Government Targeted Phobos Ransomware Attacks Warning by CISA Phobos Overview Phobos Delivery Methods Ransomware Event Damages Top 10 Mitigations to Prevent Ransomware Attacks Phobos Conclusions Overview: The Cybersecurity and Infrastructure Security Agency (CISA) drafted a report on the Phobos ransomware which has been targeting state and local governments of late. Phobos ransomware, is a sophisticated ransomware that leverages is spread via phishing emails and open RDP ports. It’s available in multiple versions on the dark web forsale.  Once infected, it delivers devastating attacks ..read more

In the ever-evolving landscape of cybersecurity threats, phishing remains one of the most prevalent and effective threats we face. Cybercriminals use it to infiltrate systems and steal sensitive information. However, as organizations build their defenses against traditional email-based phishing attacks, cybercriminals are adapting their tactics. The emergence of a new phishing kit that leverages SMS and voice communication channels has companies scrambling. The Emergence of SMS and Voice-Based Phishing Recent reports have highlighted the development of a sophisticated phishing kit designed ..read more

In today’s digital landscape, where cyber threats loom large and data breaches are rampant, ensuring robust cybersecurity measures is vital for businesses of all sizes. However, implementing effective cybersecurity practices can often seem daunting and complex. Fortunately, there are five relatively straightforward steps that organizations can take to significantly enhance their cybersecurity defenses. 1.) Train Employees using an LMS: One of the weakest links in any cybersecurity strategy is human error. In fact, 90% of breaches can be tied back to human error. Employees may inadvertently ..read more

In the world of cybersecurity, the role of superusers – those with elevated privileges within an organization’s network – is crucial yet vulnerable. While much attention has been given to protecting these accounts in large enterprises, small to medium-sized businesses (SMBs) and managed service providers (MSPs) supporting companies of 100 users or less often face unique challenges in this regard. Traditionally, the management of superuser access has been divided between Privileged Access Management (PAM) and Identity Management (IdM) solutions. However, for SMBs and MSPs, bridging the gap b ..read more

In today’s digital landscape, deepfake cybercrime presents a pressing threat demanding attention from SMBs and MSPs. The recent incident in Hong Kong unveils the concerning reality of this dangerous technology. Understanding Deepfake Technology Deepfakes, powered by AI algorithms, create convincing multimedia content, making individuals appear to say or do things they never did. These sophisticated manipulations often blend elements from various sources seamlessly, rendering them difficult to detect with the naked eye. For SMBs and MSPs, understanding the intricacies of deepfake technology ..read more

Introduction: The Importance of Cybersecurity Recently, Microsoft faced a cyberattack by Russian hackers, exposing sensitive email data. This incident isn’t just a concern for large corporations. This breach also provides valuable lessons for Small to Medium-sized Businesses (SMBs) and Managed Service Providers (MSPs). Understanding this breach and all it implies will help you safeguard your MSP or SMB from the attacks you face each and every day. Let’s dive into the risks you face. Understanding Your Risks Cyberattacks are not limited to big companies. Hackers target any organization, large ..read more

CyberHoot, a leader in cybersecurity awareness training, today announced the launch of its newest service, HootPhish. This revolutionary service replaces negative attack-based phish tests with positive and educational phishing simulations. Innovative Training Approach HootPhish leverages positive reinforcement training, completely eliminating the negative reinforcement training deeply embedded in attack-based phishing. Users learn how to identify seven potential phishing indicators throughout the simulation by examining hyper-realistic phishing simulations. Attack-phishing tests what users ..read more

CyberHoot recently blogged about scams involving peer-to-peer payment apps. Hackers impersonate family members on social media or marketplaces, tricking people into erroneous payments. Following this blog article, CyberHoot learned of two more mobile phone-based cash app scams growing in popularity. Firstly, we’ll discuss the “Erroneous Payment and Refund” scam. Then, we’ll explore the “Emergency Phone Borrowing” scam. Finally, we offer suggestions for protecting yourself from these cash app scams. Scam #1: Accidental Payment Refund Scam Hackers infiltrate cash app accounts, draining funds ..read more

Introduction The integration of Artificial Intelligence (AI) into cybersecurity threat and response solutions will revolutionize cybersecurity.  Initially this will be limited to governments and large enterprises. However, this technology will eventually trickle down to Managed Service Providers (MSPs) and Small to Medium Sized Businesses (SMBs). Hackers are already embracing AI to attack us.  We will likely need to embrace AI to defend ourselves.  The road to adoption will require active participation by MSPs and SMBs.  This article explores the how AI is playing a trans ..read more

Zelle payment scams are surging in this peer-to-peer payment service. These financial scams employ social engineering to deceive victims into voluntarily sending money to fraudsters. The problem is worsened because many users don’t realize they have Zelle access via their online banking, making them more susceptible to this fraud. In contrast to typical fraud involving unauthorized transactions, Zelle (and other P2P) scams trick victims into approving the payments themselves, often making reimbursement challenging or impossible. Now that you know there is substantial fraud in P2P payment se ..read more