Resources
Learn about CYREBRO’s platform, technology, and capabilities, read about industry insights, watch webinars with cyber experts, and much more in the resources below.
-
Threat Intelligence
Mozilla Releases Security Update for Thunderbird
October 2, 2022 Mozilla Releases Security Update for Thunderbird Mozilla has released a security update to address a vulnerability in Thunderbird. An attacker could exploit this vulnerability to take control of an affected system. The newly released Thunderbird version is 102.3.1. The High-severity Vulnerabilities CVE-2022-39249, High severity – Matrix Chat Protocol Vulnerability, a malicious server administrator could…
-
Threat Intelligence
Google Patches 20 Chrome Vulnerabilities, 4 High-Severity RCEs
September 29, 2022 Google Patches 20 Chrome Vulnerabilities, 4 High-Severity RCEs Google has patched 4 high-severity Remote Code Execution vulnerabilities in Chrome. The newly released Chrome version 106.0.5249.61/62 for Windows, and 106.0.5249.61 for Mac and Linux addresses 20 vulnerabilities overall. The RCE Vulnerabilities CVE-2022-3304, High severity – Use after free Vulnerability in CSS. CVE-2022-3305, High severity –…
-
Threat Intelligence
Sophos Patches an Actively Exploited RCE Firewall Vulnerability
September 25, 2022 Sophos Patches an Actively Exploited RCE Firewall Vulnerability Sophos has released a security advisory addressing a critical remote code Injection vulnerability affecting several firewall models, allowing unauthenticated attackers to preform remote code execution. The Vulnerability CVE-2022-3236 (CVSS:9.8 – critical) – A remote code injection vulnerability in the User Portal and Webadmin components,…
-
Threat Intelligence
Microsoft Patches 63 Vulnerabilities, 2 0-Days & 30 RCEs
September 14, 2022 Microsoft Patches 63 Vulnerabilities, 2 0-Days & 30 RCEs As part of September’s monthly security rollup updates, Microsoft has patched 2 actively exploited Zero-day and 30 remote code execution vulnerabilities. Overall, Microsoft has patched 63 vulnerabilities across Windows, Windows Server, Office, Azure, Visual studio, and other products. The Zero-Day Vulnerabilities CVE-2022-37969 (CVSS 3.1: 7.8,…
-
Threat Intelligence
Critical WordPress WPGateway premium plugin Actively Exploited 0-Day
September 14, 2022 Critical WordPress WPGateway premium plugin Actively Exploited 0-Day According to an advisory by WordFence, a critical privilege escalation 0-Day vulnerability affecting the “WPGateway” WordPress plugin was identified Actively Exploited in the Wild. The Vulnerability CVE-2022-3180 (CVSS 3.1: 9.8, Critical) – A critical privilege escalation vulnerability allows unauthenticated attackers to add a rogue user…
-
Threat Intelligence
HP Patches a Severe Vulnerability in Pre-Installed Support Assistant Tool
September 9, 2022 HP Patches a Severe Vulnerability in Pre-Installed Support Assistant Tool A recently discovered vulnerability in HP Support Assistant, a software that comes pre-installed on all HP laptops and desktop PCs, was publicly disclosed by HP in a security advisory. The Vulnerability: CVE-2022-38395 (CVSS score: 8.2) – A DLL hijacking vulnerability that occurs…
-
Threat Intelligence
Adobe Patches Acrobat 3 Critical ACEs
August 10, 2022 Adobe Patches Acrobat 3 Critical ACEs Adobe has released a serious security update for its Acrobat and Reader products, addressing 7 reported vulnerabilities, 3 of which might lead to arbitrary code execution attacks. In addition, Adobe released updates for the following products – Adobe Commerce, Illustrator, FrameMaker, Premiere Elements. The ACE Vulnerabilities CVE-2022-35665…
-
Threat Intelligence
HP Discloses High-Severity Vulnerabilities Affecting System BIOS of certain HP PC products
August 10, 2022 HP Discloses High-Severity Vulnerabilities Affecting System BIOS of certain HP PC products HP issued an announcement stating that vulnerabilities in the system BIOS of select HP PC models have been detected, which may lead to arbitrary code execution, privilege escalation, denial of service, and information leaking. HP is currently working on the…
-
Threat Intelligence
RARLAB Patches RCE in UnRAR
August 10, 2022 RARLAB Patches RCE in UnRAR RARLAB, the company that also develops WinRAR, has patched a remote code execution vulnerability in UnRAR (the Unix/Linux version of WinRAR). When a program or a victim user extracts an untrusted archive, the attacker has the ability to create files outside of the target extraction directory and execute…
-
Threat Intelligence
Microsoft Patches One 0-Days & 31 RCE Vulnerabilities
August 10, 2022 Microsoft Patches One 0-Days & 31 RCE Vulnerabilities As part of August’s monthly security rollup updates, Microsoft has patched one 0-Day and 31 Remote Code Execution vulnerabilities. Overall, Microsoft has patched 121 vulnerabilities across Windows, Azure, Active Directory, Hyper-V, Exchange, and others. The Zero-Day Vulnerability CVE-2022-34713 (CVSS 3.1: 7.2, High Severity) – Path…
-
Threat Intelligence
Google Patches 7 High-Severity Chrome Vulnerabilities
August 4, 2022 Google Patches 7 High-Severity Chrome Vulnerabilities Google has released Chrome version 104.0.5112.79 (Mac/Linux) and 104.0.5112.79/80/81 (Windows), patching 27 vulnerabilities, including 7 High-Severity ‘use-after-free’ vulnerabilities which may lead to remote code execution (RCE). The High-Severity Vulnerabilities CVE-2022-2603, High Severity – Use after free in Omnibox. CVE-2022-2604, High Severity – Use after free in…
-
Threat Intelligence
Cisco Patches 2 Critical RCE Vulnerabilities Impacting VPN routers
August 4, 2022 Cisco Patches 2 Critical RCE Vulnerabilities Impacting VPN routers Cisco has patched critical security vulnerabilities that allowed unauthenticated remote attackers to execute arbitrary code or commands and cause denial of service (DoS) conditions on vulnerable devices. The vulnerabilities were discovered in the web-based management interfaces and the web filter database update feature,…