Weekly blog articles covering current, critical cybersecurity topics to help the world become more aware and more secure.
The Cybersecurity and Infrastructure Agency (CISA) released an alert of an ongoing cyber threat to the U.S. Water and Wastewater Systems, also highlighting five incidents that occurred between March 2019 …
The cybersecurity world is continually inundated with the new strains of ransomware taking down large and small businesses alike. Unfortunately, this has brought attention away from other cyber-related attacks, like …
October 13th, 2021: CyberHoot received notification of a Zero-Day Vulnerability on Apple’s iPhone and iPad very latest iOS version 15 which shipped pre-installed on the latest iPhones released in Oct. …
In April of 2021, Apple unveiled the AirTag, a tracking device that can be put on nearly anything so users don’t lose their valuables. Users frequently use these on their …
Cybersecurity experts at Guardicore published a report summarizing its research results involving security concerns in Microsoft “Autodiscover” feature. Their report states they were able to collect over a 372,072 domain …
WhatsApp, a Facebook-owned company, is a mobile application that allows users to send text messages, voice calls, and share documents with other WhatsApp users. You may wonder why the app …
The Citizen Lab, a Canadian privacy and cybersecurity activist group, announced a zero-day security hole in Apple’s iPhone, iPad, and Mac operating systems. The lab gave the attack the nickname …
In the spring and summer of 2021, hackers stealthily entered the United Nation’s (UN) proprietary project management software, Umoja, accessing the network and stealing critical data to be used in …
T-Mobile, a self-proclaimed leader in 5G, is a CyberHoot worst of the worst for cybersecurity breaches. While preparing this article on the latest 54 million subscriber breach, we found no …
Recently, cryptocurrency exchanges, the place where you can buy and sell cryptocurrencies on the Internet, have been under active and successful attack. In one case, a Chinese cryptocurrency exchange called …
Microsoft’s Edge Vulnerability Research Team recently published details on a new feature in development called “Super Duper Secure Mode” (SDSM). SDSM is designed to improve security without notable performance losses. …
August 19th, 2021: CyberHoot has received notification of critical risks to our national cybersecurity. A critical vulnerability has been made public by CISA, known as “BadAlloc”. Details of the vulnerabilities …
BazarCaller is a new cybercrime gang that uses Vishing to trick its victims into handing over information or access to a device. Vishing is the malicious practice of making phone …
On the second Tuesday of each month since 2003, Microsoft has released security-related updates to Windows (desktop and server), Office, and related products. Updates and patches aren’t only released on …
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) teamed up with the Australian Cyber Security Centre (ACSC), the United Kingdom’s National Cyber Security Centre (NCSC), and the U.S. Federal Bureau …
The news headlines seem to be filled with ransomware attacks of late. Business owners are taking note and asking their Managed Service Providers (MSPs) and IT departments to improve their …
NSO, the Israeli technology company has been working with governments around the world by selling them robust surveillance systems. The tool, named Pegasus, unlocks the contents of a victim’s cellphone …
Microsoft’s released an Out-Of-Band (OOB) emergency patch, affecting windows systems’ print-spooler subsystem. These printing issues are being called PrintNightmare by the media. The vulnerabilities are being tracked in CVE-2021-1675 and …
A new social media service, Nextdoor, is gaining steam as we come out of the COVID-19 pandemic. The platform is used to share trusted information about one’s neighborhood, to give …
Update and Correction – 3:30pm 7/3/21: CyberHoot has confirmed from Kaseya and other cybersecurity news sources that Webroot was not and is not a risk from this Kaseya ransomware event. Only Kaseya …
Cash is King, for now. The use of electronic payment applications has been steadily growing, according to a recent survey by the US Federal Reserve, cash payments accounted for only …
Lawmakers on Capitol Hill are scrambling to introduce legislation addressing overwhelming spikes in ransomware and other cyberattacks on critical organizations like Colonial Pipeline and JBS. Until recently, the US federal …
In May of 2021, the United States’ largest pipeline, Colonial Pipeline, halted operations due to a ransomware attack. At the time, Colonial Pipeline carried 45% of the fuel used on the …
[Update on JBS Ransomware attack: June 10, 2021 CyberHoot learned that backups and a strong disaster recovery plan weren’t responsible for a quick ransomware recovery at JBS meats as was …
Fake Job listings are collecting PII by the thousands of applicants. Be wary of offers too good to be true. Demand in person or video-based interviews and ask lots of questions.
