Category: Company
-
Blog – Cybertech TLV 2023 – AI & Cloud & Regulations, Oh My!
Despite the stormy weather, Cybertech TLV 2023 drew in cybersecurity experts and leaders from around the world, gathering in Tel Aviv to share ideas, present solutions, discuss current and future trends, and provide valuable insights into the challenges and opportunities facing the industry. What came as no surprise was the main issue of combating the…
-
The Risks of Poor Patch Management
We all neglect things we know we shouldn’t, like a yearly physical with a healthcare provider. When the time rolls around, you tell yourself you’ll make an appointment when you’re less busy, that you feel fine so there’s no need, or concoct another story that lets you put off what you know you shouldn’t. While…
-
How Attackers are Exploiting Cloud Misunderstandings
The cloud has become a hot destination in recent years. It’s what helped launch the paradigm of digital transformation that has changed how business is conducted. It has changed the role of IT, pushing IT teams to evolve and develop new skill sets and strategies. The cloud has allowed companies to achieve greater scalability, agility,…
-
$100K vs. $150M – From Ransom to Clean Up
For a CEO, CISO, or a security professional, nothing instigates a wave of panic like receiving a dreaded message such as “Your files have been encrypted” with a link that reveals a ransom demand. However, sometimes what is most feared – the ransom demand – is not the financial punch that hurts the most. Often,…
-
The Benefits of Choosing a Reliable MSSP (Part 2 of 2)
Businesses are facing an uphill battle when it comes to cybersecurity. The number of threat actors is multiplying daily, as are their skills and attacks. Simultaneously, security leaders, already dealing with staff and skills shortages, must do more with lower budgets. How can a business amp up its security in such turbulent times? In a…
-
The Benefits of Choosing a Reliable MSSP (Part 1 of 2)
The last few years have put SMBs in a precarious position, and it doesn’t appear as though their situation will ease any time soon. Current inflation rates and a looming recession have forced many to tighten their belts and reevaluate how their budgets are distributed across different departments. In the wake of several years of…
-
AI Assistant, Friend, Foe, or Demigod?
When the telephone was first marketed, many predicted it to be a failure as it was assumed that people wouldn’t want to give others a way to bypass their front door and invade the privacy of their home. Despite the plethora of time-saving appliances and gadgets introduced and acquired over the years; people still complain…
-
The Risks of Poor Patch Management
We all neglect things we know we shouldn’t, like a yearly physical with a healthcare provider. When the time rolls around, you tell yourself you’ll make an appointment when you’re less busy, that you feel fine so there’s no need, or concoct another story that lets you put off what you know you shouldn’t. While…
-
How Attackers are Exploiting Cloud Misunderstandings
The cloud has become a hot destination in recent years. It’s what helped launch the paradigm of digital transformation that has changed how business is conducted. It has changed the role of IT, pushing IT teams to evolve and develop new skill sets and strategies. The cloud has allowed companies to achieve greater scalability, agility,…
-
$100K vs. $150M – From Ransom to Clean Up
For a CEO, CISO, or a security professional, nothing instigates a wave of panic like receiving a dreaded message such as “Your files have been encrypted” with a link that reveals a ransom demand. However, sometimes what is most feared – the ransom demand – is not the financial punch that hurts the most. Often,…
-
How to Prevent the Cybersecurity Talent Gap from Slowing You Down
Nearly every type of business has had to contend with staffing shortages of some type over the past few years. Talent that is in demand is hard to find, and it’s especially true in cybersecurity. Unfortunately, the lack of cybersecurity professionals in the field today presents greater challenges than just filling job openings. The Consequences…
-
CYREBRO’s Most Popular Articles from 2022 – Year End Wrap-up
It’s been three years since COVID first made headlines, and although we’ve come a long way since then, some of our pandemic-coping strategies have become commonplace. For example, the shift to remote work has been embraced by employees who report they have a better work-life balance and are happier, more productive, and more engaged in their work.…
-
RansomWar in Costa Rica – Conti Ransomware Gang Attacks
Conti, one of today’s most prolific and profitable ransomware groups, launched an initial cyberattack against Costa Rica in mid-April. In recent weeks, the Russian-speaking Conti gang, or possibly an associated group called Hive, have stepped up the attacks and expanded the assault. After Costa Rica refused to pay the initial $10 million ransom or the…
-
Eternity Malware-as-a-Service: A Modular Tool Kit for Threat Actors
An unknown threat actor is selling a new malware toolkit called Eternity Project. Cybercriminals can buy stealers, clippers, worms, miners, ransomware, and DDoS Bots for a few hundred dollars each. What’s most notable about this malware-as-a-service (MaaS) is that in addition to being available on a TOR website, the hacker behind it is brazenly promoting…
-
REvil TOR sites back in action with new ransomware (RaaS) operations
Has REvil re-emerged? That’s the question on everyone’s mind and the topic that’s got the cyber community talking. After months of silence, REvil, the infamous presumed Russian-based ransomware gang, seems to be back online as of last week, with a new leak site promoted on RuTOR. The hacker group’s old site, Happy Blog, has returned,…
-
Lapsus$ Breaches Okta to Reach Customers’ Sensitive Data
Lapsus$ Breaches Okta to Reach Customers’ Sensitive Data Traced back to January of this year, Okta, a publicly traded identity and access management company announced yesterday that it has been impacted by a cyber-attack claimed by the data extortion group Lapsus$. Okta and Lapsus$ disagree regarding the success of the breach, while companies like Cloudflare…
-
Threat Actors Using Omicron COVID-19 Phishing Lures
Over the last few weeks, threat actors have been launching phishing scams which leverage people’s fears and anxieties over the Omicron COVID-19 variant. The scams either inject the Dridex banking malware into a victim’s computer or other malware that collects passwords, credentials, and personal or financial data. Informing all employees about the threat is the…
-
Log4Shell hits big players with critical 0-day exploit
[Last updated Dec. 19, 2021] A recently discovered Log4j vulnerability (Log4Shell, CVE-2021-44228) in the Apache utility that allows unauthenticated remote code execution (RCE) and server take over is said to be exploited in the wild. Due to how widely used the Apache tool is, affecting companies such as Amazon, Apple, Cisco, Steam, Tesla, Twitter, and many…
-
The Functionality of a SOC in a Red Team vs. Blue Team Exercise
Cybersecurity is a critical component of every business around the world, regardless of size or industry, with the SOC being a key component during the detection and incident response phase. Red Team vs. Blue Team Cybersecurity in a Nutshell The Blue Team stands at the core of Cybersecurity. The foundational elements established in the Blue…
-
How Can a Cloud-Based SOC Help You Detect Internal Threats?
