Avihai Ben-Yossef

Avihai is the Co-Founder and CTO of Cymulate. He started his career in an Intelligence Unit of the IDF in a leading technological role. Prior to Cymulate, Avihai was the Head of the Cyber Research Team at Avnet Cyber & Information Security, where he worked for several projects on behalf of the Israeli Ministry of Defense.

Recent Posts

The Impact of Security Intelligence (Recon) on Cybersecurity
Avihai Ben-Yossef, July 19, 2020
Read More >
In its simplest form, cyber risk is a measurement of your cyber exposure: the probability of a breach, adjusted for the potential loss and damage associated with such a breach. The probability of a successful breach is based on the combined capabilities of your people, technology, and processes; compounded by the skill, tactics, techniques, and technology of your opponent. When defining potential loss and damage, each organization has to define, for their own business, what the potential impact.
Read More >
Security Must Adapt to Continuous Change
Avihai Ben-Yossef, April 23, 2020
Read More >
To paraphrase David Ben-Gurion, the first Prime Minister of Israel: "The most dangerous enemy to ... security is the intellectual inertia of those who are responsible for security." I'm reminded of that particular statement now, as we stand on the edge of a world driven sideways by the specter of disease and economic hardship. We must also face the impact these pressures have had on the overall ability to protect and defend the cybersecurity of business and government data and information.
Read More >
Simulating Cyber Attacks vs. Cyber Attack Techniques Methods
Avihai Ben-Yossef, December 23, 2019
Read More >
One common misconception I hear from IT security teams is that simulating a specific threat, say the Dridex Trojan, is more ‘real’ than simulating a proprietary (dubbed “Dummy”) version of the Trojan that mimics the underlying attack method that is so critical to that very Trojan’s success. Simulating Cyber Attacks Case in point, one strain of the Dridex Trojan was found to hide its code in a Microsoft spreadsheet. To protect against that specific strain of Dridex, simulating the attack’s.
Read More >
Abusing Microsoft Office Online Video
Avihai Ben-Yossef, October 25, 2018
Read More >
  **Updated Note: As of November 12th, 2018, Trend Micro has discovered an in-the-wild sample of this logical bug seen in the TROJ_EXPLOIT.AOOCAI, using it  to deliver the URSNIF information stealer (TSPY_URSNIF.OIBEAO).** Cymulate’s research team has discovered a way to abuse the Online Video feature on Microsoft Word to execute malicious code (Read the press release here). Attackers could use this for malicious purposes such as phishing, as the document will show the embedded online video.
Read More >
Web Applications Vulnerability Is Everyone’s Responsibility
Avihai Ben-Yossef, August 2, 2017
Read More >
When organizations worry about their cyber security, they focus on ransomware attacks, employees opening (spear) phishing emails or clicking on malicious banners and links on websites. But there is another danger that is often underestimated - the web applications of your own organization could harbor vulnerabilities and security issues. This happens more often than you think - “bad” coding is still a major concern as the HP Security Research’s Cyber Risk Report 2015 indicates: .
Read More >

Subscribe to Our Blog

Stay up to date with the latest cybersecurity news and tips

By Tag