Resources

Learn about CYREBRO’s platform, technology, and capabilities, read about industry insights, watch webinars with cyber experts, and much more in the resources below.

  • WannaCry Ransomware Worm: CYREBRO IR Case Study
    Case Studies

    WannaCry Ransomware Worm: CYREBRO IR Case Study

    CYREBRO was monitoring and collecting logs from the casino’s network and identified an unusual network traffic spike. CYREBRO initiated an investigation, revealing the presence of the notorious worm.

    View File
  • Data Leak Prevented: CYREBRO Brute-Force Case Study
    Case Studies

    Data Leak Prevented: CYREBRO Brute-Force Case Study

    This nonprofit organization has been running for 50 years, providing aid, and distributing relief on a national level. CYREBRO launched an investigation after detecting suspicious activity on the organization’s database server.

    View File
  • Critical MiniOrange Social Login and Register Plugin Vulnerability
    Threat Intelligence

    Critical MiniOrange Social Login and Register Plugin Vulnerability

    June 29, 2023 A critical security flaw has been discovered in the WordPress “MiniOrange Social Login and Register” plugin. Successful exploitation may allow unauthenticated threat actor to gain access to any account on a site including accounts used to administer the site, if the attacker knows, or can find, the associated email address. The Vulnerability…

    Read More
  • Grafana Patches Critical Vulnerability due to Azure Integration
    Threat Intelligence

    Grafana Patches Critical Vulnerability due to Azure Integration

    June 26, 2023 Grafana has released a security patch for a critical Authentication Bypass vulnerability found in multiple versions of its application. This vulnerability allows attackers to bypass authentication and gain control over any Grafana account that uses Azure Active Directory OAuth with a multi-tenant Azure application and that do not have allowed_groups configured. Grafana is…

    Read More
  • VMware Patches Critical Vulnerabilities in vCenter Server
    Threat Intelligence

    VMware Patches Critical Vulnerabilities in vCenter Server

    June 25, 2023 VMware has patched a number of high-severity vulnerabilities in vCenter Server that may allow attackers to gain code execution and bypass authentication on unpatched systems. The Vulnerabilities CVE-2023-20892 (CVSS 3.1: 8.1, High-severity) – a heap-overflow vulnerability due to the usage of uninitialized memory in the implementation of the DCERPC protocol, a malicious…

    Read More
  • Fortinet Patches Critical RCE Vulnerability in FortiNAC
    Threat Intelligence

    Fortinet Patches Critical RCE Vulnerability in FortiNAC

    June 25, 2023 Fortinet has updated FortiNAC to address various of vulnerabilities, including critical RCE vulnerability that might be exploited by malicious actors in order to perform remote code execution without authentication. The Critical Vulnerability CVE-2023-33299 (CVSS score: 9.6, Critical) – A deserialization of untrusted data vulnerability, successful exploitation may allow an unauthenticated user to…

    Read More
View More
  • 5 Common Attacker Entry Points
    Guides & E-books

    5 Common Attacker Entry Points

    Cyberattacks against SMBs are increasing at an alarming pace, but your company doesn't have to become the next victim.

    Read More
  • Cyber Insurance Coverage Checklist
    Guides & E-books

    Cyber Insurance Coverage Checklist

    Previously, attaining a cyber insurance policy demanded as little as an antivirus and a computer, today it's become much more difficult.

    Read More
  • 2022 Fraud and Email Compromise Analysis Report
    Guides & E-books

    2022 Fraud and Email Compromise Analysis Report

    This report details analysis that CYREBRO performed to understand the leading causes of a fraud attack, and what your organization can do to protect itself from fraud and email compromise.

    Read More
  • Incident Response Analysis Report
    Guides & E-books

    Incident Response Analysis Report

    After analyzing numerous internal incident response (IR) reports, CYREBRO discovered a shocking statistic: 75% of reported security incidents were caused by inadequate investment in security solutions that caused blind spots in network visibility. Given that a single, minor blind spot can put your business at risk, ensuring that you achieve 100% visibility is critical.

