View latest features and updates
Meet the newest members of our community
Ask, learn and connect
Search FAQ and Documentation
Latest updates on cyber threats
Hello teamThe document of Integration with Carbon Black for Cloud solution? The customer is using an on-premie solution but I couldn't find the steps shown in the document on the on-prime device.
Our research team has just unveiled a new advanced scenario template for preventing Lateral Movement attack tactics. A detailed description can be found here, but for an immediate snapshot, take a look at the Advanced Scenarios interface on the Cymulate platform. Preview of the Lateral Movement Template in Action Begin by setting up an assessment using the Top Lateral Movement Template found under the Advanced Scenario tab. Afterwards, review the results to gain insights into your system's vulnerabilities. Get more information. Get guidance on mitigation strategies. Once you've implemented mitigation measures, you can easily verify their effectiveness by re-running the assessment with just one click. This Lateral Movement template is part of an ongoing series covering various attack categories. The previous ones explored credential dumping, data exfiltration, and command and control tactics. Being aware of the effectiveness of people, processes, and technology allows organizations
Hello Teams,I’m a MSSP , my client sent me a issues that their DLP vendor said their solution can only detect data is tried to exfiltrate by http get methods.I can find Browsing HTTP/HTTPS this channel is using http get response to exfiltrate data to Cymulate.But, what about other channels?In attack logs , I can see onedirve、github ,these channels are using API call : PUT https://xxxx.xxxxxIt seems using http put methods , right?Could you help me to clarified for what http methods will be used in each channels?That’s my client and their DLP vendor wondering to know , then they will try to optimize their solution.
Hello Team, On of our application is on NGINX web server. We have to perform the WAF assessment for that application.While creating the WAF template which OS need to be selected to perform the assessment for NGNIX server.
Data leakage, a cybersecurity concern, has been present since the beginning of humans. This is the unintentional or intentional transfer of restricted information into the wrong hands, such as company secrets and Personally Identifiable Information (PII) restricted by regulatory policies like HIPAA and GDPR. All industries, regardless of size, have been dealing with this problem, and many attempts have been made to limit or block data leakage, but have been unsuccessful according to Cymulate's Annual Usage Report. OpenAI's generative AI platform, ChatGPT, has created a human-like AI interface that can answer complex questions accurately and learn from interactions.However, this technology poses a threat to sensitive and confidential data since users feed the system with information daily, some of which may be PII or company confidential data shared by unaware users. While OpenAI warns against sharing sensitive or confidential data, it is challenging to prevent users from accidentally v
Protecting your business and community against cyber attacks is essential, especially in the Asia-Pacific (APAC) region, where recent data breaches have highlighted the need for stronger cybersecurity measures. With cybercriminals becoming more advanced and sophisticated, businesses in APAC must take cybersecurity seriously to avoid financial losses and repetitional damage.Fortunately, more organizations in the region are recognizing the importance of cybersecurity and increasing their budgets for this purpose. In fact, 64% of organizations in the APAC region have reported a trend of increasing their cybersecurity budget and spending, according to Kroll’s latest APAC State of Incident Response report. In addition, there have been recent changes in legal frameworks, with businesses now facing financial penalties of up to AU $50 million or 30% of the infringing company turnover, whichever is greater.Despite these efforts, many APAC organizations are still inadequately prepared for cybers
The RSA Conference in San Francisco saw the gathering of 45,000 information security professionals who were eager to reconnect with their peers after the isolation of the COVID-19 pandemic. The conference's atmosphere was vibrant, and Generative AI emerged as a popular topic. However, many experts are still hesitant to adopt these tools in the security industry as they struggle with critical thinking and data loss, posing a risk to companies grappling with data protection.Exposure management solutions received a warm reception at the conference as they help organizations communicate risk to corporate boards more effectively. By aggregating resilience data for a contextual score, these tools can highlight specific threats and communicate an organization's security posture to address them. The emergence of continuous threat exposure management (CTEM) programs has improved communication between business and technical teams.The keynote presentations were a significant highlight of the conf
We at Cymulate believe that when people come together, nothing can stop them.A core goal of the group is to create a global community of diverse professionals who will identify, challenge, and inspire one another through knowledge sharing, networking, ideation, and more.You are encouraged to share your knowledge, ask questions, participate in discussions, and become a key member of this community. I would appreciate hearing from you, answering any questions you have, or getting more involved by emailing me at firstname.lastname@example.org.Take a moment to introduce yourself and let everyone know who you are.
Cymulate just announced the upcoming expansion of its Attack Surface Management (ASM) solution to incorporate a combination of external asset surface management (EASM) with cloud infrastructure discovery, cloud misconfiguration identification, network vulnerability scanning, active directory scanning, and attack path analysis in a single module. The ingested data is translated into a unique-to-Cymulate unified attack path mapping analysis. The updated solution’s capabilities will enable at-a-glance visualization of threat exposures across multi-cloud and hybrid environments, including analyzing Azure, GCP, and AWS Cloud footprints for misconfigurations and remediable security concerns. What is Attack Surface Management According to NIST, ASM is “the set of points on the boundary of a system, a system element, or an environment [the assets] where an attacker can try to enter, cause an effect on, or extract data from, that system, system element, or environment.” Taking a Surface Manag
How does Cymulate covers Vulnerability Scanning?
In your idea why a customer should do a BAS if they already have gone through vapt?
Hi All, I would like to know if Cymulate has any module which is having the feature of dynamic web application assesment and penetration testing?
UPDATE: I just checked the console and now it appears to be connected. It looks like it takes about 10 to 15 minutes post-reboot to come up. Seems a bit long, but I’ll take it for now. :-) I recently installed the service based agent on three machines. Two are running Windows Server 2019 and the other is running Windows 10 Pro. The two machines running Windows Server are working properly. On the Windows 10 Pro machine, the service based agent will only connect to the gateway when the user account is logged on. Has anyone seen this? The PC is joined to an Azure AD domain, so it’s not a traditional AD setup. This agent is configured for the email assessments as well, while the other two are not. Any ideas on how to solve this, or is this expected behavior given how this machine is configured? Thanks.
I have installed the latest Cymulate service based agent on my Windows 10 box. I cannot seem to find the CLI anywhere on the system. Is it installed with the agent installation or do I need to grab it from someplace on the site? When I open CMD as an admin and run any of the “cymulate” commands, it tells me that the command cannot be found.
Hi,When I attempt to add a user profile for testing with a domain user, after I click add, the cymulate interface comes back with “Could not save profile”The profile creation does not work. Tried with a couple of existing domain accounts and a new one.Does anyone know how to resolve this issue?Thanks,Richard
Hello cymulate communityWe are designing Phishing campaigns and we would like to "clone" landing pages or login pages from our corporate websites because trying to copy them with the design tools is practically impossible.My users are trained to be wary of poorly designed pages. How do you load "realistic" templates for your campaigns? Thanks
What do I need to do to setup the Web Gateway assessment to work with Zscaler proxy?
We have a client with the need to access GSuite but has a policy to deny outgoing IMAP.Is there any plan to support HTTP API access?
Not sure how to do something in Cymulate?
Already have an account? Login
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.
Sorry, we're still checking this file's contents to make sure it's safe to download. Please try again in a few minutes.
Sorry, our virus scanner detected that this file isn't safe to download.