CYREBRO Insights

Cybersecurity and Data Protection Laws: US Healthcare Businesses

Ordinary American businesses are legally obligated to tell consumers when there has been a data breach but are not obligated to have cybersecurity protection in place. However, healthcare organizations are not ordinary businesses. Because they deal with protected health information (PHI), healthcare organizations are subject to special cybersecurity and data privacy rules pertaining only to…

  • Voicenter Data Breach

    Voicenter Data Breach

    On September 19th, Voicenter became a victim of a Data Breach and a Ransomware attack. On September 21st, the attackers began leaking stolen data to the public. According to the attackers, they are in possession of 15 Terabytes of data related to Voicenter and ~8,000 of their clients. This information consists of names, emails, phone…

  • Apple Patches 4 RCE Vulnerabilities in Safari, VMware Patches Critical vCenter Server RCE, NETGEAR Patches Critical RCE in 11 Routers

    Apple Patches 4 RCE Vulnerabilities in Safari, VMware Patches Critical vCenter Server RCE, NETGEAR Patches Critical RCE in 11 Routers

    Please note this CTI alert contains 3 Sections – Apple’s Safari, VMware, and NETGEAR vulnerabilities  Apple Patches 4 RCE Vulnerabilities in Safari Apple has released a security update to address 4 Remote Code Execution vulnerabilities in Safari. The patches are available for macOS Big Sur and macOS Catalina.  The Vulnerabilities CVE-2021-30846 CVE-2021-30848 CVE-2021-30849 CVE-2021-30851 All…

  • ICYMI: How to Harden Your Security Posture by Maximizing Your Existing Security Tools (Webinar)

    ICYMI: How to Harden Your Security Posture by Maximizing Your Existing Security Tools (Webinar)

    Security professionals need to be laser-focused on strengthening their security posture, but with huge attack surfaces and a multitude of ever-advancing threats, the challenge can sometimes seem insurmountable. However, by using the right tools coupled with a deep understanding of their most valuable business assets, security teams can create a winning strategy that protects their…

  • More (Security) Tools, More Problems: How Many Security Solutions Do You Really Need?

    More (Security) Tools, More Problems: How Many Security Solutions Do You Really Need?

    It seems like new cyber security threats emerge just about every day. When a potential threat hits the news cycle, security teams feel a sense of urgency to spring into action and purchase a new tool that can protect against the threat. That behavior leads us to where most teams find themselves today: inundated with…

  • How to Choose Cyber Security Tools That Won’t Get You Fired 

    How to Choose Cyber Security Tools That Won’t Get You Fired 

    You’ve heard the old saying, “Don’t bring a knife to a gunfight.” Of course, that can apply to so many situations, but it’s incredibly poignant for cyber security professionals. The criminals you’re up against have advanced weaponry. You need to have the same level of tools or ones that are even better if you want…

  • Critical Vulnerability in Microsoft Azure Cosmos DB

    Critical Vulnerability in Microsoft Azure Cosmos DB

    Microsoft has fixed a critical vulnerability affecting Azure Cosmos DB. Azure Cosmos DB is a globally distributed and fully managed NoSQL database service. The vulnerability The vulnerability gives any Azure user full admin access (read, write, delete) to another customer’s Cosmos DB instances without authorization. The vulnerability has a trivial exploit that doesn’t require any…

  • Cybersecurity and Data Protection Laws: US Healthcare Businesses

    Cybersecurity and Data Protection Laws: US Healthcare Businesses

    Ordinary American businesses are legally obligated to tell consumers when there has been a data breach but are not obligated to have cybersecurity protection in place. However, healthcare organizations are not ordinary businesses. Because they deal with protected health information (PHI), healthcare organizations are subject to special cybersecurity and data privacy rules pertaining only to…

  • More (Security) Tools, More Problems: How Many Security Solutions Do You Really Need?

    More (Security) Tools, More Problems: How Many Security Solutions Do You Really Need?

    It seems like new cyber security threats emerge just about every day. When a potential threat hits the news cycle, security teams feel a sense of urgency to spring into action and purchase a new tool that can protect against the threat. That behavior leads us to where most teams find themselves today: inundated with…

  • Six months later: Key takeaways from the SolarWinds Supply Chain Attack 

    Six months later: Key takeaways from the SolarWinds Supply Chain Attack 

    Last year’s SolarWinds supply chain attack shook the security world. Hundreds of private businesses, many of them Fortune 500 companies, and several US agencies, including the Pentagon, Homeland Security, the Treasury, and the State Department, were all victims as they all use SolarWinds’ Orion system.   The scope of this attack and the fact that hackers…

  • Ransomware Explained (Part 1): What is it and how to prevent it

    Ransomware Explained (Part 1): What is it and how to prevent it

    The rise of ransomware attacks over the past decade has been nothing short of meteoric. Like other forms of malware, ransomware has been in existence for decades and generally poses a threat to all your personal and company devices and data. What makes up a ransomware attack? Why is it potentially one of the most feared cyber-attack types…

