personal data (confidentiality …
CyberHoot February Press Release – Referral Program
Click the image below to visit the referral registration page
FTC Warns of ‘Romance Scammers’
For people searching for love online, it has become a little difficult due to scammers’ hell-bent on catfishing vulnerable people. The Federal Trade Commission (FTC) issued a warning about such …
Packet
A Packet is the unit of data that is routed between an origin and a destination on the Internet or any other packet-switched network. TCP packets, passed over TCP/IP networks …
Ping of Death (PoD)
A Ping of Death (PoD) is a type of Denial of Service (DoS) attack that deliberately sends IP packets larger than the 65,536 bytes allowed by the IP protocol. One of …
CyberHoot Newsletter – Volume XIII
Emotet Operation Takedown In January of 2021, law enforcement and judicial authorities across the globe disrupted one of the most notable botnets of the past decade: Emotet. Investigators have taken control of its …
CyberHoot February Press Release
Click on the image below and select the ‘learn more’ links to take you to the HowTo tutorials. Here are our two ‘HowTo’ videos for these announcements: https://www.youtube.com/watch?v=ALsjmxZoz90https://www.youtube.com/watch?v=Sn22dU9EN00
Canada Rules Clearview AI’s Illegal
Clearview AI has created one of the broadest and most powerful facial recognition databases in the world. Their application allows a user (law enforcement we hope) to upload a photo of …
Synthetic Transaction Monitoring (STM)
Synthetic Transaction Monitoring (STM), also known as Synthetic Monitoring, is a web monitoring tool similar to Real User Monitoring (RUM), but Instead of collecting real user data, it simulates it. …
Common Vulnerabilities and Exposures (CVE)
Common Vulnerabilities and Exposures (CVE) is a list of computer security flaws ranked on critical measures to aid individuals and companies with assessing the risk posed by the vulnerability or exposure …
Real User Monitoring (RUM)
Real User Monitoring (RUM) is a form of performance monitoring that captures and analyzes user activity and transacations on a website or application. It’s also known as real user measurement, …
Emotet Operation Takedown
In January of 2021, law enforcement and judicial authorities across the globe disrupted one of the most notable botnets of the past decade: Emotet. Investigators have taken control of its …
Container
Before we get into what a container is, we need you to understand the difference between today’s term ‘Container’ and the previous term CyberHoot published ‘Hypervisor‘. Knowing the difference between …
