Category: CTI

  • F5 Patches High Severity RCE Vulnerability in BIG-IP

    F5 Patches High Severity RCE Vulnerability in BIG-IP

    As part of F5’s monthly security advisory, a high severity Remote Code Execution vulnerability affecting ALL BIG-IP modules was patched.  Additionally, F5 has disclosed multiple other vulnerabilities affecting BIG-IP and BIG-IQ products.  For the full list of addressed vulnerabilities and mitigations, review the full F5 Monthly Security Advisory.  The Vulnerability CVE-2021-23025 (CVSSv3: 7.2, High)  An authenticated remote command execution…

  • Why breadth of experience is critical in your cybersecurity provider

    Why breadth of experience is critical in your cybersecurity provider

    If there’s one thing we’ve learned from our vast experience in cybersecurity, it’s that cybercriminals don’t discriminate: for the most part they are not looking at location or even industry in their attacks, rather holes to climb through for a breach.   Like many target-driven professions (if we can call cybercrime a profession), cybercriminals look for the path of least…

  • Cisco: Critical RCE Vulnerability in Small Business Routers

    Cisco: Critical RCE Vulnerability in Small Business Routers

    Cisco has published a Security Advisory regarding a Critical Remote Code Execution vulnerability affecting several Cisco Small Business Routers. The vulnerability is remotely exploitable without requiring authentication and allows attackers to remotely execute commands and arbitrary code or to trigger a denial-of-service on vulnerable devices.  The Vulnerability CVE-2021-34730 (CVSS 3.1: 9.8, Critical) A vulnerability in…

  • Fortinet FortiWeb OS Zero-Day RCE

    Fortinet FortiWeb OS Zero-Day RCE

    A zero-day command injection vulnerability has been found in Fortinet FortiWeb Web Application Firewall (WAF).  The Vulnerability OS command injection vulnerability in FortiWeb’s management interface can allow a remote, authenticated attacker to execute arbitrary commands on the system, via the SAML server configuration page.  An attacker can leverage this vulnerability to take complete control of the affected device, with…

  • Questions to Ask Your Incident Response Provider

    Questions to Ask Your Incident Response Provider

    It is said that somebody once asked Robert Baden-Powell, the founder of the worldwide Scout movement, what he meant when he coined the motto “Be Prepared.” “Be prepared for what?” the person asked. “Why, for any old thing,” responded Baden-Powell. What Baden-Powell meant by this was that we must always be prepared for whatever challenges…

  • Top Value Added Distributor, Infinigate, Strengthens Cyber Solutions with Selection of CYREBRO’s SOC Platform

    Top Value Added Distributor, Infinigate, Strengthens Cyber Solutions with Selection of CYREBRO’s SOC Platform

    Europe’s top value-added distributor has selected CYREBRO’s interactive cloud-based platform to provide an easy to implement, cost-effective solution to MS(S)Ps across Europe MUNICH, GERMANY and TEL AVIV, ISRAEL — AUGUST 10, 2021 – CYREBRO, the only interactive SOC platform solution for SMBs, today announced that Infinigate, Europe’s largest purveyor of cybersecurity solutions, will be using…

  • Honoring the Fathers (and Mothers) of Cybersecurity on July 4th

    Honoring the Fathers (and Mothers) of Cybersecurity on July 4th

    The United States of America would never have existed (at least not in the way we know it) if not for the contributions of a small group of visionaries we know as the Founding Fathers. These men – John Adams, Benjamin Franklin, Alexander Hamilton, John Jay, Thomas Jefferson, James Madison, George Washington, and a host…

  • The 5 Top Challenges for DevSecOps to Address

    The 5 Top Challenges for DevSecOps to Address

    It’s said that crime rises in times of social and economic upheaval, and this is certainly the case for cybercrime. In a 2020 survey by VMware Carbon Black, 90% of security professionals reported an increase in the volume of cyberattacks and 80% said attacks had become more sophisticated. A recent study by Cybersecurity Ventures concluded…

  • 13 Questions to Ask your SOC provider

    13 Questions to Ask your SOC provider

    As cyber-attacks have become more frequent and complex, there has been a surge in the number of Security Operations Center SOC platforms specializing in threat hunting and incident response.  The SOC market is projected to grow from $471 million in 2020 to $1.656 billion by 2025, at a compound annual growth rate of 28.6% during…

  • Colonial Pipeline Ransomware Attack: Lessons For SOC Operators

    Colonial Pipeline Ransomware Attack: Lessons For SOC Operators

    Background Earlier this month, Colonial Pipeline — the largest pipeline system for refined oil production in the U.S. — suffered a ransomware attack that resulted in the closure of one of the largest U.S. pipelines. As a result of the attack, the pipeline operator was forced to temporarily halt all pipeline operations resulting in massive…

