CYREBRO Insights

Implement These 5 Strategies To Create a Cyber Smart Company

Cyber security is a top concern for every company. As the CISO, leading the charge to keep your company secure from hackers and attacks falls squarely on your shoulders, but it’s certainly not a job you can do on your own. Security and the measures your company takes to remain as secure as possible are…

  • Apache Patches Critical Apache HTTP Server RCE Vulnerability Exploited-in-the-Wild

    Apache Patches Critical Apache HTTP Server RCE Vulnerability Exploited-in-the-Wild

    Apache Software has released an update patching critical remote code execution vulnerability in Apache HTTP Server. A PoC (Proof of Concept) exploit has been published, and the vulnerability has been seen exploited in the wild. The vulnerability CVE-2021-41773 Path traversal vulnerability allowing RCE A vulnerability was found in a change made to path normalization in…

  • Implement These 5 Strategies To Create a Cyber Smart Company

    Implement These 5 Strategies To Create a Cyber Smart Company

    Cyber security is a top concern for every company. As the CISO, leading the charge to keep your company secure from hackers and attacks falls squarely on your shoulders, but it’s certainly not a job you can do on your own. Security and the measures your company takes to remain as secure as possible are…

  • Cybersecurity and Data Protection Laws: US Financial Services and Insurance Firms

    Cybersecurity and Data Protection Laws: US Financial Services and Insurance Firms

    Federal and state legislation say surprisingly little about how ordinary American businesses should manage their cybersecurity. However, financial services and insurance firms are not ordinary businesses. Because of their tendency to deal with sensitive personal data such as social security numbers, bank accounts and tax records, financial services and insurance firms are subject to a…

  • Cisco Patches Critical IOS XE Software RCE, Apple Patches Zero-Day RCE in Catalina, Google Patches Zero-Day RCE in Chrome

    Cisco Patches Critical IOS XE Software RCE, Apple Patches Zero-Day RCE in Catalina, Google Patches Zero-Day RCE in Chrome

    ** Please note this CTI alert contains 3 Sections – Cisco IOS XE Software, Google Chrome and Apple macOS Catalina vulnerabilities ** Cisco Patches Critical IOS XE Software for Catalyst 9000 Family Wireless Controllers RCE Vulnerability Cisco has patched a critical severity remote code execution vulnerability affecting multiple Catalyst 9000 family wireless controllers. The vulnerability may…

  • Cybersecurity and Data Protection Laws: US Healthcare Businesses

    Cybersecurity and Data Protection Laws: US Healthcare Businesses

    Ordinary American businesses are legally obligated to tell consumers when there has been a data breach but are not obligated to have cybersecurity protection in place. However, healthcare organizations are not ordinary businesses. Because they deal with protected health information (PHI), healthcare organizations are subject to special cybersecurity and data privacy rules pertaining only to…

  • Voicenter Data Breach

    Voicenter Data Breach

    On September 19th, Voicenter became a victim of a Data Breach and a Ransomware attack. On September 21st, the attackers began leaking stolen data to the public. According to the attackers, they are in possession of 15 Terabytes of data related to Voicenter and ~8,000 of their clients. This information consists of names, emails, phone…

  • More (Security) Tools, More Problems: How Many Security Solutions Do You Really Need?

    More (Security) Tools, More Problems: How Many Security Solutions Do You Really Need?

    It seems like new cyber security threats emerge just about every day. When a potential threat hits the news cycle, security teams feel a sense of urgency to spring into action and purchase a new tool that can protect against the threat. That behavior leads us to where most teams find themselves today: inundated with…

  • Six months later: Key takeaways from the SolarWinds supply chain attack 

    Six months later: Key takeaways from the SolarWinds supply chain attack 

    Last year’s SolarWinds supply chain attack shook the security world. Hundreds of private businesses, many of them Fortune 500 companies, and several US agencies, including the Pentagon, Homeland Security, the Treasury, and the State Department, were all victims as they all use SolarWinds’ Orion system.   The scope of this attack and the fact that hackers…

  • The Many Costs of Cyber-Attacks on SMBs

    The Many Costs of Cyber-Attacks on SMBs

    How much money can your business afford to lose if it becomes the victim of a cyber-attack?  If you think this question will never apply to your business, then think again. Twenty-three percent of small businesses and 43% of businesses overall were targeted by cyber-attacks in 2020, according to a study commissioned by specialist insurer Hiscox of businesses in the United States and seven other countries.  The average financial cost of cyber-attacks…

