A Cybersecurity Comedy: Protecting Businesses One Laugh at a Time!
Cybersecurity too often seems like a stress inducing serial murder show. While it is serious business, adding a dose of humor will make it more memorable.
10 Ways to Help Grow your MSP
Growing your MSP is not as hard as you might think. It require a laser focus on differentiation, adding cybersecurity services, and fanatical attention to customer service to name a few of the top 10 items lists in this article.
Passkeys are the first steps on the Long Road to a Passwordless Future
The FIDO alliance is a high-powered tech alliance seeking to eliminate passwords from our online lives by replacing them with a much more secure public and private key authentication solution. Backed by Google, Microsoft, and Apple, it is a strong foray into the elimination of passwords from our everyday lives.
10 Ways Your Security Awareness Training is Failing You
Cybersecurity platforms are designed to build robust, layered defenses for your organization. However, too often they fall short of their lofty and critical goals. This articles delves into 10 common failure points and provides unique perspectives on how to avoid them.
3 Ways MSPs Add Value to Client Relationships and How to Capitalize on Them
To stand out and foster lasting relationships, MSPs must go beyond basic technical support by adopting innovative strategies to provide additional value to their customers. Once successful, MSPs must call out the emotional value that comes from these solutions.
CyberHoot Newsletter – March/April 2023
Voice Cloning is Becoming a Ransom Threat Are you confident that the voice on the other end of the line is who they claim to be? Voice impersonation, powered by …
Voice Cloning is Becoming a Ransom Threat
Voice impersonation, also known as voice cloning, are becoming an increasingly prevalent threat in the digital landscape. Sophisticated artificial intelligence (AI) technologies can now imitate voices with remarkable accuracy, leading to threats against our privacy and security.
3 Ways Attack-Based Phish Testing is Failing Us
Attack-based phish testing creates fear, anxiety, and doubt in end users. It does not create awareness, harms IT, and misinforms management. Despite representing a billion dollar industry, traditional attack-based phish testing is fundamentally flawed. It causes untold problems for IT departments, individual users, and Managed Service Providers. Studies have shown it can even lead to more clicks by end users! This article outlines the fundamental flaws in attack-based phishing. It goes on to outline improvements from educational, positive outcome phish testing assignments that teach users how to finally spot every phishing attack and delete or avoid it.
Top Five (5) Risks from SMS-Based Multifactor Authentication
Multi-factor authentication can be one of the best protect measures companies can implement on their critical accounts. However, not all methods of MFA are equal and some, like SMS, carry inherent risks and should not be used.
CyberHoot Press Release: Gradient Billing Integration
CyberHoot Press Release Gradient Billing Integration FOR IMMEDIATE RELEASE Portsmouth, NH – March 28th, 2023 – CyberHoot today announces Gradient billing integration through their Synthesize platform. Synthesize helps MSPs automate …
Five Ways ChatGPT Helps You Hack
There is a dark side to ChatGPT. Hacking tutorials abound on YouTube showing unskilled hackers how to hack with ChatGPT. ChatGPT can create convincing phishing attacks in a language of your choice, writing software code for them, which through trial and error can transform into novel and effective malware.
Cybersecurity Tools Every MSPs Needs (Part 2)
Cybersecurity tools every MSP needs in their toolbox to identify attacks, limit damage, and recover quickly.
Top 10 Tools Every MSP Needs in their Toolbox
These 10 cybersecurity tools need to be in every MSP’s toolbox. Use them to secure your clients from breach. Help them protect themselves from what they might not know about cybersecurity.
ConnectWise_Recover_ZK_Framework_Vulnerability
ConnectiWise Recover and R1Soft Server Backup software both leverage the ZK Framework. As such they need patching due to a vulnerability that can lead to remote code execution and potentially privilege escalation.
