Why NFTs Are The Future
The popular musician Grimes sold some animations she made with her brother Mac on a website called ‘Nifty Gateway’. Some were one-offs, while others were authentic limited editions, all were …
US Treasury Bans Ransomware Payments
Oct.1st, 2020: The US Treasury Department’s Office of Foreign Assets Control (OFAC) warned organizations that making ransomware payments is illegal. These payments violate US economic sanctions banning the support of …
Apple’s New Privacy Initiative
Apple’s tracking-optional iOS 14.5 update provides privacy-preserving features, giving users the ability to opt-out of being followed around the Internet via “trackers” in their apps. This privacy-driven iOS 14.5 update …
FTC Warns of ‘Romance Scammers’
For people searching for love online, it has become a little difficult due to scammers’ hell-bent on catfishing vulnerable people. The Federal Trade Commission (FTC) issued a warning about such …
Canada Rules Clearview AI’s Illegal
Clearview AI has created one of the broadest and most powerful facial recognition databases in the world. Their application allows a user (law enforcement we hope) to upload a photo of …
Emotet Operation Takedown
In January of 2021, law enforcement and judicial authorities across the globe disrupted one of the most notable botnets of the past decade: Emotet. Investigators have taken control of its …
Security Advisory – Apple and Linux/Unix
February 1st, 2021 Update: All Apple MacOS products are also at risk for the sudo privilege escalation vulnerability details in CVE-2021-3156. Patch these operating systems as soon as you have …
WordPress Site Risks
WordPress websites account for more than one-third of all websites on the Internet. WordPress is both flexible and powerful and runs some of the most used Internet sites such as …
Ubiquiti Security Breach
Ubiquiti, a large vendor of cloud-enabled Internet of Things (IoT) devices such as Wi-Fi Access Points, Video Recorders, and Security Cameras recently faced a security incident. Ubiquiti stated an incident …
Chrome Extension Privacy Concerns
Browser extensions are tools that help with spelling/grammar, finding deals, storing passwords, or blocking ads; users don’t consider helpful tools being malicious in any form at all. Have you installed …
PayPal Smishing Attack
A PayPal text message phishing campaign was discovered that attempts to steal your account credentials and other sensitive information. This form of phishing attack, through text messages, is called Smishing. Hackers …
Ransomware Task Force Forming
The damaging effects of ransomware hit $11.5 billion in 2019, and doubled in 2020 as new, more damaging strains of ransomware (Maze, Sodinokibi, Ryuk, Dharma) hit companies even harder. Older …
IRS Impersonation Attack
Fake IRS Tax Forms This week, AbnormalSecurity reported an attack on an estimated 15-50 thousand email inboxes with a phishing attack. The attack’s purpose was to gain personal information that …
IRS Pin Protection in 2021
The Internal Revenue Service (IRS) announced this week that in January 2021 taxpayers can apply for an Identity Protection Personal Identification Number (IP PIN). This single-use code is designed to …
Close Proximity iPhone Hack
Google’s Project Zero cybersecurity researcher (and white-hat hacker) Ian Beer published an article in December of 2020, outlining how hackers can break into nearby iPhones to steal personal data. The …
‘Smart’ Doorbell Vulnerabilities
The holiday season is officially upon us. Now is a good time to find great deals but proceed with caution: be wary of “too good to be true” deals. CyberHoot …
HTTPS-Only Mode Introduced by Firefox
For those that don’t know, the webpage you’re reading this article on features the security protocol of ‘HTTPS’ for example, https://cyberhoot.com/; meaning all data leaving this webpage to and from your …
Vishing, A Threat You Haven’t Thought About
During COVID19 Hackers have upped their attacks to even circumvent two-factor authentication measures. Learn how they are using Vishing to by-pass your best VPN security measures and steal and ransom your data.
11 Reasons to Upgrade Hardware and Software
The pyramids in Egypt and the Great Wall of China were built to last forever. Computer hardware and software? Not so much. IT departments typically replace their workstations, servers, and …
Building A Human Firewall
Most cybersecurity experts believe people are the weakest link but at CyberHoot we view people as the strongest line of defense known as the Human Firewall. Through training, policy guidance, and technical protections, people can go from weakest link to cybersecurity tour-de-force in protecting your company. Give them a fighting change and help them become more aware and in so doing, more secure personally and professionally.
