Cybersecurity Perspective on the Ticketmaster-Taylor Swift Incident
A unique ransomware scheme is seeking to extort money from Ticketmaster to prevent the release of printable tickets and concert chaos.
How MFA Failures and Rising Ransomware Costs are Threatening Cybersecurity
Discover how MFA failures are contributing to a 500% surge in ransomware costs and learn how adopting Passkeys can enhance your cybersecurity defenses.
Critical Advisory: OpenSSH Remote Code Execution Vulnerability
Learn about the critical OpenSSH vulnerability CVE-2023-38408 that allows remote code execution via the ssh-agent’s forwarding feature. Discover immediate steps to protect your systems, including upgrading to OpenSSH 9.3p2, restricting PKCS#11 providers, and enhancing security measures.
The Evolving Kill Chain (On-Premise vs. SaaS)
Learn how to protect your business from the evolving SaaS kill chain by understanding the stages of cyber attacks, or kill chain links, and the nuances of on-premise vs. SaaS models of the kill-chain.
Hackers Exploiting Legitimate Websites
Learn how hackers exploit legitimate websites to launch sophisticated attacks and discover ways to protect yourself from these evolving cybersecurity threats.
CyberHoot Newsletter – May 2024
Time-Intensive Mobile Hacks Are Causing Big Headaches for Companies Time-Intensive Mobile Hacks: Discover how time-intensive mobile hacks are evolving and what companies can do to protect themselves from these sophisticated …
Understanding Credential Stuffing Attacks
Learn how Okta is addressing credential stuffing attacks and what steps users can take to protect their accounts from this growing cybersecurity threat.
FireTail Podcast: CyberHoot CEO Craig Taylor
Business Ninja’s interviewed CyberHoot’s co-Founder Craig Taylor. This interview outlines CyberHoot’s unique and positive outcome approach to cybersecurity program development at your company. Our Co-Founder details what’s working and what’s broken in the emergency Cybersecurity industry. Business owners need to watch to learn what they should be doing to protect their businesses from compromise. Doing so provides much needed peace of mind.
Advanced Phishing Tactics: A Hacker’s Playbook
Discover the latest phishing tactics targeting unsuspecting victims, including Cloudflare Workers, HTML smuggling, and AI-generated emails. Learn how cybercriminals bypass security measures and how you can protect yourself from these sophisticated attacks. Stay informed and stay safe in the ever-evolving world of cybersecurity.
Advisory: Protecting Yourself After the Ticketmaster Data Breach
May 30th, 2024: Learn how to protect yourself after the Ticketmaster data breach affecting 60 million customers. Discover immediate steps, identity protection tips, and long-term security practices to safeguard your personal information.
Time-Intensive Mobile Hacks Are Causing Big Headaches for Companies
Discover how time-intensive mobile hacks are evolving and what companies can do to protect themselves from these sophisticated cybersecurity threats.
CyberHoot Newsletter – April 2024
Understanding the Change Healthcare Cyberattack Change Healthcare Cyberattack: Gain valuable insights into the attack’s origins, impact, and implications for your cybersecurity. Read now. Understanding Latrodectus: A Stealthy Cyber Threat Delve into …
Ransomware Defense: Protection from Remote Access Risks
Learn how to protect your systems from ransomware attacks by understanding the role of remote-access tools and implementing effective cybersecurity strategies.
Protecting Your Data: Lessons from the “Dropbox Sign” API and OAuth Breach
Explore the implications of the Dropbox Sign Breach incident, emphasizing the critical role of cybersecurity measures in defending against API key and OAuth token theft. It discusses the methods used by attackers, offers practical insights for safeguarding data, and underscores the ongoing need for vigilance in today’s interconnected digital landscape.
Why Ditching Passwords is the Future of Online Security
For over 40 years, passwords have been the cornerstone of computer security, despite their many flaws. People turned to password managers to simplify and secure their login processes. Now, passkeys are set to revolutionize how we secure our online identities. Unlike traditional passwords, passkeys eliminate many common security risks, making them a crucial advancement everyone should understand. This article will explain what passkeys are, how they work, and why they represent the future of identity management online.
CyberHoot Newsletter – Q1 2024 January, February, March
“CyberHoot’s Newsletter has been on a brief hiatus as we focused on critical product improvements, finished 2024 strategic planning, and addressed performance improvements. This newsletter is chock full of cyber …
Understanding the Change Healthcare Cyberattack
Lessons learned from the Change Healthcare data breach can teach us immediate actions we can take to reduce the chance of a breach in our own companies, networks, and the loss of the data entrusted to us.
Understanding Latrodectus: A Stealthy Cyber Threat
The recent sophisticated breach of Microsoft Executive emails is a stark reminder that all of us can be targeted with phishing and social engineering attacks and need to prepare by training, testing, and governing employees on Cyber Literacy.
Beware of Impersonation: How to Spot Malicious Ads Disguised as Legitimate Services
The recent sophisticated breach of Microsoft Executive emails is a stark reminder that all of us can be targeted with phishing and social engineering attacks and need to prepare by training, testing, and governing employees on Cyber Literacy.
