Category: Company

  • A Smart SOC in space – Protecting the Millennium Falcon

    A Smart SOC in space – Protecting the Millennium Falcon

    If the title of this blog post grabbed your attention on May the 4th, of all days, then you probably need no introduction to the Star Wars franchise and its’ iconic starship the Millennium Falcon. But just in case you’ve been living under the remnants of the planet Alderaan since its destruction by the first…

  • Malicious NPM packages – an increasingly popular vector

    Malicious NPM packages – an increasingly popular vector

    Cybersecurity is a complicated circular pattern. Tools, strategies, and methodologies are constantly evolving to protect more expansive attack surfaces. At the same time, hackers develop new attack vectors at unprecedented rates. Round and round it goes with no end in sight.  Companies are often aware of massive cyberattacks that land in the headlines of major…

  • REvil TOR sites back in action with new ransomware (RaaS) operations 

    REvil TOR sites back in action with new ransomware (RaaS) operations 

    Has REvil re-emerged? That’s the question on everyone’s mind and the topic that’s got the cyber community talking. After months of silence, REvil, the infamous presumed Russian-based ransomware gang, seems to be back online as of last week, with a new leak site promoted on RuTOR. The hacker group’s old site, Happy Blog, has returned,…

  • The 7 Stages of a Ransomware Kill Chain 

    The 7 Stages of a Ransomware Kill Chain 

    In the first major battle of the America Civil War at Bull Run, nearby residents gathered on the hill overlooking where that battle was to take place with picnic baskets and opera glasses to witness the battle and cheer their side to victory. They ended up fleeing in terror. For those without any military experience,…

  • Improve your network security by eliminating blind spots 

    Improve your network security by eliminating blind spots 

    Spaghetti and meatballs. Batman and Robin. Peanut butter and jelly. Notice a theme? Well, here are two other pairs that go together as clearly as these, but you might be less familiar with: cybersecurity and visibility, and threat actors, and vulnerabilities. Cybersecurity threats are at an all-time high as threat actors are ruthless and willing…

  • Utilizing SOC Infrastructure vs MDR – an MSSP perspective

    Utilizing SOC Infrastructure vs MDR – an MSSP perspective

    The constant headlines concerning the latest attacks on companies across the industry spectrum serve as constant reminders of the importance of cybersecurity. Digital transformation alone is not enough. You must secure that digital environment, and it’s something that even SMBs have come to realize all too well. Unfortunately, most SMBs lack the technology stack, talent,…

  • Improve your network security by eliminating blind spots 

    Improve your network security by eliminating blind spots 

    Spaghetti and meatballs. Batman and Robin. Peanut butter and jelly. Notice a theme? Well, here are two other pairs that go together as clearly as these, but you might be less familiar with: cybersecurity and visibility, and threat actors, and vulnerabilities. Cybersecurity threats are at an all-time high as threat actors are ruthless and willing…

  • Ransomware Myths SMBs Need to Be Familiar With

    Ransomware Myths SMBs Need to Be Familiar With

    Ransomware attacks are skyrocketing so quickly alarm bells should be going off at every company. No one is safe, and experts predict 2022 will be a devastating year for ransomware attacks. This should come as no surprise, as attackers these days don’t even need to write their own ransomware code. They can launch an attack…

  • Multitenancy – Why it’s crucial for MSSPs

    Multitenancy – Why it’s crucial for MSSPs

    Today, more SMBs are acknowledging that they are prime targets for hackers. As they know they lack the internal resources to hire an entire staff of cyber experts, they are turning to managed security service providers (MSSPs) for support.  That makes this an exciting and opportune time for MSSPs to grow but managing multiple clients…

  • Ransomware – It’s all about the Benjamins

    Ransomware – It’s all about the Benjamins

    It was Ott Biederman, an accountant for American organized crime back at the turn of the 19th century that originally issued the famous immortal line, “Nothing personal, its just business.” That is what ransomware is today – just business. While there are occasional ransomware attacks initiated by state-sponsored groups to bring down the operations of…

  • How Cyber Resiliency is Weakened by Organizational Struggles

    How Cyber Resiliency is Weakened by Organizational Struggles

    We all know cybercrime is a major threat to businesses, but how much are internal issues impeding your organization’s ability to defend itself? Cyber resiliency is defined as the ability to anticipate, withstand, recover from, and adapt to adverse conditions, stresses, attacks, or compromises on systems that use or are enabled by cyber resources, according…

  • The Evolution of Merging Cybersecurity into Operations

    The Evolution of Merging Cybersecurity into Operations

    How many times do you hear reference being made to the Chief Operating Officer of a company? Certainly, the CEO garners most of the attention as they are the figure head and recognized leader of the company. The CFO receives credit for the financial reporting of the company every earnings season and the CIO or…

  • Cybersecurity and Data Protection Laws: US Financial Services and Insurance Firms

    Cybersecurity and Data Protection Laws: US Financial Services and Insurance Firms

    Federal and state legislation say surprisingly little about how ordinary American businesses should manage their cybersecurity. However, financial services and insurance firms are not ordinary businesses. Because of their tendency to deal with sensitive personal data such as social security numbers, bank accounts and tax records, financial services and insurance firms are subject to a…

  • Cybersecurity and Data Protection Laws: US Healthcare Businesses

    Cybersecurity and Data Protection Laws: US Healthcare Businesses

    Ordinary American businesses are legally obligated to tell consumers when there has been a data breach but are not obligated to have cybersecurity protection in place. However, healthcare organizations are not ordinary businesses. Because they deal with protected health information (PHI), healthcare organizations are subject to special cybersecurity and data privacy rules pertaining only to…

