Blog - CyberHoot

CyberHoot's Ghoulish Offering pairing Halloween with Cybersecurity Month to take the Fright out of Cybersecurity and build Cyber Literacy.

Save Your Staff From Breaches. Use CyberHoot During Cybersecurity Awareness Month for Free!

CyberHoot is offering any MSP free enrollment of any and all clients into CyberHoot for free until the end of October (31st), 2023. Enroll your prospects or existing customers in our platform and launch expedited Cybersecurity awareness training in the Month of Oct. using our fully automated system. We will credit you any users or clients enrolled for the entire month of Oct. Must be a new client to CyberHoot. If after the month ends you want to remove them, you absolutely may without penalty.

CyberHoot's Owl sharing five ways It adds value to MSPs

Blog

The Fabulous Five: How CyberHoot Makes Managed Service Providers Shine Brighter

CyberHoot has been shown to improve customer retention for MSPs. It lowers the cost of supporting clients through fewer security incidents, better product training, and educational phish testing. We know it works because MSPs tell us emails to support asking “Is this a Phish?” or “Is this an Attack?” go away. Start a 30 day free trial and month-to-month forever afterwards.

Blog

Top 5 Emerging Cybersecurity Threats Businesses Must Be Aware Of

Cybersecurity threats continue to evolve and expand in both sophistication and impact. Businesses must choose how to address these top 5 emerging threats proactively, when they control the playing field and have high ground instead of reactively, after an incident when they have been knocked down and are struggling to get up.

Blog / Press Releases

Augmentt partners with CyberHoot to build Cybersecurity Literacy within MSPs and their clients.

Advisory / Blog

EvilProxy Malware Steals Session Tokens bypassing MFA on Victim’s Email Account

Hackers have been using EvilProxy to capture authenticated session tokens from unsuspecting phishing email victims.

Owls in the Classroom dispensing knowledge to students

Blog

White House Recognizes the Importance of Cybersecurity Education with Proposed Funding

The White House recognizes the importance of cybersecurity literacy by proposed to fund K-12 education of school teachers and administrators and possibly also students.

Blog

Risk Assessment: A Game Changer for Your Business

For most businesses, balancing time and money is a constant struggle. A risk assessment is designed to simplify your conversations by identifying both the most critical risks and rank ordering them, enabling you to determine what to work on first and then work your way down the list of critical threats to your business.

Blog / Press Releases

CyberHoot Press Release: Graph API Support

CyberHoot Press Release Microsoft Graph API Integration Portsmouth, NH – July 17th, 2023 – CyberHoot, a leading Cybersecurity Learning Management System (LMS), today announced the integration of Microsoft’s Graph API …

CyberHoot Owl Teaching Cybersecurity to Employees

Blog

The Top 10 Benefits of Integrating Cybersecurity Awareness Training and Testing into Your MSP Offering

Cybersecurity training and phish testing delivers enormous value to your MSP, its clients and all employees. Most value is obvious such as fewer security incidents while other value may be over looked such as providing employees better work-life balance with fewer nights and weekends spent recovering from security incidents.

Teams is a Trojan Horse Malware Delivery Agent

Advisory / Blog

Is Microsoft Teams a Direct Trojan Horse Malware Delivery Service to Employees?

Exploiting a flaw in how the app handles communication with external tenants gives threat actors an easy way to send malicious files from a trusted source to an organization’s employees. Microsoft believes this is a feature and no patch will be provided. This delivery method bi-passes traditional payload delivery security controls.

Blog / VLOG

Business Ninja Interview of CyberHoot Co-Founder

Business Ninja’s interviewed CyberHoot’s co-Founder Craig Taylor. This interview outlines CyberHoot’s unique and positive outcome approach to cybersecurity program development at your company. Our Co-Founder details what’s working and what’s broken in the emergency Cybersecurity industry. Business owners need to watch to learn what they should be doing to protect their businesses from compromise. Doing so provides much needed peace of mind.

Sextortion using Deep Fakes is Causing Enormous Emtional and Financial Damage.

Blog

Protecting Your Business and Family from DeepFake Attacks: A Comprehensive Guide

The FBI has reported a dramatic growth in Deep Fake attacks on individuals and businesses from hackers seeking to extort money from or embarrass individuals and businesses by creating elicit pornographic material in the likeness of the victim from their online persona and public images and videos.

