CYREBRO Insights

Cisco Patches Critical and High Severity RCE Vulnerabilities in VPN Routers

Cisco has released updates addressing 3 pre-auth security vulnerabilities affecting VPN routers. The vulnerabilities are remotely exploitable without requiring authentication and allow attackers to remotely execute commands and arbitrary code or to trigger a denial-of-service on vulnerable devices.  The Vulnerabilities CVE-2021-1609 (CVSS 3.1: 9.8, Critical) A vulnerability in the web-based management interface of Cisco Small…

  • Google Patches RCE Vulnerability in the New Chrome Update Release

    Google Patches RCE Vulnerability in the New Chrome Update Release

    Google has released Chrome Version 92.0.4515.131 for Windows, Mac and Linux. The update patches 10 vulnerabilities, including a high severity vulnerability which may lead to Remote Code Execution on the affected system. The Remote Code Execution Vulnerability CVE-2021-30590 (High Severity) A sandbox escape vulnerability that can be “exploited in combination with an extension or a…

  • Six months later: Key takeaways from the SolarWinds Supply Chain Attack 

    Six months later: Key takeaways from the SolarWinds Supply Chain Attack 

    Last year’s SolarWinds supply chain attack shook the security world. Hundreds of private businesses, many of them Fortune 500 companies, and several US agencies, including the Pentagon, Homeland Security, the Treasury, and the State Department, were all victims as they all use SolarWinds’ Orion system.   The scope of this attack and the fact that hackers…

  • Nadav Arbel of CYREBRO Named Finalist for Top 10 Cybersecurity Expert for 2021 by Cyber Defense Magazine

    Nadav Arbel of CYREBRO Named Finalist for Top 10 Cybersecurity Expert for 2021 by Cyber Defense Magazine

    TEL AVIV, ISRAEL — AUGUST 2, 2021 – CYREBRO, the only interactive SOC platform solution for SMBs, today announced that CEO and co-founder Nadav Arbel has been named a Finalist in the Top 10 Cybersecurity Experts for 2021 category at the Black Unicorn Awards for 2021 which take place annually at the Black Hat USA…

  • The 7 Steps to Effective Incident Response

    The 7 Steps to Effective Incident Response

    Cybercriminals have been around for as long as the Internet, and they are becoming bolder and more sophisticated with each passing day.  Yet incredibly, the majority of businesses are still not ready to respond to cyberattacks or breach events, according to a recent FireEye survey of 800 chief information security officers and other senior executives from around the world.  In a recent study by the Ponemon Institute,…

  • Apple fixes Exploited-in-the-Wild macOS Big Sur Privileged Arbitrary Code Execution Zero-Day Vulnerability

    Apple fixes Exploited-in-the-Wild macOS Big Sur Privileged Arbitrary Code Execution Zero-Day Vulnerability

    Apple has released a security update to address an exploited-in-the-wild zero-day vulnerability which allows for Privileged Arbitrary Code Execution.  The vulnerability affects macOS Big Sur, iOS and iPadOS. (See Affected Products for affected versions)  Apple did not publish details regarding the attacks or attackers that have exploited this vulnerability.  The Vulnerability CVE-2021-30807  An application may be able…

  • Apple releases MacOS and Safari updates, patching multiple Remote and local Arbitrary Code Execution vulnerabilities

    Apple releases MacOS and Safari updates, patching multiple Remote and local Arbitrary Code Execution vulnerabilities

    Apple has released updates to MacOS Big Sur, Catalina, and Mojave, as well as the Safari browser.   The updates fix a Remote Code Execution vulnerability in Big Sur’s libxml2 library, and multiple Arbitrary Code Execution vulnerabilities affecting the products.  Apple Security Advisories macOS Big Sur 11.5 – 1 Remote Code Execution and 17 Arbitrary Code Execution vulnerabilities fixed.  Security Update…

