Resources
Learn about CYREBRO’s platform, technology, and capabilities, read about industry insights, watch webinars with cyber experts, and much more in the resources below.
-
Threat Intelligence
F5 BIG-IP & BIG-IQ High-Severity RCE Vulnerabilities
November 20, 2022 F5 BIG-IP & BIG-IQ High-Severity RCE Vulnerabilities F5 has released an advisory regarding 2 High-Severity vulnerabilities affecting BIG-IP and BIG-IQ devices. successful exploitation of these vulnerabilities may lead to remote code execution (RCE) and device takeover. The Vulnerabilities CVE-2022-41622 (CVSS 3.1: 8.8, High-severity) – A cross-site request forgery (CSRF) vulnerability through iControl SOAP, may…
-
Threat Intelligence
Atlassian Critical Bitbucket RCE Vulnerability Exists in the Wild
November 20, 2022 Atlassian Critical Bitbucket RCE Vulnerability Exists in the Wild Atlassian has released security patches to address two critical vulnerabilities in Bitbucket Server, Data Center, and Crowd. An attacker might be able to execute remote code (RCE) by exploiting one of the vulnerabilities. The Vulnerabilities CVE-2022-43781, Critical (CVSS 3.1: 9.0) -Environment variable-based command injection…
-
Threat Intelligence
Foxit Patches Several Code-Execution Vulnerabilities in PDF Reader
November 14, 2022 Foxit Patches Several Code-Execution Vulnerabilities in PDF Reader Foxit PDF document viewer has been updated to address a number of use-after-free security vulnerabilities that might be exploited to execute arbitrary code. To exploit these vulnerabilities, an attacker must persuade a victim into opening a malicious file. The Vulnerabilities CVE-2022-32774, CVE-2022-38097, CVE-2022-37332, CVE-2022-40129…
-
Threat Intelligence
Intel has Released Security Updates that Affect a Wide Variety of Products
November 9, 2022 Intel has Released Security Updates that Affect a Wide Variety of Products As part of Patch Tuesday, Intel released several firmware and software updates, patching vulnerabilities that may lead to Arbitrary Code Execution, escalation of privilege, denial of service (DoS), and information disclosure. Affected Components: Intel NUC Firmware Intel DCM Intel Glorp…
-
Threat Intelligence
HP has Released Firmware Updates that Affect a Wide Variety of Products
November 9, 2022 HP has Released Firmware Updates that Affect a Wide Variety of Products As part of Patch Tuesday, HP released several firmware and software updates, patching vulnerabilities that may lead to Arbitrary Code Execution, escalation of privilege, denial of service (DoS), and information disclosure. Affected Products HP PC BIOS AMD Graphics Driver Intel®…
-
Threat Intelligence
Citrix patches 3 critical authentication bypass vulnerabilities that affects Citrix ADC and Citrix Gateway
November 9, 2022 Citrix patches 3 critical authentication bypass vulnerabilities that affects Citrix ADC and Citrix Gateway Citrix has released security updates for Citrix ADC and Citrix Gateway to address a critical authentication bypass vulnerabilities. The 3 vulnerabilities, in some configurations, can allow attackers to obtain unauthorized access to the device, perform remote desktop takeover,…
-
Threat Intelligence
SAMBA patches vulnerabilities that allow remote code execution and data disclosure
October 27, 2022 SAMBA patches vulnerabilities that allow remote code execution and data disclosure SAMBA has released a patch and security advisory to address two vulnerabilities in all versions of Samba prior to 4.17.0 that might allow attackers to perform remote code execution and get access to all of the server’s file systems running vulnerable…
-
Threat Intelligence
Apple Patches 127 Vulnerabilities that Affects a Variety of Products
October 27, 2022 Apple Patches 127 Vulnerabilities that Affects a Variety of Products Apple’s security response team has released software updates for at least 77 software vulnerabilities affecting several Apple products (Excludes iPhones, iPads, Apple Watch and Apple TV). Some of these vulnerabilities may lead to remote code execution (RCE). The Vulnerabilities: The details of the…
-
Threat Intelligence
VMware Patches Critical Cloud Foundation RCE Vulnerability
October 26, 2022 VMware Patches Critical Cloud Foundation RCE Vulnerability VMware has released a security update to address a critical vulnerability in VMware Cloud Foundation. Unauthenticated threat actors can exploit the vulnerability remotely (RCE) in low-complexity attacks that do not require user interaction. The Vulnerability CVE-2021-39144, (CVSS 3.1: 9.8, Critical) – Vulnerability in the XStream open-source…
-
Threat Intelligence
Oracle Patches 48 Critical Vulnerabilities, 370 Vulnerabilities in Total
October 19, 2022 Oracle Patches 48 Critical Vulnerabilities, 370 Vulnerabilities in Total As part of its quarterly Critical Patch Update (CPU), Oracle has patched 48 critical vulnerabilities and over 250 Remote Code Execution vulnerabilities. Overall, Oracle has patched 370 vulnerabilities across 126 products. Affected Products The Vulnerability affects over 126 Oracle products including: Oracle Communications…
-
Threat Intelligence
Apache Patches Text4Shell RCE vulnerability
October 18, 2022 Apache Patches Text4Shell RCE vulnerability Apache has released an advisory addressing a critical Remote Code Execution (RCE) vulnerability in the Apache Commons Text library. The vulnerability, dubbed as “Text4Shell”, results from insecure implementation of Commons Text’s variable interpolation functionality—more specifically, some default lookup strings could potentially accept untrusted input from remote attackers, such…
-
Threat Intelligence
Adobe Patches 2 Critical Vulnerabilities in Acrobat
October 13, 2022 Adobe Patches 2 Critical Vulnerabilities in Acrobat Adobe has released a major security update for Acrobat and Reader products, addressing 6 vulnerabilities, 2 of which are defined as critical and may lead to arbitrary code execution attacks. It is important to note that the vulnerabilities may also be described as RCE because…