In January of 2021, law enforcement and judicial authorities across the globe disrupted one of the most notable botnets of the past decade: Emotet. Investigators have taken control of its infrastructure in an internationally-coordinated operation. For readers who don’t know, Emotet is malware operated by a Russian cybercrime organization first detected in 2014.
WordPress websites account for more than one-third of all websites on the Internet. WordPress is both flexible and powerful and runs some of the most used Internet sites such as Disney, FaceBook, and Sony. It is also heavily used by Small to Medium-sized Businesses (SMBs). Unfortunately, these SMBs can neglect the security of their WordPress sites. Timothy Chiu, VP of Marketing at K2 CyberSecurity, found more than 1.5 million WordPress sites with critical vulnerabilities, often linked to one of 50,000+ plugins that improve WordPress functionality.
Ubiquiti, a large vendor of cloud-enabled Internet of Things (IoT) devices such as Wi-Fi Access Points, Video Recorders, and Security Cameras faced a security incident. Ubiquiti stated an incident at a third-party cloud provider potentially exposed customer information including user credentials to remotely manage Ubiquiti devices. The company sent an email urging customers to change their passwords and enable multi-factor authentication as soon as possible.
Browser extensions are tools that help with spelling/grammar, finding deals, storing passwords, or blocking ads; users don’t consider helpful tools being malicious in any form at all. Have you installed one of these “productivity” plugins or extensions without looking carefully into the tool’s characteristics? If you haven’t wondered or checked, you’re not alone. The vast majority of people don’t check a browser extension’s security; however, not worrying about this could put you at significant risk. A recent experience and some additional research done by CyberHoot staff showed just how dangerous extensions can be.
A PayPal text message phishing campaign was discovered that attempts to steal your account credentials and other sensitive information. This form of a phishing attack, through text messages, is called Smishing. Hackers send malicious texts or SMS messages tricking someone into giving them sensitive information. Smishing can be more effective than phishing because people are more trusting of text messages than emails. A campaign monitor study showed 98% of text messages are responded to within 90 seconds whereas only 20% of emails are responded to within 90 minutes. Most people are concerned and aware of the dangers of links in emails but may not be as aware of the dangers involved with links in text messages.
Cybrary Term of the Month
A Hypervisor, also known as a Virtual Machine Monitor or VMM, is software that creates and manages virtual machines (VMs). A hypervisor allows a computer to maintain many guest VMs by virtually sharing its resources, such as memory and processing. Hypervisors can be used personally to run multiple operating systems on your own computer. For example, a user can have a MacBook Pro as their physical computer, but using a hypervisor they can run a Windows OS. Hypervisors are used by companies to balance the computing needs of various types of servers efficiently by sharing a common core of CPU, Memory, and storage across a variety of production servers. CyberHoot runs all of its infrastructure on a series of virtual machines orchestrated by a Hypervisor.
CyberHoot provides password-less access. Zero time wasted searching for websites, resetting passwords, and delayed login. Click an email link for instant training access!
Everything you need to learn cybersecurity skills is handled through email including training assignments, reminders, management compliance reports, and "My CyberHoot".
CyberHoot automates non-compliance through manager email notifications. Compliance status of employees for managers is enabled so you always know where you stand.
Cyber"Hoots" are most often 5 minutes or less. This ensures your staff get trained quickly with the most effective solution.
The Power of Open
CyberHoot is an open cybersecurity training Platform. Any video or PDF can be used to train and govern your employees.
In a survey of 100 CyberHoot users, 60% would be "Disappointed" or "Very Disappointed" if CyberHoot Training was stopped.