Resources

Learn about CYREBRO’s platform, technology, and capabilities, read about industry insights, watch webinars with cyber experts, and much more in the resources below.  

  • ‘OAuth’ Phishing Campaign Targeting ‘Microsoft 365’ Users & Adobe Patches 2 Zero-Days and 8 ACEs
    Threat Intelligence

    ‘OAuth’ Phishing Campaign Targeting ‘Microsoft 365’ Users & Adobe Patches 2 Zero-Days and 8 ACEs

    January 27, 2022  Note: this CTI contains 2 alerts: Microsoft Advisory & Apple Updates  Phishing Campaign Targeting ‘Microsoft 365’ Users Abuses ‘OAuth Request’ Links  Microsoft has recently detected a ‘Consent Phishing’ campaign targeting ‘Microsoft 365’ users in which threat actors abuse ‘OAuth’ request links to allow a malicious app called ‘Upgrade’ to access victims’ email, contacts and…

  • SolarWinds Patches Serv-U Vulnerability Actively Exploited for Log4J Attacks
    Threat Intelligence

    SolarWinds Patches Serv-U Vulnerability Actively Exploited for Log4J Attacks

    January 20, 2022  SolarWinds released an update addressing an improper input validation vulnerability in Serv-U.  The vulnerability has been actively exploited by threat actors to spread Log4J attacks to internal network devices.  The Vulnerability CVE-2021-35247 (CVSS 3.1: 4.3) – Improper Input Validation: The Serv-U web login screen to LDAP authentication was allowing characters that were not…

  • Microsoft Patches 6 Zero-Days & 29 RCEs, 97 Vulnerabilities Overall
    Threat Intelligence

    Microsoft Patches 6 Zero-Days & 29 RCEs, 97 Vulnerabilities Overall

    January 12, 2022 As part of January’s monthly rollup updates, Microsoft has patched 6 Zero-Days and a total of 29 Remote Code Execution vulnerabilities. Overall, Microsoft has patched 97 vulnerabilities across Windows, Hyper-V, and Office. The Zero-Day Vulnerabilities CVE-2022-21919 (CVSS 3.1: 7.0, High Severity) – Windows User Profile Service Elevation of Privilege Vulnerability. CVE-2022-21874 (CVSS 3.1: 7.8, High Severity) – Windows…

  • Google Patches 37 Chrome Vulnerabilities, 1 Critical RCE
    Threat Intelligence

    Google Patches 37 Chrome Vulnerabilities, 1 Critical RCE

    January 06, 2022 Google has released Chrome version 97.0.4692.71, patching 37 vulnerabilities, including 1 Critical ‘use-after-free’ vulnerability, exploitation of which leads to remote code execution (RCE). The RCE Vulnerability CVE-2022-0096, Critical use-after-free in the Storage component. The vulnerability can be exploited remotely, which could have devastating effects ranging from corruption of valid data to the execution of malicious code on…

  • New Log4j Remote Code Execution Vulnerability
    Threat Intelligence

    New Log4j Remote Code Execution Vulnerability

    Apache has released new patches addressing a Recently Disclosed a Log4j Remote Code Execution Vulnerability

  • Threat Actors Using Omicron COVID-19 Phishing Lures
    Threat Intelligence

    Threat Actors Using Omicron COVID-19 Phishing Lures

    Recently, CYREBRO has observed an increase in phishing campaigns exploiting the recently emerging ‘Omicron’ Covid-19 variant.

  • Hedge Fund Case Study
    Case Studies

    Hedge Fund Case Study

    The company is one of the top US hedge funds in the alternative investment space and invests in various public equity markets including financial, telecom, healthcare, and industrial companies, on a global scale

  • The 6 Critical Capabilities of a Complete SOC Solution
    E-books

    The 6 Critical Capabilities of a Complete SOC Solution

    A SOC solution is an ideal way for businesses to maintain proper protection and response against cyberattacks, especially before they occur.

  • 7 Steps to Effective Incident Response
    E-books

    7 Steps to Effective Incident Response

    This guide is meant to help you take the first steps to creating an effective incident response plan. Every organization is different, so use this guide as a framework to create an incident response plan (IRP) that is uniquely tailored to your organization.  

