Resources

Learn about CYREBRO’s platform, technology, and capabilities, read about industry insights, watch webinars with cyber experts, and much more in the resources below.  

  • Cash Register Vendors Targeted, AutoSoft Compromised by Ransomware in a Supply-Chain Attack 
    Threat Intelligence

    Cash Register Vendors Targeted, AutoSoft Compromised by Ransomware in a Supply-Chain Attack 

    May 22, 2022 Cash Register Vendors Targeted, AutoSoft Compromised by Ransomware in a Supply-Chain Attack  On May 17th, the cash register vendor AutoSoft has been targeted by the infamous ‘LockBit 2.0’ ransomware.  According to a private statement sent to their customers by AutoSoft, 200 computers have been compromised, and attempts are being made to contact…

  • Critical WordPress ‘Jupiter’ Theme & Plugin Privilege Escalation
    Threat Intelligence

    Critical WordPress ‘Jupiter’ Theme & Plugin Privilege Escalation

    May 18, 2022  Critical WordPress ‘Jupiter’ Theme & Plugin Privilege Escalation According to an advisory by WordFence, a critical privilege escalation vulnerability affecting ‘Jupiter’ theme and ‘JupiterX Core’ plugin for WordPress was detected and patched.  The Vulnerability CVE-2022-1654 (CVSS 3.1: 9.9, Critical) – Authenticated Privilege Escalation and Post deletion. The vulnerability enables any authenticated attacker,…

  • VMWare Patches Critical Authentication Bypass Vulnerability
    Threat Intelligence

    VMWare Patches Critical Authentication Bypass Vulnerability

    May 19, 2022  VMWare Patches Critical Authentication Bypass Vulnerability VMWare has patched a critical vulnerability, which may allow attackers to obtain administrative access without the need to authenticate.  The Vulnerability CVE-2022-22972, (CVSS 3.1: 9.8, Critical) – A malicious actor with network access to the UI may be able to obtain administrative access without authentication.  Affected Products VMware…

  • NVIDIA fixes 10 vulnerabilities, 2 Leading to ACE in Windows GPU display drivers
    Threat Intelligence

    NVIDIA fixes 10 vulnerabilities, 2 Leading to ACE in Windows GPU display drivers

    May 18, 2022  NVIDIA fixes 10 vulnerabilities, 2 Leading to ACE in Windows GPU display drivers NVIDIA has released a security update that addresses 4 high-severity and 6 medium-severity vulnerabilities in its GPU drivers.   The vulnerabilities can lead denial of service, information exposure, privilege elevation, arbitrary code execution (ACE), etc.  The ACE Vulnerabilities CVE-2022-28181, High…

  • Apple Patches 50 Vulnerabilities in Apple macOS Big Sur 11.6.6, Including 2 Zero-Days
    Threat Intelligence

    Apple Patches 50 Vulnerabilities in Apple macOS Big Sur 11.6.6, Including 2 Zero-Days

    May 17, 2022  Apple Patches 50 Vulnerabilities in Apple macOS Big Sur 11.6.6, Including 2 Zero-Days Apple has released security updates to address 2 zero-day vulnerabilities actively exploited in the wiled in attacks targeting Macs and Apple Watch devices.  Overall, Apple has patched 50 vulnerabilities in Apple macOS Big Sur 11.6.6,  including several arbitrary code…

  • Zyxel Patches a Critical Firewall Vulnerability
    Threat Intelligence

    Zyxel Patches a Critical Firewall Vulnerability

    May 15, 2022  Zyxel Patches a Critical Firewall Vulnerability Zyxel has released a security advisory addressing a critical unauthenticated remote command Injection vulnerability affecting several firewall models.  The Vulnerability CVE-2022-30525 (CVSS:9.8 – critical) – An unauthenticated remote command injection via the HTTP interface vulnerability, affecting Zyxel firewalls supporting Zero Touch Provisioning (ZTP). Successful Exploitation could…

  • Hedge Fund Case Study
    Case Studies

    Hedge Fund Case Study

    The company is one of the top US hedge funds in the alternative investment space and invests in various public equity markets including financial, telecom, healthcare, and industrial companies, on a global scale

  • How to Build a SOC: A Complete Guide
    Guides & E-books

    How to Build a SOC: A Complete Guide

    Building a SOC is no small feat. A company should be ready to invest extensive resources into the technology and personnel needed to get a SOC up and running, plan long-term to maintain and optimize tools and systems, and provide regular training for SOC analysts. Before you embark down this path, we recommend learning what it really takes to build and maintain a SOC.

  • 2022 Attack Vector Landscape Analysis
    Guides & E-books

    2022 Attack Vector Landscape Analysis

    This report details this attack vector landscape analysis and provides readers with insights that can help inform their cybersecurity strategy in 2022 and beyond.

