Category: Guides

  • Cybersecurity on Cyber Monday

    Cybersecurity on Cyber Monday

    The holidays mean different things to different people. For consumers, holidays are about celebrating with friends and family and scooping up great deals. Stores and eCommerce brands plan their sales all year long to coincide with holidays, but Black Friday and Cyber Monday are two of their most important days. According to the National Retail Federation,…

  • Proactive vs. Reactive Cybersecurity

    Proactive vs. Reactive Cybersecurity

    Many businesses already spend a great deal on cybersecurity but are still inadequately prepared, and the solution often lies in their general approach. Reactive and proactive cybersecurity follow different approaches and offer unique benefits, and these two approaches also require different processes and tools to maximize cybersecurity.   Which of these security approaches is more effective for your business?…

  • What is the NIST Cybersecurity Framework and How is it Relevant to Your Organization?

    What is the NIST Cybersecurity Framework and How is it Relevant to Your Organization?

    We’ve written a lot on the CYREBRO blog about U.S. cybersecurity laws–rules that businesses in specific sectors such as financial services and healthcare are obligated to follow. Today we’d like to introduce a related but different topic: cybersecurity standards, namely the U.S. National Institute of Standards and Technology Cybersecurity Framework (NIST CSF). A standard is…

  • Cybersecurity and Data Protection Laws: EU Healthcare Businesses

    Cybersecurity and Data Protection Laws: EU Healthcare Businesses

    Businesses operating in the European Union are subject to the strictest data protection regulation in the world, the General Data Protection Regulation (GDPR). Unlike the United States, the EU doesn’t have an industry-specific cybersecurity law for the healthcare sector. However, healthcare organizations are subject to a new cybersecurity law for businesses in essential industries, known…

  • User Submission Processes: How To Do It Right

    User Submission Processes: How To Do It Right

    If given a choice between doing something that took a lot of time and effort for what you perceive as very little payoff or just skipping the task altogether, which would you choose? Although we’d all like to think we’d buckle down and do the work, the truth is that most people wouldn’t, particularly if…

  • Employee Insights: The Skills Needed To Analyze Phishing Campaigns

    Employee Insights: The Skills Needed To Analyze Phishing Campaigns

    Phishing Campaigns Are No Match For Analysts With These Skills   Phishing campaigns are all too common these days. A look back at 2020 showed that 75% of companies globally suffered from an attack. In the United States, 74% of attacks were successful, a 14% increase from 2019, proving bad actors are getting smarter and using…

  • RaaS: The Rapid Growth of The Ransomware-as a-Service Business Model

    RaaS: The Rapid Growth of The Ransomware-as a-Service Business Model

    Cybercriminals are driven by the profit motive, and few activities are more profitable to them than deploying ransomware against unsuspecting businesses. Ransomware is a type of malware that uses encryption to block or limit users from accessing systems–such as databases, file servers or applications–until a ransom is paid. Ransomware attacks have risen sharply in the…

  • Cybersecurity on Cyber Monday

    Cybersecurity on Cyber Monday

    The holidays mean different things to different people. For consumers, holidays are about celebrating with friends and family and scooping up great deals. Stores and eCommerce brands plan their sales all year long to coincide with holidays, but Black Friday and Cyber Monday are two of their most important days. According to the National Retail Federation,…

  • Proactive vs. Reactive Cybersecurity

    Proactive vs. Reactive Cybersecurity

    Many businesses already spend a great deal on cybersecurity but are still inadequately prepared, and the solution often lies in their general approach. Reactive and proactive cybersecurity follow different approaches and offer unique benefits, and these two approaches also require different processes and tools to maximize cybersecurity.   Which of these security approaches is more effective for your business?…

  • Employee Insights: The Skills Needed To Analyze Phishing Campaigns

    Employee Insights: The Skills Needed To Analyze Phishing Campaigns

    Phishing Campaigns Are No Match For Analysts With These Skills   Phishing campaigns are all too common these days. A look back at 2020 showed that 75% of companies globally suffered from an attack. In the United States, 74% of attacks were successful, a 14% increase from 2019, proving bad actors are getting smarter and using…

  • Cybersecurity and Data Protection Laws: US Financial Services and Insurance Firms

    Cybersecurity and Data Protection Laws: US Financial Services and Insurance Firms

    Federal and state legislation say surprisingly little about how ordinary American businesses should manage their cybersecurity. However, financial services and insurance firms are not ordinary businesses. Because of their tendency to deal with sensitive personal data such as social security numbers, bank accounts and tax records, financial services and insurance firms are subject to a…

  • Cybersecurity and Data Protection Laws: US Healthcare Businesses

    Cybersecurity and Data Protection Laws: US Healthcare Businesses

    Ordinary American businesses are legally obligated to tell consumers when there has been a data breach but are not obligated to have cybersecurity protection in place. However, healthcare organizations are not ordinary businesses. Because they deal with protected health information (PHI), healthcare organizations are subject to special cybersecurity and data privacy rules pertaining only to…

  • What is the NIST Cybersecurity Framework and How is it Relevant to Your Organization?

