Outlook “Autodiscover” Leaking Passwords
Cybersecurity experts at Guardicore published a report on security concerns in Microsoft’s “Autodiscover” feature. In 4 months time, they collected over 372,072 domain credentials and ~100k in unique passwords on their rogue Exchange Servers by registering “autodiscover.com” Top Level Domains like autodiscover.com.br (Brazil) or autodiscover.com.uk (United Kingdom).
WhatsApp Security Improvement: Encrypted Backups
WhatsApp, a Facebook-owned mobile application allows users to send text messages, make voice calls, and share documents with other WhatsApp users. It’s alleged that Jeff Bezos’s 2018 divorce was linked to photo’s stolen from a What’s App security issue on his mobile that allowed hackers to steal photos of Jeff with his mistress. WhatsApp has been working to improve its security-related reputation ever since the 2018 Bezos attack.
United Nations (UN) Breached
In the spring and summer of 2021, hackers stealthily entered the United Nation’s (UN) proprietary project management software, Umoja, accessing the network and stealing critical data to be used in further attacks. “The stolen data from the UN’s network could be used to target agencies within the UN, and already potentially has” according to Stéphane Dujarric, spokesperson for the UN Secretary-General and detailed in this report.
T-Mobile Breach Affects Nearly All US Customers
T-Mobile, a self-proclaimed leader in 5G, is a CyberHoot worst of the worst for cybersecurity breaches. T-Mobile has experienced no less than 4 breaches over the last seven years. In 2015, 15 million social security numbers and addresses of subscribers were stolen. In 2018, 2 million subscribers had personal information compromised. In 2019 they had exposed 1 million subscriber’s personal information. Lastly, in 2020, they had a breach that compromised 200,000 subscribers. Now we find out everything they ever collected was stolen.
Japanese Crypto Exchange Robbed of $100,000,000
Recently, cryptocurrency exchanges, the place where you can buy and sell cryptocurrencies on the Internet, have been under active and successful attack. In one case, a Chinese cryptocurrency exchange called Poly Networks was robbed of about $600 million’s worth of cryptocurrencies. Luckily the hacker was ethical enough to give a most, if not all (eventually) back to Poly Networks after they promised to fix the flaw he exploited. A few weeks after the Poly Networks incident, a Japanese-based cryptocurrency platform, Liquid, got hit by hackers, who stole $100 million worth of their cryptocurrency. What’s going on?
Microsoft Edge’s ‘Super Duper Secure Mode’
Microsoft’s Edge Vulnerability Research Team recently published details on a new feature in development called “Super Duper Secure Mode” (SDSM). SDSM is designed to improve security without notable performance losses. To do this, SDSM eliminates JavaScript‘s Just-In-Time (JIT) compilers, which were designed to boost page loading speeds, browser performance, but are notably exploitable by hackers.
BazarCaller – Vishing Gang
BazarCaller is a new cybercrime gang that uses Vishing to trick its victims into handing over information or access to a device. Vishing is the malicious practice of making phone calls or leaving voice messages pretending to be from reputable companies in order to have individuals give out personal or financial information. Vishing is similar to phishing, but it’s conducted over the phone instead of email.
Customer Spotlight
CyberHoot Product Update
Updated Program Module
CyberHoot has updated its Program Module to reflect many requested changes by CyberHoot Administrators. Previously, it required Administrators to ‘Activate’ a Program before assigning it a date and group. Now, CyberHoot has made it even easier, simply head to the Program tab and follow the video to the right as a guide.
Updated Contact Information
CyberHoot added a feature that allows MSPs to respond as the point of contact to CyberHoot questions regarding compliance and user assignments. In the past, when a user would reply to an email from CyberHoot, regardless of the nature of the email, CyberHoot employees would receive and respond to the question. Now, MSPs can respond to inquiries from their users by setting their contact email in their reseller environment. To do this, follow the video to the right as a guide.
Updated Referral Program
CyberHoot has made it even easier for Administrators to set up their referral program if they haven’t yet done so. Simply follow the instructions in the video to the right to get your payments set up.
Updated White-Labeling Feature
Resellers of CyberHoot can now further white-label the CyberHoot experience for their users. MSPs/Resellers can now use their logo and company colors on all communications from CyberHoot to their users, improving the look and feel of the tool from the user’s viewpoint. These settings can be adjusted in the ‘MSP’ section under ‘MSP Settings’. Watch the video to the right for reference.
October is National Cybersecurity Awareness Month
CyberHoot Daily Vlog
CyberHoot is also releasing valuable daily Vlog interviews of its Co-Owner, Craig Taylor, with Mindwhirl, going over different important cybersecurity topics each day. Head to CyberHoot.com/Vlog to stay on top of the interviews!Special Bonus:
Below are two additional CyberHoot Infographics (above and beyond the 31 days we link to above) that are available for free for your use.- Clicking on the desired image
- Selecting the arrow in the top right
- Selecting ‘download image’
A Mantrap is a small room with an entry door on one wall and an exit door on the opposite wall. One door of a mantrap cannot be unlocked and opened until the opposite door has been closed and locked. Mantraps are often used in physical security to separate non-secure areas from secure areas and prevent unauthorized access. Mantraps these days use interlocking doors interfaced so when one door is unlocked, the other door automatically locks. Pass-through permission is validated by a key fob, RFID badge, or Biometric verification. Some systems may use three-dimensional optical imaging or thermal imaging technology to prevent more than one person from passing through a mantrap at the same time.
Instant Access
CyberHoot provides password-less access. Zero time wasted searching for websites, resetting passwords, and delayed login. Click an email link for instant training access!
Email Automation
Everything you need to learn cybersecurity skills is handled through email including training assignments, reminders, management compliance reports, and "My CyberHoot".
Manager Escalation
CyberHoot automates non-compliance through manager email notifications. Compliance status of employees for managers is enabled so you always know where you stand.
Micro Training
Cyber"Hoots" are most often 5 minutes or less. This ensures your staff get trained quickly with the most effective solution.
The Power of Open
CyberHoot is an open cybersecurity training Platform. Any video or PDF can be used to train and govern your employees.
Effective
In a survey of 100 CyberHoot users, 60% would be "Disappointed" or "Very Disappointed" if CyberHoot Training was stopped.