Cybersecurity threats continue to evolve and expand in both sophistication and impact. Businesses must choose how to address these top 5 emerging threats proactively, when they control the playing field and have high ground instead of reactively, after an incident when they have been knocked down and are struggling to get up.
For most businesses, balancing time and money is a constant struggle. A risk assessment is designed to simplify your conversations by identifying both the most critical risks and rank ordering them, enabling you to determine what to work on first and then work your way down the list of critical threats to your business.
Exploiting a flaw in how the app handles communication with external tenants gives threat actors an easy way to send malicious files from a trusted source to an organization’s employees. Microsoft believes this is a feature and no patch will be provided. This delivery method bi-passes traditional payload delivery security controls.
Business Ninja’s interviewed CyberHoot’s co-Founder Craig Taylor. This interview outlines CyberHoot’s unique and positive outcome approach to cybersecurity program development at your company. Our Co-Founder details what’s working and what’s broken in the emergency Cybersecurity industry. Business owners need to watch to learn what they should be doing to protect their businesses from compromise. Doing so provides much needed peace of mind.
The FBI has reported a dramatic growth in Deep Fake attacks on individuals and businesses from hackers seeking to extort money from or embarrass individuals and businesses by creating elicit pornographic material in the likeness of the victim from their online persona and public images and videos.
Virus warning attacks have plagued computer users for years. Recently, hackers have figured out how to exploit these attacks in your Google Chrome (and possibly other) browsers, seizing control of your browser and scaring you into calling fake customer support hotlines to extort you for money.
Growing your MSP is not as hard as you might think. It require a laser focus on differentiation, adding cybersecurity services, and fanatical attention to customer service to name a few of the top 10 items lists in this article.
The FIDO alliance is a high-powered tech alliance seeking to eliminate passwords from our online lives by replacing them with a much more secure public and private key authentication solution. Backed by Google, Microsoft, and Apple, it is a strong foray into the elimination of passwords from our everyday lives.
Cybersecurity platforms are designed to build robust, layered defenses for your organization. However, too often they fall short of their lofty and critical goals. This articles delves into 10 common failure points and provides unique perspectives on how to avoid them.
To stand out and foster lasting relationships, MSPs must go beyond basic technical support by adopting innovative strategies to provide additional value to their customers. Once successful, MSPs must call out the emotional value that comes from these solutions.
Voice impersonation, also known as voice cloning, are becoming an increasingly prevalent threat in the digital landscape. Sophisticated artificial intelligence (AI) technologies can now imitate voices with remarkable accuracy, leading to threats against our privacy and security.
Multi-factor authentication can be one of the best protect measures companies can implement on their critical accounts. However, not all methods of MFA are equal and some, like SMS, carry inherent risks and should not be used.
There is a dark side to ChatGPT. Hacking tutorials abound on YouTube showing unskilled hackers how to hack with ChatGPT. ChatGPT can create convincing phishing attacks in a language of your choice, writing software code for them, which through trial and error can transform into novel and effective malware.
Cybersecurity tools every MSP needs in their toolbox to identify attacks, limit damage, and recover quickly.
These 10 cybersecurity tools need to be in every MSP’s toolbox. Use them to secure your clients from breach. Help them protect themselves from what they might not know about cybersecurity.
ConnectiWise Recover and R1Soft Server Backup software both leverage the ZK Framework. As such they need patching due to a vulnerability that can lead to remote code execution and potentially privilege escalation.
CyberHoot has reported on the opportunities and challenges of ChatPGT’s natural language engine and deep research capabilities. This article summarizes the recent T-Mobile breach of 37M records in a humorous way while outlining the very real risks of Smishing, Phishing, and Vishing.
Over the last few months, CyberHoot has learned more and researched more opinions on Password Managers concerning the latest LastPass security breach. We have felt for some time we needed to migrate to a new solution. However, what criteria would we use and recommend in order to not hope from the frying pan into the fire? This article is our attempt to summarize how you should choose your replacement password manager for your company or yourself individually.
SASE Secure Access Service Edge (Pronounced: Sassy) SASE is a term coined by Gartner in 2019 to describe an architecture that combines Wide-Area Network (WAN) functions including routing, segmentation, zone-based …
On Tues. Jan. 10th Microsoft and Adobe both released critical patches that should be applied to your environment with priority. Both are linked to remotely exploitable, privilege escalation vulnerabilities that could be exploited by hackers.
Advancements in AI and natural language have led to a host of new capabilities and challenges alike. This article seeks to summarize those to create awareness around the changing landscape of AI as it relates to societal norms.
ChatGPT is a Generative Pre-Trained Transformer artificial intelligence-based chat bot from Open AI. It can engage in conversational English, remember what’s been said in the conversation, can challenge incorrect assumptions, …
In August, LastPass was breached but they claimed that no client data was stolen only source code. In late December 2022 they updated their stance stating that encrypted client vaults were stolen but that default password length requirements protected most users. CyberHoot recommends you change your master password.