  • Cybersecurity Isn’t Enough: You Need A Human Intelligence Team

    Cybersecurity Isn’t Enough: You Need A Human Intelligence Team

    Cybersecurity threats are growing in number and sophistication every year. Since 2017, the industry has seen a year-over-year increase of 27%, with hundreds of millions of attacks occurring every day in 2020. As we saw with the SolarWinds attack and the recent attack on US fuel pipeline operator Colonial Pipeline, even the best cyber defenses implemented by…

  • What Is a SOC Platform and How It Can Help IT Professionals to Excel in Their Job

    What Is a SOC Platform and How It Can Help IT Professionals to Excel in Their Job

    Will your company survive if there is a breach of its data infrastructure? According to a prediction by Cybersecurity Ventures, businesses around the world are more likely to fall victim to ransome attacks every 11 seconds in 2021, compared to 14 seconds in 2019.   In todays’ business landscape, a single data breach can cause a…

  • Don’t Get Hooked by a Phishing Scam

    Don’t Get Hooked by a Phishing Scam

    After a brief decline in 2019, phishing attacks spiked again in 2020. Last year, they were so prevalent that one in every 4,200 emails was a phishing scam. Businesses lost approximately $17,700 every minute due to a phishing attack. Research from the FBI’s Internet Crime Complaint Center found that phishing (including vishing, SMiShing, and pharming) was one of the biggest cyber threats,…

  • Will Your Endpoint Security Stand the Test During the Remote Working Revolution

    Will Your Endpoint Security Stand the Test During the Remote Working Revolution

    Modern organizations use multiple connected devices to conduct their business, including intelligent printers, appliances, BYOD cellphones and tablets, and more. Following the pandemic, 1 in 4 Americans will work from home in 2021 and beyond. Technology has made it easy to connect remotely from anywhere around the globe, and employees are plugging their devices in…

  • Best Practices for Improving Cloud Incident Response in 2021

    Best Practices for Improving Cloud Incident Response in 2021

    According to a recent report, 75% of enterprises are concerned about the security of their cloud assets, data, and systems.  With the average global cost of a data breach coming in at $3.86 million, it has never been more important to be able to detect, prevent, and resolve incidents as effectively and as quickly as possible.  But doing so can be very challenging.…

  • Protecting Your Network Without an Internal Cyber Team

    Protecting Your Network Without an Internal Cyber Team

    It can be challenging for businesses to stay on top of their cybersecurity. They feel that their relative anonymity protects them from hackers who are looking to break into Fortune 500 networks and financial institutions. Unfortunately, hackers view their sites as ready-made training grounds.   Disruptions caused by hackers can harm sales, interfere with operations, and corrupt or expose data. Consumers…

  • 7 Challenges That Stand in the Way of Your Compliance Efforts

    7 Challenges That Stand in the Way of Your Compliance Efforts

    Ensuring cybersecurity compliance can be cumbersome (and a pain), but if you don’t do it, it can literally cost you your business. There are hundreds of controls, and numerous requirements imposed by multiple regulatory bodies and private industry groups. What’s more, organizations with global operations must face the additional and major challenge of having to…

  • Minimal Security Changes That Make A Significant Impact

    Minimal Security Changes That Make A Significant Impact

    If you find yourself saying, “I own a small company. I won’t be targeted,” unfortunately, the data is not on your side. Over 40% of data breaches happen to small businesses.   Fundera compiled a list of terrifying facts about cybercriminals, data breaches, and security hacks. It’s enough to make your head spin.   Cybercrime costs small and medium businesses…

  • Why Mastering Cyber Incident Response Is a Must

    Why Mastering Cyber Incident Response Is a Must

    Every SMB Is at Risk “What you may not know, however, is that small to mid-sized businesses (SMBs) are frequent targets of destructive cyberattacks, many of which can be crippling.” (Forbes) There’s no getting around it. Sooner or later your organization will get hit by a cyber attack… if it hasn’t been already. If you believe that you’re not big…

  • Why you Need to Revamp your Security Strategy in a Mostly Remote World

    Why you Need to Revamp your Security Strategy in a Mostly Remote World

    It’s been nearly a year now since the pandemic has sent millions worldwide to work from home and has compelled organizations to establish operations outside the traditional security border. As such, there is now great pressure to protect these remote workers, their devices, and their network against ever-increasing rates of cyberattacks. To make the job…

  • Our 4 Predictions Impacting Cybersecurity in 2021 & How to Stay Protected

    Our 4 Predictions Impacting Cybersecurity in 2021 & How to Stay Protected

    There is no doubt that 2020 was a year of unprecedented challenge. Both personally and professionally we had to completely shift our perception of so many domains and adjust to a whole new reality on so many levels. Specifically, on the cybersecurity-level, we needed to change strategies and tactics and redefine how we protect our…

