Ransomware Insurance: Prescriptive and Restrictive
Insurers are drafting more restrictive and prescriptive insurance policy requirements designed to reduce the number of claims and better protect themselves and the companies they insure. In some cases, claims are being denied outright because they’re tied to acts of war.
Smartphones Tracked Through Bluetooth Signals
A group of engineers at the University of California San Diego has shown for the first time that the Bluetooth signals emitted by our smartphones have a unique fingerprint that can be used to track an individual’s movements. The research suggests that minor manufacturing imperfections in hardware are unique to each device, and cause measurable distortions which can be used as a “fingerprint to track a specific device”.
SaaS Application Access Creates Security Concerns
Software as a Service (SaaS) applications have transformed businesses over the last decade with enormous value. The pandemic forced many businesses to migrate employees from office or desktop-based applications to SaaS cloud-based ones. These SaaS apps include anything from office software to powerful communications tools. Some of the most popular business apps available include Salesforce, Google Workspace, Slack, HubSpot, Microsoft O365, and Zoom.
Snake Keylogger Spreading Through PDFs
Many malicious email campaigns today leverage Word documents to hide and spread malware, but a recently discovered campaign uses a malicious PDF file and a 22-year-old Office bug to propagate the Snake Keylogger malware. Attackers have leveraged Microsoft Office document formats like Word and Excel because users tend to be more familiar with those file extensions, and assume they’re safe to open. This makes them valuable for social engineering attacks.
North Korean Hackers Posing as IT Freelancers
According to a joint advisory from the U.S. Department of State, the Department of the Treasury, and the Federal Bureau of Investigation (FBI), highly skilled software and mobile app developers from the Democratic People’s Republic of Korea (DPRK) are posing as “non-DPRK nationals” in hopes of landing freelance employment in an attempt to enable the regime’s malicious cyber intrusions.
CyberHoot is continually working on its product to improve various aspects of the tool. Below are five changes that may affect how users and administrators use CyberHoot.
Updated Training Assignment Order
In the past, CyberHoot sent outstanding assignments beginning with the latest live assignment first, then outstanding assignments in descending order.
Now, CyberHoot sends assignment emails starting with the earliest assignment, prompting the user to go through the assignments in order by launch date. This helps with orientation videos and Introductory videos some MSPs record for their client base. See the example to the right.
“Unknown Email Address” email now sent to MSP Contact Email if set.
To set the MSP contact email:
- Log in to your environment
- Click ‘MSP Settings’ (wrench icon) in top right corner
- Click the ‘MSP’ tab
- Edit the ‘Contact Email:’ field
Improved Phishing Assignment Information
We’ve updated the details in the information section of the Phishing Assignments to provide more recommendations on what the user should be looking for when working through these assignments.
Updated Phishing Assignment Instructions
Before a user starts a Phishing Assignment, we explain that phishing assignment in detail. Users have less confusion on the Phishing Assignments task to accomplish and learn more. You can edit this default language on an Assignment, Customer, or MSP basis for future reuse.
40+ New Phishing Assignment Vendors Impersonations Added
We’re constantly adding more email impersonations to keep our new phishing assignments library fresh and realistic as to what hackers are up to.
We’ve added many new tests recently with some shown to the right.
Feel free to check the full list out in your website’s phishing library. If you ever would like a specific vendor added, please email firstname.lastname@example.org to have it added to the queue.
Cybrary Term of the Month
Geofencing is a technology for setting virtual boundaries and triggering events when these boundaries are crossed by a mobile device on which certain software is installed. Various geolocation technologies, such as GPS or triangulation of a signal from Wi-Fi access points or cell towers, determine whether the device has crossed the boundary.
Geofencing allows automatic alerts to be generated based on the defined coordinates of a geographic area. A simple example might be an email or text message that is automatically triggered and sent to a user’s cell phone when that user’s child arrives home from school. In this example, the geofence would be a geographic virtual boundary surrounding the house. When the child’s cell phone enters this area, an email is automatically sent to the child’s parent by a geofence-enabled app on the phone.
Sign up for CyberHoot’s Referral program to get your very own CyberHoot Referral Program link. You can directly benefit from referrals to CyberHoot and receive 20% of all revenue for 1 year for anyone who signs up. This includes MSPs, MSSPs, or direct customers. If you are an influencer or you regularly meet with companies, MSPs, or MSSPs, you should be referring them to CyberHoot! Become a referral partner of CyberHoot’s for the quadruple (4x) WIN. It’s a win for You (1) personally (financially) by recommending a quality and innovative product. It’s a Win for Employees (2) who will learn how to protect themselves. It’s a win for the Companies (3) who are less likely to succumb to a cyber-attack. It’s a win for MSP’s or MSSP’s (4) who sign up to resell our SaaS offering. Finally, it’s a win for CyberHoot (5). Ha, ha… Ooops. That’s a Quintuple (5x) win if you’re counting. Sign up here today: https://cyberhoot.com/
CyberHoot provides password-less access. Zero time wasted searching for websites, resetting passwords, and delayed login. Click an email link for instant training access!
Everything you need to learn cybersecurity skills is handled through email including training assignments, reminders, management compliance reports, and "My CyberHoot".
CyberHoot automates non-compliance through manager email notifications. Compliance status of employees for managers is enabled so you always know where you stand.
Cyber"Hoots" are most often 5 minutes or less. This ensures your staff get trained quickly with the most effective solution.
The Power of Open
CyberHoot is an open cybersecurity training Platform. Any video or PDF can be used to train and govern your employees.
In a survey of 100 CyberHoot users, 60% would be "Disappointed" or "Very Disappointed" if CyberHoot Training was stopped.