Link to newsletter: https://cyberhoot.com/newsletters/cyberhoot-newsletter-november-2021/
‘Tis The Season To Be Smished
The holiday shopping season means big business for retailers around the world, but it unfortunately also means big business for hackers. The reasoning is, people tend to be on the lookout for various package delivery emails, lowering their guard when potential phishing emails arrive. Hackers know this and are already on the move with their holiday scams.
CyberHoot’s 3-2-1 Backup Guide
As the number of areas where data is stored increases, the concept of following a 3-2-1 Backup Strategy is often forgotten. While you can’t prevent every compromise of your company’s data, you can have a backup plan that protects you from data-loss events.
Monero – The New Crypto For Hackers
The FBI successfully breached a bitcoin cryptocurrency wallet held by Colonial Pipeline hackers by tracing its public blockchain and recovered 85% of the ransom payment. With Bitcoin now ‘traceable’ some hackers are retooling ransomware to use a privacy-enhanced cryptocurrency called Monero Coin.
U.S. Water and Wastewater Systems Cyber Breach
The Cybersecurity and Infrastructure Agency (CISA) released an alert on cyber threats to U.S. water treatment systems. They highlighted five incidents between 2019 and 2021. These facilities provide clean water to communities around the country.
Gift Card Fraud
Hackers' success with ransomware has shifted our focus away from other common cybersecurity attacks, including Gift Card scams. However, these other scams have not gone away entirely. The US DoJ announced this week an indictment of four gift card scammers who held 5000+ fraudulently obtained gift cards.
Apple AirTag Attack
Apple’s AirTag is a tracking device that can track nearly any valuable so users don’t lose them. Tags are frequently put on their Keys, Cars, and Pets. Apple’s ‘Find My’ iPhone App can help track them. Unfortunately, cybersecurity experts have now documented privacy abuses of hackers using airtags to track people and more.
Meet Our Newest vCISO
"Raf Boquetti has over 15 years of cybersecurity responsibilities including end-to-end architecture, implementation, maintenance, leadership, and service delivery including Endpoint Protection, Network Security, Identity and Access Management, as well as many other cybersecurity technologies. During his cybersecurity career, Raf has worked at Computer Sciences Corporation supporting several Fortune 500 businesses, and more recently, Deloitte, Touche, and Tohmatsu Limited supporting their network of member firms as their Intrusion Detection & Prevention Service Manager. Raf has joined CyberHoot as one of our virtual Chief Information Security Officers and is excited to share his knowledge, diligence, and expertise assisting and protecting CyberHoot's vCISO clients." - RAFAEL BOQUETTI - vCISO | CyberHoot
CyberHoot's Cybersecurity Awareness Month Vlog Series
Each day in October, CyberHoot published a short interview with its Co-founder Craig Taylor. These interviews were conducted by our partner Mindwhirl and were designed to improve people’s cybersecurity awareness during October’s Cybersecurity Awareness Month. Check out CyberHoot’s VLOG and social media pages (links below) to see what we published, and dive into specific videos to hear some sound advice for any SMB or MSP owner.
Days 1-31
Software as a Service (SaaS) — Day 1 of Cybersecurity Awareness Month
Password Managers — Day 2 of Cybersecurity Awareness Month
Passwords — Day 3 of Cybersecurity Awareness Month
Two-Factor Authentication — Day 4 of Cybersecurity Awareness Month
Phishing Attacks — Day 5 of Cybersecurity Awareness Month
Ransomware — Day 6 of Cybersecurity Awareness Month
Social Engineering — Day 7 of Cybersecurity Awareness Month
Smishing & Vishing — Day 8 of Cybersecurity Awareness Month
Spear-Phishing & Whaling — Day 9 of Cybersecurity Awareness Month
Disinformation — Day 10 of Cybersecurity Awareness Month
Physical Security — Day 11 of Cybersecurity Awareness Month
USB Drives & Charging Cables — Day 12 of Cybersecurity Awareness Month
Wi-Fi Security Risks — Day 13 of Cybersecurity Awareness Month
Importance of Patching — Day 14 of Cybersecurity Awareness Month
Vulnerability Alert Management Process (VAMP) — Day 15 of Cybersecurity Awareness Month
Incident Management Process — Day 16 of Cybersecurity Awareness Month
Social Media Risks — Day 17 of Cybersecurity Awareness Month
Mobile Device Security — Day 18 of Cybersecurity Awareness Month
Risk Assessments Importance — Day 19 of Cybersecurity Awareness Month
Hackers — Day 20 of Cybersecurity Awareness Month
Dark Web Exposures — Day 21 of Cybersecurity Awareness Month
Business Email Compromise (BEC) — Day 22 of Cybersecurity Awareness Month
Preventing Identity Theft — Day 23 of Cybersecurity Awareness Month
Privacy Regulations — Day 24 of Cybersecurity Awareness Month
CIA of Data Protection — Day 25 of Cybersecurity Awareness Month
Cybersecurity Policy Importance — Day 26 of Cybersecurity Awareness Month
Least Privilege — Day 27 of Cybersecurity Awareness Month
Benefits of Encryption — Day 28 of Cybersecurity Awareness Month
Vulnerability & Penetration Testing — Day 29 of Cybersecurity Awareness Month
vCISO, Why Do I Need One? — Day 30 of Cybersecurity Awareness Month
Cyber Insurance — Day 31 of Cybersecurity Awareness Month
In addition to these VLOGs, CyberHoot posted valuable infographics, outlining various vital security topics to help users in their personal and professional life. If you would like to download your own personal Cybersecurity Awareness Month graphics, visit https://cyberhoot.com/cybersecurity-awareness-month/ to get your 31 days of infographics!
Also, check out our Vlog partner Mindwhirl’s blog to stay on top of your marketing and cybersecurity news!
Cybrary Term of the Month
Out-Of-Band (OOB) Patch
An Out-Of-Band (OOB) Patch is a security update released outside of a normal patching release window. Microsoft, for example, releases patches on the second Tuesday of each month, called Patch Tuesday. Any Microsoft update or security patch released outside the second Tuesday of the month is considered an OOB patch.
The typical reason Microsoft releases an OOB patch is the widespread, in-the-wild, exploitation of a software vulnerability by hackers. A zero-day exploit will often become an OOB patch. All OOB patches should be taken seriously; your organization should take action immediately to review and plan your remediation.
Check out our full Cybrary with 700+ Cybersecurity Definitions
No comments:
Post a Comment