  • Why Being Technology Agnostic Is So Critical for Maximizing Cybersecurity

    Why Being Technology Agnostic Is So Critical for Maximizing Cybersecurity

    The Complex Web of Solutions Protecting your company against cyberattacks can require using up to dozens of different systems and solutions.This is because there are so many different vectors that require protection, including servers, endpoints, the network, exposed services, cloud-based applications, emails, and many more. In fact, to ensure protection most small-to-medium-sized organizations will have anywhere from at…

  • 5 Tips for Educational Institutes to Avoid the Next Cyber-Attack

    5 Tips for Educational Institutes to Avoid the Next Cyber-Attack

    Why Protecting your Educational Institution is as Important as Ever During Covid-19 The Covid-19 pandemic has brought on a new set of challenges for the education system. With virtual learning becoming the new normal, it’s important to address the major cyber threat that has descended on educational institutions. Recently schools are becoming especially vulnerable to…

  • SIEM Optimization tips to Improve Your Cybersecurity Readiness

    SIEM Optimization tips to Improve Your Cybersecurity Readiness

    Security Information and Event Management (SIEM) technology has firmly established itself as a critical component to any robust cyber-security operation. SIEM tools aggregate data from multiple log sources and analyze it based on rules dictated by cybersecurity professionals. Properly optimized, these tools allow teams to make important decisions quickly. Improperly optimized, they can do more…

  • Cisco Patches Critical and High Severity RCE Vulnerabilities in VPN Routers

    Cisco Patches Critical and High Severity RCE Vulnerabilities in VPN Routers

    Cisco has released updates addressing 3 pre-auth security vulnerabilities affecting VPN routers. The vulnerabilities are remotely exploitable without requiring authentication and allow attackers to remotely execute commands and arbitrary code or to trigger a denial-of-service on vulnerable devices.  The Vulnerabilities CVE-2021-1609 (CVSS 3.1: 9.8, Critical) A vulnerability in the web-based management interface of Cisco Small…

  • Google Patches RCE Vulnerability in the New Chrome Update Release

    Google Patches RCE Vulnerability in the New Chrome Update Release

    Google has released Chrome Version 92.0.4515.131 for Windows, Mac and Linux. The update patches 10 vulnerabilities, including a high severity vulnerability which may lead to Remote Code Execution on the affected system. The Remote Code Execution Vulnerability CVE-2021-30590 (High Severity) A sandbox escape vulnerability that can be “exploited in combination with an extension or a…

  • Apple fixes Exploited-in-the-Wild macOS Big Sur Privileged Arbitrary Code Execution Zero-Day Vulnerability

    Apple fixes Exploited-in-the-Wild macOS Big Sur Privileged Arbitrary Code Execution Zero-Day Vulnerability

    Apple has released a security update to address an exploited-in-the-wild zero-day vulnerability which allows for Privileged Arbitrary Code Execution.  The vulnerability affects macOS Big Sur, iOS and iPadOS. (See Affected Products for affected versions)  Apple did not publish details regarding the attacks or attackers that have exploited this vulnerability.  The Vulnerability CVE-2021-30807  An application may be able…

  • Apple releases MacOS and Safari updates, patching multiple Remote and local Arbitrary Code Execution vulnerabilities

    Apple releases MacOS and Safari updates, patching multiple Remote and local Arbitrary Code Execution vulnerabilities

    Apple has released updates to MacOS Big Sur, Catalina, and Mojave, as well as the Safari browser.   The updates fix a Remote Code Execution vulnerability in Big Sur’s libxml2 library, and multiple Arbitrary Code Execution vulnerabilities affecting the products.  Apple Security Advisories macOS Big Sur 11.5 – 1 Remote Code Execution and 17 Arbitrary Code Execution vulnerabilities fixed.  Security Update…

  • Cisco patches Firepower Device Manager On-Box Software RCE vulnerability

    Cisco patches Firepower Device Manager On-Box Software RCE vulnerability

    Cisco patched a Remote Code Execution vulnerability in the Cisco Firepower Device Manager On-Box Software. The vulnerability only affects Cisco FDM On-Box Software.  The Vulnerability CVE-2021-1518 (CVSS 3.1: 6.3 Medium)  A vulnerability in the REST API of Cisco Firepower Device Manager (FDM) On-Box Software, which due to insufficient sanitization of user input on specific REST API commands could…

  • Google Chrome Patches 7 Vulnerabilities, one of which is an Exploited-in-the-Wild, Critical Arbitrary Code Execution Zero-Day

    Google Chrome Patches 7 Vulnerabilities, one of which is an Exploited-in-the-Wild, Critical Arbitrary Code Execution Zero-Day

    Google has released a new Chrome update, patching 1 actively exploited arbitrary code execution zero-day vulnerability and 6 additional ones. The updated Chrome version is 91.0.4472.164 and is relevant to Windows, Mac, and Linux. 6 out of the patched vulnerabilities are classified by Google as of high severity. The actively exploited Arbitrary Code Execution Zero-Day…

Sign Up for Updates