Weekly blog articles covering current, critical cybersecurity topics to help the world become more aware and more secure.
ConnectiWise Recover and R1Soft Server Backup software both leverage the ZK Framework. As such they need patching due to a vulnerability that can lead to remote code execution and potentially privilege escalation.
ChatGPT Authors a Humorous Cyber Breach Article Relating to T-Mobile CyberHoot examined ChatGPT ourselves and asked it to write a humorous article about a large Mobile Carrier breach. Despite common …
OpenSSL releases vulnerability patches containing 8 bug fixes in its latest releases available across three release train binaries. The criticality of bugs range from high to moderate. They all relate to memory handling issues stemming from the fact OpenSSL was written in C.
MSPs face many risks. These are the top 10 Cybersecurity risks MSPs face and how to avoid them.
This article outlines the top 10 security awareness training challenges and solutions. Businesses are under increased attack with ever more costly outcomes for failure. People are the weakest link. Training and testing them carefully, with automated solutions provide the greatest return on investment.
CyberHoot has reported on the opportunities and challenges of ChatPGT’s natural language engine and deep research capabilities. This article summarizes the recent T-Mobile breach of 37M records in a humorous way while outlining the very real risks of Smishing, Phishing, and Vishing.
Over the last few months, CyberHoot has learned more and researched more opinions on Password Managers concerning the latest LastPass security breach. We have felt for some time we needed to migrate to a new solution. However, what criteria would we use and recommend in order to not hope from the frying pan into the fire? This article is our attempt to summarize how you should choose your replacement password manager for your company or yourself individually.
Advancements in AI and natural language have led to a host of new capabilities and challenges alike. This article seeks to summarize those to create awareness around the changing landscape of AI as it relates to societal norms.
FBI’s Vetted Cybersecurity Organization “Infragard” Breached Learn how a cybersecurity organization that partnered with the Federal Bureau of Investigation (FBI) to protect critical US infrastructure got hacked. “Aikido” Vulnerability Turns EDR …
In August, LastPass was breached but they claimed that no client data was stolen only source code. In late December 2022 they updated their stance stating that encrypted client vaults were stolen but that default password length requirements protected most users. CyberHoot recommends you change your master password.
If you run Linux Kernel 5.15 or later you are potential at risk (10 out of 10) vulnerability in the ksmbd kernel module added in some versions of linux kernels or later. Perform an assessment asap and patch your kernel or remove the module if you’re impacted.
“InfraGard connects critical infrastructure owners, operators, and stakeholders with the FBI to provide education, networking, and information-sharing on security threats and risks,” the FBI’s InfraGard fact sheet reads.
Security Researcher from SafeBreach has revealed critical race conditions in EDR software that can lead to a compromise of the devices running the security software. Exploit code has been seen in the wild that delivers Wiper malware to destroy the infected hosts data and operating system. Immediate patching and reboot is required.
The American Data Privacy and Protection Act has crossed many federal hurdles and has bi-partisan support. Enough Republican Senators have signed on to pass this protective statute that were it to come to a vote is would pass. However, it hasn’t been called for a vote. We need to pressure our legislatures to vote.
Microsoft O365 provides a more secure, feature rich, and consistent environment for email services than hosted exchange does today.
The U.S. Securities and Exchange Commission (SEC) is proposing new disclosure requirements by company boards regarding cybersecurity risk management, strategy, governance policies, procedures, and incidents. This would be an amendment …
CyberHoot has recently seen the impact of the Royal ransomware. An MSP had a client who refused security awareness training and someone fell for one of the many attack vectors …
Credit cards, virtual credit cards, payment services (Venmo, Cash), and even digital wallets (Apple Pay, Google Pay) are all available to purchase what you need online.
Top 10 Reasons to Conduct Awareness Training and Testing Businesses all over the world experience increasingly sophisticated attacks with escalating damages and impact. Awareness training and phish testing are two …
Citrix has announced multiple vulnerabilities in their ADS and Gateway products that require patching to mitigate. Learn what to do in this article.
There are many reasons to consider upgrading aging hardware and software including better efficiency, reliability, performance, happier staff, security, and more.
Cybersecurity awareness training helps combat human error, one of the most common exploitable parts of any cybersecurity program. Use these facts to convince management at your company its finally time to train your staff on cybersecurity.
DNS protections help identify & defend against some malicious websites. Inspection lead to blocked access and can prevent a breach.
