Resources
Learn about CYREBRO’s platform, technology, and capabilities, read about industry insights, watch webinars with cyber experts, and much more in the resources below.
-
Threat Intelligence
VMware Patches a Critical Vulnerability in Carbon Black App Control
February 23, 2023 VMware Patches a Critical Vulnerability in Carbon Black App Control Vmware has patched a critical injection vulnerability in VMware Carbon Black App Control. The Vulnerability: CVE-2023-20858 (CVSS:3.1 score: 9.1, Critical) – an injection vulnerability that could allow a threat actor with privileged access to the App Control administrative console to utilize specially…
-
Guides & E-books
Cyber Insurance Coverage Checklist
Previously, attaining a cyber insurance policy demanded as little as an antivirus and a computer, today it's become much more difficult.
-
Threat Intelligence
Fortinet Patches 40 Vulnerabilities Affecting a Variety of Products, 2 Critical RCE Vulnerabilities
February 19, 2023 Fortinet Patches 40 Vulnerabilities Affecting a Variety of Products, 2 Critical RCE Vulnerabilities Fortinet patched 40 vulnerabilities in various products, 2 of which had a Critical-Severity level. Successful exploitation of the critical vulnerabilities allows unauthenticated remote attacker to perform arbitrary write (RCE) on the affected system. The Critical Vulnerabilities CVE-2022-39952 (CVSS 3.1:…
-
Threat Intelligence
Apple Patches Actively Exploited 0-Day Vulnerability in MacOS & Safari
February 14, 2023 Apple Patches Actively Exploited 0-Day Vulnerability in MacOS & Safari Apple has released an emergency update patching actively exploited 0-day RCE vulnerability, which allows malicious actor to perform remote code execution (RCE) with kernel privileges. The Zero-Day Vulnerability CVE-2023-23529 (Critical) – Type-confusion vulnerability in ‘Webkit’, that could be exploited to trigger OS crashes…
-
Threat Intelligence
QNAP Patches Critical Vulnerability
February 2, 2023 QNAP Patches Critical Vulnerability QNAP has patched a critical vulnerability affecting its network-attached storage (NAS) devices which could allow to threat actor to perform remote code injection (RCE). The Vulnerability CVE-2022-27596, (CVSS 3.1: 9.8, Critical) – SQL injection vulnerability which allows remote threat actor to inject malicious code and allow access to…
-
Threat Intelligence
KeePass Vulnerability Allows to Obtain Cleartext Passwords
February 2, 2023 KeePass Vulnerability Allows to Obtain Cleartext Passwords A new vulnerability was found in KeePass Password Manager allowing threat actors with write access to a target’s system to modify the XML configuration file and inject a malicious trigger that would export the database, including all usernames and passwords in cleartext. The Vulnerability CVE-2023-24055,…
-
Threat Intelligence
VMWare Patches 2 Critical VMware vRealize Vulnerabilities
January 25, 2023 VMWare Patches 2 Critical VMware vRealize Vulnerabilities VMWare has patched two critical vulnerabilities in vRealize Log Insight that might allow a malicious actor to inject files into the operating systems of vulnerable appliances in order to gain remote code execution. In addition to these critical vulnerabilities, VMware patched additional vulnerabilities that might…
-
Threat Intelligence
Google Chrome 0-Day Vulnerability Exploited in the Wild
December 4, 2022 Google Chrome 0-Day Vulnerability Exploited in the Wild Google has released an emergency update for Chrome, addressing an actively exploited Zero-Day vulnerability. The updated version is 108.0.5359.94/.95 for Windows, Mac, and Linux. Google has not shared further information regarding the Zero-Day details and exploitation, however such vulnerabilities typically allow attackers to create unusually…
-
Threat Intelligence
Google Chrome 0-Day Vulnerability Exploited in the Wild
November 27, 2022 Google Chrome 0-Day Vulnerability Exploited in the Wild Google has released an emergency update for Chrome, addressing an actively exploited Zero-Day vulnerability. The updated version is 107.0.5304.121/.122 for Windows, Mac and Linux. Google has not shared further information regarding the Zero-Day details and exploitation, however such vulnerabilities typically allow attackers to create unusually…
-
Threat Intelligence
F5 BIG-IP & BIG-IQ High-Severity RCE Vulnerabilities
November 20, 2022 F5 BIG-IP & BIG-IQ High-Severity RCE Vulnerabilities F5 has released an advisory regarding 2 High-Severity vulnerabilities affecting BIG-IP and BIG-IQ devices. successful exploitation of these vulnerabilities may lead to remote code execution (RCE) and device takeover. The Vulnerabilities CVE-2022-41622 (CVSS 3.1: 8.8, High-severity) – A cross-site request forgery (CSRF) vulnerability through iControl SOAP, may…
-
Threat Intelligence
Atlassian Critical Bitbucket RCE Vulnerability Exists in the Wild
November 20, 2022 Atlassian Critical Bitbucket RCE Vulnerability Exists in the Wild Atlassian has released security patches to address two critical vulnerabilities in Bitbucket Server, Data Center, and Crowd. An attacker might be able to execute remote code (RCE) by exploiting one of the vulnerabilities. The Vulnerabilities CVE-2022-43781, Critical (CVSS 3.1: 9.0) -Environment variable-based command injection…
-
Threat Intelligence
Foxit Patches Several Code-Execution Vulnerabilities in PDF Reader
November 14, 2022 Foxit Patches Several Code-Execution Vulnerabilities in PDF Reader Foxit PDF document viewer has been updated to address a number of use-after-free security vulnerabilities that might be exploited to execute arbitrary code. To exploit these vulnerabilities, an attacker must persuade a victim into opening a malicious file. The Vulnerabilities CVE-2022-32774, CVE-2022-38097, CVE-2022-37332, CVE-2022-40129…