reporting cyber incidents USA

Managing a Cybersecurity Incident

Secure your business with CyberHoot Today!!! Sign Up Now Co-Authored by Craig Taylor In an ever-changing cybersecurity world, data breaches continue to increase in frequency and impact. Cybersecurity threats come …

increase mrr for msp

Increase MRR While Reducing Costs At Your MSP

Secure your business with CyberHoot Today!!! Sign Up Now An important part of running a successful Managed Service Provider (MSP) is ensuring you’re increasing your monthly recurring revenue (MRR). One way …

wormable http hole

Advisory: Wormable Windows HTTP Bug

January 12th, 2022: Today Microsoft sent a notification of a critical risk to those who use Windows devices. The critical bug is CVE-2022-21907, also known as HTTP Protocol Stack Remote …

google docs comment exploit

Google Docs’ Comment Phishing Exploit

A wave of phishing attacks has been generated within Google’s cloud-based word processing solution (Google Docs) and its “Comments” feature. Attackers use the commenting feature to send malicious links to …

pirated movie malware

Pirated Movies Containing Malware

ReasonLabs, a provider of cybersecurity prevention and detection software, recently discovered a new form of malware hacking into computers with the mask of the latest Spiderman movie. The movie is …

saas security risks

Software as a Service (SaaS) Risks and Challenges

Software as a Service (SaaS) applications have transformed businesses over the last decade with enormous value. SaaS solutions have enabled and empowered businesses to continue operating during the pandemic with …

remote job scam

Job Scam Attack: Fake Offers and Checks

The pandemic has created new opportunities for social engineering attacks on unsuspecting users. One method of attack has been successful enough to force the FBI to release a warning. Cybercriminals …

black friday cyberhoot

Be Wary of ‘Black Friday’ Scams

Finally, we’ve made it through the majority of 2021 and into the Holiday season, allowing us to celebrate by getting together with family and friends and perhaps do a little …

FedEx Smishing Scam

‘Tis The Season To Be Smished

The holiday shopping season means big business for retailers around the world, but it unfortunately also means big business for hackers. The reasoning is, people tend to be on the …

3-2-1 backup method

CyberHoot’s 3-2-1 Backup Guide

As the number of areas where data is stored increases, the concept of following a 3-2-1 Backup Strategy is often forgotten. While you can’t prevent every compromise of your company’s …

monero cyber criminals

Monero – The New Crypto For Hackers

Cybercriminals had a wake-up call after the FBI successfully breached a cryptocurrency wallet held by the Colonial Pipeline hackers by following the money trail on bitcoin’s public blockchain. The FBI …

2021 cybersecurity awareness month vlog

Cybersecurity Awareness Month Vlog Series 2021

Each day this month, we published a short (3–5 minute) interview CyberHoot’s Co-Owner Craig Taylor had with Mindwhirl outlining necessary topics to help improve people’s cybersecurity hygiene. Check CyberHoot’s VLOG and social media …

us wws data breach

U.S. Water and Wastewater Systems Cyber Breach

The Cybersecurity and Infrastructure Agency (CISA) released an alert of an ongoing cyber threat to the U.S. Water and Wastewater Systems, also highlighting five incidents that occurred between March 2019 …

gift card fraud

Gift Card Fraud

The cybersecurity world is continually inundated with the new strains of ransomware taking down large and small businesses alike. Unfortunately, this has brought attention away from other cyber-related attacks, like …

airtag attack

Apple AirTag Attack

In April of 2021, Apple unveiled the AirTag, a tracking device that can be put on nearly anything so users don’t lose their valuables. Users frequently use these on their …

Outlook Password Flaw in Autodiscover

Outlook “Autodiscover” Leaking Passwords

Cybersecurity experts at Guardicore published a report summarizing its research results involving security concerns in Microsoft “Autodiscover” feature. Their report states they were able to collect over a 372,072 domain …

united nations hacked

United Nations (UN) Breached

In the spring and summer of 2021, hackers stealthily entered the United Nation’s (UN) proprietary project management software, Umoja, accessing the network and stealing critical data to be used in …

japanese crypto exchange robbed

Japanese Crypto Exchange Robbed of $100,000,000

Recently, cryptocurrency exchanges, the place where you can buy and sell cryptocurrencies on the Internet, have been under active and successful attack. In one case, a Chinese cryptocurrency exchange called …

edge super duper secure mode

Microsoft Edge’s ‘Super Duper Secure Mode’

