Resources
Learn about CYREBRO’s platform, technology, and capabilities, read about industry insights, watch webinars with cyber experts, and much more in the resources below.
-
Threat Intelligence
VM2 Patched A Critical Vulnerability Allows Attackers to Run Code Outside the Sandbox
October 13, 2022 VM2 Patched A Critical Vulnerability Allows Attackers to Run Code Outside the Sandbox VM2 released a new version that addressed the Critical sandbox escape and remote code execution (RCE) vulnerability affecting the popular JavaScript sandbox library. The Vulnerability CVE-2022-36067(CVSS 3.1: 10.0, Critical) – Vulnerability in the error mechanism in Node.js. Successful exploitation…
-
Threat Intelligence
SAP Addressed 2 Critical Vulnerabilities Affecting Various Systems
October 13, 2022 SAP Addressed 2 Critical Vulnerabilities Affecting Various Systems SAP published 15 patches for various systems as part of the October 2022 SAP Security Patch Day, including fixes for two critical vulnerabilities. The Critical Vulnerabilities CVE-2022-39802 (CVSS 3.1: 9.9, Critical) – File path traversal vulnerability in SAP Manufacturing Execution, allows an attacker to exploit…
-
Threat Intelligence
VMware Patches Code Execution Vulnerability in vCenter Server
October 13, 2022 VMware Patches Code Execution Vulnerability in vCenter Server VMware has released a patch to address a High-severity unsafe deserialization vulnerability, may lead to arbitrary code execution. The Vulnerability CVE-2022-31680 (CVSS 3.1: 7.2, High Severity) – an unsafe deserialization vulnerability in the platform services controller (PSC). A malicious actor with administrative privileges on the…
-
Threat Intelligence
Microsoft Patches 2 0-Days & 20 RCE Vulnerabilities
October 13, 2022 Microsoft Patches 2 0-Days & 20 RCE Vulnerabilities As part of October’s monthly security rollup updates, Microsoft has patched two 0-Day vulnerabilities and 20 Remote Code Execution vulnerabilities. Overall, Microsoft has patched 84 vulnerabilities across Windows, Azure, Active Directory, Hyper-V, Edge, and others. The High-Severity Zero-Day Vulnerability CVE-2022-41033(CVSS 3.1: 7.8, High Severity)…
-
Threat Intelligence
Fortinet Patches Critical Vulnerability Affecting FortiGate and FortiProxy
September 9, 2022 Fortinet Patches Critical Vulnerability Affecting FortiGate and FortiProxy Fortinet has released a security alert to its customers about a critical Authentication-Bypass Vulnerability in FortiGate firewalls and FortiProxy web proxies that might allow an unauthenticated attacker to execute remote arbitrary actions on vulnerable systems. The Vulnerability CVE-2022-40684 (CVSS 3.1: 9.6, Critical) – An…
-
Threat Intelligence
Microsoft Patches 2 Exchange Zero-Day Actively Exploited in The Wild
October 2, 2022 Microsoft Patches 2 Exchange Zero-Day Actively Exploited in The Wild Microsoft claims that in August 2022, a threat group gained initial access and compromised Exchange servers by chaining the two recently discovered zero-day flaws in a narrow range of attacks. The 0-Day Vulnerabilities CVE-2022-41040 (CVSS 3.1: 8.8, High Severity) – A Server-Side…
-
Threat Intelligence
QNAP Patches Zero-day Vulnerability Exploited by Deadbolt Ransomware
September 6, 2022 QNAP Patches Zero-day Vulnerability Exploited by Deadbolt Ransomware QNAP has issued a warning to customers of ongoing “DeadBolt” ransomware attacks that started on Saturday by exploiting a zero-day vulnerability in Photo Station. Affected Products QTS 5.0.1 Photo Station Fixed in 6.1.2 and later. QTS 5.0.0/4.5.x Photo Station Fixed in 6.0.22 and later.…
-
Threat Intelligence
Google Chrome 0-Day Vulnerability Exploited in the Wild
September 4, 2022 Google Chrome 0-Day Vulnerability Exploited in the Wild Google has released an emergency update for Chrome, addressing an actively exploited Zero-Day. The updated version is 105.0.5195.102 for Windows, Mac and Linux. The 0-Day Vulnerability CVE-2022-3075, High severity -Insufficient data validation Vulnerability in Mojo. Successful exploitation of this vulnerability may lead to Remote Code…
-
Threat Intelligence
Google Patches 24 Chrome Vulnerabilities, 1 Critical RCE
August 31, 2022 Google Patches 24 Chrome Vulnerabilities, 1 Critical RCE Google has patched Critical Remote Code Execution vulnerability in Chrome. The newly released Chrome version 105.0.5195.52/53/54 for Windows, and 105.0.5195.52 for Mac and Linux addresses 24 vulnerabilities overall. The Critical Vulnerability CVE-2022-3038, Critical severity – Use after free Vulnerability in Network Service. Successful exploitation…
-
Threat Intelligence
Atlassian Critical Bitbucket RCE Vulnerability Exists in the Wild
August 28, 2022 Atlassian Critical Bitbucket RCE Vulnerability Exists in the Wild Atlassian has released a patch for Bitbucket ‘Server’ and ‘Data Center’ addressing a critical Remote Code Execution vulnerability existing in the wild. The Vulnerability CVE-2022-36804, Critical (CVSS 3.1 : 9.9) – Command injection vulnerability in multiple API endpoints of Bitbucket Server and Data Center,…
-
Threat Intelligence
Apple Patches 2 Actively Exploited 0-Day RCE Vulnerabilities in MacOS & iOS
August 18, 2022 Apple Patches 2 Actively Exploited 0-Day RCE Vulnerabilities in MacOS & iOS Apple has released an emergency update patching 2 actively exploited 0-day RCE vulnerabilities, one of which allows arbitrary code execution with kernel privileges. Both vulnerabilities affect macOS ‘Monterey’, iOS and iPadOS. The Vulnerabilities CVE-2022-32894 – An out-of-bounds write vulnerability in…
-
Threat Intelligence
Google Patches 11 Chrome Vulnerabilities and 1 Actively Exploited Zero-Day
August 17, 2022 Google Patches 11 Chrome Vulnerabilities and 1 Actively Exploited Zero-Day Google has released an emergency update for Chrome, addressing RCE vulnerabilities including an actively exploited Zero-Day. The newly released Chrome version 104.0.5112.101 for Mac and Linux and 104.0.5112.102/101 for Windows, addresses 11 vulnerabilities overall. The Zero-Day Vulnerability CVE-2022-2856, High-severity – The vulnerability caused…