Resources
Learn about CYREBRO’s platform, technology, and capabilities, read about industry insights, watch webinars with cyber experts, and much more in the resources below.
-
Threat Intelligence
Aruba Networks fixes 6 critical vulnerabilities in ArubaOS
March 2, 2023 Aruba Networks fixes 6 critical vulnerabilities in ArubaOS Aruba Networks issued a security advisory regarding six critical-severity vulnerabilities affecting multiple versions of ArubaOS, its proprietary network operating system. Aruba’s critical vulnerabilities are divided into two categories: command injection vulnerabilities and stack-based buffer vulnerabilities in the PAPI protocol (Aruba Networks access point management…
-
Threat Intelligence
Cisco Patches Critical Web UI RCE Vulnerability in Multiple IP Phones
March 2, 2023 Cisco Patches Critical Web UI RCE Vulnerability in Multiple IP Phones Cisco has patched a critical security vulnerability discovered in the Web UI of several IP Phone models, which unauthenticated and remote threat actors can exploit in remote code execution (RCE) attacks. The RCE Vulnerability CVE-2023-20078 (CVSS score: 9.8) – A vulnerability…
-
Threat Intelligence
Remove AV Exclusions for Microsoft’s Exchange
February 27, 2023 Remove AV Exclusions for Microsoft’s Exchange According to Microsoft’s Exchange Team, it is recommended to remove specific folders and processes exclusions from the file-level Antivirus (AV) scanner. The Issue: Keeping the exclusions may prevent detections of Internet Information Services (IIS) webshells and backdoor modules. Threat actors might exploit malicious IIS web server…
-
Threat Intelligence
HP Patches 4 TOCTOU Vulnerabilities in PC’s BIOS.
February 23, 2023 HP Patches 4 TOCTOU Vulnerabilities in PC’s BIOS. HP recently discovered potential Time-of-Check to Time-of Use (TOCTOU) vulnerabilities in their PC’s BIOS. The Vulnerabilities CVE-2022-27539, CVE-2022-27541, CVE-2022-43777, CVE-2022-43778 (CVSS:3.1 score: 7.8, High) – A threat actor may carry out remote code execution (RCE), denial of service (DoS), and information disclosure operations. Affected…
-
Threat Intelligence
VMware Patches a Critical Vulnerability in Carbon Black App Control
February 23, 2023 VMware Patches a Critical Vulnerability in Carbon Black App Control Vmware has patched a critical injection vulnerability in VMware Carbon Black App Control. The Vulnerability: CVE-2023-20858 (CVSS:3.1 score: 9.1, Critical) – an injection vulnerability that could allow a threat actor with privileged access to the App Control administrative console to utilize specially…
-
Guides & E-books
Cyber Insurance Coverage Checklist
Previously, attaining a cyber insurance policy demanded as little as an antivirus and a computer, today it's become much more difficult.
-
Case Studies
Ransomware Attack Prevented: CYREBRO Incident Response Case Study
A global manufacturing company was established well over a century ago, with over 5,000 employees today and an annual revenue of over 1 billion USD
-
Case Studies
Hedge Fund Case Study
The company is one of the top US hedge funds in the alternative investment space and invests in various public equity markets including financial, telecom, healthcare, and industrial companies, on a global scale
-
Guides & E-books
Cyber Insurance Coverage Checklist
Previously, attaining a cyber insurance policy demanded as little as an antivirus and a computer, today it's become much more difficult.
-
Guides & E-books
2022 Fraud and Email Compromise Analysis Report
This report details analysis that CYREBRO performed to understand the leading causes of a fraud attack, and what your organization can do to protect itself from fraud and email compromise.
-
Guides & E-books
Incident Response Analysis Report
After analyzing numerous internal incident response (IR) reports, CYREBRO discovered a shocking statistic: 75% of reported security incidents were caused by inadequate investment in security solutions that caused blind spots in network visibility. Given that a single, minor blind spot can put your business at risk, ensuring that you achieve 100% visibility is critical.
-
Guides & E-books
How to Build a SOC: A Complete Guide
Building a SOC is no small feat. A company should be ready to invest extensive resources into the technology and personnel needed to get a SOC up and running, plan long-term to maintain and optimize tools and systems, and provide regular training for SOC analysts. Before you embark down this path, we recommend learning what it really takes to build and maintain a SOC.