Microsoft’s Edge Vulnerability Research Team recently published details on a new feature in development called “Super Duper Secure Mode” (SDSM). SDSM is designed to improve security without notable performance losses. …

cisa advisory

CISA Advisory (ICSA-21-119-04)

August 19th, 2021: CyberHoot has received notification of critical risks to our national cybersecurity. A critical vulnerability has been made public by CISA, known as “BadAlloc”. Details of the vulnerabilities …

vishing bazarcaller

BazarCaller – Vishing Gang

BazarCaller is a new cybercrime gang that uses Vishing to trick its victims into handing over information or access to a device. Vishing is the malicious practice of making phone …

microsoft patch tuesday

Microsoft Patch Tuesday

On the second Tuesday of each month since 2003, Microsoft has released security-related updates to Windows (desktop and server), Office, and related products. Updates and patches aren’t only released on …

cisa top 30 threats

CISA’s Top Vulnerabilities in 2020 and 2021

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) teamed up with the Australian Cyber Security Centre (ACSC), the United Kingdom’s National Cyber Security Centre (NCSC), and the U.S. Federal Bureau …

ransomware backup testing

Ransomware, Backups, and Testing your Plan

The news headlines seem to be filled with ransomware attacks of late. Business owners are taking note and asking their Managed Service Providers (MSPs) and IT departments to improve their …

pegasus spyware

Pegasus Spyware

NSO, the Israeli technology company has been working with governments around the world by selling them robust surveillance systems. The tool, named Pegasus, unlocks the contents of a victim’s cellphone …

microsoft printnightmare

Microsoft’s PrintNightmare Vulnerability

Microsoft’s released an Out-Of-Band (OOB) emergency patch, affecting windows systems’ print-spooler subsystem. These printing issues are being called PrintNightmare by the media. The vulnerabilities are being tracked in CVE-2021-1675 and …

Social Networking in your Neighborhood

Nextdoor App Security

A new social media service, Nextdoor, is gaining steam as we come out of the COVID-19 pandemic. The platform is used to share trusted information about one’s neighborhood, to give …

Kaseya RMM Spreads Ransomware

Update and Correction – 3:30pm 7/3/21: CyberHoot has confirmed from Kaseya and other cybersecurity news sources that Webroot was not and is not a risk from this Kaseya ransomware event.  Only Kaseya …

payment app security

How Secure Are Payment Apps?

Cash is King, for now. The use of electronic payment applications has been steadily growing, according to a recent survey by the US Federal Reserve, cash payments accounted for only …

cybersecurity bill congress

Bipartisan Cybersecurity Bill Impending

Lawmakers on Capitol Hill are scrambling to introduce legislation addressing overwhelming spikes in ransomware and other cyberattacks on critical organizations like Colonial Pipeline and JBS. Until recently, the US federal …

fbi recovers ransomware funds

FBI Recovers Colonial Bitcoin Payment

In May of 2021, the United States’ largest pipeline, Colonial Pipeline, halted operations due to a ransomware attack. At the time, Colonial Pipeline carried 45% of the fuel used on the …

employment scams article

FBI: Watch Out For Fake Job Listings

Fake Job listings are collecting PII by the thousands of applicants. Be wary of offers too good to be true. Demand in person or video-based interviews and ask lots of questions.

defi blog

Decentralized Finance (DeFi) In A Nutshell

A phrase that has been making waves in the financial world is Decentralized Finance (aka: DeFi). DeFi uses cryptocurrency and blockchain technology to manage financial transactions outside the control of …

colonial pipeline hacked

Ransomware Shuts Down Largest U.S. Pipeline

The United States’ largest pipeline, Colonial Pipeline, halted operations due to a ransomware attack. Colonial Pipeline carries 45% of the fuel used on the U.S. East Coast, running from Texas …