Malvertising Alert: Phishing Campaign Targets Onfido Users via Google Ads
Initial Access Brokers are changing tactics, selling low-cost access to more targets. Learn how this shift increases cyber risks and what defenses to implement.
Division of Labor in Criminal Enterprises leads to High-Volume, Low-Cost Attacks
Initial Access Brokers are changing tactics, selling low-cost access to more targets. Learn how this shift increases cyber risks and what defenses to implement.
Tax Season Scams: Microsoft Warns of Phishing Attacks
Protect yourself this tax season: Learn how hackers use tax-themed phishing emails to steal data and deploy malware.
Top 3 Microsoft Office Exploits Hackers Are Using in 2025—and How to Stop Them
Medusa ransomware is now using a malicious driver to bypass security tools and disable EDR systems. Learn how this advanced technique works and how to protect your organization.
Medusa Ransomware Deploys Malicious Driver to Evade Security
Medusa ransomware is now using a malicious driver to bypass security tools and disable EDR systems. Learn how this advanced technique works and how to protect your organization.
Polymorphic Extensions: A New Cyber Threat Impersonating Your Add-Ons
Discover how malicious browser extensions use polymorphic techniques to impersonate legitimate add-ons, posing serious cybersecurity risks.
Advisory: Critical Microsoft Outlook Vulnerability
Critical Microsoft Outlook vulnerability allows attackers to bypass security using the ‘Moniker Link’ exploit.
Hackers Exploit CAPTCHA Trick on Webflow to Deliver Phishing Attacks
Cybercriminals are exploiting Webflow’s trusted infrastructure using fake CAPTCHA screens to deliver phishing attacks.
USPS Text Scam: Cybercriminals Hiding Malicious PDFs
Beware of a new USPS text scam using malicious PDF links to bypass security filters. Learn how cybercriminals exploit trusted platforms and how to protect yourself from phishing attacks
U.S Navy Limits DeepSeek AI Over Cybersecurity Concerns
Discover why the U.S. Navy is restricting DeepSeek AI due to cybersecurity concerns, including data security risks, misinformation, and adversarial exploitation.
Critical Advisory: FortiGate SSL VPN Breach
Urgent advisory on the Fortigate SSL VPN breach: Learn how to protect your organization by transitioning to secure, scalable cloud-based remote access solutions and eliminate risks associated with legacy VPN systems.
Beware of FireScam: Malware Masquerading as Telegram
FireScam malware disguises itself as Telegram, stealing sensitive data from Android users. Learn how to stay protected.
How to Keep Your Text Messages Secure in an Era of Rising Cyber Threats
Protect your text messages from cyber threats with these essential tips, including encryption, avoiding smishing, and securing 2FA.
Critical Advisory: Google Chrome Extensions Hacked
Learn how over 2,000 Palo Alto Networks firewalls were hacked using critical zero-day vulnerabilities and how to stay protected
Over 2,000 Palo Alto Networks Firewalls Hacked via Zero-Day Vulnerabilities
Learn how over 2,000 Palo Alto Networks firewalls were hacked using critical zero-day vulnerabilities and how to stay protected
AndroxGh0st Malware Hijacking IoT Devices
Discover how AndroxGh0st malware exploits IoT device vulnerabilities, creating powerful botnets for cyberattacks, and learn steps to protect your devices.
Midnight Blizzard: Spear-Phishing Campaign Using RDP Files
Learn about Midnight Blizzard’s spear-phishing campaign using malicious RDP files and discover practical tips to stay protected.
GitHub Config Breach Exposes Cloud Service Credential
Learn how to protect your Git repositories and cloud credentials following the massive global operation called EmeraldWhale.
Session Hijacking: How Cybercriminals Take Over Your Online Sessions
Learn how to protect yourself from evolving Session Hijacking threats with expert tips on secure connections, encryption, 2FA, and more.
Airplane Wi-Fi Security Risks: How to Protect Your Data
Learn about the cybersecurity risks of using in-flight Wi-Fi and discover essential tips to protect your data while traveling, from VPNs to device updates.