The U.S. Securities and Exchange Commission (SEC) is proposing new disclosure requirements by company boards regarding cybersecurity risk management, strategy, governance policies, procedures, and incidents. This would be an amendment …
CyberHoot has recently seen the impact of the Royal ransomware. An MSP had a client who refused security awareness training and someone fell for one of the many attack vectors …
There are many reasons to consider upgrading aging hardware and software including better efficiency, reliability, performance, happier staff, security, and more.
Each day this month, we published a short (3–5 minute) interview CyberHoot’s Co-Owner Craig Taylor had with Mindwhirl outlining necessary topics to help improve people’s cybersecurity hygiene. Check CyberHoot’s VLOG and social media …
Today is Day 26 of Cybersecurity Awareness Month, each day, we will be publishing a video outlining necessary topics to help improve people’s cybersecurity hygiene. Keep checking CyberHoot’s VLOG and …
Today is Day 18 of Cybersecurity Awareness Month, each day, we will be publishing a video outlining necessary topics to help improve people’s cybersecurity hygiene. Keep checking CyberHoot’s VLOG and …
Today is Day 16 of Cybersecurity Awareness Month, each day, we will be publishing a video outlining necessary topics to help improve people’s cybersecurity hygiene. Keep checking CyberHoot’s VLOG and …
Today is Day Ten of Cybersecurity Awareness Month, each day, we will be publishing a video outlining necessary topics to help improve people’s cybersecurity hygiene. Keep checking CyberHoot’s VLOG and …
Today is Day Eight of Cybersecurity Awareness Month, each day, we will be publishing a video outlining necessary topics to help improve people’s cybersecurity hygiene. Keep checking CyberHoot’s VLOG and …
Today is Day Seven of Cybersecurity Awareness Month, each day, we will be publishing a video outlining necessary topics to help improve people’s cybersecurity hygiene. Keep checking CyberHoot’s VLOG and …
Today is Day Six of Cybersecurity Awareness Month, each day, we will be publishing a video outlining necessary topics to help improve people’s cybersecurity hygiene. Keep checking CyberHoot’s VLOG and …
This script will allow you to add CyberHoot’s domains to the Safe Senders listing enabling the automatic downloading of images in an email message.
CyberHoot provides phish testing of end users to ensure they learn to pay attention to their email and the risks is presents. This article provides a Powershell script to automate the setup work required to ensure delivery of phishing test emails to end users inboxes.
Lawmakers on Capitol Hill are scrambling to introduce legislation addressing overwhelming spikes in ransomware and other cyberattacks on critical organizations like Colonial Pipeline and JBS. Until recently, the US federal …
Input Validation, also known as data validation, is the testing of any input (or data) provided by a user or application against expected criteria. Input validation prevents malicious or poorly …
The popular musician Grimes sold some animations she made with her brother Mac on a website called ‘Nifty Gateway’. Some were one-offs, while others were authentic limited editions, all were …
Cybersecurity program require many things, but Policies and Procedures should be near the top of the list.
Cybersecurity Maturity Model Certification is a much needed adjustment to DFARS that provides risk based compliance to five levels of controls that relates to the Controlled Unclassified Information (CUI) that underpins a defense contractor, sub or prime working in the defense industry.
CyberHoot’s monthly Newsletters summarize the important events from the past month of cybersecurity news. Come to one place and Become More Aware to Become More Secure.
Barbara Corcoran, a world famous Shark Tank host, was scammed out of nearly $400,000 in late February. Barbara Corcoran, a renowned real-estate broker and business expert, admitted last month that …
Trello, the platform used by many businesses for organizing to-do lists and coordinating team tasks has recently exposed the personally identifiable information (PII) data of its users. The finding was …
Knowing how to protect yourself and your critical accounts from compromise is becoming ever more important. Learn what can happened to and setup 2FA into all of your online critical accounts.
In this monthly Newsletter, we provide you a look at the previous month of Cybersecurity news with some analysis, some new Cybersecurity terms, and more…
Governments across the world are starting to realize how important cybersecurity really is. The United States is currently working on legislation that would help protect state and local governments by …
The Department of Homeland security’s Cybersecurity and Infrastructure Security Agency (CISA) issued a National Terrorism Advisory Bulletin on Jan. 4th, 2020. This agency only issues such warnings when there is a credible, specific and impending terrorism threat against the United States. In this case, their warning focused primarily upon cybersecurity attacks against US government and business entities in retribution for the killing of Iranian IRGC-Quds Force commander Qassem Soleimani. Iran has a history of cyber-attacks against US Businesses and government entities. Companies should be on high alert and remind employees to be especially vigilant in email phishing attacks amongst other cybersecurity best practices.
Need to Know often gets applied to Classified Top Secret information. However, understanding how it applies could provide insights in how to better protect your SMB’s data and spot errors, omissions, and potentially malicious insiders.
The Internet is racing towards 10 Billion publicly documented breached accounts. You can check your own email accounts for breaches and what information was compromised through CyberHoot’s website, inside your …
