CyberHoot Newsletter – December 2021

Software as a Service (SaaS) Risks and Challenges

Software as a Service (SaaS) applications have transformed businesses over the last decade providing enormous value. SaaS solutions have enabled businesses to continue operating during the pandemic with a remote workforce whose tools are cloud-based instead of office-based or desktop-based. With this SaaS power come new challenges and risks. Read this CyberHoot article to learn more.

Vulnerability Advisory: Apache Log Binary (Log4J)

A critical vulnerability (CVE severity =10, the worst possible) is being targeted on the Internet. Called “Log4Shell” , this vulnerability is found in Apache Webserver’s Log4j (v2.0 – 2.14.1). It was disclosed on 12/9/21. Log4Shell (CVE-2021-44228) allows remote code execution on vulnerable servers. Learn more at CyberHoot.

Job Scam Attack: Fake Offers and Checks

The pandemic has created new opportunities for social engineering attacks on unsuspecting users. One method of attack has been successful enough to force the FBI to release a warning. Cybercriminals are using fake job listings to target applicants to steal their Personally Identifiable Information (PII) and then steal the identities. Remote work is causing more of these attacks to surface.

GoDaddy Password Breach Affects Over A Million Users

The US Securities and Exchange Commission (SEC) has published a “Security Incident” submitted by web services giant, GoDaddy. GoDaddy says that in November 2021, it realized that there were cybercriminals in its network, kicked them out, tried to determine when the hackers got in, and what they managed to do while on the inside.

Be Wary of ‘Black Friday’ Scams

We’ve made it through the majority of 2021 and into the Holiday season, allowing us to celebrate by getting together with family and friends and perhaps doing a little shopping for them too. As with any other year, it’s a good time to find great deals but it’s equally important to be wary of “too good to be true” deals. Hackers exploit consumer excitement on these big shopping days each and every year.

Employee SSNs Exposed in California Pizza Kitchen Breach

California Pizza Kitchen (CPK) has more than 250 locations across 32 states. CPK experienced a data breach exposing the full names and Social Security Numbers (SSNs) of current and former employees. The Maine Attorney Generals’ website reported this “external system breach” had occurred in Sep. 2021 and impacted nearly all 103,767 employees, according to the Data Breach notification report.

Customer Spotlight

"The team at Cyberhoot has been very friendly, professional, and helpful throughout the time we have used the product over the last 18 months. We are only a small company with fewer than 100 employees and a large compliance obligation, Cyberhoot was one of the few companies that allow a small company to use its services for less than 150 employees. The training and phishing modules are continuing to grow and they are always open to feedback and will make changes to improve the overall experience. Using the short videos 1 to 2 times a month to deliver training works a lot better with our staff and I have had positive feedback that this way is much better than a large training block once a year. We are so pleased with the product, that we have been recommended it also to our own clients"

ANONYMOUS

IT Infrastructure Manager

CyberHoot Product Update

Awareness Training Program News

Official 2022 Cybersecurity Awareness Program Published

CyberHoot has finalized the 2022 Cybersecurity Foundational Training Program (Year 3 Recommended). You can find the new training program inside of your Program Library, ready to be assigned for 2022. Continue using CyberHoots ‘Foundational Training Program’ to stay on top of current threats your users face on a day-to-day basis.

New CyberHoot Features

Top 10 Least Compliant Users Assignment Reminders

We added the ability to resend outstanding assignments to the list of users found in the Top 10 Least Compliant Users table on the dashboard. Click the ‘envelope’ icon to the right of the user’s name to send their assignments.

Account Exposure User Notification

This button sends an email to the currently Pwned user. This email includes a customizable message to the user and a PDF copy of the user’s ‘Account Exposures’ page.

Cybersecurity Summary Report Generation

Under the Reports section, admins can generate an exportable report. The Admin can include which sections they wish to include in the report. They are also able to either email or download the generated pdf file. This report and the email that sends adheres to the customer’s branding setup.

Cybrary Term of the Month

Castle-and-Moat Network Security Model

Castle-And-Moat refers to a network security model in which no one outside the network is able to access data on the inside, but everyone inside the network can. Imagine an organization’s network as a castle and the network firewall as a moat. Once the drawbridge is lowered and someone crosses it, they have free rein inside the castle grounds. Similarly, once a user connects to a network in this model, they are able to access all the applications and data within that network.