CISA Issues Alert on Phobos Ransomware Targeting State and Local Governments
The recent sophisticated breach of Microsoft Executive emails is a stark reminder that all of us can be targeted with phishing and social engineering attacks and need to prepare by training, testing, and governing employees on Cyber Literacy.
Exposing the Apple ID Push Bombing Scam: Essential Protection Strategies
The recent sophisticated breach of Microsoft Executive emails is a stark reminder that all of us can be targeted with phishing and social engineering attacks and need to prepare by training, testing, and governing employees on Cyber Literacy.
The Evolution of Phishing: SMS and Voice-Based Attacks
The recent sophisticated breach of Microsoft Executive emails is a stark reminder that all of us can be targeted with phishing and social engineering attacks and need to prepare by training, testing, and governing employees on Cyber Literacy.
Five Easy Steps to Boost Your Cybersecurity
The recent sophisticated breach of Microsoft Executive emails is a stark reminder that all of us can be targeted with phishing and social engineering attacks and need to prepare by training, testing, and governing employees on Cyber Literacy.
Understanding Privileged User Management (PUM) vs. Privileged Access Management (PAM)
The recent sophisticated breach of Microsoft Executive emails is a stark reminder that all of us can be targeted with phishing and social engineering attacks and need to prepare by training, testing, and governing employees on Cyber Literacy.
Bridging the Gap: Superuser Protection for SMBs and MSPs
Superuser accounts in small to medium-sized businesses (SMBs) and managed service providers (MSPs) face unique cybersecurity challenges. Bridging the gap between Privileged Access Management (PAM) and Identity Management (IdM) is critical for comprehensive protection. Effective cybersecurity for SMBs and MSPs requires tailored strategies that are practical, cost-effective, and straightforward to implement. This includes establishing clear governance policies, regular employee training, risk assessments, and implementing essential technical defenses to enhance overall security posture and protect sensitive data.
Safeguarding Your SMB or MSP Against Deepfake Cybercrime: Insights from Hong Kong
The recent sophisticated breach of Microsoft Executive emails is a stark reminder that all of us can be targeted with phishing and social engineering attacks and need to prepare by training, testing, and governing employees on Cyber Literacy.
Microsoft Executive Email Breach: Lessons for SMBs and MSPs
The recent sophisticated breach of Microsoft Executive emails is a stark reminder that all of us can be targeted with phishing and social engineering attacks and need to prepare by training, testing, and governing employees on Cyber Literacy.
Mega-Breach: The Impact of 26 Billion Leaked Credentials
CyberNews broke a story detailing a collection of more than 26 Billion credentials and other private data in what security researchers are called a Mega-Breach.
Press Release: CyberHoot Launches HootPhish – A Revolutionary Approach to Phishing Simulations
CyberHoot has been shown to improve customer retention for MSPs. It lowers the cost of supporting clients through fewer security incidents, better product training, and educational phish testing. We know it works because MSPs tell us emails to support asking “Is this a Phish?” or “Is this an Attack?” go away. Start a 30 day free trial and month-to-month forever afterwards.
Peer-to-Peer (P2P) Payment Scams (Part 2)
Hackers (and jilted lovers) are transferring money to themselves using your phone’s cash app (Paypal, Zelle, Cash App) to transfer funds out of your bank account.
AI in Cybersecurity: Enhancing Threat Detection and Response
In the dynamic realm of cybersecurity, Artificial Intelligence (AI) stands as a game-changer, especially for Managed Service Providers (MSPs) and Small to Medium-sized Businesses (SMBs). This blog delves into how AI is reshaping threat detection and response, offering a new edge to cybersecurity strategies.
Peer-to-Peer (P2P) Payment Scams to Watch Out For
P2P payment scams are escalating, exposing people to advanced social engineering tactics resulting in significant financial losses.
Top 10 Cybersecurity Trends and Strategies in 2024
2024 is off to a great start, however, Small to Medium sized Businesses need to proactively address their cybersecurity program development as soon as possible. 2023 was a banner year for hacker attacks and this has only encouraged more and more hackers to enter the fray. The time is ripe for everyone to batten down the hatches and training and test their employees to build their cyber literacy skills.
CyberHoot Newsletter – December 2023
Navigating the Cybersecurity Risks of AI Assistants in Video Conferencing Silent Eavesdroppers: As AI Digital Assistants seamlessly integrate into popular video conferencing platforms, a concerning trade-off emerges between convenience and …
Navigating AI Assistant Cybersecurity Risks
AI Digital Assistants in platforms like Microsoft Teams and Zoom raise data privacy concerns, risking exposure of regulated, intellectual, or personal information. Despite claims of de-identifying sensitive data, significant risks like exposing proprietary information remain underappreciated.
Passkeys: The Path to a Passwordless Future
Passkeys provide better authentication for end users than traditional passwords which they seek to replace. They are based upon public and private cryptography, are resilient to phishing and hacker password database theft (since the private keys aren’t stored on the server or website), and represent an easier mechanism to identify users into online systems.
