ransomware backup testing

Ransomware, Backups, and Testing your Plan

The news headlines seem to be filled with ransomware attacks of late. Business owners are taking note and asking their Managed Service Providers (MSPs) and IT departments to improve their …

pegasus spyware

Pegasus Spyware

NSO, the Israeli technology company has been working with governments around the world by selling them robust surveillance systems. The tool, named Pegasus, unlocks the contents of a victim’s cellphone …

microsoft printnightmare

Microsoft’s PrintNightmare Vulnerability

Microsoft’s released an Out-Of-Band (OOB) emergency patch, affecting windows systems’ print-spooler subsystem. These printing issues are being called PrintNightmare by the media. The vulnerabilities are being tracked in CVE-2021-1675 and …

Social Networking in your Neighborhood

Nextdoor App Security

A new social media service, Nextdoor, is gaining steam as we come out of the COVID-19 pandemic. The platform is used to share trusted information about one’s neighborhood, to give …

Ransomware Breach through MSPs running Kaseya

Update: Webroot not a Risk. Kaseya RMM Spreads Ransomware

Today, ahead of the long weekend in the US, Kaseya, number three RMM solution for MSPs was compromised leading to the encryption with ransomware of at least 200 SMBs through the VSA Server, an on premise solution, or their Cloud offering or both. Check back for details as we update the situation.

payment app security

How Secure Are Payment Apps?

Cash is King, for now. The use of electronic payment applications has been steadily growing, according to a recent survey by the US Federal Reserve, cash payments accounted for only …

cybersecurity bill congress

Bipartisan Cybersecurity Bill Impending

Lawmakers on Capitol Hill are scrambling to introduce legislation addressing overwhelming spikes in ransomware and other cyberattacks on critical organizations like Colonial Pipeline and JBS. Until recently, the US federal …

fbi recovers ransomware funds

FBI Recovers Colonial Bitcoin Payment

In May of 2021, the United States’ largest pipeline, Colonial Pipeline, halted operations due to a ransomware attack. At the time, Colonial Pipeline carried 45% of the fuel used on the …

employment scams article

FBI: Watch Out For Fake Job Listings

Fake Job listings are collecting PII by the thousands of applicants. Be wary of offers too good to be true. Demand in person or video-based interviews and ask lots of questions.

defi blog

Decentralized Finance (DeFi) In A Nutshell

A phrase that has been making waves in the financial world is Decentralized Finance (aka: DeFi). DeFi uses cryptocurrency and blockchain technology to manage financial transactions outside the control of …

colonial pipeline hacked

Ransomware Shuts Down Largest U.S. Pipeline

The United States’ largest pipeline, Colonial Pipeline, halted operations due to a ransomware attack. Colonial Pipeline carries 45% of the fuel used on the U.S. East Coast, running from Texas …

Apply Apple Update Now

Apple Zero-Day – Cybersecurity Advisory

May 4th, 2021: Apple has released IOS updates for 4 critical issues that impact all Mac, iOS, iPad, and Watch products. “Processing maliciously crafted web content may lead to arbitrary …

airdrop security

Apple AirDrop Vulnerability

Security researchers in Germany have put out a press release about research findings to be presented at Usenix 2021. They presented findings proving that “Apple AirDrop shares more than files”. …

What Was 2020’s Most Expensive Cybercrime?

Reading the latest FBI report might convince you that Business Email Compromise was the largest cybercrime in 2020. Ransomware proves them wrong by a factor of at least 5 if not more. Both are scourges that SMBs need to protect themselves from. Become more aware to become more secure.

iran cyber attack

Israel Launches ‘Stuxnet 3.0’ On Iran

Iran announced that a blackout occurred at its uranium enrichment facility in Natanz. Iran blamed Israel for a sabotage attack on its underground Natanz nuclear facility that damaged its centrifuges. Israel …

booking.com breach

Booking.com Fined Following Vishing Attack

Summary Message: Working out your Breach Notification during a Breach is a recipe for disaster. Back in December of 2018, Booking.com experienced a breach, where the company was exploited through …

facebook user breach

Facebook Exploit – Cybersecurity Advisory

April 2021: CyberHoot received notification of a hacking forum publishing the stolen phone numbers and personal data of 533 million Facebook users. The data was initially part of a breach …

UK Census Smishing Attack

As many know, the United States had its decennial (every ten years) census in 2020, helping determine and record population statistics all over our country; questions around race, sex, and …

instagram scam

Instagram Scams: How To Avoid Them

Since Instagram’s official launch in 2010, it’s seen more than 1 billion accounts opened with users sharing close to 100 million photos every day. Instagram’s popularity skyrocketed since its launch …

twitter vulnerability

Twitter Steganography Risks

Steganography is the interesting but potentially dangerous technique of hiding data or malware code secretly within an ordinary, non-secret file or message to avoid detection. The use of steganography can …

non-fungible token blog

Why NFTs Are The Future

The popular musician Grimes sold some animations she made with her brother Mac on a website called ‘Nifty Gateway’. Some were one-offs, while others were authentic limited editions, all were …

ransomware ban

US Treasury Bans Ransomware Payments

Oct.1st, 2020: The US Treasury Department’s Office of Foreign Assets Control (OFAC) warned organizations that making ransomware payments is illegal. These payments violate US economic sanctions banning the support of …

apple privacy

Apple’s New Privacy Initiative

Apple’s tracking-optional iOS 14.5 update provides privacy-preserving features, giving users the ability to opt-out of being followed around the Internet via “trackers” in their apps. This privacy-driven iOS 14.5 update …

romance scams catfish

FTC Warns of ‘Romance Scammers’

