Passkeys are a Bright Idea

Passkeys: The Path to a Passwordless Future

Passkeys provide better authentication for end users than traditional passwords which they seek to replace. They are based upon public and private cryptography, are resilient to phishing and hacker password database theft (since the private keys aren’t stored on the server or website), and represent an easier mechanism to identify users into online systems.

Understanding and Protecting Against the Telegram Scams

The Telegram App provides great ways for users to communicate with one another, however it also enables scammers to attack us in novel ways. This article outlines three common ways hackers use telegram to exploit unsuspecting users for their money.

Ransomware Gang turns Whistleblower to the SEC

Hackers Turn SEC Snitches: The Evolution of Ransomware Tactics

Hackers have evolved into snitches leveraging recent SEC legislation which requires companies to disclose within 4 days that they have been hacked and hit with ransomware. When Meridian did not disclose to the SEC they had been hacked, the Hacker group “BlackCat” filed a complaint with the SEC informing them they had evidence that Meridian had been hacked.

Stakeholders ratifying a Written Information Security Policy (WISP).

The Nuts and Bolts of a WISP

A Written Information Security Plan is not meant to a bureaucratic policy collecting dust on the book shelf, but rather a living breathing document to guide companies on the safe collection, storage, manipulation, and destruction of non-public personal information on their employees, clients, or business services.

CyberHoot's Ghoulish Offering pairing Halloween with Cybersecurity Month to take the Fright out of Cybersecurity and build Cyber Literacy.

Top Cybersecurity Questions of the Year: What Everyone Wants to Know

Cybersecurity Awareness Month is upon us. In our efforts to address all of the questions a business owner reviewing our blog might have, we’ve collected the most frequently asked questions and have tried to answer them with the most effective mitigating control available for a particular risk. There are undoubtedly many more mitigating controls one can put in place, but this is a great starting point.

CyberHoot's Ghoulish Offering pairing Halloween with Cybersecurity Month to take the Fright out of Cybersecurity and build Cyber Literacy.

Ghosts in the Machine: Spook-tacular Cybersecurity Basics for October

In the spooky season of October, Cybersecurity Awareness Month reminds us of the real threats lurking in the digital realm. CyberHoot sheds light on three cybersecurity fundamentals: Password Protection, Phishing Awareness, and Safe Browsing Practices. Fortify your digital domain with strong password practices, stay vigilant to phishing schemes, and navigate the web safely. Embrace the cybersecurity training and phishing testing offered by CyberHoot to morph into a digital wizard against the sinister specter of cyber threats. Venture to and make cybersecurity awareness a fun-filled endeavor!

Owl Imparting Knowledge

Top 5 Emerging Cybersecurity Threats Businesses Must Be Aware Of

Cybersecurity threats continue to evolve and expand in both sophistication and impact. Businesses must choose how to address these top 5 emerging threats proactively, when they control the playing field and have high ground instead of reactively, after an incident when they have been knocked down and are struggling to get up.

Risk Assessment Results

Risk Assessment: A Game Changer for Your Business

For most businesses, balancing time and money is a constant struggle. A risk assessment is designed to simplify your conversations by identifying both the most critical risks and rank ordering them, enabling you to determine what to work on first and then work your way down the list of critical threats to your business.

Business Ninja's Interview

Business Ninja Interview of CyberHoot Co-Founder

Business Ninja’s interviewed CyberHoot’s co-Founder Craig Taylor. This interview outlines CyberHoot’s unique and positive outcome approach to cybersecurity program development at your company. Our Co-Founder details what’s working and what’s broken in the emergency Cybersecurity industry. Business owners need to watch to learn what they should be doing to protect their businesses from compromise. Doing so provides much needed peace of mind.

10 Ways to Grow my MSP

10 Ways to Help Grow your MSP

Growing your MSP is not as hard as you might think. It require a laser focus on differentiation, adding cybersecurity services, and fanatical attention to customer service to name a few of the top 10 items lists in this article.

Passkey Authentication to replace Passwords

Passkeys are the first steps on the Long Road to a Passwordless Future

The FIDO alliance is a high-powered tech alliance seeking to eliminate passwords from our online lives by replacing them with a much more secure public and private key authentication solution. Backed by Google, Microsoft, and Apple, it is a strong foray into the elimination of passwords from our everyday lives.

Cybersecurity SaaS Platform Failures

10 Ways Your Security Awareness Training is Failing You

Cybersecurity platforms are designed to build robust, layered defenses for your organization. However, too often they fall short of their lofty and critical goals. This articles delves into 10 common failure points and provides unique perspectives on how to avoid them.

Voice cloning is becoming a threat to families from fake ransom attacks.