Dual Critical Advisory: Critical Vulnerabilities in Veeam Backup & Replication and SonicWall SonicOS
Learn about critical vulnerabilities in Veeam Backup & Replication and SonicWall SonicOS, including active exploits. Apply patches and follow key security measures to protect your systems.
New Qilin Ransomware Attack
Learn how to protect your organization from the new Qilin ransomware attack, which exploits VPN vulnerabilities. Discover essential tips for strengthening your cybersecurity defenses and preventing ransomware threats
NPD Breach Exposes 3 Billion Personal Records
Discover the extensive impact of the NPD breach that exposed 3 billion personal records, underscoring significant privacy risks and highlighting essential steps for safeguarding personal information against identity theft and cyber fraud.
Understanding the CrowdStrike Global Outage
Learn about the CrowdStrike global outage, its potential causes, and essential risk mitigation strategies to protect your organization from similar cyber threats.
Cybersecurity Perspective on the Ticketmaster-Taylor Swift Incident
A unique ransomware scheme is seeking to extort money from Ticketmaster to prevent the release of printable tickets and concert chaos.
Critical Advisory: OpenSSH Remote Code Execution Vulnerability
Learn about the critical OpenSSH vulnerability CVE-2023-38408 that allows remote code execution via the ssh-agent’s forwarding feature. Discover immediate steps to protect your systems, including upgrading to OpenSSH 9.3p2, restricting PKCS#11 providers, and enhancing security measures.
Advisory: Protecting Yourself After the Ticketmaster Data Breach
May 30th, 2024: Learn how to protect yourself after the Ticketmaster data breach affecting 60 million customers. Discover immediate steps, identity protection tips, and long-term security practices to safeguard your personal information.
Ransomware Defense: Protection from Remote Access Risks
Learn how to protect your systems from ransomware attacks by understanding the role of remote-access tools and implementing effective cybersecurity strategies.
Protecting Your Data: Lessons from the “Dropbox Sign” API and OAuth Breach
Explore the implications of the Dropbox Sign Breach incident, emphasizing the critical role of cybersecurity measures in defending against API key and OAuth token theft. It discusses the methods used by attackers, offers practical insights for safeguarding data, and underscores the ongoing need for vigilance in today’s interconnected digital landscape.
Understanding the Change Healthcare Cyberattack
Lessons learned from the Change Healthcare data breach can teach us immediate actions we can take to reduce the chance of a breach in our own companies, networks, and the loss of the data entrusted to us.
CISCO Zero Days in ASA and Firepower Threat Defense Solutions – Patch Now
ArcaneDoor delivers malware via zero-day exploits to CISCO ASA and Firepower network security devices. Patches are available and need to be applied once system integrity is verified.
Understanding Latrodectus: A Stealthy Cyber Threat
The recent sophisticated breach of Microsoft Executive emails is a stark reminder that all of us can be targeted with phishing and social engineering attacks and need to prepare by training, testing, and governing employees on Cyber Literacy.
Mega-Breach: The Impact of 26 Billion Leaked Credentials
CyberNews broke a story detailing a collection of more than 26 Billion credentials and other private data in what security researchers are called a Mega-Breach.
Peer-to-Peer (P2P) Payment Scams (Part 2)
Hackers (and jilted lovers) are transferring money to themselves using your phone’s cash app (Paypal, Zelle, Cash App) to transfer funds out of your bank account.
Peer-to-Peer (P2P) Payment Scams to Watch Out For
P2P payment scams are escalating, exposing people to advanced social engineering tactics resulting in significant financial losses.
Malvertising Is Once Again on the Rise Leading to Malware Infections
Hackers are hi-jacking websites and hiding malware in Google Ads to target unsuspecting users with malware. Users simply visit the formerly safe and always legitimate looking websites and are presented with fake downloads, malware, and other nasty surprises.