Employees depart with sensitive info while others may sell company secrets. Learn how to spot suspicious behaviors to thwart insider attacks.
You probably know that Password Managers improve cybersecurity dramatically. However, did you know they also improve productivity by more than 11 hours each year?
Business Email Compromise (BEC) can lead to many other damages including wire fraud, and phishing attacks focused on your clients.
Hackers will try anything to breach your network including sending us malicious attachments. Always be super careful with files sent via email.
How much do companies pay when breached? It depends upon the data that was stolen. In some cases, such as healthcare, the costs of managing a breach are increasing YOY. Recent IBM data showed Healthcare records costing 3x what other records cost in a breach. Isn’t it time you started preparing for and sought to prevent breaches.
How much do companies pay when breached? It depends upon the data that was stolen. In some cases, such as healthcare, the costs of managing a breach are increasing YOY. Recent IBM data showed Healthcare records costing 3x what other records cost in a breach. Isn’t it time you started preparing for and sought to prevent breaches.
Data value depends upon many factors including who easily it can be monetized on the dark web. Know your data and its value, then protect it from harm.
Identity theft is easier than ever as our private data continues to spill out all over the Internet.
Physical security at businesses has suffered somewhat post-Covid as employees return to work places but haven’t received training on common attacks such as Tail-Gating and Piggy-Backing.
Cybersecurity can often be dramatically improved with some simple measures. Technically, enabling 2FA or MFA is one of those. Adopting a password manager is a second. Training your staff is a third.
Cybersecurity jobs are a challenge to fill across the world today. 3.5 million open positions globally with 700k in the US alone.
Cyber insurance helps you quickly pick up the pieces following a breach. Not having it leads to shortcuts and mistakes.
Ransomware is always evolving, becoming more sophisticated and damaging. Harden your company today to prevent a devastating ransomware attack.
NIST has asked companies to allow for long passwords that don’t expire and don’t have complexity requirements. When will you follow their advice?
Developing a patching process for your company will ensure the security of your devices.
Spear Phishing Keys off of Social Media Information Eighty-four (84%) percent of business owners have received sophisticated and dangerous spear-phishing attacks in the last year alone. Business owners and their …
Defending your business from Cyberattacks takes preparation and practice.
Life isn’t fair. Companies that are victims of a cyberattack are most often blamed (64%) by consumers for inadequate controls and protective mechanisms for their cybersecurity program. Perception is reality and so the time to prepare and harden your company to these attacks is now. Don’t wait until a breach happens, sign up for CyberHoot today.
Duplicate this article and then edit it to create easy to complete Blog articles.
Banking information, healthcare records, credential databases are all extremely valuable to hackers seeking to profit from the sale of this data on the Dark web. Know what data you have and how it is both saleable and to be protected. Begin building your cybersecurity program today to protect against breaches with CyberHoot.
Privacy regulations have been passed in 70% of the world’s countries and 100% of the Americas. Is your website privacy policy up-to-date with these regulations? If not, you’re going to need to spend some energy complying. CyberHoot’s vCISO services can help. Visit us today.
The dark web contains marketplaces where illegal items are traded including credentials into our online accounts. For as little as $2.00/account hackers can by employee credentials to breach your company’s email systems, VPN, or online SaaS applications to cause havoc and steal your money, data, or both. Learn how to protect yourself using CyberHoot.
Phishing attacks are up 600% since the pandemic. Ignoring them is not an option. Train and test employees today on spotting and avoiding phishing attacks with CyberHoot.
Healthcare providers are huge targets for ransomware because modern ransomware publishes patient data online if you don’t pay the ransom. Gone are the days where you could simply restore your critical data from backup and ignore the ransom. For healthcare providers, a ransomware breach is the worst possible outcome. Pay the ransom, report the attack, pay the HIPAA fine for lack of cybersecurity protections. Get busy today creating a strong defense-in-depth cybersecurity program to protect your patient records.
Hackers hide in our networks for long periods of time (~200 – 250 days). Build a robust cybersecurity program to keep them out with CyberHoot.
Ransomware attacks are up 61% in the last 2 years. 64% of companies paid the ransom but 40% who paid never recovered their data!
The Hidden Costs of a Data Breaches Data breaches happen all the time. From ransomware to business email compromise, businesses are predicted to lose 10.5 billion dollars to cyberattacks per …