Voice Cloning is Becoming a Ransom Threat

Voice impersonation, also known as voice cloning, are becoming an increasingly prevalent threat in the digital landscape. Sophisticated artificial intelligence (AI) technologies can now imitate voices with remarkable accuracy, leading to threats against our privacy and security.

ChatGPT - help me hack.

Five Ways ChatGPT Helps You Hack

There is a dark side to ChatGPT. Hacking tutorials abound on YouTube showing unskilled hackers how to hack with ChatGPT. ChatGPT can create convincing phishing attacks in a language of your choice, writing software code for them, which through trial and error can transform into novel and effective malware.

AI Generated Image from

A Humorous AI Story Detailing the T-Mobile Breach

CyberHoot has reported on the opportunities and challenges of ChatPGT’s natural language engine and deep research capabilities. This article summarizes the recent T-Mobile breach of 37M records in a humorous way while outlining the very real risks of Smishing, Phishing, and Vishing.

LastPass 2022 Breach Update

The Last Straw for LastPass – Migration Time

Over the last few months, CyberHoot has learned more and researched more opinions on Password Managers concerning the latest LastPass security breach. We have felt for some time we needed to migrate to a new solution. However, what criteria would we use and recommend in order to not hope from the frying pan into the fire? This article is our attempt to summarize how you should choose your replacement password manager for your company or yourself individually.

SASE Secure Access Service Edge (Sassy)

SASE or Secure Access Service Edge

SASE Secure Access Service Edge (Pronounced: Sassy) SASE is a term coined by Gartner in 2019 to describe an architecture that combines Wide-Area Network (WAN) functions including routing, segmentation, zone-based …

Microsoft Critical Patch Updates Available - Patch Now

Microsoft and Adobe Critical Patch Advisories: Patch

On Tues. Jan. 10th Microsoft and Adobe both released critical patches that should be applied to your environment with priority. Both are linked to remotely exploitable, privilege escalation vulnerabilities that could be exploited by hackers.

AI Powered ChatBots are creating opportunities and challenges for our reality.


ChatGPT is a Generative Pre-Trained Transformer artificial intelligence-based chat bot from Open AI.  It can engage in conversational English, remember what’s been said in the conversation, can challenge incorrect assumptions, …

LastPass 2022 Breach Update

LastPass Breach Update – August 22 – December 22

In August, LastPass was breached but they claimed that no client data was stolen only source code. In late December 2022 they updated their stance stating that encrypted client vaults were stolen but that default password length requirements protected most users. CyberHoot recommends you change your master password.

New Rules Proposed by SEC

New Cybersecurity Rules Proposed by SEC

The U.S. Securities and Exchange Commission (SEC) is proposing new disclosure requirements by company boards regarding cybersecurity risk management, strategy, governance policies, procedures, and incidents.  This would be an amendment …

2021 cybersecurity awareness month vlog

Cybersecurity Awareness Month Vlog Series 2021

Each day this month, we published a short (3–5 minute) interview CyberHoot’s Co-Owner Craig Taylor had with Mindwhirl outlining necessary topics to help improve people’s cybersecurity hygiene. Check CyberHoot’s VLOG and social media …

cimp csam

Incident Management Process – Day 16 of CSAM

Today is Day 16 of Cybersecurity Awareness Month, each day, we will be publishing a video outlining necessary topics to help improve people’s cybersecurity hygiene. Keep checking CyberHoot’s VLOG and …

Powershell Scripting

Powershell script for avoiding SPAM, Clutter, Junk in 365

CyberHoot provides phish testing of end users to ensure they learn to pay attention to their email and the risks is presents. This article provides a Powershell script to automate the setup work required to ensure delivery of phishing test emails to end users inboxes.

cybersecurity bill congress

Bipartisan Cybersecurity Bill Impending

Lawmakers on Capitol Hill are scrambling to introduce legislation addressing overwhelming spikes in ransomware and other cyberattacks on critical organizations like Colonial Pipeline and JBS. Until recently, the US federal …

input validation cybrary

Input Validation

Input Validation, also known as data validation, is the testing of any input (or data) provided by a user or application against expected criteria. Input validation prevents malicious or poorly …

non-fungible token blog

Why NFTs Are The Future

The popular musician Grimes sold some animations she made with her brother Mac on a website called ‘Nifty Gateway’. Some were one-offs, while others were authentic limited editions, all were …

cmmc cyber security

Cybersecurity Maturity Model Certification (CMMC)

Cybersecurity Maturity Model Certification is a much needed adjustment to DFARS that provides risk based compliance to five levels of controls that relates to the Controlled Unclassified Information (CUI) that underpins a defense contractor, sub or prime working in the defense industry.