SS Cybersecurity on a Journey of Phish Testing and Awareness Training

Blog

Hook, Line, and Secure: Reeling in the Benefits of Awareness Training and Phish Testing Services

This article outlines five unusual benefits and five well known benefits to Awareness Training and Phish Testing service. It presents them to Manage Service Providers (MSPs) hoping to convince them to add such services to their standard offerings for all clients.

Advisory / Blog

Old Attacks Made New Again by Hackers Exploiting our Browsers and Our Fears

Virus warning attacks have plagued computer users for years. Recently, hackers have figured out how to exploit these attacks in your Google Chrome (and possibly other) browsers, seizing control of your browser and scaring you into calling fake customer support hotlines to extort you for money.

Blog

A Cybersecurity Comedy: Protecting Businesses One Laugh at a Time!

Cybersecurity too often seems like a stress inducing serial murder show. While it is serious business, adding a dose of humor will make it more memorable.

Blog

10 Ways to Help Grow your MSP

Growing your MSP is not as hard as you might think. It require a laser focus on differentiation, adding cybersecurity services, and fanatical attention to customer service to name a few of the top 10 items lists in this article.

Passkey Authentication to replace Passwords

Blog

Passkeys are the first steps on the Long Road to a Passwordless Future

The FIDO alliance is a high-powered tech alliance seeking to eliminate passwords from our online lives by replacing them with a much more secure public and private key authentication solution. Backed by Google, Microsoft, and Apple, it is a strong foray into the elimination of passwords from our everyday lives.

Blog

10 Ways Your Security Awareness Training is Failing You

Cybersecurity platforms are designed to build robust, layered defenses for your organization. However, too often they fall short of their lofty and critical goals. This articles delves into 10 common failure points and provides unique perspectives on how to avoid them.

Blog

3 Ways MSPs Add Value to Client Relationships and How to Capitalize on Them

To stand out and foster lasting relationships, MSPs must go beyond basic technical support by adopting innovative strategies to provide additional value to their customers. Once successful, MSPs must call out the emotional value that comes from these solutions.

Voice cloning is becoming a threat to families from fake ransom attacks.

Blog

Voice Cloning is Becoming a Ransom Threat

Voice impersonation, also known as voice cloning, are becoming an increasingly prevalent threat in the digital landscape. Sophisticated artificial intelligence (AI) technologies can now imitate voices with remarkable accuracy, leading to threats against our privacy and security.

Attack-Based Phish Testing is Fundamentally Flawed

Blog

3 Ways Attack-Based Phish Testing is Failing Us

Attack-based phish testing creates fear, anxiety, and doubt in end users. It does not create awareness, harms IT, and misinforms management. Despite representing a billion dollar industry, traditional attack-based phish testing is fundamentally flawed. It causes untold problems for IT departments, individual users, and Managed Service Providers. Studies have shown it can even lead to more clicks by end users! This article outlines the fundamental flaws in attack-based phishing. It goes on to outline improvements from educational, positive outcome phish testing assignments that teach users how to finally spot every phishing attack and delete or avoid it.

Advisory / Blog

Top Five (5) Risks from SMS-Based Multifactor Authentication

Multi-factor authentication can be one of the best protect measures companies can implement on their critical accounts. However, not all methods of MFA are equal and some, like SMS, carry inherent risks and should not be used.

Gradient and CyberHoot Integration Announcement

Blog / Press Releases

CyberHoot Press Release: Gradient Billing Integration

CyberHoot Press Release Gradient Billing Integration FOR IMMEDIATE RELEASE Portsmouth, NH – March 28th, 2023 – CyberHoot today announces Gradient billing integration through their Synthesize platform. Synthesize helps MSPs automate …

Advisory / Blog

Five Ways ChatGPT Helps You Hack

There is a dark side to ChatGPT. Hacking tutorials abound on YouTube showing unskilled hackers how to hack with ChatGPT. ChatGPT can create convincing phishing attacks in a language of your choice, writing software code for them, which through trial and error can transform into novel and effective malware.

Additional Cybersecurity Tools for the MSP Toolbox

Blog

Cybersecurity Tools Every MSPs Needs (Part 2)

Cybersecurity tools every MSP needs in their toolbox to identify attacks, limit damage, and recover quickly.

