Software as a Service (SaaS) Risks and Challenges
Software as a Service (SaaS) applications have transformed businesses over the last decade providing enormous value. SaaS solutions have enabled businesses to continue operating during the pandemic with a remote workforce whose tools are cloud-based instead of office-based or desktop-based. With this SaaS power come new challenges and risks. Read this CyberHoot article to learn more.
Vulnerability Advisory: Apache Log Binary (Log4J)
A critical vulnerability (CVE severity =10, the worst possible) is being targeted on the Internet. Called “Log4Shell” , this vulnerability is found in Apache Webserver’s Log4j (v2.0 – 2.14.1). It was disclosed on 12/9/21. Log4Shell (CVE-2021-44228) allows remote code execution on vulnerable servers. Learn more at CyberHoot.
Job Scam Attack: Fake Offers and Checks
The pandemic has created new opportunities for social engineering attacks on unsuspecting users. One method of attack has been successful enough to force the FBI to release a warning. Cybercriminals are using fake job listings to target applicants to steal their Personally Identifiable Information (PII) and then steal the identities. Remote work is causing more of these attacks to surface.
GoDaddy Password Breach Affects Over A Million Users
The US Securities and Exchange Commission (SEC) has published a “Security Incident” submitted by web services giant, GoDaddy. GoDaddy says that in November 2021, it realized that there were cybercriminals in its network, kicked them out, tried to determine when the hackers got in, and what they managed to do while on the inside.
Be Wary of ‘Black Friday’ Scams
We’ve made it through the majority of 2021 and into the Holiday season, allowing us to celebrate by getting together with family and friends and perhaps doing a little shopping for them too. As with any other year, it’s a good time to find great deals but it’s equally important to be wary of “too good to be true” deals. Hackers exploit consumer excitement on these big shopping days each and every year.
Employee SSNs Exposed in California Pizza Kitchen Breach
California Pizza Kitchen (CPK) has more than 250 locations across 32 states. CPK experienced a data breach exposing the full names and Social Security Numbers (SSNs) of current and former employees. The Maine Attorney Generals’ website reported this “external system breach” had occurred in Sep. 2021 and impacted nearly all 103,767 employees, according to the Data Breach notification report.
Awareness Training Program News
Official 2022 Cybersecurity Awareness Program Published
CyberHoot has finalized the 2022 Cybersecurity Foundational Training Program (Year 3 Recommended). You can find the new training program inside of your Program Library, ready to be assigned for 2022. Continue using CyberHoots ‘Foundational Training Program’ to stay on top of current threats your users face on a day-to-day basis.
New CyberHoot Features
Top 10 Least Compliant Users Assignment Reminders
We added the ability to resend outstanding assignments to the list of users found in the Top 10 Least Compliant Users table on the dashboard. Click the ‘envelope’ icon to the right of the user’s name to send their assignments.
Account Exposure User Notification
This button sends an email to the currently Pwned user. This email includes a customizable message to the user and a PDF copy of the user’s ‘Account Exposures’ page.
Cybersecurity Summary Report Generation
Under the Reports section, admins can generate an exportable report. The Admin can include which sections they wish to include in the report. They are also able to either email or download the generated pdf file. This report and the email that sends adheres to the customer’s branding setup.
Castle-And-Moat refers to a network security model in which no one outside the network is able to access data on the inside, but everyone inside the network can. Imagine an organization’s network as a castle and the network firewall as a moat. Once the drawbridge is lowered and someone crosses it, they have free rein inside the castle grounds. Similarly, once a user connects to a network in this model, they are able to access all the applications and data within that network.
CyberHoot provides password-less access. Zero time wasted searching for websites, resetting passwords, and delayed login. Click an email link for instant training access!
Everything you need to learn cybersecurity skills is handled through email including training assignments, reminders, management compliance reports, and "My Assignments".
CyberHoot automates non-compliance through manager email notifications. Compliance status of employees for managers is enabled so you always know where you stand.
Cyber"Hoots" are most often 5 minutes or less. This ensures your staff get trained quickly with the most effective solution.
The Power of Open
CyberHoot is an open cybersecurity training Platform. Any video or PDF can be used to train and govern your employees.
In a survey of 100 CyberHoot users, 60% would be "Disappointed" or "Very Disappointed" if CyberHoot Training was stopped.