  • Honoring the Fathers (and Mothers) of Cybersecurity on July 4th

    Honoring the Fathers (and Mothers) of Cybersecurity on July 4th

    The United States of America would never have existed (at least not in the way we know it) if not for the contributions of a small group of visionaries we know as the Founding Fathers. These men – John Adams, Benjamin Franklin, Alexander Hamilton, John Jay, Thomas Jefferson, James Madison, George Washington, and a host…

  • The 5 Top Challenges for DevSecOps to Address

    The 5 Top Challenges for DevSecOps to Address

    It’s said that crime rises in times of social and economic upheaval, and this is certainly the case for cybercrime. In a 2020 survey by VMware Carbon Black, 90% of security professionals reported an increase in the volume of cyberattacks and 80% said attacks had become more sophisticated. A recent study by Cybersecurity Ventures concluded…

  • 13 Questions to Ask your SOC provider

    13 Questions to Ask your SOC provider

    As cyber-attacks have become more frequent and complex, there has been a surge in the number of Security Operations Center SOC platforms specializing in threat hunting and incident response.  The SOC market is projected to grow from $471 million in 2020 to $1.656 billion by 2025, at a compound annual growth rate of 28.6% during…

  • The 7 Steps to Effective Incident Response

    The 7 Steps to Effective Incident Response

    Cybercriminals have been around for as long as the Internet, and they are becoming bolder and more sophisticated with each passing day.  Yet incredibly, the majority of businesses are still not ready to respond to cyberattacks or breach events, according to a recent FireEye survey of 800 chief information security officers and other senior executives from around the world.  In a recent study by the Ponemon Institute,…

  • Don’t Get Hooked by a Phishing Scam

    Don’t Get Hooked by a Phishing Scam

    After a brief decline in 2019, phishing attacks spiked again in 2020. Last year, they were so prevalent that one in every 4,200 emails was a phishing scam. Businesses lost approximately $17,700 every minute due to a phishing attack. Research from the FBI’s Internet Crime Complaint Center found that phishing (including vishing, SMiShing, and pharming) was one of the biggest cyber threats,…

  • Best Practices for Improving Cloud Incident Response in 2021

    Best Practices for Improving Cloud Incident Response in 2021

    According to a recent report, 75% of enterprises are concerned about the security of their cloud assets, data, and systems.  With the average global cost of a data breach coming in at $3.86 million, it has never been more important to be able to detect, prevent, and resolve incidents as effectively and as quickly as possible.  But doing so can be very challenging.…

  • Protecting Your Network Without an Internal Cyber Team

    Protecting Your Network Without an Internal Cyber Team

    It can be challenging for businesses to stay on top of their cybersecurity. They feel that their relative anonymity protects them from hackers who are looking to break into Fortune 500 networks and financial institutions. Unfortunately, hackers view their sites as ready-made training grounds.   Disruptions caused by hackers can harm sales, interfere with operations, and corrupt or expose data. Consumers…

  • 7 Challenges That Stand in the Way of Your Compliance Efforts

    7 Challenges That Stand in the Way of Your Compliance Efforts

    Ensuring cybersecurity compliance can be cumbersome (and a pain), but if you don’t do it, it can literally cost you your business. There are hundreds of controls, and numerous requirements imposed by multiple regulatory bodies and private industry groups. What’s more, organizations with global operations must face the additional and major challenge of having to…

  • Minimal Security Changes That Make A Significant Impact

    Minimal Security Changes That Make A Significant Impact

    If you find yourself saying, “I own a small company. I won’t be targeted,” unfortunately, the data is not on your side. Over 40% of data breaches happen to small businesses.   Fundera compiled a list of terrifying facts about cybercriminals, data breaches, and security hacks. It’s enough to make your head spin.   Cybercrime costs small and medium businesses…

  • Our 4 Predictions Impacting Cybersecurity in 2021 & How to Stay Protected

    Our 4 Predictions Impacting Cybersecurity in 2021 & How to Stay Protected

    There is no doubt that 2020 was a year of unprecedented challenge. Both personally and professionally we had to completely shift our perception of so many domains and adjust to a whole new reality on so many levels. Specifically, on the cybersecurity-level, we needed to change strategies and tactics and redefine how we protect our…

  • Why Being Technology Agnostic Is So Critical for Maximizing Cybersecurity

    Why Being Technology Agnostic Is So Critical for Maximizing Cybersecurity

    The Complex Web of Solutions Protecting your company against cyberattacks can require using up to dozens of different systems and solutions.This is because there are so many different vectors that require protection, including servers, endpoints, the network, exposed services, cloud-based applications, emails, and many more. In fact, to ensure protection most small-to-medium-sized organizations will have anywhere from at…