  • Six months later: Key takeaways from the SolarWinds Supply Chain Attack 

    Six months later: Key takeaways from the SolarWinds Supply Chain Attack 

    Last year’s SolarWinds supply chain attack shook the security world. Hundreds of private businesses, many of them Fortune 500 companies, and several US agencies, including the Pentagon, Homeland Security, the Treasury, and the State Department, were all victims as they all use SolarWinds’ Orion system.   The scope of this attack and the fact that hackers…

  • Ransomware Explained (Part 1): What is it and how to prevent it

    Ransomware Explained (Part 1): What is it and how to prevent it

    The rise of ransomware attacks over the past decade has been nothing short of meteoric. Like other forms of malware, ransomware has been in existence for decades and generally poses a threat to all your personal and company devices and data. What makes up a ransomware attack? Why is it potentially one of the most feared cyber-attack types…

  • The Many Costs of Cyber-Attacks on SMBs

    The Many Costs of Cyber-Attacks on SMBs

    How much money can your business afford to lose if it becomes the victim of a cyber-attack?  If you think this question will never apply to your business, then think again. Twenty-three percent of small businesses and 43% of businesses overall were targeted by cyber-attacks in 2020, according to a study commissioned by specialist insurer Hiscox of businesses in the United States and seven other countries.  The average financial cost of cyber-attacks…

  • Honoring the Fathers (and Mothers) of Cybersecurity on July 4th

    Honoring the Fathers (and Mothers) of Cybersecurity on July 4th

    The United States of America would never have existed (at least not in the way we know it) if not for the contributions of a small group of visionaries we know as the Founding Fathers. These men – John Adams, Benjamin Franklin, Alexander Hamilton, John Jay, Thomas Jefferson, James Madison, George Washington, and a host…

  • The 5 Top Challenges for DevSecOps to Address

    The 5 Top Challenges for DevSecOps to Address

    It’s said that crime rises in times of social and economic upheaval, and this is certainly the case for cybercrime. In a 2020 survey by VMware Carbon Black, 90% of security professionals reported an increase in the volume of cyberattacks and 80% said attacks had become more sophisticated. A recent study by Cybersecurity Ventures concluded…

  • 13 Questions to Ask your SOC provider

    13 Questions to Ask your SOC provider

    As cyber-attacks have become more frequent and complex, there has been a surge in the number of Security Operations Center SOC platforms specializing in threat hunting and incident response.  The SOC market is projected to grow from $471 million in 2020 to $1.656 billion by 2025, at a compound annual growth rate of 28.6% during…

  • The 7 Steps to Effective Incident Response

    The 7 Steps to Effective Incident Response

    Cybercriminals have been around for as long as the Internet, and they are becoming bolder and more sophisticated with each passing day.  Yet incredibly, the majority of businesses are still not ready to respond to cyberattacks or breach events, according to a recent FireEye survey of 800 chief information security officers and other senior executives from around the world.  In a recent study by the Ponemon Institute,…

  • Don’t Get Hooked by a Phishing Scam

    Don’t Get Hooked by a Phishing Scam

    After a brief decline in 2019, phishing attacks spiked again in 2020. Last year, they were so prevalent that one in every 4,200 emails was a phishing scam. Businesses lost approximately $17,700 every minute due to a phishing attack. Research from the FBI’s Internet Crime Complaint Center found that phishing (including vishing, SMiShing, and pharming) was one of the biggest cyber threats,…

  • Will Your Endpoint Security Stand the Test During the Remote Working Revolution

    Will Your Endpoint Security Stand the Test During the Remote Working Revolution

    Modern organizations use multiple connected devices to conduct their business, including intelligent printers, appliances, BYOD cellphones and tablets, and more. Following the pandemic, 1 in 4 Americans will work from home in 2021 and beyond. Technology has made it easy to connect remotely from anywhere around the globe, and employees are plugging their devices in…