CISCO Critical Advisory Alert – Patch Now
CISCO has announced and released patches for a critical bug in their product that could allow Internet hackers to create accounts remotely on CISCO devices via the HTTP management application. Patches have been released and workarounds documented for unpatched systems no longer supported. Take action to patch now.
Threat Intelligence Alert – Zero-Day in Common WebP Graphics Files – Patch all Browsers Immediately
Google’s efficient and compression based graphics file format WebP has been found to contain a critical zero-day vulnerability that can lead to a complete compromise of a computer that renders a malicious WebP graphics file on any website hosting such malware content. This could be anywhere. Most browser have been patched against this vulnerability, but may not have restarted yet to take effect. Please check and force reboots or browser restarts as soon as possible.
EvilProxy Malware Steals Session Tokens bypassing MFA on Victim’s Email Account
Hackers have been using EvilProxy to capture authenticated session tokens from unsuspecting phishing email victims.
Is Microsoft Teams a Direct Trojan Horse Malware Delivery Service to Employees?
Exploiting a flaw in how the app handles communication with external tenants gives threat actors an easy way to send malicious files from a trusted source to an organization’s employees. Microsoft believes this is a feature and no patch will be provided. This delivery method bi-passes traditional payload delivery security controls.
Old Attacks Made New Again by Hackers Exploiting our Browsers and Our Fears
Virus warning attacks have plagued computer users for years. Recently, hackers have figured out how to exploit these attacks in your Google Chrome (and possibly other) browsers, seizing control of your browser and scaring you into calling fake customer support hotlines to extort you for money.
Top Five (5) Risks from SMS-Based Multifactor Authentication
Multi-factor authentication can be one of the best protect measures companies can implement on their critical accounts. However, not all methods of MFA are equal and some, like SMS, carry inherent risks and should not be used.
Five Ways ChatGPT Helps You Hack
There is a dark side to ChatGPT. Hacking tutorials abound on YouTube showing unskilled hackers how to hack with ChatGPT. ChatGPT can create convincing phishing attacks in a language of your choice, writing software code for them, which through trial and error can transform into novel and effective malware.
ConnectWise_Recover_ZK_Framework_Vulnerability
ConnectiWise Recover and R1Soft Server Backup software both leverage the ZK Framework. As such they need patching due to a vulnerability that can lead to remote code execution and potentially privilege escalation.
OpenSSL Releases Vulnerabilities Patches
OpenSSL releases vulnerability patches containing 8 bug fixes in its latest releases available across three release train binaries. The criticality of bugs range from high to moderate. They all relate to memory handling issues stemming from the fact OpenSSL was written in C.
The Last Straw for LastPass – Migration Time
Over the last few months, CyberHoot has learned more and researched more opinions on Password Managers concerning the latest LastPass security breach. We have felt for some time we needed to migrate to a new solution. However, what criteria would we use and recommend in order to not hope from the frying pan into the fire? This article is our attempt to summarize how you should choose your replacement password manager for your company or yourself individually.
Microsoft and Adobe Critical Patch Advisories: Patch
On Tues. Jan. 10th Microsoft and Adobe both released critical patches that should be applied to your environment with priority. Both are linked to remotely exploitable, privilege escalation vulnerabilities that could be exploited by hackers.
LastPass Breach Update – August 22 – December 22
In August, LastPass was breached but they claimed that no client data was stolen only source code. In late December 2022 they updated their stance stating that encrypted client vaults were stolen but that default password length requirements protected most users. CyberHoot recommends you change your master password.
New Linux Kernel Bug is a Patch Now or Disable Scenario
If you run Linux Kernel 5.15 or later you are potential at risk (10 out of 10) vulnerability in the ksmbd kernel module added in some versions of linux kernels or later. Perform an assessment asap and patch your kernel or remove the module if you’re impacted.
FBI’s Vetted Cybersecurity Organization “Infragard” Breached
“InfraGard connects critical infrastructure owners, operators, and stakeholders with the FBI to provide education, networking, and information-sharing on security threats and risks,” the FBI’s InfraGard fact sheet reads.