CyberHoot Newsletter – February 2023
ChatGPT Authors a Humorous Cyber Breach Article Relating to T-Mobile CyberHoot examined ChatGPT ourselves and asked it to write a humorous article about a large Mobile Carrier breach. Despite common …
OpenSSL Releases Vulnerabilities Patches
OpenSSL releases vulnerability patches containing 8 bug fixes in its latest releases available across three release train binaries. The criticality of bugs range from high to moderate. They all relate to memory handling issues stemming from the fact OpenSSL was written in C.
Top 10 MSP Cybersecurity Risks
MSPs face many risks. These are the top 10 Cybersecurity risks MSPs face and how to avoid them.
Top 10 Security Awareness Training Challenges and Solutions
This article outlines the top 10 security awareness training challenges and solutions. Businesses are under increased attack with ever more costly outcomes for failure. People are the weakest link. Training and testing them carefully, with automated solutions provide the greatest return on investment.
A Humorous AI Story Detailing the T-Mobile Breach
CyberHoot has reported on the opportunities and challenges of ChatPGT’s natural language engine and deep research capabilities. This article summarizes the recent T-Mobile breach of 37M records in a humorous way while outlining the very real risks of Smishing, Phishing, and Vishing.
The Last Straw for LastPass – Migration Time
Over the last few months, CyberHoot has learned more and researched more opinions on Password Managers concerning the latest LastPass security breach. We have felt for some time we needed to migrate to a new solution. However, what criteria would we use and recommend in order to not hope from the frying pan into the fire? This article is our attempt to summarize how you should choose your replacement password manager for your company or yourself individually.
Natural Language AI-Based ChatGPT Creating Opportunities and Challenges
Advancements in AI and natural language have led to a host of new capabilities and challenges alike. This article seeks to summarize those to create awareness around the changing landscape of AI as it relates to societal norms.
CyberHoot Newsletter – January 2023
FBI’s Vetted Cybersecurity Organization “Infragard” Breached Learn how a cybersecurity organization that partnered with the Federal Bureau of Investigation (FBI) to protect critical US infrastructure got hacked. “Aikido” Vulnerability Turns EDR …
LastPass Breach Update – August 22 – December 22
In August, LastPass was breached but they claimed that no client data was stolen only source code. In late December 2022 they updated their stance stating that encrypted client vaults were stolen but that default password length requirements protected most users. CyberHoot recommends you change your master password.
New Linux Kernel Bug is a Patch Now or Disable Scenario
If you run Linux Kernel 5.15 or later you are potential at risk (10 out of 10) vulnerability in the ksmbd kernel module added in some versions of linux kernels or later. Perform an assessment asap and patch your kernel or remove the module if you’re impacted.
FBI’s Vetted Cybersecurity Organization “Infragard” Breached
“InfraGard connects critical infrastructure owners, operators, and stakeholders with the FBI to provide education, networking, and information-sharing on security threats and risks,” the FBI’s InfraGard fact sheet reads.
“Aikido” Vulnerability Turns EDR into Wiper Malware
Security Researcher from SafeBreach has revealed critical race conditions in EDR software that can lead to a compromise of the devices running the security software. Exploit code has been seen in the wild that delivers Wiper malware to destroy the infected hosts data and operating system. Immediate patching and reboot is required.
Don’t let the American Data Privacy and Protection Act Fizzle Out – Vote
The American Data Privacy and Protection Act has crossed many federal hurdles and has bi-partisan support. Enough Republican Senators have signed on to pass this protective statute that were it to come to a vote is would pass. However, it hasn’t been called for a vote. We need to pressure our legislatures to vote.
Major Rackspace Hosted Exchange Outage: What you Need to Know and Do Now.
Microsoft O365 provides a more secure, feature rich, and consistent environment for email services than hosted exchange does today.
New Cybersecurity Rules Proposed by SEC
The U.S. Securities and Exchange Commission (SEC) is proposing new disclosure requirements by company boards regarding cybersecurity risk management, strategy, governance policies, procedures, and incidents. This would be an amendment …
Royal Ransomware’s Evolving Threat Vectors
CyberHoot has recently seen the impact of the Royal ransomware. An MSP had a client who refused security awareness training and someone fell for one of the many attack vectors …
Secure Online Payment Options – Risks and Benefits
Credit cards, virtual credit cards, payment services (Venmo, Cash), and even digital wallets (Apple Pay, Google Pay) are all available to purchase what you need online.