A phrase that has been making waves in the financial world is Decentralized Finance (aka: DeFi). DeFi uses cryptocurrency and blockchain technology to manage financial transactions outside the control of …
May 17, 2021: Following the Ransomware Attack on the Colonial Pipeline, Texas Governor Greg Abbott took action and announced that he was signing a new cybersecurity law that penalizes those …
The United States’ largest pipeline, Colonial Pipeline, halted operations due to a ransomware attack. Colonial Pipeline carries 45% of the fuel used on the U.S. East Coast, running from Texas …
May 4th, 2021: Apple has released IOS updates for 4 critical issues that impact all Mac, iOS, iPad, and Watch products. “Processing maliciously crafted web content may lead to arbitrary …
Security researchers in Germany have put out a press release about research findings to be presented at Usenix 2021. They presented findings proving that “Apple AirDrop shares more than files”. …
Reading the latest FBI report might convince you that Business Email Compromise was the largest cybercrime in 2020. Ransomware proves them wrong by a factor of at least 5 if not more. Both are scourges that SMBs need to protect themselves from. Become more aware to become more secure.
Iran announced that a blackout occurred at its uranium enrichment facility in Natanz. Iran blamed Israel for a sabotage attack on its underground Natanz nuclear facility that damaged its centrifuges. Israel …
Summary Message: Working out your Breach Notification during a Breach is a recipe for disaster. Back in December of 2018, Booking.com experienced a breach, where the company was exploited through …
April 2021: CyberHoot received notification of a hacking forum publishing the stolen phone numbers and personal data of 533 million Facebook users. The data was initially part of a breach …
As many know, the United States had its decennial (every ten years) census in 2020, helping determine and record population statistics all over our country; questions around race, sex, and …
Since Instagram’s official launch in 2010, it’s seen more than 1 billion accounts opened with users sharing close to 100 million photos every day. Instagram’s popularity skyrocketed since its launch …
Steganography is the interesting but potentially dangerous technique of hiding data or malware code secretly within an ordinary, non-secret file or message to avoid detection. The use of steganography can …
The popular musician Grimes sold some animations she made with her brother Mac on a website called ‘Nifty Gateway’. Some were one-offs, while others were authentic limited editions, all were …
Oct.1st, 2020: The US Treasury Department’s Office of Foreign Assets Control (OFAC) warned organizations that making ransomware payments is illegal. These payments violate US economic sanctions banning the support of …
Apple’s tracking-optional iOS 14.5 update provides privacy-preserving features, giving users the ability to opt-out of being followed around the Internet via “trackers” in their apps. This privacy-driven iOS 14.5 update …
For people searching for love online, it has become a little difficult due to scammers’ hell-bent on catfishing vulnerable people. The Federal Trade Commission (FTC) issued a warning about such …
Clearview AI has created one of the broadest and most powerful facial recognition databases in the world. Their application allows a user (law enforcement we hope) to upload a photo of …
In January of 2021, law enforcement and judicial authorities across the globe disrupted one of the most notable botnets of the past decade: Emotet. Investigators have taken control of its …
February 1st, 2021 Update: All Apple MacOS products are also at risk for the sudo privilege escalation vulnerability details in CVE-2021-3156. Patch these operating systems as soon as you have …
WordPress websites account for more than one-third of all websites on the Internet. WordPress is both flexible and powerful and runs some of the most used Internet sites such as …
Ubiquiti, a large vendor of cloud-enabled Internet of Things (IoT) devices such as Wi-Fi Access Points, Video Recorders, and Security Cameras recently faced a security incident. Ubiquiti stated an incident …
Browser extensions are tools that help with spelling/grammar, finding deals, storing passwords, or blocking ads; users don’t consider helpful tools being malicious in any form at all. Have you installed …
A PayPal text message phishing campaign was discovered that attempts to steal your account credentials and other sensitive information. This form of phishing attack, through text messages, is called Smishing. Hackers …
The damaging effects of ransomware hit $11.5 billion in 2019, and doubled in 2020 as new, more damaging strains of ransomware (Maze, Sodinokibi, Ryuk, Dharma) hit companies even harder. Older …
Fake IRS Tax Forms This week, AbnormalSecurity reported an attack on an estimated 15-50 thousand email inboxes with a phishing attack. The attack’s purpose was to gain personal information that …
