LastPass 2022 Breach Update

The Last Straw for LastPass – Migration Time

Over the last few months, CyberHoot has learned more and researched more opinions on Password Managers concerning the latest LastPass security breach. We have felt for some time we needed to migrate to a new solution. However, what criteria would we use and recommend in order to not hope from the frying pan into the fire? This article is our attempt to summarize how you should choose your replacement password manager for your company or yourself individually.

Microsoft Critical Patch Updates Available - Patch Now

Microsoft and Adobe Critical Patch Advisories: Patch

On Tues. Jan. 10th Microsoft and Adobe both released critical patches that should be applied to your environment with priority. Both are linked to remotely exploitable, privilege escalation vulnerabilities that could be exploited by hackers.

LastPass 2022 Breach Update

LastPass Breach Update – August 22 – December 22

In August, LastPass was breached but they claimed that no client data was stolen only source code. In late December 2022 they updated their stance stating that encrypted client vaults were stolen but that default password length requirements protected most users. CyberHoot recommends you change your master password.

Wiper-malware Can Devastate Systems

“Aikido” Vulnerability Turns EDR into Wiper Malware

Security Researcher from SafeBreach has revealed critical race conditions in EDR software that can lead to a compromise of the devices running the security software. Exploit code has been seen in the wild that delivers Wiper malware to destroy the infected hosts data and operating system. Immediate patching and reboot is required.

3rd Party Risk Management and Data Destruction

Morgan Stanley Data Breach – Lessons to be Learned

The Morgan Stanley data breach of 2022 where surplus equipment was sent to a 3rd party for data destruction but ended up on eBay is a lesson’s learned treasure trove. From Data Retention and Destruction process failures to contract failures to 3rd party risk management failures, there are plenty of improvement opportunities for SMBs and MSPs to learn from here. This article highlights how you can improve your cybersecurity program from the failures of this breach.

okta security advisory

Security Advisory: Okta Breached

March 22nd, 2022: CyberHoot is investigating a potential breach at Okta, developers of a cloud-based identity and access management solution used by thousands of companies world-wide. Okta is currently investigating, …

php security advisory

Security Advisory: PHP Security Flaw

February 18th, 2022: If you’re using PHP in your network, check that you’re using the latest versions, currently 7.4.28 or 8.1.3. Released yesterday [2022-02-17], this version fixes various memory mismanagement …

wormable http hole

Advisory: Wormable Windows HTTP Bug

January 12th, 2022: Today Microsoft sent a notification of a critical risk to those who use Windows devices. The critical bug is CVE-2022-21907, also known as HTTP Protocol Stack Remote …

apple security patch

Apple Zero-Day Patch for Macs & iPhones

An anonymous Apple researcher found a security flaw in Macs and iPhones that hackers are actively exploiting. The vulnerability goes by CVE-2021-30807, with the researcher stating: “An application may be …