For people searching for love online, it has become a little difficult due to scammers’ hell-bent on catfishing vulnerable people. The Federal Trade Commission (FTC) issued a warning about such …

canada clearview ai

Canada Rules Clearview AI’s Illegal

Clearview AI has created one of the broadest and most powerful facial recognition databases in the world. Their application allows a user (law enforcement we hope) to upload a photo of …

europol emotet takedown

Emotet Operation Takedown

In January of 2021, law enforcement and judicial authorities across the globe disrupted one of the most notable botnets of the past decade: Emotet. Investigators have taken control of its …

Security Advisory – Apple and Linux/Unix

February 1st, 2021 Update: All Apple MacOS products are also at risk for the sudo privilege escalation vulnerability details in CVE-2021-3156. Patch these operating systems as soon as you have …

wordpress risks

WordPress Site Risks

WordPress websites account for more than one-third of all websites on the Internet. WordPress is both flexible and powerful and runs some of the most used Internet sites such as …

Ubiquiti Security Breach

Ubiquiti, a large vendor of cloud-enabled Internet of Things (IoT) devices such as Wi-Fi Access Points, Video Recorders, and Security Cameras recently faced a security incident. Ubiquiti stated an incident …

chrome extensions

Chrome Extension Privacy Concerns

Browser extensions are tools that help with spelling/grammar, finding deals, storing passwords, or blocking ads; users don’t consider helpful tools being malicious in any form at all. Have you installed …

smishing

PayPal Smishing Attack

A PayPal text message phishing campaign was discovered that attempts to steal your account credentials and other sensitive information. This form of phishing attack, through text messages, is called Smishing.  Hackers …

Ransomware Task Force Forming

The damaging effects of ransomware hit $11.5 billion in 2019, and doubled in 2020 as new, more damaging strains of ransomware (Maze, Sodinokibi, Ryuk, Dharma) hit companies even harder. Older …

IRS Impersonation Attack

Fake IRS Tax Forms This week, AbnormalSecurity reported an attack on an estimated 15-50 thousand email inboxes with a phishing attack. The attack’s purpose was to gain personal information that …

irs pin

IRS Pin Protection in 2021

The Internal Revenue Service (IRS) announced this week that in January 2021 taxpayers can apply for an Identity Protection Personal Identification Number (IP PIN). This single-use code is designed to …

awdl apple threat

Close Proximity iPhone Hack

Google’s Project Zero cybersecurity researcher (and white-hat hacker) Ian Beer published an article in December of 2020, outlining how hackers can break into nearby iPhones to steal personal data. The …

‘Smart’ Doorbell Vulnerabilities

The holiday season is officially upon us. Now is a good time to find great deals but proceed with caution: be wary of “too good to be true” deals. CyberHoot …

firefox 83 https

HTTPS-Only Mode Introduced by Firefox

For those that don’t know, the webpage you’re reading this article on features the security protocol of ‘HTTPS’ for example, https://cyberhoot.com/; meaning all data leaving this webpage to and from your …

black friday cyberhoot

Be Wary of ‘Black Friday’ Scams

Finally, we’ve made it through the majority of 2020 and into the Holiday season, allowing us to celebrate by getting together with family and friends and perhaps do a little …

vishing threat

Vishing, A Threat You Haven’t Thought About

During COVID19 Hackers have upped their attacks to even circumvent two-factor authentication measures. Learn how they are using Vishing to by-pass your best VPN security measures and steal and ransom your data.

EOL and EOS Software and Hardware

11 Reasons to Upgrade Hardware and Software

The pyramids in Egypt and the Great Wall of China were built to last forever. Computer hardware and software? Not so much. IT departments typically replace their workstations, servers, and …

human firewall

Building A Human Firewall

Most cybersecurity experts believe people are the weakest link but at CyberHoot we view people as the strongest line of defense known as the Human Firewall. Through training, policy guidance, and technical protections, people can go from weakest link to cybersecurity tour-de-force in protecting your company. Give them a fighting change and help them become more aware and in so doing, more secure personally and professionally.

Securing Remote Workers

COVID19 has forced many workers into work from home conditions. This has introduced new risks that are more easily addressed by cloud-enabled companies than more traditional on-premises application using companies. This article seeks to identify tips for both in securing businesses whether cloud-enabled or on-premise is your primary application source.

vCISO virtual CISO

vCISOs, Keeping Your Business Secure

There seems to be a news report every day about the latest security breach. Securing the privacy of company information, user information, and customer data is a top priority for …

cyber insurance

Cyber Insurance: Why It’s Needed – Part 1

Cyber Insurance is a developing market with businesses regularly purchasing cyber coverage in addition to liability, errors and omissions, fire, and flood. With so many attacks and data breaches happening …

microsoft critical vulnerability

ALERT: Microsoft Releases “Zerologon” Patch

CyberHoot’s Chief Information Security Officer constantly monitors the cybersecurity threats MSPs and SMBs face. Recently, a critical vulnerability was patched by Microsoft in August 2020. This vulnerability was so severe, …

smishing threat phishing

Smishing, The New Phishing

Many people know about Phishing, a form of social engineering to deceive individuals into doing a hacker’s bidding. Hackers convince users to click on malicious links in an email resulting …

government cybersecurity attacks

State & Local Government Cyberattacks Up 50%

Cybersecurity firm BlueVoyant published a report on August 27, 2020, finding that State and Local Governments have seen a 50% increase in cyberattacks since 2017. The report outlined the cyberattacks …