CyberHoot Newsletter – June 2022

Posted on by
newsletter banner cyberhoot
ransomware insurance risks

Ransomware Insurance: Prescriptive and Restrictive

Insurers are drafting more restrictive and prescriptive insurance policy requirements designed to reduce the number of claims and better protect themselves and the companies they insure. In some cases, claims are being denied outright because they’re tied to acts of war.

bluetooth vulnerability tracking

Smartphones Tracked Through Bluetooth Signals

group of engineers at the University of California San Diego has shown for the first time that the Bluetooth signals emitted by our smartphones have a unique fingerprint that can be used to track an individual’s movements. The research suggests that minor manufacturing imperfections in hardware are unique to each device, and cause measurable distortions which can be used as a “fingerprint to track a specific device”.

SaaS Application Access Creates Security Concerns

Software as a Service (SaaS) applications have transformed businesses over the last decade with enormous value. The pandemic forced many businesses to migrate employees from office or desktop-based applications to SaaS cloud-based ones. These SaaS apps include anything from office software to powerful communications tools. Some of the most popular business apps available include SalesforceGoogle WorkspaceSlackHubSpotMicrosoft O365, and Zoom.

pdf malware keylogger

Snake Keylogger Spreading Through PDFs

Many malicious email campaigns today leverage Word documents to hide and spread malware, but a recently discovered campaign uses a malicious PDF file and a 22-year-old Office bug to propagate the Snake Keylogger malware. Attackers have leveraged Microsoft Office document formats like Word and Excel because users tend to be more familiar with those file extensions, and assume they’re safe to open. This makes them valuable for social engineering attacks.

north korea freelancers

North Korean Hackers Posing as IT Freelancers

According to a joint advisory from the U.S. Department of State, the Department of the Treasury, and the Federal Bureau of Investigation (FBI), highly skilled software and mobile app developers from the Democratic People’s Republic of Korea (DPRK) are posing as “non-DPRK nationals” in hopes of landing freelance employment in an attempt to enable the regime’s malicious cyber intrusions.

Customer Spotlight

"I went through the Cyberhoot training as a refresher and enjoyed the Cybersecurity training videos and quizzes. The videos were well done, covering relevant topics that should be top of mind for Cybersecurity professionals such as common types of attacks, malware, phishing, password management, etc. Any business that utilizes these training tools would have a stronger security culture as a result!"
Christopher Schultz
Security Operations Manager | Availity

What's New?

 

CyberHoot is continually working on its product to improve various aspects of the tool. Below are five changes that may affect how users and administrators use CyberHoot. 

 

Updated Training Assignment Order 

In the past, CyberHoot sent outstanding assignments beginning with the latest live assignment first, then outstanding assignments in descending order. 

Now, CyberHoot sends assignment emails starting with the earliest assignment, prompting the user to go through the assignments in order by launch date. This helps with orientation videos and Introductory videos some MSPs record for their client base. See the example to the right.

“Unknown Email Address” email now sent to MSP Contact Email if set.

To set the MSP contact email: 

  • Log in to your environment
  • Click ‘MSP Settings’ (wrench icon) in top right corner
  • Click the ‘MSP’ tab
  • Edit the ‘Contact Email:’ field

Improved Phishing Assignment Information

We’ve updated the details in the information section of the Phishing Assignments to provide more recommendations on what the user should be looking for when working through these assignments. 

phish assignment improvement

Updated Phishing Assignment Instructions

Before a user starts a Phishing Assignment, we explain that phishing assignment in detail. Users have less confusion on the Phishing Assignments task to accomplish and learn more. You can edit this default language on an Assignment,  Customer, or MSP basis for future reuse.

40+ New Phishing Assignment Vendors Impersonations Added

We’re constantly adding more email impersonations to keep our new phishing assignments library fresh and realistic as to what hackers are up to. 

We’ve added many new tests recently with some shown to the right.

Feel free to check the full list out in your website’s phishing library. If you ever would like a specific vendor added, please email support@cyberhoot.com to have it added to the queue. 

phish assignment

Cybrary Term of the Month

Geofencing

Geofencing

Geofencing is a technology for setting virtual boundaries and triggering events when these boundaries are crossed by a mobile device on which certain software is installed. Various geolocation technologies, such as GPS or triangulation of a signal from Wi-Fi access points or cell towers, determine whether the device has crossed the boundary.

Geofencing allows automatic alerts to be generated based on the defined coordinates of a geographic area. A simple example might be an email or text message that is automatically triggered and sent to a user’s cell phone when that user’s child arrives home from school. In this example, the geofence would be a geographic virtual boundary surrounding the house. When the child’s cell phone enters this area, an email is automatically sent to the child’s parent by a geofence-enabled app on the phone.

Check out our full Cybrary

Sign up for CyberHoot’s Referral program to get your very own CyberHoot Referral Program link.  You can directly benefit from referrals to CyberHoot and receive 20% of all revenue for 1 year for anyone who signs up.  This includes MSPs, MSSPs, or direct customers.  If you are an influencer or you regularly meet with companies, MSPs, or MSSPs, you should be referring them to CyberHoot! Become a referral partner of CyberHoot’s for the quadruple (4x) WIN. It’s a win for You (1) personally (financially) by recommending a quality and innovative product. It’s a Win for Employees (2) who will learn how to protect themselves. It’s a win for the Companies (3) who are less likely to succumb to a cyber-attack. It’s a win for MSP’s or MSSP’s (4) who sign up to resell our SaaS offering.  Finally, it’s a win for CyberHoot (5). Ha, ha… Ooops. That’s a Quintuple (5x) win if you’re counting. Sign up here today: https://cyberhoot.com/referralprogram/

Email based authentication for Training.

Instant Access

CyberHoot provides password-less access. Zero time wasted searching for websites, resetting passwords, and delayed login. Click an email link for instant training access!

Email Based Assignments

Email Automation

Everything you need to learn cybersecurity skills is handled through email including training assignments, reminders, management compliance reports, and "My CyberHoot".

Manager Escalations

Manager Escalation

CyberHoot automates non-compliance through manager email notifications. Compliance status of employees for managers is enabled so you always know where you stand.

Micro Training

Cyber"Hoots" are most often 5 minutes or less. This ensures your staff get trained quickly with the most effective solution.

The Power of Open

CyberHoot is an open cybersecurity training Platform. Any video or PDF can be used to train and govern your employees.

Effective

In a survey of 100 CyberHoot users, 60% would be "Disappointed" or "Very Disappointed" if CyberHoot Training was stopped.

Secure your business with CyberHoot Today!!!

Sign Up Now
Share this on your social networks. Help Friends, Family, and Colleagues become more aware and secure.