  • Best Practices for Improving Cloud Incident Response in 2021

    Best Practices for Improving Cloud Incident Response in 2021

    According to a recent report, 75% of enterprises are concerned about the security of their cloud assets, data, and systems.  With the average global cost of a data breach coming in at $3.86 million, it has never been more important to be able to detect, prevent, and resolve incidents as effectively and as quickly as possible.  But doing so can be very challenging.…

  • Protecting Your Network Without an Internal Cyber Team

    Protecting Your Network Without an Internal Cyber Team

    It can be challenging for businesses to stay on top of their cybersecurity. They feel that their relative anonymity protects them from hackers who are looking to break into Fortune 500 networks and financial institutions. Unfortunately, hackers view their sites as ready-made training grounds.   Disruptions caused by hackers can harm sales, interfere with operations, and corrupt or expose data. Consumers…

  • 7 Challenges That Stand in the Way of Your Compliance Efforts

    7 Challenges That Stand in the Way of Your Compliance Efforts

    Ensuring cybersecurity compliance can be cumbersome (and a pain), but if you don’t do it, it can literally cost you your business. There are hundreds of controls, and numerous requirements imposed by multiple regulatory bodies and private industry groups. What’s more, organizations with global operations must face the additional and major challenge of having to…

  • Nadav Arbel of CYREBRO Named Finalist for Top 10 Cybersecurity Expert for 2021 by Cyber Defense Magazine

    Nadav Arbel of CYREBRO Named Finalist for Top 10 Cybersecurity Expert for 2021 by Cyber Defense Magazine

    TEL AVIV, ISRAEL — AUGUST 2, 2021 – CYREBRO, the only interactive SOC platform solution for SMBs, today announced that CEO and co-founder Nadav Arbel has been named a Finalist in the Top 10 Cybersecurity Experts for 2021 category at the Black Unicorn Awards for 2021 which take place annually at the Black Hat USA…

  • What Every Business Needs to Know About Social Engineering, Phishing, and Passwords

    What Every Business Needs to Know About Social Engineering, Phishing, and Passwords

    There are multiple types of cyberattacks – many of which are very sophisticated, often because of the technology they use. But more often, the kind of attack that leaves the biggest impact on its victims – emotionally and psychologically, is the one that is not necessarily driven by sophisticated technology, and often appears to be…

  • The SMB’s Guide to Large Enterprise-Like Cybersecurity

    The SMB’s Guide to Large Enterprise-Like Cybersecurity

    The cyberattacks that are launched on large enterprises are the ones that tend to grab the big headlines because of the big numbers involved with their colossal impact. Just from the past year, we had: SolarWinds: compromising 250 federal agencies and businesses Twitter: 130 users hit including high profile accounts such as those of Joe Biden, Barak Obama, Elon Musk, Jeff Bezos,…

  • What’s the Best Cyber Security Approach for Your Small-to-Medium Business?

    What’s the Best Cyber Security Approach for Your Small-to-Medium Business?

    A close look at the pros and cons of SIEM, MSSP, MDR, and SOCaaS Think cyber criminals only target large enterprises? If you answered yes, you’re not alone. Nearly 70% of small-to-medium businesses (SMBs) are not worried about getting hacked, mostly because they don’t think they have the resources that hackers typically seek out, whether…

  • We Are CYREBRO and This Is How We Are Revolutionizing Cybersecurity Operations

    We Are CYREBRO and This Is How We Are Revolutionizing Cybersecurity Operations

    When we first established our company, our goal was clear. We were on a mission to provide strategic support to Fortune 500 companies by helping them optimize their cybersecurity posture. Our way to do this was to leverage our team’s real-world experiences and deep domain expertise in cyber-forensics investigations, IR, and ethical hacking to provide…

