Adware
Adware makes the Internet go round. However, excessive adware and madware (mobile adware) can lead to productivity damage or worse, malware. Learn all about adware and how to avoid it at CyberHoot.
Disinformation
Disinformation is closely aligned to social engineering. When combined the two can have very believable and devastating consequences. Develop a healthy skepticism towards online content. To avoid being taken advantage of, seek to validate sources, facts, and authors.
Cookie
A Cookie, or web cookie, is a small data file used by computers to track website communications and sessions. When you visit a website, it sends a cookie to your …
reCAPTCHA
reCAPTCHA is a (presently) free security tool from Google which helps separate automated Bots from real humans wanting to interact with your website whether to purchase, query, complete a form. or register for something. Enabling reCAPTCHA can greatly reduce nuisances in your website from hackers and provide SMBs peace-of-mind.
Patch
A Patch is a software component that is installed onto a device that modifies files or device settings. Patches are typically done to fix an issue with a device or …
Restore (Recovery)
When -planning for risks to your small to medium sized business, you need to include data backups and recovery processes. Test that these work at least annually and be aware that some new hacking attacks cannot be addressed by simply restoring data from a strong backup strategy because of threats to your data’s confidentiality.
Eavesdropping
Eavesdropping in the cybersecurity world refers to the interception of communication between two parties by a malicious third party (hackers). Eavesdropping is similar to a sniffing attack, where software applications …
POS Intrusions
A POS Intrusion is an attack that happens at the Point-of-Sale device. The POS device in retail stores process credit card transactions at check out. Newer devices allow you to …
Cyber Espionage
Cyber Espionage is a cyber attack that leads to stolen classified, sensitive, or critical data often in the form of intellectual property in order to gain a competitive advantage over …
Data Mining
Examining the data you collect to run your business can lead to greater efficiency, shorter periods of down-time, and better predictive models surrounding demand for your products and services. This is known as data mining.
Account Hijacking
Account Hijacking is where a hacker compromises a computer account that does not belong to them. Often these account hijackings are email accounts because they contain so much rich and …
Password Sniffing
Password Sniffing is a hacking technique that uses a special software application that allows a hacker to steal usernames and passwords simply by observing and passively recording network traffic. This …
Cracker
A Cracker is an individual who breaks into a computer accounts, systems, or networks and intentionally causes harm. A cracker can be doing this for profit, for malicious reasons, for …
Influencer
An Influencer is someone who creates or promotes content on the Internet to a group of social media followers (subscribers) via a variety of websites. The term Influencer is a …
Open Source
Open source software (OSS), unlike proprietary software, is software that keeps the code open so IT professionals can alter, improve, and distribute it. Popular Open Source software examples include Mozilla’s …
Waterfall Development Methodology
Software development has come a long way from the days of mechanical switches, punch cards, and the potential for a moth (Bug) in your machine. Today development programs usually follow one of two methodologies: waterfall or agile development. This article provides a quick layman’s overview of Waterfall development methodology.
Agile Development Methodology
The Agile Development Methodology refers to a practice that uses continuous improvement and testing in software application development processes. Within the Software Development Life Cycle, there are a couple methodologies …
Software Development Life Cycle (SDLC)
Software Development Life Cycle (SDLC) is the process companies follow to produces quality software in an efficient, supportable, and timely way. SDLC has undergone as many changes over the last …
Email Impersonation
Impersonation email phishing attacks are rampant online. Do not trust an External email from your CEO or CFO if it seems unexpected, urgently needs your attention, and seems off in some unexplainable way. Pick up the phone and call that person or send them a separate text message (not email) to confirm their request.
MAZE Ransomware
Ransomware has been the scourge of businesses for many years. MSP’s and SMB’s have sought to protect themselves with strong backups rather than educating users in many cases. With the MAZE ransomware, hackers have upped the ante for SMB’s by exporting the data and threatening to release it to the public Internet exposing that data and breaching its confidentiality. Train employees to spot and avoid these attacks rather than rely on your backups or you will be paying these bitcoin ransom extortion requests.
