Category: Cyber News

  • Common Entry Points #4 – RDSH

    Common Entry Points #4 – RDSH

    If there is a weak point in your IT environment, it’s only a matter of time before a threat actor exploits it. So far, our series of “Common Entry Points” has scrutinized ITaaS (IT-as-a-Service), VPNs, and unpatched and obsolete OSS, all based on real incidents CYREBRO has dealt with. Now, we’ll look at another common…

  • CYREBRO’s Fraud Analysis Sheds Light on How to Fight Against BEC and Fraud

    CYREBRO’s Fraud Analysis Sheds Light on How to Fight Against BEC and Fraud

    Fraud is nothing new and has existed well before the world wide web came into play. But with constant digital transformations and advancements in technology, it’s expected that fraud too will evolve and shift, becoming ever more dangerous and complex. Con artists continue to keep up with security trends, including digital resources, content, and organizational…

  • The New Phishing Method That Bypasses MFA

    The New Phishing Method That Bypasses MFA

    Security experts, including our team at CYREBRO, tout the benefits of using multi-factor authentication (MFA) for an added layer of security. While that is still sound advice, recent research shows that a new phishing technique, which steals authentication cookies through Microsoft Edge WebView2 applications, can render MFA useless if people don’t take other precautions. Discovering…

  • Prisoners Dilemma – How Undisclosed Cyberattacks Put Us All at Risk 

    Prisoners Dilemma – How Undisclosed Cyberattacks Put Us All at Risk 

    According to the Wall Street Journal, an estimated 90 percent of cyber incidents at public companies went undisclosed in regulatory filings in 2018. That means that despite the habitual headlines we read concerning cyberattacks today, it’s only the tip of the iceberg. In fact, the practice of companies remaining quiet about such incidents has a…

  • Common Entry Points #3 – Unpatched & Obsolete Operating Systems

    Common Entry Points #3 – Unpatched & Obsolete Operating Systems

    Military strategy is about knowing where an opponent’s weak points are and how to take advantage of them. It is the same concept for cyberattacks. External threat actors don’t bide their time chipping away at strong defenses.  Instead, they exploit known vulnerabilities such as unpatched operating systems. A single unpatched OS can be the entry…

  • CYREBRO’s IR Analysis – Visibility Gaps and How to Eliminate Them

    CYREBRO’s IR Analysis – Visibility Gaps and How to Eliminate Them

    Today, the question isn’t if your company will suffer from a security incident, it’s when.  A few years ago, a shocking statistic came to light when CYREBRO analyzed internal incident response (IR) reports: 75% of reported security incidents were caused by inadequate investment in security solutions that caused blind spots in network visibility.  Unearthing that…

  • Common Entry Points #4 – RDSH

    Common Entry Points #4 – RDSH

    If there is a weak point in your IT environment, it’s only a matter of time before a threat actor exploits it. So far, our series of “Common Entry Points” has scrutinized ITaaS (IT-as-a-Service), VPNs, and unpatched and obsolete OSS, all based on real incidents CYREBRO has dealt with. Now, we’ll look at another common…

  • CYREBRO’s Fraud Analysis Sheds Light on How to Fight Against BEC and Fraud

    CYREBRO’s Fraud Analysis Sheds Light on How to Fight Against BEC and Fraud

    Fraud is nothing new and has existed well before the world wide web came into play. But with constant digital transformations and advancements in technology, it’s expected that fraud too will evolve and shift, becoming ever more dangerous and complex. Con artists continue to keep up with security trends, including digital resources, content, and organizational…

  • Prisoners Dilemma – How Undisclosed Cyberattacks Put Us All at Risk 

    Prisoners Dilemma – How Undisclosed Cyberattacks Put Us All at Risk 

    According to the Wall Street Journal, an estimated 90 percent of cyber incidents at public companies went undisclosed in regulatory filings in 2018. That means that despite the habitual headlines we read concerning cyberattacks today, it’s only the tip of the iceberg. In fact, the practice of companies remaining quiet about such incidents has a…

  • Common Entry Points #3 – Unpatched & Obsolete Operating Systems

    Common Entry Points #3 – Unpatched & Obsolete Operating Systems

    Military strategy is about knowing where an opponent’s weak points are and how to take advantage of them. It is the same concept for cyberattacks. External threat actors don’t bide their time chipping away at strong defenses.  Instead, they exploit known vulnerabilities such as unpatched operating systems. A single unpatched OS can be the entry…

  • Common Entry Points #2 – VPN

    Common Entry Points #2 – VPN

    In our last Common Entry Points post, we discussed how ITaaS can be a major weak link, providing bad actors entry into an infrastructure. Another common but often overlooked entry point for attackers is a business’s virtual private network (VPN). Work from home and bring your own device (BYOD) policies have led to expanded attack…

  • Common Entry Points #1 – ITaaS (IT as a Service) Part 2 

    Common Entry Points #1 – ITaaS (IT as a Service) Part 2 

    Assessing the weak links in your company network is an important part of cybersecurity. The people that sit behind the computer keyboards make up some of the weakest links, as there are always a small minority of users that will click on just about anything embedded or attached in an email despite being warned about…

  • Lapsus$ Breaches Okta to Reach Customers’ Sensitive Data

    Lapsus$ Breaches Okta to Reach Customers’ Sensitive Data

    Lapsus$ Breaches Okta to Reach Customers’ Sensitive Data Traced back to January of this year, Okta, a publicly traded identity and access management company announced yesterday that it has been impacted by a cyber-attack claimed by the data extortion group Lapsus$. Okta and Lapsus$ disagree regarding the success of the breach, while companies like Cloudflare…