    Read More
  • How to Build a SOC: A Complete Guide
    Guides & E-books

    How to Build a SOC: A Complete Guide

    Building a SOC is no small feat. A company should be ready to invest extensive resources into the technology and personnel needed to get a SOC up and running, plan long-term to maintain and optimize tools and systems, and provide regular training for SOC analysts. Before you embark down this path, we recommend learning what it really takes to build and maintain a SOC.

    Read More
  • 2022 Attack Vector Landscape Analysis
    Guides & E-books

    2022 Attack Vector Landscape Analysis

    This report details this attack vector landscape analysis and provides readers with insights that can help inform their cybersecurity strategy in 2022 and beyond.

    Read More
View More
  • Critical MiniOrange Social Login and Register Plugin Vulnerability
    Threat Intelligence

    Critical MiniOrange Social Login and Register Plugin Vulnerability

    June 29, 2023 A critical security flaw has been discovered in the WordPress “MiniOrange Social Login and Register” plugin. Successful exploitation may allow unauthenticated threat actor to gain access to any account on a site including accounts used to administer the site, if the attacker knows, or can find, the associated email address. The Vulnerability…

    Read More
  • Grafana Patches Critical Vulnerability due to Azure Integration
    Threat Intelligence

    Grafana Patches Critical Vulnerability due to Azure Integration

    June 26, 2023 Grafana has released a security patch for a critical Authentication Bypass vulnerability found in multiple versions of its application. This vulnerability allows attackers to bypass authentication and gain control over any Grafana account that uses Azure Active Directory OAuth with a multi-tenant Azure application and that do not have allowed_groups configured. Grafana is…

    Read More
  • VMware Patches Critical Vulnerabilities in vCenter Server
    Threat Intelligence

    VMware Patches Critical Vulnerabilities in vCenter Server

    June 25, 2023 VMware has patched a number of high-severity vulnerabilities in vCenter Server that may allow attackers to gain code execution and bypass authentication on unpatched systems. The Vulnerabilities CVE-2023-20892 (CVSS 3.1: 8.1, High-severity) – a heap-overflow vulnerability due to the usage of uninitialized memory in the implementation of the DCERPC protocol, a malicious…

    Read More
  • Fortinet Patches Critical RCE Vulnerability in FortiNAC
    Threat Intelligence

    Fortinet Patches Critical RCE Vulnerability in FortiNAC

    June 25, 2023 Fortinet has updated FortiNAC to address various of vulnerabilities, including critical RCE vulnerability that might be exploited by malicious actors in order to perform remote code execution without authentication. The Critical Vulnerability CVE-2023-33299 (CVSS score: 9.6, Critical) – A deserialization of untrusted data vulnerability, successful exploitation may allow an unauthenticated user to…

    Read More
  • ISC Patches BIND9 DNS Software Vulnerabilities
    Threat Intelligence

    ISC Patches BIND9 DNS Software Vulnerabilities

    June 22, 2023 The Internet Systems Consortium (ISC) has published patches to address various security vulnerabilities in the Berkeley Internet Name Domain (BIND) 9 Domain Name System (DNS) software suite that might lead to a denial-of-service (DoS). The Vulnerabilities CVE-2023-2911 CVE-2023-2829 CVE-2023-2828 Affected Versions BIND: 9.16.33 -> 9.16.41 9.18.7 -> 9.18.15 BIND Supported Preview Edition…

    Read More
  • Apple Patches 3 Zero-Day Vulnerabilities affect Variety of Products
    Threat Intelligence

    Apple Patches 3 Zero-Day Vulnerabilities affect Variety of Products

    June 22, 2023 Apple published security upgrades to address three RCE zero-day vulnerabilities that were discovered to be exploited in the wild. The Vulnerabilities CVE-2023-32434 – An integer overflow vulnerability in the Kernel that could be exploited by a malicious app to execute arbitrary code with kernel privileges. CVE-2023-32435 – A memory corruption vulnerability in…

    Read More
View More

Cybersecurity Solution Comparison Guide for SMBs

With nearly half of all cyberattacks targeting small businesses, choosing the right cybersecurity solution has never been more important. Use this guide to compare enterprise-grade cybersecurity solutions that are for an SMB.