Midnight Blizzard: Spear-Phishing Campaign Using RDP Files
Learn about Midnight Blizzard’s spear-phishing campaign using malicious RDP files and discover practical tips to stay protected.
GitHub Config Breach Exposes Cloud Service Credential
Explore 5 essential strategies for SaaS security, including identity management, data encryption, SSPM tools and more!
Session Hijacking: How Cybercriminals Take Over Your Online Sessions
Learn how to protect yourself from evolving Session Hijacking threats with expert tips on secure connections, encryption, 2FA, and more.
Airplane Wi-Fi Security Risks: How to Protect Your Data
Learn about the cybersecurity risks of using in-flight Wi-Fi and discover essential tips to protect your data while traveling, from VPNs to device updates.
Dual Critical Advisory: Critical Vulnerabilities in Veeam Backup & Replication and SonicWall SonicOS
Learn about critical vulnerabilities in Veeam Backup & Replication and SonicWall SonicOS, including active exploits. Apply patches and follow key security measures to protect your systems.
New Qilin Ransomware Attack
Learn how to protect your organization from the new Qilin ransomware attack, which exploits VPN vulnerabilities. Discover essential tips for strengthening your cybersecurity defenses and preventing ransomware threats
NPD Breach Exposes 3 Billion Personal Records
Discover the extensive impact of the NPD breach that exposed 3 billion personal records, underscoring significant privacy risks and highlighting essential steps for safeguarding personal information against identity theft and cyber fraud.
Understanding the CrowdStrike Global Outage
Learn about the CrowdStrike global outage, its potential causes, and essential risk mitigation strategies to protect your organization from similar cyber threats.
Cybersecurity Perspective on the Ticketmaster-Taylor Swift Incident
A unique ransomware scheme is seeking to extort money from Ticketmaster to prevent the release of printable tickets and concert chaos.
Critical Advisory: OpenSSH Remote Code Execution Vulnerability
Learn about the critical OpenSSH vulnerability CVE-2023-38408 that allows remote code execution via the ssh-agent’s forwarding feature. Discover immediate steps to protect your systems, including upgrading to OpenSSH 9.3p2, restricting PKCS#11 providers, and enhancing security measures.
Advisory: Protecting Yourself After the Ticketmaster Data Breach
May 30th, 2024: Learn how to protect yourself after the Ticketmaster data breach affecting 60 million customers. Discover immediate steps, identity protection tips, and long-term security practices to safeguard your personal information.
Ransomware Defense: Protection from Remote Access Risks
Learn how to protect your systems from ransomware attacks by understanding the role of remote-access tools and implementing effective cybersecurity strategies.
Protecting Your Data: Lessons from the “Dropbox Sign” API and OAuth Breach
Explore the implications of the Dropbox Sign Breach incident, emphasizing the critical role of cybersecurity measures in defending against API key and OAuth token theft. It discusses the methods used by attackers, offers practical insights for safeguarding data, and underscores the ongoing need for vigilance in today’s interconnected digital landscape.
Understanding the Change Healthcare Cyberattack
Lessons learned from the Change Healthcare data breach can teach us immediate actions we can take to reduce the chance of a breach in our own companies, networks, and the loss of the data entrusted to us.
CISCO Zero Days in ASA and Firepower Threat Defense Solutions – Patch Now
ArcaneDoor delivers malware via zero-day exploits to CISCO ASA and Firepower network security devices. Patches are available and need to be applied once system integrity is verified.
Understanding Latrodectus: A Stealthy Cyber Threat
The recent sophisticated breach of Microsoft Executive emails is a stark reminder that all of us can be targeted with phishing and social engineering attacks and need to prepare by training, testing, and governing employees on Cyber Literacy.
Mega-Breach: The Impact of 26 Billion Leaked Credentials
CyberNews broke a story detailing a collection of more than 26 Billion credentials and other private data in what security researchers are called a Mega-Breach.
Peer-to-Peer (P2P) Payment Scams (Part 2)
Hackers (and jilted lovers) are transferring money to themselves using your phone’s cash app (Paypal, Zelle, Cash App) to transfer funds out of your bank account.
Peer-to-Peer (P2P) Payment Scams to Watch Out For
P2P payment scams are escalating, exposing people to advanced social engineering tactics resulting in significant financial losses.