CyberHoot Newsletter – October 2022
Top 10 Reasons to Conduct Awareness Training and Testing Businesses all over the world experience increasingly sophisticated attacks with escalating damages and impact. Awareness training and phish testing are two …
Security Advisory: Citrix ADC and Gateway Authentication Bypass (Nov 2022)
Citrix has announced multiple vulnerabilities in their ADS and Gateway products that require patching to mitigate. Learn what to do in this article.
11 Reasons to Upgrade Aging Hardware and/or Software
There are many reasons to consider upgrading aging hardware and software including better efficiency, reliability, performance, happier staff, security, and more.
CyberHoot: 10 Reasons to Adopt Awareness Training
Cybersecurity awareness training helps combat human error, one of the most common exploitable parts of any cybersecurity program. Use these facts to convince management at your company its finally time to train your staff on cybersecurity.
Cybersecurity Awareness Month – Malicious Websites
DNS protections help identify & defend against some malicious websites. Inspection lead to blocked access and can prevent a breach.
Cybersecurity Awareness Month – Insider Attacks
Employees depart with sensitive info while others may sell company secrets. Learn how to spot suspicious behaviors to thwart insider attacks.
Cybersecurity Awareness Month – Password Costs to Productivity and Cybersecurity
You probably know that Password Managers improve cybersecurity dramatically. However, did you know they also improve productivity by more than 11 hours each year?
Cybersecurity Awareness Month – Business Email Compromise
Business Email Compromise (BEC) can lead to many other damages including wire fraud, and phishing attacks focused on your clients.
Cybersecurity Awareness Month – Malicious Attachments
Hackers will try anything to breach your network including sending us malicious attachments. Always be super careful with files sent via email.
Cybersecurity Awareness Month – Multi-Factor (aka Two-Factor) Authentication
How much do companies pay when breached? It depends upon the data that was stolen. In some cases, such as healthcare, the costs of managing a breach are increasing YOY. Recent IBM data showed Healthcare records costing 3x what other records cost in a breach. Isn’t it time you started preparing for and sought to prevent breaches.
Cybersecurity Awareness Month – Breach Costs in Healthcare
How much do companies pay when breached? It depends upon the data that was stolen. In some cases, such as healthcare, the costs of managing a breach are increasing YOY. Recent IBM data showed Healthcare records costing 3x what other records cost in a breach. Isn’t it time you started preparing for and sought to prevent breaches.
Cybersecurity Awareness Month – Data Value
Data value depends upon many factors including who easily it can be monetized on the dark web. Know your data and its value, then protect it from harm.
Cybersecurity Awareness Month – Identity Theft Statistics
Identity theft is easier than ever as our private data continues to spill out all over the Internet.
Cybersecurity Awareness Month – Physical Security Attacks
Physical security at businesses has suffered somewhat post-Covid as employees return to work places but haven’t received training on common attacks such as Tail-Gating and Piggy-Backing.
Cybersecurity Awareness Month – Two-Factor (aka Multi-Factor) Authentication
Cybersecurity can often be dramatically improved with some simple measures. Technically, enabling 2FA or MFA is one of those. Adopting a password manager is a second. Training your staff is a third.
Cybersecurity Awareness Month – Cybersecurity Worker Shortages Abound
Cybersecurity jobs are a challenge to fill across the world today. 3.5 million open positions globally with 700k in the US alone.
Cybersecurity Awareness Month – Cyber Insurance
Cyber insurance helps you quickly pick up the pieces following a breach. Not having it leads to shortcuts and mistakes.
Cybersecurity Awareness Month – Ransomware Victims Growing
Ransomware is always evolving, becoming more sophisticated and damaging. Harden your company today to prevent a devastating ransomware attack.
Cybersecurity Awareness Month – Password Strength needs Length
NIST has asked companies to allow for long passwords that don’t expire and don’t have complexity requirements. When will you follow their advice?