  • Threat Actors Using Omicron COVID-19 Phishing Lures

    Threat Actors Using Omicron COVID-19 Phishing Lures

    Over the last few weeks, threat actors have been launching phishing scams which leverage people’s fears and anxieties over the Omicron COVID-19 variant. The scams either inject the Dridex banking malware into a victim’s computer or other malware that collects passwords, credentials, and personal or financial data. Informing all employees about the threat is the…

  • Log4Shell hits big players with critical 0-day exploit

    Log4Shell hits big players with critical 0-day exploit

    [Last updated Dec. 19, 2021] A recently discovered Log4j vulnerability (Log4Shell, CVE-2021-44228) in the Apache utility that allows unauthenticated remote code execution (RCE) and server take over is said to be exploited in the wild. Due to how widely used the Apache tool is, affecting companies such as Amazon, Apple, Cisco, Steam, Tesla, Twitter, and many…

  • Cybersecurity and Data Protection Laws: US Financial Services and Insurance Firms

    Cybersecurity and Data Protection Laws: US Financial Services and Insurance Firms

    Federal and state legislation say surprisingly little about how ordinary American businesses should manage their cybersecurity. However, financial services and insurance firms are not ordinary businesses. Because of their tendency to deal with sensitive personal data such as social security numbers, bank accounts and tax records, financial services and insurance firms are subject to a…

  • Cybersecurity and Data Protection Laws: US Healthcare Businesses

    Cybersecurity and Data Protection Laws: US Healthcare Businesses

    Ordinary American businesses are legally obligated to tell consumers when there has been a data breach but are not obligated to have cybersecurity protection in place. However, healthcare organizations are not ordinary businesses. Because they deal with protected health information (PHI), healthcare organizations are subject to special cybersecurity and data privacy rules pertaining only to…

  • Six months later: Key takeaways from the SolarWinds supply chain attack 

    Six months later: Key takeaways from the SolarWinds supply chain attack 

    Last year’s SolarWinds supply chain attack shook the security world. Hundreds of private businesses, many of them Fortune 500 companies, and several US agencies, including the Pentagon, Homeland Security, the Treasury, and the State Department, were all victims as they all use SolarWinds’ Orion system.   The scope of this attack and the fact that hackers…

  • How Can a Cloud-Based SOC Help You Detect Internal Threats?

    How Can a Cloud-Based SOC Help You Detect Internal Threats?

    Businesses worldwide are continuously at risk from external threats which are looking for a way in, be it by phishing or vulnerabilities. Once they enter your infrastructure or software, they can then use it to pivot and move into sensitive data, stealing it, or destroying it to obtain a profit. Internal threats have increased rapidly…

  • Happy Holidays? Not if Hackers Have Their Way

    Happy Holidays? Not if Hackers Have Their Way

    Cybercriminals are savvy, calculating, and methodical. Like any good thief, they do their homework, investigating potential targets, stalking them to track habits, and identifying weak entry points. They are also patient, waiting for the perfect time to launch an attack. Attackers hit the hardest when defenses are at their lowest. More often than not, that…

  • 5 Types of Cybersecurity Your Organization Needs

    5 Types of Cybersecurity Your Organization Needs

    Businesses don’t often compare themselves to nations, but they have at least one important thing in common – the need to handle threats across multiple spheres or environments. Nations must be on constant alert to security threats from land, air, sea, space and – increasingly – cyberspace. Depending on the complexity of your cyber infrastructure,…

  • Proactive vs. Reactive Cybersecurity

    Proactive vs. Reactive Cybersecurity

    Many businesses already spend a great deal on cybersecurity but are still inadequately prepared, and the solution often lies in their general approach. Reactive and proactive cybersecurity follow different approaches and offer unique benefits, and these two approaches also require different processes and tools to maximize cybersecurity.   Which of these security approaches is more effective for your business?…

  • User Submission Processes: How To Do It Right

    User Submission Processes: How To Do It Right

    If given a choice between doing something that took a lot of time and effort for what you perceive as very little payoff or just skipping the task altogether, which would you choose? Although we’d all like to think we’d buckle down and do the work, the truth is that most people wouldn’t, particularly if…

  • Employee Insights: The Skills Needed To Analyze Phishing Campaigns

    Employee Insights: The Skills Needed To Analyze Phishing Campaigns

    Phishing Campaigns Are No Match For Analysts With These Skills   Phishing campaigns are all too common these days. A look back at 2020 showed that 75% of companies globally suffered from an attack. In the United States, 74% of attacks were successful, a 14% increase from 2019, proving bad actors are getting smarter and using…

  • Implement These 5 Strategies To Create a Cyber Smart Company

    Implement These 5 Strategies To Create a Cyber Smart Company

    Cyber security is a top concern for every company. As the CISO, leading the charge to keep your company secure from hackers and attacks falls squarely on your shoulders, but it’s certainly not a job you can do on your own. Security and the measures your company takes to remain as secure as possible are…

  • 5 Commonly Overlooked Signs of a Hack

    5 Commonly Overlooked Signs of a Hack

    There are security system rules configurations that can indicate these threats, so if you see any one of these, there is a good chance that your system has been compromised somewhere along the way. Someone else is reading your emails! (The Windows Outlook Hack) If you use Microsoft Outlook for your emails, your emails can…

Sign Up for Updates