Malvertising Is Once Again on the Rise Leading to Malware Infections
Hackers are hi-jacking websites and hiding malware in Google Ads to target unsuspecting users with malware. Users simply visit the formerly safe and always legitimate looking websites and are presented with fake downloads, malware, and other nasty surprises.
CISCO Critical Advisory Alert – Patch Now
CISCO has announced and released patches for a critical bug in their product that could allow Internet hackers to create accounts remotely on CISCO devices via the HTTP management application. Patches have been released and workarounds documented for unpatched systems no longer supported. Take action to patch now.
Threat Intelligence Alert – Zero-Day in Common WebP Graphics Files – Patch all Browsers Immediately
Google’s efficient and compression based graphics file format WebP has been found to contain a critical zero-day vulnerability that can lead to a complete compromise of a computer that renders a malicious WebP graphics file on any website hosting such malware content. This could be anywhere. Most browser have been patched against this vulnerability, but may not have restarted yet to take effect. Please check and force reboots or browser restarts as soon as possible.
EvilProxy Malware Steals Session Tokens bypassing MFA on Victim’s Email Account
Hackers have been using EvilProxy to capture authenticated session tokens from unsuspecting phishing email victims.
Is Microsoft Teams a Direct Trojan Horse Malware Delivery Service to Employees?
Exploiting a flaw in how the app handles communication with external tenants gives threat actors an easy way to send malicious files from a trusted source to an organization’s employees. Microsoft believes this is a feature and no patch will be provided. This delivery method bi-passes traditional payload delivery security controls.
Old Attacks Made New Again by Hackers Exploiting our Browsers and Our Fears
Virus warning attacks have plagued computer users for years. Recently, hackers have figured out how to exploit these attacks in your Google Chrome (and possibly other) browsers, seizing control of your browser and scaring you into calling fake customer support hotlines to extort you for money.
Top Five (5) Risks from SMS-Based Multifactor Authentication
Multi-factor authentication can be one of the best protect measures companies can implement on their critical accounts. However, not all methods of MFA are equal and some, like SMS, carry inherent risks and should not be used.
Five Ways ChatGPT Helps You Hack
There is a dark side to ChatGPT. Hacking tutorials abound on YouTube showing unskilled hackers how to hack with ChatGPT. ChatGPT can create convincing phishing attacks in a language of your choice, writing software code for them, which through trial and error can transform into novel and effective malware.
ConnectWise_Recover_ZK_Framework_Vulnerability
ConnectiWise Recover and R1Soft Server Backup software both leverage the ZK Framework. As such they need patching due to a vulnerability that can lead to remote code execution and potentially privilege escalation.
OpenSSL Releases Vulnerabilities Patches
OpenSSL releases vulnerability patches containing 8 bug fixes in its latest releases available across three release train binaries. The criticality of bugs range from high to moderate. They all relate to memory handling issues stemming from the fact OpenSSL was written in C.
The Last Straw for LastPass – Migration Time
Over the last few months, CyberHoot has learned more and researched more opinions on Password Managers concerning the latest LastPass security breach. We have felt for some time we needed to migrate to a new solution. However, what criteria would we use and recommend in order to not hope from the frying pan into the fire? This article is our attempt to summarize how you should choose your replacement password manager for your company or yourself individually.
Microsoft and Adobe Critical Patch Advisories: Patch
On Tues. Jan. 10th Microsoft and Adobe both released critical patches that should be applied to your environment with priority. Both are linked to remotely exploitable, privilege escalation vulnerabilities that could be exploited by hackers.
LastPass Breach Update – August 22 – December 22
In August, LastPass was breached but they claimed that no client data was stolen only source code. In late December 2022 they updated their stance stating that encrypted client vaults were stolen but that default password length requirements protected most users. CyberHoot recommends you change your master password.
New Linux Kernel Bug is a Patch Now or Disable Scenario
If you run Linux Kernel 5.15 or later you are potential at risk (10 out of 10) vulnerability in the ksmbd kernel module added in some versions of linux kernels or later. Perform an assessment asap and patch your kernel or remove the module if you’re impacted.
FBI’s Vetted Cybersecurity Organization “Infragard” Breached
“InfraGard connects critical infrastructure owners, operators, and stakeholders with the FBI to provide education, networking, and information-sharing on security threats and risks,” the FBI’s InfraGard fact sheet reads.