  • Six months later: Key takeaways from the SolarWinds supply chain attack 

    Six months later: Key takeaways from the SolarWinds supply chain attack 

    Last year’s SolarWinds supply chain attack shook the security world. Hundreds of private businesses, many of them Fortune 500 companies, and several US agencies, including the Pentagon, Homeland Security, the Treasury, and the State Department, were all victims as they all use SolarWinds’ Orion system.   The scope of this attack and the fact that hackers…

  • Colonial Pipeline Ransomware Attack: Lessons For SOC Operators

    Colonial Pipeline Ransomware Attack: Lessons For SOC Operators

    Background Earlier this month, Colonial Pipeline — the largest pipeline system for refined oil production in the U.S. — suffered a ransomware attack that resulted in the closure of one of the largest U.S. pipelines. As a result of the attack, the pipeline operator was forced to temporarily halt all pipeline operations resulting in massive…

  • Two Emerging Vector Trends

    Two Emerging Vector Trends

    Life is never dull for cybersecurity teams, but we’ve seen an increase in two types of threat vectors during the first half of 2021. Reports of the recent Codecov Bash Uploaded security breach is an example of a supply chain attack, while common vulnerabilities and exposures (CVE) have shown up in increased frequency at Apple,…

  • Zerologon and How to Detect It Like A Pro

    Zerologon and How to Detect It Like A Pro

    You’ve probably already heard about the Zerologon vulnerability (aka CVE-2020-1472) but in case you haven’t, here is what it is in a nutshell; and more importantly here are our insights on how to detect it. Zerologon is a critical vulnerability scored CVSS10.0 by Microsoft, essentially allowing an adversary to exploit the Netlogon Remote Protocol (MS-NRPC) aimed at…

  • How Can a Cloud-Based SOC Help You Detect Internal Threats?

    How Can a Cloud-Based SOC Help You Detect Internal Threats?

    Businesses worldwide are continuously at risk from external threats which are looking for a way in, be it by phishing or vulnerabilities. Once they enter your infrastructure or software, they can then use it to pivot and move into sensitive data, stealing it, or destroying it to obtain a profit. Internal threats have increased rapidly…

  • 5 Types of Cybersecurity Your Organization Needs

    5 Types of Cybersecurity Your Organization Needs

    Businesses don’t often compare themselves to nations, but they have at least one important thing in common – the need to handle threats across multiple spheres or environments. Nations must be on constant alert to security threats from land, air, sea, space and – increasingly – cyberspace. Depending on the complexity of your cyber infrastructure,…

  • Proactive vs. Reactive Cybersecurity

    Proactive vs. Reactive Cybersecurity

    Many businesses already spend a great deal on cybersecurity but are still inadequately prepared, and the solution often lies in their general approach. Reactive and proactive cybersecurity follow different approaches and offer unique benefits, and these two approaches also require different processes and tools to maximize cybersecurity.   Which of these security approaches is more effective for your business?…

  • User Submission Processes: How To Do It Right

    User Submission Processes: How To Do It Right

    If given a choice between doing something that took a lot of time and effort for what you perceive as very little payoff or just skipping the task altogether, which would you choose? Although we’d all like to think we’d buckle down and do the work, the truth is that most people wouldn’t, particularly if…

  • Employee Insights: The Skills Needed To Analyze Phishing Campaigns

    Employee Insights: The Skills Needed To Analyze Phishing Campaigns

    Phishing Campaigns Are No Match For Analysts With These Skills   Phishing campaigns are all too common these days. A look back at 2020 showed that 75% of companies globally suffered from an attack. In the United States, 74% of attacks were successful, a 14% increase from 2019, proving bad actors are getting smarter and using…

  • Implement These 5 Strategies To Create a Cyber Smart Company

    Implement These 5 Strategies To Create a Cyber Smart Company

    Cyber security is a top concern for every company. As the CISO, leading the charge to keep your company secure from hackers and attacks falls squarely on your shoulders, but it’s certainly not a job you can do on your own. Security and the measures your company takes to remain as secure as possible are…

  • ICYMI: How to Harden Your Security Posture by Maximizing Your Existing Security Tools (Webinar)

    ICYMI: How to Harden Your Security Posture by Maximizing Your Existing Security Tools (Webinar)

    Security professionals need to be laser-focused on strengthening their security posture, but with huge attack surfaces and a multitude of ever-advancing threats, the challenge can sometimes seem insurmountable. However, by using the right tools coupled with a deep understanding of their most valuable business assets, security teams can create a winning strategy that protects their…

  • 5 Commonly Overlooked Signs of a Hack

    5 Commonly Overlooked Signs of a Hack

    There are security system rules configurations that can indicate these threats, so if you see any one of these, there is a good chance that your system has been compromised somewhere along the way. Someone else is reading your emails! (The Windows Outlook Hack) If you use Microsoft Outlook for your emails, your emails can…

  • We Are CYREBRO and This Is How We Are Revolutionizing Cybersecurity Operations

    We Are CYREBRO and This Is How We Are Revolutionizing Cybersecurity Operations

    When we first established our company, our goal was clear. We were on a mission to provide strategic support to Fortune 500 companies by helping them optimize their cybersecurity posture. Our way to do this was to leverage our team’s real-world experiences and deep domain expertise in cyber-forensics investigations, IR, and ethical hacking to provide…

Sign Up for Updates