Resources
Learn about CYREBRO’s platform, technology, and capabilities, read about industry insights, watch webinars with cyber experts, and much more in the resources below.
-
Threat Intelligence
SAMBA patches vulnerabilities that allow remote code execution and data disclosure
October 27, 2022 SAMBA patches vulnerabilities that allow remote code execution and data disclosure SAMBA has released a patch and security advisory to address two vulnerabilities in all versions of Samba prior to 4.17.0 that might allow attackers to perform remote code execution and get access to all of the server’s file systems running vulnerable…
-
Threat Intelligence
Apple Patches 127 Vulnerabilities that Affects a Variety of Products
October 27, 2022 Apple Patches 127 Vulnerabilities that Affects a Variety of Products Apple’s security response team has released software updates for at least 77 software vulnerabilities affecting several Apple products (Excludes iPhones, iPads, Apple Watch and Apple TV). Some of these vulnerabilities may lead to remote code execution (RCE). The Vulnerabilities: The details of the…
-
Threat Intelligence
VMware Patches Critical Cloud Foundation RCE Vulnerability
October 26, 2022 VMware Patches Critical Cloud Foundation RCE Vulnerability VMware has released a security update to address a critical vulnerability in VMware Cloud Foundation. Unauthenticated threat actors can exploit the vulnerability remotely (RCE) in low-complexity attacks that do not require user interaction. The Vulnerability CVE-2021-39144, (CVSS 3.1: 9.8, Critical) – Vulnerability in the XStream open-source…
-
Threat Intelligence
Oracle Patches 48 Critical Vulnerabilities, 370 Vulnerabilities in Total
October 19, 2022 Oracle Patches 48 Critical Vulnerabilities, 370 Vulnerabilities in Total As part of its quarterly Critical Patch Update (CPU), Oracle has patched 48 critical vulnerabilities and over 250 Remote Code Execution vulnerabilities. Overall, Oracle has patched 370 vulnerabilities across 126 products. Affected Products The Vulnerability affects over 126 Oracle products including: Oracle Communications…
-
Threat Intelligence
Apache Patches Text4Shell RCE vulnerability
October 18, 2022 Apache Patches Text4Shell RCE vulnerability Apache has released an advisory addressing a critical Remote Code Execution (RCE) vulnerability in the Apache Commons Text library. The vulnerability, dubbed as “Text4Shell”, results from insecure implementation of Commons Text’s variable interpolation functionality—more specifically, some default lookup strings could potentially accept untrusted input from remote attackers, such…
-
Threat Intelligence
Adobe Patches 2 Critical Vulnerabilities in Acrobat
October 13, 2022 Adobe Patches 2 Critical Vulnerabilities in Acrobat Adobe has released a major security update for Acrobat and Reader products, addressing 6 vulnerabilities, 2 of which are defined as critical and may lead to arbitrary code execution attacks. It is important to note that the vulnerabilities may also be described as RCE because…
-
Threat Intelligence
Mozilla Releases Security Update for Thunderbird
October 2, 2022 Mozilla Releases Security Update for Thunderbird Mozilla has released a security update to address a vulnerability in Thunderbird. An attacker could exploit this vulnerability to take control of an affected system. The newly released Thunderbird version is 102.3.1. The High-severity Vulnerabilities CVE-2022-39249, High severity – Matrix Chat Protocol Vulnerability, a malicious server administrator could…
-
Threat Intelligence
Google Patches 20 Chrome Vulnerabilities, 4 High-Severity RCEs
September 29, 2022 Google Patches 20 Chrome Vulnerabilities, 4 High-Severity RCEs Google has patched 4 high-severity Remote Code Execution vulnerabilities in Chrome. The newly released Chrome version 106.0.5249.61/62 for Windows, and 106.0.5249.61 for Mac and Linux addresses 20 vulnerabilities overall. The RCE Vulnerabilities CVE-2022-3304, High severity – Use after free Vulnerability in CSS. CVE-2022-3305, High severity –…
-
Threat Intelligence
Sophos Patches an Actively Exploited RCE Firewall Vulnerability
September 25, 2022 Sophos Patches an Actively Exploited RCE Firewall Vulnerability Sophos has released a security advisory addressing a critical remote code Injection vulnerability affecting several firewall models, allowing unauthenticated attackers to preform remote code execution. The Vulnerability CVE-2022-3236 (CVSS:9.8 – critical) – A remote code injection vulnerability in the User Portal and Webadmin components,…
-
Threat Intelligence
Microsoft Patches 63 Vulnerabilities, 2 0-Days & 30 RCEs
September 14, 2022 Microsoft Patches 63 Vulnerabilities, 2 0-Days & 30 RCEs As part of September’s monthly security rollup updates, Microsoft has patched 2 actively exploited Zero-day and 30 remote code execution vulnerabilities. Overall, Microsoft has patched 63 vulnerabilities across Windows, Windows Server, Office, Azure, Visual studio, and other products. The Zero-Day Vulnerabilities CVE-2022-37969 (CVSS 3.1: 7.8,…
-
Threat Intelligence
Critical WordPress WPGateway premium plugin Actively Exploited 0-Day
September 14, 2022 Critical WordPress WPGateway premium plugin Actively Exploited 0-Day According to an advisory by WordFence, a critical privilege escalation 0-Day vulnerability affecting the “WPGateway” WordPress plugin was identified Actively Exploited in the Wild. The Vulnerability CVE-2022-3180 (CVSS 3.1: 9.8, Critical) – A critical privilege escalation vulnerability allows unauthenticated attackers to add a rogue user…
-
Threat Intelligence
HP Patches a Severe Vulnerability in Pre-Installed Support Assistant Tool
September 9, 2022 HP Patches a Severe Vulnerability in Pre-Installed Support Assistant Tool A recently discovered vulnerability in HP Support Assistant, a software that comes pre-installed on all HP laptops and desktop PCs, was publicly disclosed by HP in a security advisory. The Vulnerability: CVE-2022-38395 (CVSS score: 8.2) – A DLL hijacking vulnerability that occurs…