New Qilin Ransomware Attack

Learn how to protect your organization from the new Qilin ransomware attack, which exploits VPN vulnerabilities. Discover essential tips for strengthening your cybersecurity defenses and preventing ransomware threats

NPD Breach Exposes 3 Billion Personal Records

Discover the extensive impact of the NPD breach that exposed 3 billion personal records, underscoring significant privacy risks and highlighting essential steps for safeguarding personal information against identity theft and cyber fraud.

Cisco Critical Advisory Alert and Patch Now Notification

CISCO Critical Advisory Alert – Patch Now

CISCO has announced and released patches for a critical bug in their product that could allow Internet hackers to create accounts remotely on CISCO devices via the HTTP management application. Patches have been released and workarounds documented for unpatched systems no longer supported. Take action to patch now.

Zero Day present in WebP graphics formal - patch all browsers asap.

Threat Intelligence Alert – Zero-Day in Common WebP Graphics Files – Patch all Browsers Immediately

Google’s efficient and compression based graphics file format WebP has been found to contain a critical zero-day vulnerability that can lead to a complete compromise of a computer that renders a malicious WebP graphics file on any website hosting such malware content. This could be anywhere. Most browser have been patched against this vulnerability, but may not have restarted yet to take effect. Please check and force reboots or browser restarts as soon as possible.

ChatGPT - help me hack.

Five Ways ChatGPT Helps You Hack

There is a dark side to ChatGPT. Hacking tutorials abound on YouTube showing unskilled hackers how to hack with ChatGPT. ChatGPT can create convincing phishing attacks in a language of your choice, writing software code for them, which through trial and error can transform into novel and effective malware.

OpenSSL Vulnerability Alert

OpenSSL Releases Vulnerabilities Patches

OpenSSL releases vulnerability patches containing 8 bug fixes in its latest releases available across three release train binaries. The criticality of bugs range from high to moderate. They all relate to memory handling issues stemming from the fact OpenSSL was written in C.

LastPass 2022 Breach Update

The Last Straw for LastPass – Migration Time

Over the last few months, CyberHoot has learned more and researched more opinions on Password Managers concerning the latest LastPass security breach. We have felt for some time we needed to migrate to a new solution. However, what criteria would we use and recommend in order to not hope from the frying pan into the fire? This article is our attempt to summarize how you should choose your replacement password manager for your company or yourself individually.

Microsoft Critical Patch Updates Available - Patch Now

Microsoft and Adobe Critical Patch Advisories: Patch

On Tues. Jan. 10th Microsoft and Adobe both released critical patches that should be applied to your environment with priority. Both are linked to remotely exploitable, privilege escalation vulnerabilities that could be exploited by hackers.

LastPass 2022 Breach Update

LastPass Breach Update – August 22 – December 22

In August, LastPass was breached but they claimed that no client data was stolen only source code. In late December 2022 they updated their stance stating that encrypted client vaults were stolen but that default password length requirements protected most users. CyberHoot recommends you change your master password.

Wiper-malware Can Devastate Systems

“Aikido” Vulnerability Turns EDR into Wiper Malware

Security Researcher from SafeBreach has revealed critical race conditions in EDR software that can lead to a compromise of the devices running the security software. Exploit code has been seen in the wild that delivers Wiper malware to destroy the infected hosts data and operating system. Immediate patching and reboot is required.

3rd Party Risk Management and Data Destruction

Morgan Stanley Data Breach – Lessons to be Learned

The Morgan Stanley data breach of 2022 where surplus equipment was sent to a 3rd party for data destruction but ended up on eBay is a lesson’s learned treasure trove. From Data Retention and Destruction process failures to contract failures to 3rd party risk management failures, there are plenty of improvement opportunities for SMBs and MSPs to learn from here. This article highlights how you can improve your cybersecurity program from the failures of this breach.

okta security advisory

Security Advisory: Okta Breached

March 22nd, 2022: CyberHoot is investigating a potential breach at Okta, developers of a cloud-based identity and access management solution used by thousands of companies world-wide. Okta is currently investigating, …