“Aikido” Vulnerability Turns EDR into Wiper Malware
Security Researcher from SafeBreach has revealed critical race conditions in EDR software that can lead to a compromise of the devices running the security software. Exploit code has been seen in the wild that delivers Wiper malware to destroy the infected hosts data and operating system. Immediate patching and reboot is required.
Major Rackspace Hosted Exchange Outage: What you Need to Know and Do Now.
Microsoft O365 provides a more secure, feature rich, and consistent environment for email services than hosted exchange does today.
Security Advisory: Citrix ADC and Gateway Authentication Bypass (Nov 2022)
Citrix has announced multiple vulnerabilities in their ADS and Gateway products that require patching to mitigate. Learn what to do in this article.
Fortinet Authentication Bypass Vulnerabilities
Duplicate this article and then edit it to create easy to complete Blog articles.
Morgan Stanley Data Breach – Lessons to be Learned
The Morgan Stanley data breach of 2022 where surplus equipment was sent to a 3rd party for data destruction but ended up on eBay is a lesson’s learned treasure trove. From Data Retention and Destruction process failures to contract failures to 3rd party risk management failures, there are plenty of improvement opportunities for SMBs and MSPs to learn from here. This article highlights how you can improve your cybersecurity program from the failures of this breach.
Security Advisory: Critical Patches in Adobe and Microsoft Products
CyberHoot Vulnerability Alert Management Process (VAMP) Rating: Critical/Red July 19th, 2022: CyberHoot has learned of multiple Microsoft and Adobe vulnerabilities that can allow for Remote Code Execution (RCE) on your devices that …
Security Advisory: Adobe Vulnerabilities Allow Code Execution
CyberHoot Vulnerability Alert Management Process Rating (VAMP): Critical/Red June 15th, 2022: CyberHoot has learned of multiple Adobe Product vulnerabilities, where the most severe of which could allow for arbitrary code …
Security Advisory: Android UNISOC Chip Vulnerability
CyberHoot Vulnerability Alert Management Process Rating (VAMP): Critical/Red June 7th, 2022: CyberHoot has learned of multiple critical Android vulnerabilities, affecting millions of Android smartphones, that have been patched today. Critical …
Security Advisory: Microsoft Office ‘Follina’ Vulnerability
CyberHoot Vulnerability Alert Management Process Rating (VAMP): Critical/Red May 31st, 2022: CyberHoot has learned of a Remote Code Execution (RCE) bug that can be exploited in Microsoft Office files. Security researcher …
Security Advisory: Chrome Vulnerabilities Allow Code Execution
CyberHoot Vulnerability Alert Management Process Rating (VAMP): Critical/Red May 25th, 2022: CyberHoot has learned of multiple Google Chrome Web Browser vulnerabilities that could allow for arbitrary code execution. Successful exploitation of …
Security Advisory: VMware Vulnerabilities Gives System Control to Hackers
CyberHoot Vulnerability Alert Management Process Rating (VAMP): Critical/Red May 19th, 2022: CyberHoot has learned of a number of VMware software vulnerabilities tracked as CVE-2022-22954 (Base score: 9.8/10) and CVE-2022-22960 (Base score: …
Security Advisory: SonicWall Authentication Vulnerability
May 16th, 2022: CyberHoot has investigated a SonicWall advisory warning of a trio of security flaws in its Secure Mobile Access (SMA) 1000 appliances, including a high-severity authentication bypass vulnerability. …
Security Advisory: Critical Cryptographic Java Vulnerability
April 22nd, 2022: CyberHoot has investigated a Java Product vulnerability tracked as CVE-2022-21449 that allows accounts to be remotely exploitable without authentication. In other words, this vulnerability can be exploited …
Security Advisory: Okta Breached
March 22nd, 2022: CyberHoot is investigating a potential breach at Okta, developers of a cloud-based identity and access management solution used by thousands of companies world-wide. Okta is currently investigating, …
Security Advisory: PHP Security Flaw
February 18th, 2022: If you’re using PHP in your network, check that you’re using the latest versions, currently 7.4.28 or 8.1.3. Released yesterday [2022-02-17], this version fixes various memory mismanagement …
Security Advisory: Elementor WordPress Plugin
February 2nd, 2022: CyberHoot has investigated a WordPress vulnerability tracked as CVE-2022-0320, whereby a security flaw can lead to data leakage and more importantly remote code execution. The security gap …