Top 10 Cybersecurity Tools every MSP needs

Blog

Top 10 Tools Every MSP Needs in their Toolbox

These 10 cybersecurity tools need to be in every MSP’s toolbox. Use them to secure your clients from breach. Help them protect themselves from what they might not know about cybersecurity.

Advisory / Blog

ConnectWise_Recover_ZK_Framework_Vulnerability

ConnectiWise Recover and R1Soft Server Backup software both leverage the ZK Framework. As such they need patching due to a vulnerability that can lead to remote code execution and potentially privilege escalation.

Advisory / Blog

OpenSSL Releases Vulnerabilities Patches

OpenSSL releases vulnerability patches containing 8 bug fixes in its latest releases available across three release train binaries. The criticality of bugs range from high to moderate. They all relate to memory handling issues stemming from the fact OpenSSL was written in C.

Blog

Top 10 MSP Cybersecurity Risks

MSPs face many risks. These are the top 10 Cybersecurity risks MSPs face and how to avoid them.

Blog

Top 10 Security Awareness Training Challenges and Solutions

This article outlines the top 10 security awareness training challenges and solutions. Businesses are under increased attack with ever more costly outcomes for failure. People are the weakest link. Training and testing them carefully, with automated solutions provide the greatest return on investment.

Blog

A Humorous AI Story Detailing the T-Mobile Breach

CyberHoot has reported on the opportunities and challenges of ChatPGT’s natural language engine and deep research capabilities. This article summarizes the recent T-Mobile breach of 37M records in a humorous way while outlining the very real risks of Smishing, Phishing, and Vishing.

Advisory / Blog

The Last Straw for LastPass – Migration Time

Over the last few months, CyberHoot has learned more and researched more opinions on Password Managers concerning the latest LastPass security breach. We have felt for some time we needed to migrate to a new solution. However, what criteria would we use and recommend in order to not hope from the frying pan into the fire? This article is our attempt to summarize how you should choose your replacement password manager for your company or yourself individually.

AI Powered ChatBots are creating opportunities and challenges for our reality.

Blog

Natural Language AI-Based ChatGPT Creating Opportunities and Challenges

Advancements in AI and natural language have led to a host of new capabilities and challenges alike. This article seeks to summarize those to create awareness around the changing landscape of AI as it relates to societal norms.

Advisory / Blog

LastPass Breach Update – August 22 – December 22

In August, LastPass was breached but they claimed that no client data was stolen only source code. In late December 2022 they updated their stance stating that encrypted client vaults were stolen but that default password length requirements protected most users. CyberHoot recommends you change your master password.

Linux Kernel 5.15 has a potentially 9.6 level vulnerability (out of 10) in the kernal. Search for impact and patch asap.

Advisory / Blog

New Linux Kernel Bug is a Patch Now or Disable Scenario

If you run Linux Kernel 5.15 or later you are potential at risk (10 out of 10) vulnerability in the ksmbd kernel module added in some versions of linux kernels or later. Perform an assessment asap and patch your kernel or remove the module if you’re impacted.

Advisory / Blog

FBI’s Vetted Cybersecurity Organization “Infragard” Breached

“InfraGard connects critical infrastructure owners, operators, and stakeholders with the FBI to provide education, networking, and information-sharing on security threats and risks,” the FBI’s InfraGard fact sheet reads.

Advisory / Blog

“Aikido” Vulnerability Turns EDR into Wiper Malware

Security Researcher from SafeBreach has revealed critical race conditions in EDR software that can lead to a compromise of the devices running the security software. Exploit code has been seen in the wild that delivers Wiper malware to destroy the infected hosts data and operating system. Immediate patching and reboot is required.

American Data Privacy and Protection Act (ADPPA)

Blog

Don’t let the American Data Privacy and Protection Act Fizzle Out – Vote

The American Data Privacy and Protection Act has crossed many federal hurdles and has bi-partisan support. Enough Republican Senators have signed on to pass this protective statute that were it to come to a vote is would pass. However, it hasn’t been called for a vote. We need to pressure our legislatures to vote.

Hosted Exchange Security Incident Dec. 2022

Advisory / Blog

Category: Blog