Securing Remote Workers
COVID19 has forced many workers into work from home conditions. This has introduced new risks that are more easily addressed by cloud-enabled companies than more traditional on-premises application using companies. This article seeks to identify tips for both in securing businesses whether cloud-enabled or on-premise is your primary application source.
vCISOs, Keeping Your Business Secure
There seems to be a news report every day about the latest security breach. Securing the privacy of company information, user information, and customer data is a top priority for …
Cyber Insurance: What You Need To Know – Part 2
Cyber Insurance is a developing market with businesses regularly purchasing cyber coverage in addition to liability, errors and omissions, fire and flood. With so many attacks and data breaches happening …
Cyber Insurance: Why It’s Needed – Part 1
Cyber Insurance is a developing market with businesses regularly purchasing cyber coverage in addition to liability, errors and omissions, fire, and flood. With so many attacks and data breaches happening …
ALERT: Microsoft Releases “Zerologon” Patch
CyberHoot’s Chief Information Security Officer constantly monitors the cybersecurity threats MSPs and SMBs face. Recently, a critical vulnerability was patched by Microsoft in August 2020. This vulnerability was so severe, …
Smishing, The New Phishing
Many people know about Phishing, a form of social engineering to deceive individuals into doing a hacker’s bidding. Hackers convince users to click on malicious links in an email resulting …
State & Local Government Cyberattacks Up 50%
Cybersecurity firm BlueVoyant published a report on August 27, 2020, finding that State and Local Governments have seen a 50% increase in cyberattacks since 2017. The report outlined the cyberattacks …
The New & Improved Wi-Fi 6 Standard
Do you ever get frustrated with your Internet speeds and find yourself saying “there’s no way this is as fast as it can go”? Well luckily for you, there’s a …
API Security Risks and Recommendations
Experts are warning security professionals of the next big threat hitting the cyber world: Application Programming Interface (API) attacks. APIs work to make systems perform better by integrating other website’s …
Hacker’s Court Hearing Disrupted By Porn Clip
CyberHoot’s mission is to help people become more aware and therefore more secure. This week’s blog is about securing Zoom meetings and why you would need to do so. When …
Facial Recognition Takes A Step Back
As facial recognition technology improves and becomes more widespread in its applications for authentication purposes, it is important to understand that security researchers are also devising schemes to fool these systems and to both hide identities from the technology, and to find people from large identity databases alike. The only thing certain about facial recognition today is that it exists and it will continue to be refined and that privacy laws are struggling to keep pace with these advancements.
GandCrab Ransomware
Increasingly sophisticated and damaging ransomware attacks are here. Availability has always been threatened, but backups prevented ransoms from being paid so hackers have added confidentiality attacks. Ransomware like Maze and REvil now threaten to release critical data online if a ransom isn’t paid. Visit Cyberhoot to learn how to protect from this evolution and escalation in the ransomware war with hackers.
Garmin Ransomware Attack
Garmin, like Twitter the week before, suffered a massive breach. For Garmin it was ransomware while Twitter saw 130 of its most influential accounts taken over by hackers. Both companies suffered at the hands of hackers who used social engineering attacks to get into the companies and cause their damage. Visit CyberHoot to learn how to protect yourself and your company from these attacks.
Jackpotting: Asian ATM Hacking Reaches the US
Automated Teller Machines (ATMs) have been around for more than 50 years. In that time, criminals have found many unique ways to steal the cash they contain. Physical security, network security, logical security all play roles in protecting these machines from compromise. Learn how banks are protecting the machines and what you can learn from ATM heists to protect your own business at CyberHoot.
U.S.S.S. Reporting Increase In Hacked MSPs
The Secret Service warned of increasing attacks on MSPs in July 2020. If you’re not learning how to protect yourself as a Next Generation MSP, then you’re going to be compromised and you’re going to be out of business in the future. The risks are too great. You need to become more aware to become more secure. Learn how to do all this with CyberHoot.
