Resources
Learn about CYREBRO’s platform, technology, and capabilities, read about industry insights, watch webinars with cyber experts, and much more in the resources below.
-
Threat Intelligence
Microsoft Patches 2 0-Days & 20 RCE Vulnerabilities
October 13, 2022 Microsoft Patches 2 0-Days & 20 RCE Vulnerabilities As part of October’s monthly security rollup updates, Microsoft has patched two 0-Day vulnerabilities and 20 Remote Code Execution vulnerabilities. Overall, Microsoft has patched 84 vulnerabilities across Windows, Azure, Active Directory, Hyper-V, Edge, and others. The High-Severity Zero-Day Vulnerability CVE-2022-41033(CVSS 3.1: 7.8, High Severity)…
-
Threat Intelligence
Fortinet Patches Critical Vulnerability Affecting FortiGate and FortiProxy
September 9, 2022 Fortinet Patches Critical Vulnerability Affecting FortiGate and FortiProxy Fortinet has released a security alert to its customers about a critical Authentication-Bypass Vulnerability in FortiGate firewalls and FortiProxy web proxies that might allow an unauthenticated attacker to execute remote arbitrary actions on vulnerable systems. The Vulnerability CVE-2022-40684 (CVSS 3.1: 9.6, Critical) – An…
-
Threat Intelligence
Microsoft Patches 2 Exchange Zero-Day Actively Exploited in The Wild
October 2, 2022 Microsoft Patches 2 Exchange Zero-Day Actively Exploited in The Wild Microsoft claims that in August 2022, a threat group gained initial access and compromised Exchange servers by chaining the two recently discovered zero-day flaws in a narrow range of attacks. The 0-Day Vulnerabilities CVE-2022-41040 (CVSS 3.1: 8.8, High Severity) – A Server-Side…
-
Threat Intelligence
Mozilla Releases Security Update for Thunderbird
October 2, 2022 Mozilla Releases Security Update for Thunderbird Mozilla has released a security update to address a vulnerability in Thunderbird. An attacker could exploit this vulnerability to take control of an affected system. The newly released Thunderbird version is 102.3.1. The High-severity Vulnerabilities CVE-2022-39249, High severity – Matrix Chat Protocol Vulnerability, a malicious server administrator could…
-
Threat Intelligence
Google Patches 20 Chrome Vulnerabilities, 4 High-Severity RCEs
September 29, 2022 Google Patches 20 Chrome Vulnerabilities, 4 High-Severity RCEs Google has patched 4 high-severity Remote Code Execution vulnerabilities in Chrome. The newly released Chrome version 106.0.5249.61/62 for Windows, and 106.0.5249.61 for Mac and Linux addresses 20 vulnerabilities overall. The RCE Vulnerabilities CVE-2022-3304, High severity – Use after free Vulnerability in CSS. CVE-2022-3305, High severity –…
-
Threat Intelligence
Sophos Patches an Actively Exploited RCE Firewall Vulnerability
September 25, 2022 Sophos Patches an Actively Exploited RCE Firewall Vulnerability Sophos has released a security advisory addressing a critical remote code Injection vulnerability affecting several firewall models, allowing unauthenticated attackers to preform remote code execution. The Vulnerability CVE-2022-3236 (CVSS:9.8 – critical) – A remote code injection vulnerability in the User Portal and Webadmin components,…
-
Threat Intelligence
QNAP Patches Zero-day Vulnerability Exploited by Deadbolt Ransomware
September 6, 2022 QNAP Patches Zero-day Vulnerability Exploited by Deadbolt Ransomware QNAP has issued a warning to customers of ongoing “DeadBolt” ransomware attacks that started on Saturday by exploiting a zero-day vulnerability in Photo Station. Affected Products QTS 5.0.1 Photo Station Fixed in 6.1.2 and later. QTS 5.0.0/4.5.x Photo Station Fixed in 6.0.22 and later.…
-
Threat Intelligence
Google Chrome 0-Day Vulnerability Exploited in the Wild
September 4, 2022 Google Chrome 0-Day Vulnerability Exploited in the Wild Google has released an emergency update for Chrome, addressing an actively exploited Zero-Day. The updated version is 105.0.5195.102 for Windows, Mac and Linux. The 0-Day Vulnerability CVE-2022-3075, High severity -Insufficient data validation Vulnerability in Mojo. Successful exploitation of this vulnerability may lead to Remote Code…
-
Threat Intelligence
Google Patches 24 Chrome Vulnerabilities, 1 Critical RCE
August 31, 2022 Google Patches 24 Chrome Vulnerabilities, 1 Critical RCE Google has patched Critical Remote Code Execution vulnerability in Chrome. The newly released Chrome version 105.0.5195.52/53/54 for Windows, and 105.0.5195.52 for Mac and Linux addresses 24 vulnerabilities overall. The Critical Vulnerability CVE-2022-3038, Critical severity – Use after free Vulnerability in Network Service. Successful exploitation…
-
Threat Intelligence
Atlassian Critical Bitbucket RCE Vulnerability Exists in the Wild
August 28, 2022 Atlassian Critical Bitbucket RCE Vulnerability Exists in the Wild Atlassian has released a patch for Bitbucket ‘Server’ and ‘Data Center’ addressing a critical Remote Code Execution vulnerability existing in the wild. The Vulnerability CVE-2022-36804, Critical (CVSS 3.1 : 9.9) – Command injection vulnerability in multiple API endpoints of Bitbucket Server and Data Center,…
-
Threat Intelligence
Apple Patches 2 Actively Exploited 0-Day RCE Vulnerabilities in MacOS & iOS
August 18, 2022 Apple Patches 2 Actively Exploited 0-Day RCE Vulnerabilities in MacOS & iOS Apple has released an emergency update patching 2 actively exploited 0-day RCE vulnerabilities, one of which allows arbitrary code execution with kernel privileges. Both vulnerabilities affect macOS ‘Monterey’, iOS and iPadOS. The Vulnerabilities CVE-2022-32894 – An out-of-bounds write vulnerability in…
-
Threat Intelligence
Google Patches 11 Chrome Vulnerabilities and 1 Actively Exploited Zero-Day
August 17, 2022 Google Patches 11 Chrome Vulnerabilities and 1 Actively Exploited Zero-Day Google has released an emergency update for Chrome, addressing RCE vulnerabilities including an actively exploited Zero-Day. The newly released Chrome version 104.0.5112.101 for Mac and Linux and 104.0.5112.102/101 for Windows, addresses 11 vulnerabilities overall. The Zero-Day Vulnerability CVE-2022-2856, High-severity – The vulnerability caused…