    What is the NIST Cybersecurity Framework and How is it Relevant to Your Organization?

    We’ve written a lot on the CYREBRO blog about U.S. cybersecurity laws–rules that businesses in specific sectors such as financial services and healthcare are obligated to follow. Today we’d like to introduce a related but different topic: cybersecurity standards, namely the U.S. National Institute of Standards and Technology Cybersecurity Framework (NIST CSF). A standard is…

  • Cybersecurity and Data Protection Laws: EU Healthcare Businesses

    Cybersecurity and Data Protection Laws: EU Healthcare Businesses

    Businesses operating in the European Union are subject to the strictest data protection regulation in the world, the General Data Protection Regulation (GDPR). Unlike the United States, the EU doesn’t have an industry-specific cybersecurity law for the healthcare sector. However, healthcare organizations are subject to a new cybersecurity law for businesses in essential industries, known…

  • User Submission Processes: How To Do It Right

    User Submission Processes: How To Do It Right

    If given a choice between doing something that took a lot of time and effort for what you perceive as very little payoff or just skipping the task altogether, which would you choose? Although we’d all like to think we’d buckle down and do the work, the truth is that most people wouldn’t, particularly if…

  • Implement These 5 Strategies To Create a Cyber Smart Company

    Implement These 5 Strategies To Create a Cyber Smart Company

    Cyber security is a top concern for every company. As the CISO, leading the charge to keep your company secure from hackers and attacks falls squarely on your shoulders, but it’s certainly not a job you can do on your own. Security and the measures your company takes to remain as secure as possible are…

  • ICYMI: How to Harden Your Security Posture by Maximizing Your Existing Security Tools (Webinar)

    ICYMI: How to Harden Your Security Posture by Maximizing Your Existing Security Tools (Webinar)

    Security professionals need to be laser-focused on strengthening their security posture, but with huge attack surfaces and a multitude of ever-advancing threats, the challenge can sometimes seem insurmountable. However, by using the right tools coupled with a deep understanding of their most valuable business assets, security teams can create a winning strategy that protects their…

  • Why breadth of experience is critical in your cybersecurity provider

    Why breadth of experience is critical in your cybersecurity provider

    If there’s one thing we’ve learned from our vast experience in cybersecurity, it’s that cybercriminals don’t discriminate: for the most part they are not looking at location or even industry in their attacks, rather holes to climb through for a breach.   Like many target-driven professions (if we can call cybercrime a profession), cybercriminals look for the path of least…

  • Top Value Added Distributor, Infinigate, Strengthens Cyber Solutions with Selection of CYREBRO’s SOC Platform

    Top Value Added Distributor, Infinigate, Strengthens Cyber Solutions with Selection of CYREBRO’s SOC Platform

    Europe’s top value-added distributor has selected CYREBRO’s interactive cloud-based platform to provide an easy to implement, cost-effective solution to MS(S)Ps across Europe MUNICH, GERMANY and TEL AVIV, ISRAEL — AUGUST 10, 2021 – CYREBRO, the only interactive SOC platform solution for SMBs, today announced that Infinigate, Europe’s largest purveyor of cybersecurity solutions, will be using…

  • Nadav Arbel of CYREBRO Named Finalist for Top 10 Cybersecurity Expert for 2021 by Cyber Defense Magazine

    Nadav Arbel of CYREBRO Named Finalist for Top 10 Cybersecurity Expert for 2021 by Cyber Defense Magazine

    TEL AVIV, ISRAEL — AUGUST 2, 2021 – CYREBRO, the only interactive SOC platform solution for SMBs, today announced that CEO and co-founder Nadav Arbel has been named a Finalist in the Top 10 Cybersecurity Experts for 2021 category at the Black Unicorn Awards for 2021 which take place annually at the Black Hat USA…

  • What Every Business Needs to Know About Social Engineering, Phishing, and Passwords

    What Every Business Needs to Know About Social Engineering, Phishing, and Passwords

    There are multiple types of cyberattacks – many of which are very sophisticated, often because of the technology they use. But more often, the kind of attack that leaves the biggest impact on its victims – emotionally and psychologically, is the one that is not necessarily driven by sophisticated technology, and often appears to be…