Major Twitter Accounts Hacked
July 15, 2020: Hundreds of high-profile twitter accounts were hacked including Elon Musk, Kanye West, Barack Obama, Bill Gates, and many others. They all posted nearly identical messages asking for …
SIGRed – Critical Microsoft Vulnerability
Every so often, a vulnerability is discovered so egregious that its discovery warrants a special name. On July 14th 2020, a new vulnerability named “SIGRed” was announced that could lead to the compromise of ALL Windows servers from a simple email phishing attack containing a specially-crafted DNS query that would yield complete hacker control of impacted servers. Now that I have your attention, stop what you were planning to do, and read up on SIGRed and apply the Patch of the Registry work-around NOW.
Hacker’s Latest Scam: Pet Adoptions
Cyber criminals capitalize on global events (COVID) and national trends that result from global events (Pet Adoption increases). CyberHoot is seeing an increase in Pet Adoption Scams and wants to help our users become more aware of how to spot these scams and avoid them. Become more aware to become more secure.
Social Media Used To Catch Violent Protester
Social media video was used to identify and apprehend a violent protester in Philidelphia. Our images and identity markers are being documented everywhere we go and our privacy is being bottled up in countless databases across the world, boiled down to a digital fingerprints, and used by law enforcement and others if the data is breached and stolen. Are the right protections in place to protect our 4th amendment rights? With great power comes great responsibility. It also requires great cybersecurity protection which CyberHoot is not convinced exists to keep these digital fingerprints safe and protected from misuse.
Malware in Macs
MAC Malware has grown faster than Windows Malware in the last 24 months. If you bought a MAC because it was “safer” think again and learn all the types of malware that’s impacting these systems. Become more aware to become more secure especially with respect to MAC hardware.
Hackers Are Releasing Fake Contact Tracing Apps
Hackers are constantly adapting to the changing realities of today’s global pandemic. Their latest attack method is the release of bogus contact tracing applications. Twelve (12) country’s have had fake contract tracing apps released by hackers impersonating their government contact tracing programs in order to compromise citizen’s mobile devices. Learn how to protect yourself in this article.
Stalkerware Could Be Spying On You
In this day and age, the ability to track someone with their mobile devices is incredibly easy. It’s made easier still using automated tools like stalkerware available online from the dark web. Learn how to protect yourself and your devices at CyberHoot.com.
YouTubers: The Growing Security Target
YouTube Influencers make a good deal of money and are being targeted for account hi-jacking by hackers seeking to extort them for bitcoin ransom payments. Pay or lose your followers/subscribers when the hacker posts offensive materials alienating subscribers.
Phish Testing Employees
Phishing attacks represent 90% of successful breaches at Small to Medium Sized Businesses (SMBs). Learn what they are and how to protect yourself from them at CyberHoot.com.
OWASP Top Ten
Development shops need to practice safe and secure coding. The best way to get your developers all on the same page is to train them in the Top 10 most common security mistakes made in coding. Visit CyberHoot.com’s blog article here on OWASP Top 10 coding errors that lead to insecure applications.
Regulations Like the CCPA Don't Stop at California
Data Privacy legislation has received some heavy support from the European Union with the passing of the General Data Privacy Regulations (GDPR) followed by California’s Consumer Protection Act (CCPA). Additional states are looking to bring a patchwork quilt of privacy requirements to the US in concert and conflict with one another. Learn more here at CyberHoot.
Internet of Things (IoT)
The Internet of Things (IoT) is any device or machine that has the ability to transfer data over a network without requiring human-to-human or human-to-computer interaction. IoT is essentially any …
Three (3) Reasons Policies and Processes are Key
Cybersecurity program require many things, but Policies and Procedures should be near the top of the list.
MAZE Ransomware: 3x Threat to Data Security
MAZE Ransomware represents a change for the worse in the capabilities of online hackers today. Traditional backup strategies are no longer enough to provide a get-out-of-jail-free card when hit with ransomware. Data confidentiality is also at risk now and that changes who will pay ransoms dramatically. Prepare now to avoid this scourge of online hacking.
Cybersecurity Maturity Model Certification (CMMC)
Cybersecurity Maturity Model Certification is a much needed adjustment to DFARS that provides risk based compliance to five levels of controls that relates to the Controlled Unclassified Information (CUI) that underpins a defense contractor, sub or prime working in the defense industry.