DNA Double-Helix Hacker Heist: A Wake-Up Call for Cybersecurity Vigilance
A recent breach at 23andme resulted in the theft of immutable and irreplaceable data – our DNA! Companies with such critical data must take every precaution to limit the data they have become caretakers of, from theft my malicious actors. In this case, 23andme has lost our DNA! This needs to be a serious criminal offence that is punished with significant consequences.
CyberHoot Newsletter – November 2023
Understanding and Protecting Against Telegram App Scams Unraveling the Dark Side of Telegram: While the messaging app offers a seamless communication experience, users face many dangers. Dive into this article …
Understanding and Protecting Against the Telegram Scams
The Telegram App provides great ways for users to communicate with one another, however it also enables scammers to attack us in novel ways. This article outlines three common ways hackers use telegram to exploit unsuspecting users for their money.
Hackers Turn SEC Snitches: The Evolution of Ransomware Tactics
Hackers have evolved into snitches leveraging recent SEC legislation which requires companies to disclose within 4 days that they have been hacked and hit with ransomware. When Meridian did not disclose to the SEC they had been hacked, the Hacker group “BlackCat” filed a complaint with the SEC informing them they had evidence that Meridian had been hacked.
Malvertising Is Once Again on the Rise Leading to Malware Infections
Hackers are hi-jacking websites and hiding malware in Google Ads to target unsuspecting users with malware. Users simply visit the formerly safe and always legitimate looking websites and are presented with fake downloads, malware, and other nasty surprises.
CyberHoot Newsletter – September/October 2023
The SEC has Strengthened Cybersecurity Reporting Requirements – What you Need to Know Over the last two years, the SEC has enhanced cybersecurity disclosure rules for publicly traded companies. Learn …
The SEC has Strengthened Cybersecurity Reporting Requirements – What you Need to Know
For the past 2 years the SEC has embarked on strengthening cybersecurity disclosure requirements at publicly traded companies. This article summarizes the changes that have come into effect and what all companies, whether publicly traded or not, should be considering in the face of a cybersecurity incident or preparing to avoid them.
The Nuts and Bolts of a WISP
A Written Information Security Plan is not meant to a bureaucratic policy collecting dust on the book shelf, but rather a living breathing document to guide companies on the safe collection, storage, manipulation, and destruction of non-public personal information on their employees, clients, or business services.
CISCO Critical Advisory Alert – Patch Now
CISCO has announced and released patches for a critical bug in their product that could allow Internet hackers to create accounts remotely on CISCO devices via the HTTP management application. Patches have been released and workarounds documented for unpatched systems no longer supported. Take action to patch now.
Top Cybersecurity Questions of the Year: What Everyone Wants to Know
Cybersecurity Awareness Month is upon us. In our efforts to address all of the questions a business owner reviewing our blog might have, we’ve collected the most frequently asked questions and have tried to answer them with the most effective mitigating control available for a particular risk. There are undoubtedly many more mitigating controls one can put in place, but this is a great starting point.
Ghosts in the Machine: Spook-tacular Cybersecurity Basics for October
In the spooky season of October, Cybersecurity Awareness Month reminds us of the real threats lurking in the digital realm. CyberHoot sheds light on three cybersecurity fundamentals: Password Protection, Phishing Awareness, and Safe Browsing Practices. Fortify your digital domain with strong password practices, stay vigilant to phishing schemes, and navigate the web safely. Embrace the cybersecurity training and phishing testing offered by CyberHoot to morph into a digital wizard against the sinister specter of cyber threats. Venture to cyberhoot.com and make cybersecurity awareness a fun-filled endeavor!
Cybersecurity Awareness: Bridging the Gap Between Knowledge and Action
October marks the observance of Cybersecurity Awareness Month, a pivotal time for businesses and individuals to bolster their understanding and actions towards cybersecurity. This means it is time for you to put action to words and get your staff trained up on the cyber threats they face. Cyber Literacy is a critical skill for the 21st century. Are you doing your part to educate your employees on the threats they face and how to avoid them?
Cyber Literacy ROI: Investing in Employee Training Makes Strong Financial Sense
Investing in Employee Cyber Literacy to build better human firewall skills makes strong financial sense. A string of recent breaches has put this in stark perspective for all companies. This article presents a case for the financial Return On Investment of employee awareness training and phish testing as delivered automatically by CyberHoot.
Save Your Staff with Cyber Literacy Skills. Use CyberHoot for Free During Cybersecurity Awareness Month
CyberHoot is offering any MSP free enrollment of any and all clients into CyberHoot for free until the end of October (31st), 2023. Enroll your prospects or existing customers in our platform and launch expedited Cybersecurity awareness training in the Month of Oct. using our fully automated system. We will credit you any users or clients enrolled for the entire month of Oct. Must be a new client to CyberHoot. If after the month ends you want to remove them, you absolutely may without penalty.