Resources
Learn about CYREBRO’s platform, technology, and capabilities, read about industry insights, watch webinars with cyber experts, and much more in the resources below.
-
Threat Intelligence
Oracle Patches 48 Critical Vulnerabilities, 370 Vulnerabilities in Total
October 19, 2022 Oracle Patches 48 Critical Vulnerabilities, 370 Vulnerabilities in Total As part of its quarterly Critical Patch Update (CPU), Oracle has patched 48 critical vulnerabilities and over 250 Remote Code Execution vulnerabilities. Overall, Oracle has patched 370 vulnerabilities across 126 products. Affected Products The Vulnerability affects over 126 Oracle products including: Oracle Communications…
-
Threat Intelligence
Apache Patches Text4Shell RCE vulnerability
October 18, 2022 Apache Patches Text4Shell RCE vulnerability Apache has released an advisory addressing a critical Remote Code Execution (RCE) vulnerability in the Apache Commons Text library. The vulnerability, dubbed as “Text4Shell”, results from insecure implementation of Commons Text’s variable interpolation functionality—more specifically, some default lookup strings could potentially accept untrusted input from remote attackers, such…
-
Threat Intelligence
Adobe Patches 2 Critical Vulnerabilities in Acrobat
October 13, 2022 Adobe Patches 2 Critical Vulnerabilities in Acrobat Adobe has released a major security update for Acrobat and Reader products, addressing 6 vulnerabilities, 2 of which are defined as critical and may lead to arbitrary code execution attacks. It is important to note that the vulnerabilities may also be described as RCE because…
-
Threat Intelligence
VM2 Patched A Critical Vulnerability Allows Attackers to Run Code Outside the Sandbox
October 13, 2022 VM2 Patched A Critical Vulnerability Allows Attackers to Run Code Outside the Sandbox VM2 released a new version that addressed the Critical sandbox escape and remote code execution (RCE) vulnerability affecting the popular JavaScript sandbox library. The Vulnerability CVE-2022-36067(CVSS 3.1: 10.0, Critical) – Vulnerability in the error mechanism in Node.js. Successful exploitation…
-
Threat Intelligence
SAP Addressed 2 Critical Vulnerabilities Affecting Various Systems
October 13, 2022 SAP Addressed 2 Critical Vulnerabilities Affecting Various Systems SAP published 15 patches for various systems as part of the October 2022 SAP Security Patch Day, including fixes for two critical vulnerabilities. The Critical Vulnerabilities CVE-2022-39802 (CVSS 3.1: 9.9, Critical) – File path traversal vulnerability in SAP Manufacturing Execution, allows an attacker to exploit…
-
Threat Intelligence
VMware Patches Code Execution Vulnerability in vCenter Server
October 13, 2022 VMware Patches Code Execution Vulnerability in vCenter Server VMware has released a patch to address a High-severity unsafe deserialization vulnerability, may lead to arbitrary code execution. The Vulnerability CVE-2022-31680 (CVSS 3.1: 7.2, High Severity) – an unsafe deserialization vulnerability in the platform services controller (PSC). A malicious actor with administrative privileges on the…
-
Threat Intelligence
Mozilla Releases Security Update for Thunderbird
October 2, 2022 Mozilla Releases Security Update for Thunderbird Mozilla has released a security update to address a vulnerability in Thunderbird. An attacker could exploit this vulnerability to take control of an affected system. The newly released Thunderbird version is 102.3.1. The High-severity Vulnerabilities CVE-2022-39249, High severity – Matrix Chat Protocol Vulnerability, a malicious server administrator could…
-
Threat Intelligence
Google Patches 20 Chrome Vulnerabilities, 4 High-Severity RCEs
September 29, 2022 Google Patches 20 Chrome Vulnerabilities, 4 High-Severity RCEs Google has patched 4 high-severity Remote Code Execution vulnerabilities in Chrome. The newly released Chrome version 106.0.5249.61/62 for Windows, and 106.0.5249.61 for Mac and Linux addresses 20 vulnerabilities overall. The RCE Vulnerabilities CVE-2022-3304, High severity – Use after free Vulnerability in CSS. CVE-2022-3305, High severity –…
-
Threat Intelligence
Sophos Patches an Actively Exploited RCE Firewall Vulnerability
September 25, 2022 Sophos Patches an Actively Exploited RCE Firewall Vulnerability Sophos has released a security advisory addressing a critical remote code Injection vulnerability affecting several firewall models, allowing unauthenticated attackers to preform remote code execution. The Vulnerability CVE-2022-3236 (CVSS:9.8 – critical) – A remote code injection vulnerability in the User Portal and Webadmin components,…
-
Threat Intelligence
Microsoft Patches 63 Vulnerabilities, 2 0-Days & 30 RCEs
September 14, 2022 Microsoft Patches 63 Vulnerabilities, 2 0-Days & 30 RCEs As part of September’s monthly security rollup updates, Microsoft has patched 2 actively exploited Zero-day and 30 remote code execution vulnerabilities. Overall, Microsoft has patched 63 vulnerabilities across Windows, Windows Server, Office, Azure, Visual studio, and other products. The Zero-Day Vulnerabilities CVE-2022-37969 (CVSS 3.1: 7.8,…
-
Threat Intelligence
Critical WordPress WPGateway premium plugin Actively Exploited 0-Day
September 14, 2022 Critical WordPress WPGateway premium plugin Actively Exploited 0-Day According to an advisory by WordFence, a critical privilege escalation 0-Day vulnerability affecting the “WPGateway” WordPress plugin was identified Actively Exploited in the Wild. The Vulnerability CVE-2022-3180 (CVSS 3.1: 9.8, Critical) – A critical privilege escalation vulnerability allows unauthenticated attackers to add a rogue user…
-
Threat Intelligence
HP Patches a Severe Vulnerability in Pre-Installed Support Assistant Tool
September 9, 2022 HP Patches a Severe Vulnerability in Pre-Installed Support Assistant Tool A recently discovered vulnerability in HP Support Assistant, a software that comes pre-installed on all HP laptops and desktop PCs, was publicly disclosed by HP in a security advisory. The Vulnerability: CVE-2022-38395 (CVSS score: 8.2) – A DLL hijacking vulnerability that occurs…