Resources
Learn about CYREBRO’s platform, technology, and capabilities, read about industry insights, watch webinars with cyber experts, and much more in the resources below.
-
Threat Intelligence
VMware Patches 3 Critical Auth-Bypass Vulnerabilities in Remote Access Tool
November 9, 2022 VMware Patches 3 Critical Auth-Bypass Vulnerabilities in Remote Access Tool VMware has released security updates to address three critical severity vulnerabilities in the Workspace ONE Assist solution, which allow remote attackers to bypass authentication and gain administrative privileges. The Vulnerabilities CVE-2022-31685 (CVSS 3.1: .9.8, Critical) -A uthentication Bypass vulnerability, malicious actor with…
-
Threat Intelligence
Google Patches 6 RCEs in Chrome
November 9, 2022 Google Patches 6 RCEs in Chrome Google has updated Chrome, patching 6 remote code execution vulnerabilities and 10 vulnerabilities overall. The updated version is 107.0.5304.106/107 for Windows, and 107.0.5304.110 for Mac and Linux. The RCE Vulnerabilities CVE-2022-3885 (High Severity) – Use after free in V8. CVE-2022-3886 (High Severity) – Use after free in…
-
Threat Intelligence
Microsoft Patches 6 0-Days & 16 RCE Vulnerabilities
November 9, 2022 Microsoft Patches 6 0-Days & 16 RCE Vulnerabilities As part of November’s monthly security rollup updates, Microsoft has patched 6 0-Day and 16 Remote Code Execution vulnerabilities. Overall, Microsoft has patched 68 vulnerabilities across Windows, Windows Server, Exchange, Hyper-V, Azure, Visual Studio, Office and others. The Zero-Day Vulnerabilities CVE-2022-41128 (CVSS 3.1: 8.8, High Severity)…
-
Threat Intelligence
SAMBA patches vulnerabilities that allow remote code execution and data disclosure
October 27, 2022 SAMBA patches vulnerabilities that allow remote code execution and data disclosure SAMBA has released a patch and security advisory to address two vulnerabilities in all versions of Samba prior to 4.17.0 that might allow attackers to perform remote code execution and get access to all of the server’s file systems running vulnerable…
-
Threat Intelligence
Apple Patches 127 Vulnerabilities that Affects a Variety of Products
October 27, 2022 Apple Patches 127 Vulnerabilities that Affects a Variety of Products Apple’s security response team has released software updates for at least 77 software vulnerabilities affecting several Apple products (Excludes iPhones, iPads, Apple Watch and Apple TV). Some of these vulnerabilities may lead to remote code execution (RCE). The Vulnerabilities: The details of the…
-
Threat Intelligence
VMware Patches Critical Cloud Foundation RCE Vulnerability
October 26, 2022 VMware Patches Critical Cloud Foundation RCE Vulnerability VMware has released a security update to address a critical vulnerability in VMware Cloud Foundation. Unauthenticated threat actors can exploit the vulnerability remotely (RCE) in low-complexity attacks that do not require user interaction. The Vulnerability CVE-2021-39144, (CVSS 3.1: 9.8, Critical) – Vulnerability in the XStream open-source…
-
Threat Intelligence
VM2 Patched A Critical Vulnerability Allows Attackers to Run Code Outside the Sandbox
October 13, 2022 VM2 Patched A Critical Vulnerability Allows Attackers to Run Code Outside the Sandbox VM2 released a new version that addressed the Critical sandbox escape and remote code execution (RCE) vulnerability affecting the popular JavaScript sandbox library. The Vulnerability CVE-2022-36067(CVSS 3.1: 10.0, Critical) – Vulnerability in the error mechanism in Node.js. Successful exploitation…
-
Threat Intelligence
SAP Addressed 2 Critical Vulnerabilities Affecting Various Systems
October 13, 2022 SAP Addressed 2 Critical Vulnerabilities Affecting Various Systems SAP published 15 patches for various systems as part of the October 2022 SAP Security Patch Day, including fixes for two critical vulnerabilities. The Critical Vulnerabilities CVE-2022-39802 (CVSS 3.1: 9.9, Critical) – File path traversal vulnerability in SAP Manufacturing Execution, allows an attacker to exploit…
-
Threat Intelligence
VMware Patches Code Execution Vulnerability in vCenter Server
October 13, 2022 VMware Patches Code Execution Vulnerability in vCenter Server VMware has released a patch to address a High-severity unsafe deserialization vulnerability, may lead to arbitrary code execution. The Vulnerability CVE-2022-31680 (CVSS 3.1: 7.2, High Severity) – an unsafe deserialization vulnerability in the platform services controller (PSC). A malicious actor with administrative privileges on the…
-
Threat Intelligence
Microsoft Patches 2 0-Days & 20 RCE Vulnerabilities
October 13, 2022 Microsoft Patches 2 0-Days & 20 RCE Vulnerabilities As part of October’s monthly security rollup updates, Microsoft has patched two 0-Day vulnerabilities and 20 Remote Code Execution vulnerabilities. Overall, Microsoft has patched 84 vulnerabilities across Windows, Azure, Active Directory, Hyper-V, Edge, and others. The High-Severity Zero-Day Vulnerability CVE-2022-41033(CVSS 3.1: 7.8, High Severity)…
-
Threat Intelligence
Fortinet Patches Critical Vulnerability Affecting FortiGate and FortiProxy
September 9, 2022 Fortinet Patches Critical Vulnerability Affecting FortiGate and FortiProxy Fortinet has released a security alert to its customers about a critical Authentication-Bypass Vulnerability in FortiGate firewalls and FortiProxy web proxies that might allow an unauthenticated attacker to execute remote arbitrary actions on vulnerable systems. The Vulnerability CVE-2022-40684 (CVSS 3.1: 9.6, Critical) – An…
-
Threat Intelligence
Microsoft Patches 2 Exchange Zero-Day Actively Exploited in The Wild
October 2, 2022 Microsoft Patches 2 Exchange Zero-Day Actively Exploited in The Wild Microsoft claims that in August 2022, a threat group gained initial access and compromised Exchange servers by chaining the two recently discovered zero-day flaws in a narrow range of attacks. The 0-Day Vulnerabilities CVE-2022-41040 (CVSS 3.1: 8.8, High Severity) – A Server-Side…