Resources

Learn about CYREBRO’s platform, technology, and capabilities, read about industry insights, watch webinars with cyber experts, and much more in the resources below.

  • Mastering Cybersecurity Compliance: Your Guide to Navigating a Complex Landscape
    Guides & E-books

    Mastering Cybersecurity Compliance: Your Guide to Navigating a Complex Landscape

    Achieve and maintain cybersecurity compliance while enhancing your organization's security posture.

  • 5 Common Attacker Entry Points
    Guides & E-books

    5 Common Attacker Entry Points

    Cyberattacks against SMBs are increasing at an alarming pace, but your company doesn't have to become the next victim.

  • Cyber Insurance Coverage Checklist
    Guides & E-books

    Cyber Insurance Coverage Checklist

    Previously, attaining a cyber insurance policy demanded as little as an antivirus and a computer, today it's become much more difficult.

  • 2022 Fraud and Email Compromise Analysis Report
    Guides & E-books

    2022 Fraud and Email Compromise Analysis Report

    This report details analysis that CYREBRO performed to understand the leading causes of a fraud attack, and what your organization can do to protect itself from fraud and email compromise.

  • Incident Response Analysis Report
    Guides & E-books

    Incident Response Analysis Report

    After analyzing numerous internal incident response (IR) reports, CYREBRO discovered a shocking statistic: 75% of reported security incidents were caused by inadequate investment in security solutions that caused blind spots in network visibility. Given that a single, minor blind spot can put your business at risk, ensuring that you achieve 100% visibility is critical.

  • How to Build a SOC: A Complete Guide
    Guides & E-books

    How to Build a SOC: A Complete Guide

    Building a SOC is no small feat. A company should be ready to invest extensive resources into the technology and personnel needed to get a SOC up and running, plan long-term to maintain and optimize tools and systems, and provide regular training for SOC analysts. Before you embark down this path, we recommend learning what it really takes to build and maintain a SOC.

  • Critical MiniOrange Social Login and Register Plugin Vulnerability
    Threat Intelligence

    Critical MiniOrange Social Login and Register Plugin Vulnerability

    June 29, 2023 A critical security flaw has been discovered in the WordPress “MiniOrange Social Login and Register” plugin. Successful exploitation may allow unauthenticated threat actor to gain access to any account on a site including accounts used to administer the site, if the attacker knows, or can find, the associated email address. The Vulnerability…

  • Grafana Patches Critical Vulnerability due to Azure Integration
    Threat Intelligence

    Grafana Patches Critical Vulnerability due to Azure Integration

    June 26, 2023 Grafana has released a security patch for a critical Authentication Bypass vulnerability found in multiple versions of its application. This vulnerability allows attackers to bypass authentication and gain control over any Grafana account that uses Azure Active Directory OAuth with a multi-tenant Azure application and that do not have allowed_groups configured. Grafana is…

  • VMware Patches Critical Vulnerabilities in vCenter Server
    Threat Intelligence

    VMware Patches Critical Vulnerabilities in vCenter Server

    June 25, 2023 VMware has patched a number of high-severity vulnerabilities in vCenter Server that may allow attackers to gain code execution and bypass authentication on unpatched systems. The Vulnerabilities CVE-2023-20892 (CVSS 3.1: 8.1, High-severity) – a heap-overflow vulnerability due to the usage of uninitialized memory in the implementation of the DCERPC protocol, a malicious…

  • Fortinet Patches Critical RCE Vulnerability in FortiNAC
    Threat Intelligence

    Fortinet Patches Critical RCE Vulnerability in FortiNAC

    June 25, 2023 Fortinet has updated FortiNAC to address various of vulnerabilities, including critical RCE vulnerability that might be exploited by malicious actors in order to perform remote code execution without authentication. The Critical Vulnerability CVE-2023-33299 (CVSS score: 9.6, Critical) – A deserialization of untrusted data vulnerability, successful exploitation may allow an unauthenticated user to…

  • ISC Patches BIND9 DNS Software Vulnerabilities
    Threat Intelligence

    ISC Patches BIND9 DNS Software Vulnerabilities

    June 22, 2023 The Internet Systems Consortium (ISC) has published patches to address various security vulnerabilities in the Berkeley Internet Name Domain (BIND) 9 Domain Name System (DNS) software suite that might lead to a denial-of-service (DoS). The Vulnerabilities CVE-2023-2911 CVE-2023-2829 CVE-2023-2828 Affected Versions BIND: 9.16.33 -> 9.16.41 9.18.7 -> 9.18.15 BIND Supported Preview Edition…

  • Apple Patches 3 Zero-Day Vulnerabilities affect Variety of Products
    Threat Intelligence

    Apple Patches 3 Zero-Day Vulnerabilities affect Variety of Products

    June 22, 2023 Apple published security upgrades to address three RCE zero-day vulnerabilities that were discovered to be exploited in the wild. The Vulnerabilities CVE-2023-32434 – An integer overflow vulnerability in the Kernel that could be exploited by a malicious app to execute arbitrary code with kernel privileges. CVE-2023-32435 – A memory corruption vulnerability in…