Wireshark
Wireshark is a powerful network analysis and packet assembly tool. It is used by Network Administrators and hackers alike to view data on the Local Area Network regardless of wired or wireless.
Rainbow Tables
Rainbow tables are mostly dead today, but not all dead. Salting and iterative hashing functions have made rainbow tables obsolete when used. However, there are hundreds of thousands of websites and password databases that do not use password salting and iterative hashing making a rainbow table useful for hackers in these situations.
Man-In-The-Middle Attack
Man-In-The-Middle (MITM) attacks are a hacker staple. They are commonly used on rogue WiFi networks where unsuspecting free WiFi users unencrypted traffic can be intercepted by these MITM attacks.
Session Hijacking Attack
Web applications are rapidly eclipsing desktop application installs. However, each web application has an exposure to Session Hijacking not present on a desktop installed software product. Learn all about this attack vector with online applications at CyberHoot.com.
Buffer Overflow Attack
Online applications that allow for password logins, database searches, and forms completion will need to validate the input they allow to prevent excessive input data that could overflow the system buffers receiving such inputs. Otherwise, code can be injected to run on these systems through these missing input validation coding errors as buffers overflow.
HMAC Authentication
HMAC Authentication is short for Hash-Based Message Authentication Code, a strategy used to verify the integrity and authenticity of a message. This strategy is different from other authenticaton methods in …
Credential Stuffing
When hackers are in possession of a large set of usernames and passwords, they perform credential stuffing attacks on popular websites, slowly enough to evade failed password login monitoring solutions. Over time they will amass a treasure trove of compromised credentials which they can sell on the dark web for a tidy profit or they can use those credentials to cause significant damage to the original account holder.
Password Salting
Passwords are toxic data. They require very careful handling to avoid a major security incident from taking your company down. Salting and hashing those passwords recursively is critical to your application authentication success. Learn more about this at CyberHoot.com.
Commercial Off-The-Shelf (COTS)
Commercial Off-The-Shelf (COTS) in cybersecurity is a computer hardware or software product made for nearly any user because it is available to the general public for purchase. COTS products are …
Anti-Malware
Anti-Malware is a solution that maintains computer security and protects sensitive data that is transmitted by a network or stored on local devices. Anti-malware tools employ signature based scanning strategies …
Safe Links | URL Protection | Link Protection
Links in email can lead to malicious websites that push malware to your computer or attempt to steal your credentials when you visit a look-alike website that prompts for a familiar looking login. To address this risk, Anti=SPAM email security gateways and providers have implemented a URL rewrite technique to proxy connections to these websites after inspection by the Vendor reveals them to be safe. This technology is called by many different names including: Safe Links (Microsoft), URL Protection (Mimecast), and Link Protection (Great Horn).
End-Of-Life (EOL) – End-Of-Support (EOS)
End-of-Life (EOL)/End-of-Support(EOS) describe the final stage of a product’s lifecycle. Once a product reaches EOL/EOS, developers stop updating and patching the product and it is no longer maintained. Software development …
Remote Monitoring and Management (RMM)
Remote Monitoring and Management (RMM) is a set of Information Technology (IT) tools that are installed into client workstations and servers. RMM tools gather information on installed applications, hardware performance, …
Monthly Recurring Revenue (MRR)
Monthly Recurring Revenue (MRR) is the most important topic for Managed Service Providers (MSPs). MRR is the lifeblood of MSPs and services they can bring into their portfolio of service …
Data Classification
Data Classification is about categorizing data into buckets to make it easier to retrieve, restrict access to, and protect. Data classification is important for businesses protect data according to its …
Contact Tracing
Contact Tracing is a medical term which describes a process used to identify, trace, and contact people potentially exposed to highly a infection contagion such as the Coronavirus in highly …