  • Why Mastering Cyber Incident Response Is a Must

    Why Mastering Cyber Incident Response Is a Must

    Every SMB Is at Risk “What you may not know, however, is that small to mid-sized businesses (SMBs) are frequent targets of destructive cyberattacks, many of which can be crippling.” (Forbes) There’s no getting around it. Sooner or later your organization will get hit by a cyber attack… if it hasn’t been already. If you believe that you’re not big…

  • Cisco Patches Critical and High Severity RCE Vulnerabilities in VPN Routers

    Cisco Patches Critical and High Severity RCE Vulnerabilities in VPN Routers

    Cisco has released updates addressing 3 pre-auth security vulnerabilities affecting VPN routers. The vulnerabilities are remotely exploitable without requiring authentication and allow attackers to remotely execute commands and arbitrary code or to trigger a denial-of-service on vulnerable devices.  The Vulnerabilities CVE-2021-1609 (CVSS 3.1: 9.8, Critical) A vulnerability in the web-based management interface of Cisco Small…

  • Google Patches RCE Vulnerability in the New Chrome Update Release

    Google Patches RCE Vulnerability in the New Chrome Update Release

    Google has released Chrome Version 92.0.4515.131 for Windows, Mac and Linux. The update patches 10 vulnerabilities, including a high severity vulnerability which may lead to Remote Code Execution on the affected system. The Remote Code Execution Vulnerability CVE-2021-30590 (High Severity) A sandbox escape vulnerability that can be “exploited in combination with an extension or a…

  • Apple fixes Exploited-in-the-Wild macOS Big Sur Privileged Arbitrary Code Execution Zero-Day Vulnerability

    Apple fixes Exploited-in-the-Wild macOS Big Sur Privileged Arbitrary Code Execution Zero-Day Vulnerability

    Apple has released a security update to address an exploited-in-the-wild zero-day vulnerability which allows for Privileged Arbitrary Code Execution.  The vulnerability affects macOS Big Sur, iOS and iPadOS. (See Affected Products for affected versions)  Apple did not publish details regarding the attacks or attackers that have exploited this vulnerability.  The Vulnerability CVE-2021-30807  An application may be able…

  • Apple releases MacOS and Safari updates, patching multiple Remote and local Arbitrary Code Execution vulnerabilities

    Apple releases MacOS and Safari updates, patching multiple Remote and local Arbitrary Code Execution vulnerabilities

    Apple has released updates to MacOS Big Sur, Catalina, and Mojave, as well as the Safari browser.   The updates fix a Remote Code Execution vulnerability in Big Sur’s libxml2 library, and multiple Arbitrary Code Execution vulnerabilities affecting the products.  Apple Security Advisories macOS Big Sur 11.5 – 1 Remote Code Execution and 17 Arbitrary Code Execution vulnerabilities fixed.  Security Update…

  • Cisco patches Firepower Device Manager On-Box Software RCE vulnerability

    Cisco patches Firepower Device Manager On-Box Software RCE vulnerability

    Cisco patched a Remote Code Execution vulnerability in the Cisco Firepower Device Manager On-Box Software. The vulnerability only affects Cisco FDM On-Box Software.  The Vulnerability CVE-2021-1518 (CVSS 3.1: 6.3 Medium)  A vulnerability in the REST API of Cisco Firepower Device Manager (FDM) On-Box Software, which due to insufficient sanitization of user input on specific REST API commands could…

  • Google Chrome Patches 7 Vulnerabilities, one of which is an Exploited-in-the-Wild, Critical Arbitrary Code Execution Zero-Day

    Google Chrome Patches 7 Vulnerabilities, one of which is an Exploited-in-the-Wild, Critical Arbitrary Code Execution Zero-Day

    Google has released a new Chrome update, patching 1 actively exploited arbitrary code execution zero-day vulnerability and 6 additional ones. The updated Chrome version is 91.0.4472.164 and is relevant to Windows, Mac, and Linux. 6 out of the patched vulnerabilities are classified by Google as of high severity. The actively exploited Arbitrary Code Execution Zero-Day…

Sign Up for Updates