  • The Many Costs of Cyber-Attacks on SMBs

    The Many Costs of Cyber-Attacks on SMBs

    How much money can your business afford to lose if it becomes the victim of a cyber-attack?  If you think this question will never apply to your business, then think again. Twenty-three percent of small businesses and 43% of businesses overall were targeted by cyber-attacks in 2020, according to a study commissioned by specialist insurer Hiscox of businesses in the United States and seven other countries.  The average financial cost of cyber-attacks…

  • How to Predict Attacks Using an Interactive SOC Platform in the Cloud

    How to Predict Attacks Using an Interactive SOC Platform in the Cloud

    In 2020, businesses lost nearly $18,000 every minute due to phishing scams. Cyberattacks can result in downtime, data breaches, and revenue losses. As threats increase, companies have to take a proactive, preventative approach to protect their data and livelihoods.  What Are the Most Common Cyber-Attacks? A cyber attack is an attempt by a hacker to…

  • ICYMI: How to Harden Your Security Posture by Maximizing Your Existing Security Tools (Webinar)

    ICYMI: How to Harden Your Security Posture by Maximizing Your Existing Security Tools (Webinar)

    Security professionals need to be laser-focused on strengthening their security posture, but with huge attack surfaces and a multitude of ever-advancing threats, the challenge can sometimes seem insurmountable. However, by using the right tools coupled with a deep understanding of their most valuable business assets, security teams can create a winning strategy that protects their…

  • How to Choose Cyber Security Tools That Won’t Get You Fired 

    How to Choose Cyber Security Tools That Won’t Get You Fired 

    You’ve heard the old saying, “Don’t bring a knife to a gunfight.” Of course, that can apply to so many situations, but it’s incredibly poignant for cyber security professionals. The criminals you’re up against have advanced weaponry. You need to have the same level of tools or ones that are even better if you want…

  • Why breadth of experience is critical in your cybersecurity provider

    Why breadth of experience is critical in your cybersecurity provider

    If there’s one thing we’ve learned from our vast experience in cybersecurity, it’s that cybercriminals don’t discriminate: for the most part they are not looking at location or even industry in their attacks, rather holes to climb through for a breach.   Like many target-driven professions (if we can call cybercrime a profession), cybercriminals look for the path of least…

  • Questions to Ask Your Incident Response Provider

    Questions to Ask Your Incident Response Provider

    It is said that somebody once asked Robert Baden-Powell, the founder of the worldwide Scout movement, what he meant when he coined the motto “Be Prepared.” “Be prepared for what?” the person asked. “Why, for any old thing,” responded Baden-Powell. What Baden-Powell meant by this was that we must always be prepared for whatever challenges…

  • Ransomware Explained (Part 2): What is it and how to prevent it

    Ransomware Explained (Part 2): What is it and how to prevent it

    Ransomware attacks are all too common in the cyber world. As such, understanding what they are is critical, and can be found here. The next step is to understand the measures to implement to protect yourself from ransomware, as outlined below. Here are some specific tips for preventing or mitigating ransomware attacks in 2021. Back…

  • The 7 Steps to Effective Incident Response

    The 7 Steps to Effective Incident Response

    Cybercriminals have been around for as long as the Internet, and they are becoming bolder and more sophisticated with each passing day.  Yet incredibly, the majority of businesses are still not ready to respond to cyberattacks or breach events, according to a recent FireEye survey of 800 chief information security officers and other senior executives from around the world.  In a recent study by the Ponemon Institute,…

  • Top Value Added Distributor, Infinigate, Strengthens Cyber Solutions with Selection of CYREBRO’s SOC Platform

    Top Value Added Distributor, Infinigate, Strengthens Cyber Solutions with Selection of CYREBRO’s SOC Platform

    Europe’s top value-added distributor has selected CYREBRO’s interactive cloud-based platform to provide an easy to implement, cost-effective solution to MS(S)Ps across Europe MUNICH, GERMANY and TEL AVIV, ISRAEL — AUGUST 10, 2021 – CYREBRO, the only interactive SOC platform solution for SMBs, today announced that Infinigate, Europe’s largest purveyor of cybersecurity solutions, will be using…

  • Nadav Arbel of CYREBRO Named Finalist for Top 10 Cybersecurity Expert for 2021 by Cyber Defense Magazine

    Nadav Arbel of CYREBRO Named Finalist for Top 10 Cybersecurity Expert for 2021 by Cyber Defense Magazine

    TEL AVIV, ISRAEL — AUGUST 2, 2021 – CYREBRO, the only interactive SOC platform solution for SMBs, today announced that CEO and co-founder Nadav Arbel has been named a Finalist in the Top 10 Cybersecurity Experts for 2021 category at the Black Unicorn Awards for 2021 which take place annually at the Black Hat USA…

  • What Every Business Needs to Know About Social Engineering, Phishing, and Passwords

    What Every Business Needs to Know About Social Engineering, Phishing, and Passwords

