Passwordless Authentication + Enhanced Online Security = Passkeys In today’s online world, the trusty password is facing an existential crisis. With cyber threats evolving at an alarming rate, relying solely on passwords for online security is like leaving the front door of your house not just unlocked, but wide open, overnight! As technology advances, so must our approach to protecting our online selves. This article explores the growing adoption of Passkeys, why they are more secure, and who’s using them. The Problem with Passwords Let’s face it: passwords are inherently flawed. They’re of ..read more

“CyberHoot’s Newsletter has been on a brief hiatus as we focused on critical product improvements, finished 2024 strategic planning, and addressed performance improvements.  This newsletter is chock full of cyber news, contains a new section on recently added features, and a video interview of Craig on crazy hacking stories he’s experienced. We hope you enjoy this newsletter and stay tuned for monthly newsletters throughout 2024.”  – – Craig March 2024 The Evolution of Phishing: SMS and Voice-Based Attacks The Latest Trends in Phishing Attacks: Phishing attacks are evolving to ..read more

Lessons Learned from the Change Healthcare Breach A recent cyberattack has put “a substantial proportion of people in America’s” healthcare records at risk of exposure. Change Healthcare, which is part of UnitedHealth Group, got hit by a ransomware attack on February 21. This caused hospitals and pharmacies all over the United States to revert to paper records. For days and weeks as they were unable to verify medical claims. This incident is not an isolated event.  It is a wake-up call on the importance of fostering a strong cybersecurity culture in every company.  The stakes for c ..read more

Understanding, Defending, and Defeating a Stealthy Cyber Threat In today’s ever-changing world of cybersecurity, it feels like there’s always something new to watch out for. Staying knowledgeable is crucial to keeping ourselves safe. One of the latest threats causing a stir is Latrodectus. It’s not only hard to say, it’s also hard to detect; it’s clever, sneaky, and poses a real threat to both people and businesses. In this article we dive into the world of Latrodectus, uncover how it operates, and most importantly, learn how to avoid it entirely. What is Latrodectus? Latrodectus is a sophis ..read more

Protecting Against Deceptive Cyber Threats In the vast interconnected world we live in, where any single click can lead to malware and compromise, being aware, is being secure. Recently, a cunning attack has re-surfaced: ads masquerading as a NordVPN software product promotion on Bing.  CyberHoot originally reported Malvertising attacks like this back in Oct. 2023. Learning what happened here, and in previous attacks, will help protect you from similar online threats you face. Understanding the Threat The ad in question lured users with promises of NordVPN services, a reputable Virtual ..read more

Government Targeted Phobos Ransomware Attacks Warning by CISA Phobos Overview Phobos Delivery Methods Ransomware Event Damages Top 10 Mitigations to Prevent Ransomware Attacks Phobos Conclusions Overview: The Cybersecurity and Infrastructure Security Agency (CISA) drafted a report on the Phobos ransomware which has been targeting state and local governments of late. Phobos ransomware, is a sophisticated ransomware that leverages is spread via phishing emails and open RDP ports. It’s available in multiple versions on the dark web forsale.  Once infected, it delivers devastating attacks ..read more

In the ever-evolving landscape of cybersecurity threats, phishing remains one of the most prevalent and effective threats we face. Cybercriminals use it to infiltrate systems and steal sensitive information. However, as organizations build their defenses against traditional email-based phishing attacks, cybercriminals are adapting their tactics. The emergence of a new phishing kit that leverages SMS and voice communication channels has companies scrambling. The Emergence of SMS and Voice-Based Phishing Recent reports have highlighted the development of a sophisticated phishing kit designed ..read more

In today’s digital landscape, where cyber threats loom large and data breaches are rampant, ensuring robust cybersecurity measures is vital for businesses of all sizes. However, implementing effective cybersecurity practices can often seem daunting and complex. Fortunately, there are five relatively straightforward steps that organizations can take to significantly enhance their cybersecurity defenses. 1.) Train Employees using an LMS: One of the weakest links in any cybersecurity strategy is human error. In fact, 90% of breaches can be tied back to human error. Employees may inadvertently ..read more

In the world of cybersecurity, the role of superusers – those with elevated privileges within an organization’s network – is crucial yet vulnerable. While much attention has been given to protecting these accounts in large enterprises, small to medium-sized businesses (SMBs) and managed service providers (MSPs) supporting companies of 100 users or less often face unique challenges in this regard. Traditionally, the management of superuser access has been divided between Privileged Access Management (PAM) and Identity Management (IdM) solutions. However, for SMBs and MSPs, bridging the gap b ..read more

In today’s digital landscape, deepfake cybercrime presents a pressing threat demanding attention from SMBs and MSPs. The recent incident in Hong Kong unveils the concerning reality of this dangerous technology. Understanding Deepfake Technology Deepfakes, powered by AI algorithms, create convincing multimedia content, making individuals appear to say or do things they never did. These sophisticated manipulations often blend elements from various sources seamlessly, rendering them difficult to detect with the naked eye. For SMBs and MSPs, understanding the intricacies of deepfake technology ..read more