Resources
Learn about CYREBRO’s platform, technology, and capabilities, read about industry insights, watch webinars with cyber experts, and much more in the resources below.
-
Threat Intelligence
Juniper Patches Critical Third-Party Vulnerabilities
April 16, 2023 Juniper Patches Critical Third-Party Vulnerabilities Juniper Networks has issued security advisories to address vulnerabilities in JunosOS, Paragon Active Assurance (PAA), and Juniper Secure Analytics (JSA) Series. Some of these vulnerabilities could allow an attacker to gain control over a vulnerable system. The Critical Advisories JunosOS, (Critical) – Multiple critical-severity vulnerabilities in Expat…
-
Threat Intelligence
Apple Patches 2 Zero-Days RCE Vulnerabilities Affect macOS Ventura
April 10, 2023 Apple Patches 2 Zero-Days RCE Vulnerabilities Affect macOS Ventura Apple released security updates to address two RCE zero-day vulnerabilities, one of them was found to be exploited in the wild. The vulnerabilities were fixed in macOS Ventura 13.3.1 The 0-Day Vulnerabilities CVE-2023-28205 – (CVSS 3.1: 5.5, Medium) – WebKit use-after-free vulnerability, allows a…
-
Threat Intelligence
Critical Vulnerability in VM2 JS Sandbox Library
April 8, 2023 Critical Vulnerability in VM2 JS Sandbox Library A critical vulnerability found in VM2 can be used by a threat actor to bypass the sandbox protections and to execute a remote code on the host running the sandbox. The vulnerability is caused due to an asynchronous error not being handled properly by VM2…
-
Threat Intelligence
HP Discovers Critical Vulnerability in LaserJet Printers
April 5, 2023 HP Discovers Critical Vulnerability in LaserJet Printers HP has released an advisory addressing critical vulnerability affecting certain models of HP Enterprise LaserJet and HP LaserJet Managed Printers when IPsec protocol is enabled with FutureSmart firmware version 5.6. The Vulnerability CVE-2023-1707 (CVSS 3.1: 9.1, Critical) – An information disclosure vulnerability. Exploitation of this…
-
Threat Intelligence
SAMBA Patches High-Severity Vulnerability
April 2, 2023 SAMBA Patches High-Severity Vulnerability Samba has released software updates to address a variety of vulnerabilities, one of the vulnerabilities which is classified as high-severity can allow attackers to gain access to information from a Samba AD DC. The High-Severity Vulnerabilities CVE-2022-38023 (CVSS score: 7.7) – Confidential attribute disclosure vulnerability, Successful exploitation might allow…
-
Threat Intelligence
Critical WordPress “Elementor” Plugin Site-Takeover Vulnerability
April 2, 2023 Critical WordPress “Elementor” Plugin Site-Takeover Vulnerability ‘Elementor’ has released patch for a critical vulnerability, affecting the ‘Elementor’ WordPress page builder plugin. Successful exploitation can allow an unauthenticated attacker to impersonate an administrator and completely take over a website without requiring any user interaction or social engineering. The Vulnerability Authentication bypass and privilege escalation vulnerability…
-
Threat Intelligence
Aruba Networks fixes 6 critical vulnerabilities in ArubaOS
March 2, 2023 Aruba Networks fixes 6 critical vulnerabilities in ArubaOS Aruba Networks issued a security advisory regarding six critical-severity vulnerabilities affecting multiple versions of ArubaOS, its proprietary network operating system. Aruba’s critical vulnerabilities are divided into two categories: command injection vulnerabilities and stack-based buffer vulnerabilities in the PAPI protocol (Aruba Networks access point management…
-
Threat Intelligence
Cisco Patches Critical Web UI RCE Vulnerability in Multiple IP Phones
March 2, 2023 Cisco Patches Critical Web UI RCE Vulnerability in Multiple IP Phones Cisco has patched a critical security vulnerability discovered in the Web UI of several IP Phone models, which unauthenticated and remote threat actors can exploit in remote code execution (RCE) attacks. The RCE Vulnerability CVE-2023-20078 (CVSS score: 9.8) – A vulnerability…
-
Threat Intelligence
Remove AV Exclusions for Microsoft’s Exchange
February 27, 2023 Remove AV Exclusions for Microsoft’s Exchange According to Microsoft’s Exchange Team, it is recommended to remove specific folders and processes exclusions from the file-level Antivirus (AV) scanner. The Issue: Keeping the exclusions may prevent detections of Internet Information Services (IIS) webshells and backdoor modules. Threat actors might exploit malicious IIS web server…
-
Threat Intelligence
HP Patches 4 TOCTOU Vulnerabilities in PC’s BIOS.
February 23, 2023 HP Patches 4 TOCTOU Vulnerabilities in PC’s BIOS. HP recently discovered potential Time-of-Check to Time-of Use (TOCTOU) vulnerabilities in their PC’s BIOS. The Vulnerabilities CVE-2022-27539, CVE-2022-27541, CVE-2022-43777, CVE-2022-43778 (CVSS:3.1 score: 7.8, High) – A threat actor may carry out remote code execution (RCE), denial of service (DoS), and information disclosure operations. Affected…
-
Threat Intelligence
VMware Patches a Critical Vulnerability in Carbon Black App Control
February 23, 2023 VMware Patches a Critical Vulnerability in Carbon Black App Control Vmware has patched a critical injection vulnerability in VMware Carbon Black App Control. The Vulnerability: CVE-2023-20858 (CVSS:3.1 score: 9.1, Critical) – an injection vulnerability that could allow a threat actor with privileged access to the App Control administrative console to utilize specially…
-
Threat Intelligence
Fortinet Patches 40 Vulnerabilities Affecting a Variety of Products, 2 Critical RCE Vulnerabilities
February 19, 2023 Fortinet Patches 40 Vulnerabilities Affecting a Variety of Products, 2 Critical RCE Vulnerabilities Fortinet patched 40 vulnerabilities in various products, 2 of which had a Critical-Severity level. Successful exploitation of the critical vulnerabilities allows unauthenticated remote attacker to perform arbitrary write (RCE) on the affected system. The Critical Vulnerabilities CVE-2022-39952 (CVSS 3.1:…