    There are multiple types of cyberattacks – many of which are very sophisticated, often because of the technology they use. But more often, the kind of attack that leaves the biggest impact on its victims – emotionally and psychologically, is the one that is not necessarily driven by sophisticated technology, and often appears to be…

  • The SMB’s Guide to Large Enterprise-Like Cybersecurity

    The SMB’s Guide to Large Enterprise-Like Cybersecurity

    The cyberattacks that are launched on large enterprises are the ones that tend to grab the big headlines because of the big numbers involved with their colossal impact. Just from the past year, we had: SolarWinds: compromising 250 federal agencies and businesses Twitter: 130 users hit including high profile accounts such as those of Joe Biden, Barak Obama, Elon Musk, Jeff Bezos,…

  • What’s the Best Cyber Security Approach for Your Small-to-Medium Business?

    What’s the Best Cyber Security Approach for Your Small-to-Medium Business?

    A close look at the pros and cons of SIEM, MSSP, MDR, and SOCaaS Think cyber criminals only target large enterprises? If you answered yes, you’re not alone. Nearly 70% of small-to-medium businesses (SMBs) are not worried about getting hacked, mostly because they don’t think they have the resources that hackers typically seek out, whether…

  • We Are CYREBRO and This Is How We Are Revolutionizing Cybersecurity Operations

    We Are CYREBRO and This Is How We Are Revolutionizing Cybersecurity Operations

    When we first established our company, our goal was clear. We were on a mission to provide strategic support to Fortune 500 companies by helping them optimize their cybersecurity posture. Our way to do this was to leverage our team’s real-world experiences and deep domain expertise in cyber-forensics investigations, IR, and ethical hacking to provide…

  • Voicenter Data Breach

    Voicenter Data Breach

    On September 19th, Voicenter became a victim of a Data Breach and a Ransomware attack. On September 21st, the attackers began leaking stolen data to the public. According to the attackers, they are in possession of 15 Terabytes of data related to Voicenter and ~8,000 of their clients. This information consists of names, emails, phone…

  • Apple Patches 4 RCE Vulnerabilities in Safari, VMware Patches Critical vCenter Server RCE, NETGEAR Patches Critical RCE in 11 Routers

    Apple Patches 4 RCE Vulnerabilities in Safari, VMware Patches Critical vCenter Server RCE, NETGEAR Patches Critical RCE in 11 Routers

    Please note this CTI alert contains 3 Sections – Apple’s Safari, VMware, and NETGEAR vulnerabilities  Apple Patches 4 RCE Vulnerabilities in Safari Apple has released a security update to address 4 Remote Code Execution vulnerabilities in Safari. The patches are available for macOS Big Sur and macOS Catalina.  The Vulnerabilities CVE-2021-30846 CVE-2021-30848 CVE-2021-30849 CVE-2021-30851 All…

  • Critical Vulnerability in Microsoft Azure Cosmos DB

    Critical Vulnerability in Microsoft Azure Cosmos DB

    Microsoft has fixed a critical vulnerability affecting Azure Cosmos DB. Azure Cosmos DB is a globally distributed and fully managed NoSQL database service. The vulnerability The vulnerability gives any Azure user full admin access (read, write, delete) to another customer’s Cosmos DB instances without authorization. The vulnerability has a trivial exploit that doesn’t require any…

  • F5 Patches High Severity RCE Vulnerability in BIG-IP

    F5 Patches High Severity RCE Vulnerability in BIG-IP

    As part of F5’s monthly security advisory, a high severity Remote Code Execution vulnerability affecting ALL BIG-IP modules was patched.  Additionally, F5 has disclosed multiple other vulnerabilities affecting BIG-IP and BIG-IQ products.  For the full list of addressed vulnerabilities and mitigations, review the full F5 Monthly Security Advisory.  The Vulnerability CVE-2021-23025 (CVSSv3: 7.2, High)  An authenticated remote command execution…

  • Cisco: Critical RCE Vulnerability in Small Business Routers

    Cisco: Critical RCE Vulnerability in Small Business Routers

    Cisco has published a Security Advisory regarding a Critical Remote Code Execution vulnerability affecting several Cisco Small Business Routers. The vulnerability is remotely exploitable without requiring authentication and allows attackers to remotely execute commands and arbitrary code or to trigger a denial-of-service on vulnerable devices.  The Vulnerability CVE-2021-34730 (CVSS 3.1: 9.8, Critical) A vulnerability in…

  • Fortinet FortiWeb OS Zero-Day RCE

    Fortinet FortiWeb OS Zero-Day RCE

    A zero-day command injection vulnerability has been found in Fortinet FortiWeb Web Application Firewall (WAF).  The Vulnerability OS command injection vulnerability in FortiWeb’s management interface can allow a remote, authenticated attacker to execute arbitrary commands on the system, via the SAML server configuration page.  An attacker can leverage this vulnerability to take complete control of the affected device, with…

Sign Up for Updates