  • The 6 Critical Capabilities of a Complete SOC Solution
    Guides & E-books

    The 6 Critical Capabilities of a Complete SOC Solution

    A SOC solution is an ideal way for businesses to maintain proper protection and response against cyberattacks, especially before they occur.

  • 7 Steps to Effective Incident Response
    Guides & E-books

    7 Steps to Effective Incident Response

    This guide is meant to help you take the first steps to creating an effective incident response plan. Every organization is different, so use this guide as a framework to create an incident response plan (IRP) that is uniquely tailored to your organization.  

  • Predictions for 2022
    Guide

    Predictions for 2022

    Cybersecurity should be considered a right, not a privilege. As such, investment into solutions that can transform chaos into clarity, as well as improving employee awareness, will be critical when facing threats into 2022 and beyond

  • The Real State of DevSecOps and Where It’s Going
    Guides & E-books

    The Real State of DevSecOps and Where It’s Going

    Get the ultimate 2021 DevSecOps guide to bolster the capabilities of your DevSecOps team. Find out about the challenges facing the field, what to watch out for, how to boost protection, and key takeaways regarding consolidation, compartmentalization, and accountability.

  • Cash Register Vendors Targeted, AutoSoft Compromised by Ransomware in a Supply-Chain Attack 
    Threat Intelligence

    Cash Register Vendors Targeted, AutoSoft Compromised by Ransomware in a Supply-Chain Attack 

    May 22, 2022 Cash Register Vendors Targeted, AutoSoft Compromised by Ransomware in a Supply-Chain Attack  On May 17th, the cash register vendor AutoSoft has been targeted by the infamous ‘LockBit 2.0’ ransomware.  According to a private statement sent to their customers by AutoSoft, 200 computers have been compromised, and attempts are being made to contact…

  • Critical WordPress ‘Jupiter’ Theme & Plugin Privilege Escalation
    Threat Intelligence

    Critical WordPress ‘Jupiter’ Theme & Plugin Privilege Escalation

    May 18, 2022  Critical WordPress ‘Jupiter’ Theme & Plugin Privilege Escalation According to an advisory by WordFence, a critical privilege escalation vulnerability affecting ‘Jupiter’ theme and ‘JupiterX Core’ plugin for WordPress was detected and patched.  The Vulnerability CVE-2022-1654 (CVSS 3.1: 9.9, Critical) – Authenticated Privilege Escalation and Post deletion. The vulnerability enables any authenticated attacker,…

  • VMWare Patches Critical Authentication Bypass Vulnerability
    Threat Intelligence

    VMWare Patches Critical Authentication Bypass Vulnerability

    May 19, 2022  VMWare Patches Critical Authentication Bypass Vulnerability VMWare has patched a critical vulnerability, which may allow attackers to obtain administrative access without the need to authenticate.  The Vulnerability CVE-2022-22972, (CVSS 3.1: 9.8, Critical) – A malicious actor with network access to the UI may be able to obtain administrative access without authentication.  Affected Products VMware…

  • NVIDIA fixes 10 vulnerabilities, 2 Leading to ACE in Windows GPU display drivers
    Threat Intelligence

    NVIDIA fixes 10 vulnerabilities, 2 Leading to ACE in Windows GPU display drivers

    May 18, 2022  NVIDIA fixes 10 vulnerabilities, 2 Leading to ACE in Windows GPU display drivers NVIDIA has released a security update that addresses 4 high-severity and 6 medium-severity vulnerabilities in its GPU drivers.   The vulnerabilities can lead denial of service, information exposure, privilege elevation, arbitrary code execution (ACE), etc.  The ACE Vulnerabilities CVE-2022-28181, High…

  • Apple Patches 50 Vulnerabilities in Apple macOS Big Sur 11.6.6, Including 2 Zero-Days
    Threat Intelligence

    Apple Patches 50 Vulnerabilities in Apple macOS Big Sur 11.6.6, Including 2 Zero-Days

    May 17, 2022  Apple Patches 50 Vulnerabilities in Apple macOS Big Sur 11.6.6, Including 2 Zero-Days Apple has released security updates to address 2 zero-day vulnerabilities actively exploited in the wiled in attacks targeting Macs and Apple Watch devices.  Overall, Apple has patched 50 vulnerabilities in Apple macOS Big Sur 11.6.6,  including several arbitrary code…

  • Zyxel Patches a Critical Firewall Vulnerability
    Threat Intelligence

    Zyxel Patches a Critical Firewall Vulnerability

    May 15, 2022  Zyxel Patches a Critical Firewall Vulnerability Zyxel has released a security advisory addressing a critical unauthenticated remote command Injection vulnerability affecting several firewall models.  The Vulnerability CVE-2022-30525 (CVSS:9.8 – critical) – An unauthenticated remote command injection via the HTTP interface vulnerability, affecting Zyxel firewalls supporting Zero Touch Provisioning (ZTP). Successful Exploitation could…