-
Guides & E-books
2022 Attack Vector Landscape Analysis
This report details this attack vector landscape analysis and provides readers with insights that can help inform their cybersecurity strategy in 2022 and beyond.
-
Guides & E-books
The 6 Critical Capabilities of a Complete SOC Solution
A SOC solution is an ideal way for businesses to maintain proper protection and response against cyberattacks, especially before they occur.
-
Podcast & Webinars
Dark Reading Panel: Next Gen SOC with CYREBRO CEO Nadav Arbel
Learn about the new tools and practices that are being added to today’s SOCs such as threat hunting capabilities, tools such as XDR and orchestration, and more.
-
Podcast & Webinars
CISO Series Podcast Featuring CYREBRO’s CTO, Ori Arbel – What’s Next in Security
How do CISOs digest the latest cybersecurity trends of 2022? What struggles do companies deal with surrounding cloud migrations and how can they overcome them?
-
Podcast & Webinars
Maximize Your Existing Systems to Harden Your Security Posture
To combat the ever-growing threat of cyber-attacks from actors who are becoming more and more sophisticated, organizations are investing in DevSecOps to embed security deep into the development process. This also means that it’s also critical to stay on top of the quickly evolving DevSecOps tools and tactics.
-
Threat Intelligence
Aruba Networks fixes 6 critical vulnerabilities in ArubaOS
March 2, 2023 Aruba Networks fixes 6 critical vulnerabilities in ArubaOS Aruba Networks issued a security advisory regarding six critical-severity vulnerabilities affecting multiple versions of ArubaOS, its proprietary network operating system. Aruba’s critical vulnerabilities are divided into two categories: command injection vulnerabilities and stack-based buffer vulnerabilities in the PAPI protocol (Aruba Networks access point management…
-
Threat Intelligence
Cisco Patches Critical Web UI RCE Vulnerability in Multiple IP Phones
March 2, 2023 Cisco Patches Critical Web UI RCE Vulnerability in Multiple IP Phones Cisco has patched a critical security vulnerability discovered in the Web UI of several IP Phone models, which unauthenticated and remote threat actors can exploit in remote code execution (RCE) attacks. The RCE Vulnerability CVE-2023-20078 (CVSS score: 9.8) – A vulnerability…
-
Threat Intelligence
Remove AV Exclusions for Microsoft’s Exchange
February 27, 2023 Remove AV Exclusions for Microsoft’s Exchange According to Microsoft’s Exchange Team, it is recommended to remove specific folders and processes exclusions from the file-level Antivirus (AV) scanner. The Issue: Keeping the exclusions may prevent detections of Internet Information Services (IIS) webshells and backdoor modules. Threat actors might exploit malicious IIS web server…
-
Threat Intelligence
HP Patches 4 TOCTOU Vulnerabilities in PC’s BIOS.
February 23, 2023 HP Patches 4 TOCTOU Vulnerabilities in PC’s BIOS. HP recently discovered potential Time-of-Check to Time-of Use (TOCTOU) vulnerabilities in their PC’s BIOS. The Vulnerabilities CVE-2022-27539, CVE-2022-27541, CVE-2022-43777, CVE-2022-43778 (CVSS:3.1 score: 7.8, High) – A threat actor may carry out remote code execution (RCE), denial of service (DoS), and information disclosure operations. Affected…
-
Threat Intelligence
VMware Patches a Critical Vulnerability in Carbon Black App Control
February 23, 2023 VMware Patches a Critical Vulnerability in Carbon Black App Control Vmware has patched a critical injection vulnerability in VMware Carbon Black App Control. The Vulnerability: CVE-2023-20858 (CVSS:3.1 score: 9.1, Critical) – an injection vulnerability that could allow a threat actor with privileged access to the App Control administrative console to utilize specially…
-
Threat Intelligence
Fortinet Patches 40 Vulnerabilities Affecting a Variety of Products, 2 Critical RCE Vulnerabilities
February 19, 2023 Fortinet Patches 40 Vulnerabilities Affecting a Variety of Products, 2 Critical RCE Vulnerabilities Fortinet patched 40 vulnerabilities in various products, 2 of which had a Critical-Severity level. Successful exploitation of the critical vulnerabilities allows unauthenticated remote attacker to perform arbitrary write (RCE) on the affected system. The Critical Vulnerabilities CVE-2022-39952 (CVSS 3.1:…