  • We Are CYREBRO and This Is How We Are Revolutionizing Cybersecurity Operations

    We Are CYREBRO and This Is How We Are Revolutionizing Cybersecurity Operations

    When we first established our company, our goal was clear. We were on a mission to provide strategic support to Fortune 500 companies by helping them optimize their cybersecurity posture. Our way to do this was to leverage our team’s real-world experiences and deep domain expertise in cyber-forensics investigations, IR, and ethical hacking to provide…

  • Why Mastering Cyber Incident Response Is a Must

    Why Mastering Cyber Incident Response Is a Must

    Every SMB Is at Risk “What you may not know, however, is that small to mid-sized businesses (SMBs) are frequent targets of destructive cyberattacks, many of which can be crippling.” (Forbes) There’s no getting around it. Sooner or later your organization will get hit by a cyber attack… if it hasn’t been already. If you believe that you’re not big…

  • Why you Need to Revamp your Security Strategy in a Mostly Remote World

    Why you Need to Revamp your Security Strategy in a Mostly Remote World

    It’s been nearly a year now since the pandemic has sent millions worldwide to work from home and has compelled organizations to establish operations outside the traditional security border. As such, there is now great pressure to protect these remote workers, their devices, and their network against ever-increasing rates of cyberattacks. To make the job…

  • Apache Patches Critical Apache HTTP Server RCE Vulnerability Exploited-in-the-Wild

    Apache Patches Critical Apache HTTP Server RCE Vulnerability Exploited-in-the-Wild

    Apache Software has released an update patching critical remote code execution vulnerability in Apache HTTP Server. A PoC (Proof of Concept) exploit has been published, and the vulnerability has been seen exploited in the wild. The vulnerability CVE-2021-41773 Path traversal vulnerability allowing RCE A vulnerability was found in a change made to path normalization in…

  • Cisco Patches Critical IOS XE Software RCE, Apple Patches Zero-Day RCE in Catalina, Google Patches Zero-Day RCE in Chrome

    Cisco Patches Critical IOS XE Software RCE, Apple Patches Zero-Day RCE in Catalina, Google Patches Zero-Day RCE in Chrome

    ** Please note this CTI alert contains 3 Sections – Cisco IOS XE Software, Google Chrome and Apple macOS Catalina vulnerabilities ** Cisco Patches Critical IOS XE Software for Catalyst 9000 Family Wireless Controllers RCE Vulnerability Cisco has patched a critical severity remote code execution vulnerability affecting multiple Catalyst 9000 family wireless controllers. The vulnerability may…

  • Voicenter Data Breach

    Voicenter Data Breach

    On September 19th, Voicenter became a victim of a Data Breach and a Ransomware attack. On September 21st, the attackers began leaking stolen data to the public. According to the attackers, they are in possession of 15 Terabytes of data related to Voicenter and ~8,000 of their clients. This information consists of names, emails, phone…

  • Apple Patches 4 RCE Vulnerabilities in Safari, VMware Patches Critical vCenter Server RCE, NETGEAR Patches Critical RCE in 11 Routers

    Apple Patches 4 RCE Vulnerabilities in Safari, VMware Patches Critical vCenter Server RCE, NETGEAR Patches Critical RCE in 11 Routers

    Please note this CTI alert contains 3 Sections – Apple’s Safari, VMware, and NETGEAR vulnerabilities  Apple Patches 4 RCE Vulnerabilities in Safari Apple has released a security update to address 4 Remote Code Execution vulnerabilities in Safari. The patches are available for macOS Big Sur and macOS Catalina.  The Vulnerabilities CVE-2021-30846 CVE-2021-30848 CVE-2021-30849 CVE-2021-30851 All…

  • Critical Vulnerability in Microsoft Azure Cosmos DB

    Critical Vulnerability in Microsoft Azure Cosmos DB

    Microsoft has fixed a critical vulnerability affecting Azure Cosmos DB. Azure Cosmos DB is a globally distributed and fully managed NoSQL database service. The vulnerability The vulnerability gives any Azure user full admin access (read, write, delete) to another customer’s Cosmos DB instances without authorization. The vulnerability has a trivial exploit that doesn’t require any…

  • F5 Patches High Severity RCE Vulnerability in BIG-IP

    F5 Patches High Severity RCE Vulnerability in BIG-IP

    As part of F5’s monthly security advisory, a high severity Remote Code Execution vulnerability affecting ALL BIG-IP modules was patched.  Additionally, F5 has disclosed multiple other vulnerabilities affecting BIG-IP and BIG-IQ products.  For the full list of addressed vulnerabilities and mitigations, review the full F5 Monthly Security Advisory.  The Vulnerability CVE-2021-23025 (CVSSv3: 7.2, High)  An authenticated remote command execution…

Sign Up for Updates