  • The Real State of DevSecOps and Where It’s Going
    E-books

    The Real State of DevSecOps and Where It’s Going

    Get the ultimate 2021 DevSecOps guide to bolster the capabilities of your DevSecOps team. Find out about the challenges facing the field, what to watch out for, how to boost protection, and key takeaways regarding consolidation, compartmentalization, and accountability.

  • ‘OAuth’ Phishing Campaign Targeting ‘Microsoft 365’ Users & Adobe Patches 2 Zero-Days and 8 ACEs
    Threat Intelligence

    ‘OAuth’ Phishing Campaign Targeting ‘Microsoft 365’ Users & Adobe Patches 2 Zero-Days and 8 ACEs

    January 27, 2022  Note: this CTI contains 2 alerts: Microsoft Advisory & Apple Updates  Phishing Campaign Targeting ‘Microsoft 365’ Users Abuses ‘OAuth Request’ Links  Microsoft has recently detected a ‘Consent Phishing’ campaign targeting ‘Microsoft 365’ users in which threat actors abuse ‘OAuth’ request links to allow a malicious app called ‘Upgrade’ to access victims’ email, contacts and…

  • SolarWinds Patches Serv-U Vulnerability Actively Exploited for Log4J Attacks
    Threat Intelligence

    SolarWinds Patches Serv-U Vulnerability Actively Exploited for Log4J Attacks

    January 20, 2022  SolarWinds released an update addressing an improper input validation vulnerability in Serv-U.  The vulnerability has been actively exploited by threat actors to spread Log4J attacks to internal network devices.  The Vulnerability CVE-2021-35247 (CVSS 3.1: 4.3) – Improper Input Validation: The Serv-U web login screen to LDAP authentication was allowing characters that were not…

  • Microsoft Patches 6 Zero-Days & 29 RCEs, 97 Vulnerabilities Overall
    Threat Intelligence

    Microsoft Patches 6 Zero-Days & 29 RCEs, 97 Vulnerabilities Overall

    January 12, 2022 As part of January’s monthly rollup updates, Microsoft has patched 6 Zero-Days and a total of 29 Remote Code Execution vulnerabilities. Overall, Microsoft has patched 97 vulnerabilities across Windows, Hyper-V, and Office. The Zero-Day Vulnerabilities CVE-2022-21919 (CVSS 3.1: 7.0, High Severity) – Windows User Profile Service Elevation of Privilege Vulnerability. CVE-2022-21874 (CVSS 3.1: 7.8, High Severity) – Windows…

  • Google Patches 37 Chrome Vulnerabilities, 1 Critical RCE
    Threat Intelligence

    Google Patches 37 Chrome Vulnerabilities, 1 Critical RCE

    January 06, 2022 Google has released Chrome version 97.0.4692.71, patching 37 vulnerabilities, including 1 Critical ‘use-after-free’ vulnerability, exploitation of which leads to remote code execution (RCE). The RCE Vulnerability CVE-2022-0096, Critical use-after-free in the Storage component. The vulnerability can be exploited remotely, which could have devastating effects ranging from corruption of valid data to the execution of malicious code on…

  • New Log4j Remote Code Execution Vulnerability
    Threat Intelligence

    New Log4j Remote Code Execution Vulnerability

    Apache has released new patches addressing a Recently Disclosed a Log4j Remote Code Execution Vulnerability

  • Threat Actors Using Omicron COVID-19 Phishing Lures
    Threat Intelligence

    Threat Actors Using Omicron COVID-19 Phishing Lures

    Recently, CYREBRO has observed an increase in phishing campaigns exploiting the recently emerging ‘Omicron’ Covid-19 variant.

  • Maximize Your Existing Systems to Harden Your Security Posture
    Webinars

    Maximize Your Existing Systems to Harden Your Security Posture

    To combat the ever-growing threat of cyber-attacks from actors who are becoming more and more sophisticated, organizations are investing in DevSecOps to embed security deep into the development process. This also means that it’s also critical to stay on top of the quickly evolving DevSecOps tools and tactics.