Businesses worldwide are continuously at risk from external threats which are looking for a way in, be it by phishing or vulnerabilities. Once they enter your infrastructure or software, they can then use it to pivot and move into sensitive data, stealing it, or destroying it to obtain a profit. Internal threats have increased rapidly…
-
Cybersecurity Awareness Month – CYREBRO’s Awareness Insights
In many fields, including cybersecurity, common wisdom does not always translate into common practice. The majority of the data breaches that have occurred in recent years are not the result of the failure of some cutting-edge artificial intelligence firewall or of the discovery of a critical zero-day exploit. In most cases, a data breach is…
-
Common Entry Points #5 – External Vendors
Tag, you’re it! That infamous saying may remind you of your childhood, but it’s also applicable to the never-ending game threat actors play. They hunt around looking for unsuspecting victims who simply haven’t paid attention to their security gaps and left their organization’s vulnerabilities unaddressed. With just a tap, hackers can deliver the same deadly…
-
Common Entry Points #4 – RDSH
If there is a weak point in your IT environment, it’s only a matter of time before a threat actor exploits it. So far, our series of “Common Entry Points” has scrutinized ITaaS (IT-as-a-Service), VPNs, and unpatched and obsolete OSS, all based on real incidents CYREBRO has dealt with. Now, we’ll look at another common…
-
Common Entry Points #3 – Unpatched & Obsolete Operating Systems
Military strategy is about knowing where an opponent’s weak points are and how to take advantage of them. It is the same concept for cyberattacks. External threat actors don’t bide their time chipping away at strong defenses. Instead, they exploit known vulnerabilities such as unpatched operating systems. A single unpatched OS can be the entry…
-
Common Entry Points #2 – VPN
In our last Common Entry Points post, we discussed how ITaaS can be a major weak link, providing bad actors entry into an infrastructure. Another common but often overlooked entry point for attackers is a business’s virtual private network (VPN). Work from home and bring your own device (BYOD) policies have led to expanded attack…
-
Common Entry Points #1 – ITaaS (IT as a Service) Part 2
Assessing the weak links in your company network is an important part of cybersecurity. The people that sit behind the computer keyboards make up some of the weakest links, as there are always a small minority of users that will click on just about anything embedded or attached in an email despite being warned about…
-
CISO Series Podcast Featuring CYREBRO’s CTO, Ori Arbel – What’s Next in Security?
In this episode of CISO Series, we CYREBRO’s CTO, Ori Arbel, discussing the latest cybersecurity trends with the show hosts, cybersecurity journalist, David Spark, and veteran CISO, Andy Ellis. From the start of COVID and the cloud migration rush that followed, to practical tips to help improve incident response planning, the group discusses how to…
-
Women: A Powerful Part of Any Cybersecurity Company
On March 8th, our company will proudly celebrate International Women’s Day. While this year’s theme, Break the Bias, applies to women in every professional field and country, we find it particularly relevant to the cybersecurity industry. Gender bias has gone on for too long. Many women haven’t been given the recognition and opportunities they deserve. …
-
Top Value Added Distributor, Infinigate, Strengthens Cyber Solutions with Selection of CYREBRO’s SOC Platform
Europe’s top value-added distributor has selected CYREBRO’s interactive cloud-based platform to provide an easy to implement, cost-effective solution to MS(S)Ps across Europe MUNICH, GERMANY and TEL AVIV, ISRAEL — AUGUST 10, 2021 – CYREBRO, the only interactive SOC platform solution for SMBs, today announced that Infinigate, Europe’s largest purveyor of cybersecurity solutions, will be using…
-
Nadav Arbel of CYREBRO Named Finalist for Top 10 Cybersecurity Expert for 2021 by Cyber Defense Magazine
TEL AVIV, ISRAEL — AUGUST 2, 2021 – CYREBRO, the only interactive SOC platform solution for SMBs, today announced that CEO and co-founder Nadav Arbel has been named a Finalist in the Top 10 Cybersecurity Experts for 2021 category at the Black Unicorn Awards for 2021 which take place annually at the Black Hat USA…
-
We Are CYREBRO and This Is How We Are Revolutionizing Cybersecurity Operations
When we first established our company, our goal was clear. We were on a mission to provide strategic support to Fortune 500 companies by helping them optimize their cybersecurity posture. Our way to do this was to leverage our team’s real-world experiences and deep domain expertise in cyber-forensics investigations, IR, and ethical hacking to provide…