Resources

Learn about CYREBRO’s platform, technology, and capabilities, read about industry insights, watch webinars with cyber experts, and much more in the resources below.

  • Critical MiniOrange Social Login and Register Plugin Vulnerability
    Threat Intelligence

    Critical MiniOrange Social Login and Register Plugin Vulnerability

    June 29, 2023 A critical security flaw has been discovered in the WordPress “MiniOrange Social Login and Register” plugin. Successful exploitation may allow unauthenticated threat actor to gain access to any account on a site including accounts used to administer the site, if the attacker knows, or can find, the associated email address. The Vulnerability…

  • Grafana Patches Critical Vulnerability due to Azure Integration
    Threat Intelligence

    Grafana Patches Critical Vulnerability due to Azure Integration

    June 26, 2023 Grafana has released a security patch for a critical Authentication Bypass vulnerability found in multiple versions of its application. This vulnerability allows attackers to bypass authentication and gain control over any Grafana account that uses Azure Active Directory OAuth with a multi-tenant Azure application and that do not have allowed_groups configured. Grafana is…

  • VMware Patches Critical Vulnerabilities in vCenter Server
    Threat Intelligence

    VMware Patches Critical Vulnerabilities in vCenter Server

    June 25, 2023 VMware has patched a number of high-severity vulnerabilities in vCenter Server that may allow attackers to gain code execution and bypass authentication on unpatched systems. The Vulnerabilities CVE-2023-20892 (CVSS 3.1: 8.1, High-severity) – a heap-overflow vulnerability due to the usage of uninitialized memory in the implementation of the DCERPC protocol, a malicious…

  • Fortinet Patches Critical RCE Vulnerability in FortiNAC
    Threat Intelligence

    Fortinet Patches Critical RCE Vulnerability in FortiNAC

    June 25, 2023 Fortinet has updated FortiNAC to address various of vulnerabilities, including critical RCE vulnerability that might be exploited by malicious actors in order to perform remote code execution without authentication. The Critical Vulnerability CVE-2023-33299 (CVSS score: 9.6, Critical) – A deserialization of untrusted data vulnerability, successful exploitation may allow an unauthenticated user to…

  • ISC Patches BIND9 DNS Software Vulnerabilities
    Threat Intelligence

    ISC Patches BIND9 DNS Software Vulnerabilities

    June 22, 2023 The Internet Systems Consortium (ISC) has published patches to address various security vulnerabilities in the Berkeley Internet Name Domain (BIND) 9 Domain Name System (DNS) software suite that might lead to a denial-of-service (DoS). The Vulnerabilities CVE-2023-2911 CVE-2023-2829 CVE-2023-2828 Affected Versions BIND: 9.16.33 -> 9.16.41 9.18.7 -> 9.18.15 BIND Supported Preview Edition…

  • Apple Patches 3 Zero-Day Vulnerabilities affect Variety of Products
    Threat Intelligence

    Apple Patches 3 Zero-Day Vulnerabilities affect Variety of Products

    June 22, 2023 Apple published security upgrades to address three RCE zero-day vulnerabilities that were discovered to be exploited in the wild. The Vulnerabilities CVE-2023-32434 – An integer overflow vulnerability in the Kernel that could be exploited by a malicious app to execute arbitrary code with kernel privileges. CVE-2023-32435 – A memory corruption vulnerability in…