  • 5 Tips for Educational Institutes to Avoid the Next Cyber-Attack

    5 Tips for Educational Institutes to Avoid the Next Cyber-Attack

    Why Protecting your Educational Institution is as Important as Ever During Covid-19 The Covid-19 pandemic has brought on a new set of challenges for the education system. With virtual learning becoming the new normal, it’s important to address the major cyber threat that has descended on educational institutions. Recently schools are becoming especially vulnerable to…

  • SIEM Optimization tips to Improve Your Cybersecurity Readiness

    SIEM Optimization tips to Improve Your Cybersecurity Readiness

    Security Information and Event Management (SIEM) technology has firmly established itself as a critical component to any robust cyber-security operation. SIEM tools aggregate data from multiple log sources and analyze it based on rules dictated by cybersecurity professionals. Properly optimized, these tools allow teams to make important decisions quickly. Improperly optimized, they can do more…

  • How Can a Cloud-Based SOC Help You Detect Internal Threats?

    How Can a Cloud-Based SOC Help You Detect Internal Threats?

    Businesses worldwide are continuously at risk from external threats which are looking for a way in, be it by phishing or vulnerabilities. Once they enter your infrastructure or software, they can then use it to pivot and move into sensitive data, stealing it, or destroying it to obtain a profit. Internal threats have increased rapidly…

  • Cisco: Critical RCE Vulnerability in Small Business Routers

    Cisco: Critical RCE Vulnerability in Small Business Routers

    Cisco has published a Security Advisory regarding a Critical Remote Code Execution vulnerability affecting several Cisco Small Business Routers. The vulnerability is remotely exploitable without requiring authentication and allows attackers to remotely execute commands and arbitrary code or to trigger a denial-of-service on vulnerable devices.  The Vulnerability CVE-2021-34730 (CVSS 3.1: 9.8, Critical) A vulnerability in…

  • Fortinet FortiWeb OS Zero-Day RCE

    Fortinet FortiWeb OS Zero-Day RCE

    A zero-day command injection vulnerability has been found in Fortinet FortiWeb Web Application Firewall (WAF).  The Vulnerability OS command injection vulnerability in FortiWeb’s management interface can allow a remote, authenticated attacker to execute arbitrary commands on the system, via the SAML server configuration page.  An attacker can leverage this vulnerability to take complete control of the affected device, with…

  • Cisco Patches Critical and High Severity RCE Vulnerabilities in VPN Routers

    Cisco Patches Critical and High Severity RCE Vulnerabilities in VPN Routers

    Cisco has released updates addressing 3 pre-auth security vulnerabilities affecting VPN routers. The vulnerabilities are remotely exploitable without requiring authentication and allow attackers to remotely execute commands and arbitrary code or to trigger a denial-of-service on vulnerable devices.  The Vulnerabilities CVE-2021-1609 (CVSS 3.1: 9.8, Critical) A vulnerability in the web-based management interface of Cisco Small…

  • Google Patches RCE Vulnerability in the New Chrome Update Release

    Google Patches RCE Vulnerability in the New Chrome Update Release

    Google has released Chrome Version 92.0.4515.131 for Windows, Mac and Linux. The update patches 10 vulnerabilities, including a high severity vulnerability which may lead to Remote Code Execution on the affected system. The Remote Code Execution Vulnerability CVE-2021-30590 (High Severity) A sandbox escape vulnerability that can be “exploited in combination with an extension or a…

  • Apple fixes Exploited-in-the-Wild macOS Big Sur Privileged Arbitrary Code Execution Zero-Day Vulnerability

    Apple fixes Exploited-in-the-Wild macOS Big Sur Privileged Arbitrary Code Execution Zero-Day Vulnerability

    Apple has released a security update to address an exploited-in-the-wild zero-day vulnerability which allows for Privileged Arbitrary Code Execution.  The vulnerability affects macOS Big Sur, iOS and iPadOS. (See Affected Products for affected versions)  Apple did not publish details regarding the attacks or attackers that have exploited this vulnerability.  The Vulnerability CVE-2021-30807  An application may be able…

  • Apple releases MacOS and Safari updates, patching multiple Remote and local Arbitrary Code Execution vulnerabilities

    Apple releases MacOS and Safari updates, patching multiple Remote and local Arbitrary Code Execution vulnerabilities

    Apple has released updates to MacOS Big Sur, Catalina, and Mojave, as well as the Safari browser.   The updates fix a Remote Code Execution vulnerability in Big Sur’s libxml2 library, and multiple Arbitrary Code Execution vulnerabilities affecting the products.  Apple Security Advisories macOS Big Sur 11.5 – 1 Remote Code Execution and 17 Arbitrary Code Execution vulnerabilities fixed.  Security Update…

Sign Up for Updates