Resources
Learn about CYREBRO’s platform, technology, and capabilities, read about industry insights, watch webinars with cyber experts, and much more in the resources below.
-
Threat Intelligence
QNAP Patches Zero-day Vulnerability Exploited by Deadbolt Ransomware
September 6, 2022 QNAP Patches Zero-day Vulnerability Exploited by Deadbolt Ransomware QNAP has issued a warning to customers of ongoing “DeadBolt” ransomware attacks that started on Saturday by exploiting a zero-day vulnerability in Photo Station. Affected Products QTS 5.0.1 Photo Station Fixed in 6.1.2 and later. QTS 5.0.0/4.5.x Photo Station Fixed in 6.0.22 and later.…
-
Threat Intelligence
Google Chrome 0-Day Vulnerability Exploited in the Wild
September 4, 2022 Google Chrome 0-Day Vulnerability Exploited in the Wild Google has released an emergency update for Chrome, addressing an actively exploited Zero-Day. The updated version is 105.0.5195.102 for Windows, Mac and Linux. The 0-Day Vulnerability CVE-2022-3075, High severity -Insufficient data validation Vulnerability in Mojo. Successful exploitation of this vulnerability may lead to Remote Code…
-
Threat Intelligence
Google Patches 24 Chrome Vulnerabilities, 1 Critical RCE
August 31, 2022 Google Patches 24 Chrome Vulnerabilities, 1 Critical RCE Google has patched Critical Remote Code Execution vulnerability in Chrome. The newly released Chrome version 105.0.5195.52/53/54 for Windows, and 105.0.5195.52 for Mac and Linux addresses 24 vulnerabilities overall. The Critical Vulnerability CVE-2022-3038, Critical severity – Use after free Vulnerability in Network Service. Successful exploitation…
-
Threat Intelligence
Atlassian Critical Bitbucket RCE Vulnerability Exists in the Wild
August 28, 2022 Atlassian Critical Bitbucket RCE Vulnerability Exists in the Wild Atlassian has released a patch for Bitbucket ‘Server’ and ‘Data Center’ addressing a critical Remote Code Execution vulnerability existing in the wild. The Vulnerability CVE-2022-36804, Critical (CVSS 3.1 : 9.9) – Command injection vulnerability in multiple API endpoints of Bitbucket Server and Data Center,…
-
Threat Intelligence
Apple Patches 2 Actively Exploited 0-Day RCE Vulnerabilities in MacOS & iOS
August 18, 2022 Apple Patches 2 Actively Exploited 0-Day RCE Vulnerabilities in MacOS & iOS Apple has released an emergency update patching 2 actively exploited 0-day RCE vulnerabilities, one of which allows arbitrary code execution with kernel privileges. Both vulnerabilities affect macOS ‘Monterey’, iOS and iPadOS. The Vulnerabilities CVE-2022-32894 – An out-of-bounds write vulnerability in…
-
Critical Realtek RCE Vulnerability Affecting Various Networking Devices Exploited in The Wild
August 17, 2022 Critical Realtek RCE Vulnerability Affecting Various Networking Devices Exploited in The Wild Researchers released an exploit for a critical zero-click RCE vulnerability affecting networking devices using Realtek’s system on a chip (SoC). A remote attacker might use it to compromise vulnerable devices without requiring authentication or user interaction. The vulnerability was disclosed…
-
Threat Intelligence
Critical VMware RCE & Auth Bypass Vulnerabilities Existed In The Wild
August 2, 2022 Critical VMware RCE & Auth Bypass Vulnerabilities Existed In The Wild VMware has released a patch to address a critical authentication bypass vulnerability that affects local domain users in a number of products and allows unauthenticated attackers to gain administrative access. In addition, VMware addressed a number of additional security vulnerabilities that allowed…
-
Threat Intelligence
SonicWall Patches a Critical SQL Injection Vulnerability
July 25, 2022 SonicWall Patches a Critical SQL Injection Vulnerability A critical SQL injection (SQLi) vulnerability affecting Analytics On-Premise and Global Management System (GMS) products has been patched by SonicWall. The Vulnerability CVE-2022-22280 (CVSS 3.0: 9.4, Critical) – Allows SQL injection due to improper neutralization of special elements used in an SQL Command. The vulnerability…
-
Threat Intelligence
Apple Patches 127 Vulnerabilities that Affect a Variety of Products
July 21, 2022 Apple’s security response team has released software updates for at least 127 software vulnerabilities affecting several Apple products. Some of these vulnerabilities may lead to remote code execution. The Critical Vulnerabilities CVE-2022-32832 – An APFS vulnerability might allow an app with root privileges to execute arbitrary code with kernel privileges. CVE-2022-32788 –…
-
Threat Intelligence
Cisco Patches Critical Vulnerabilities Impacting Nexus Dashboard
July 21, 2022 Cisco Patches Critical Vulnerabilities Impacting Nexus Dashboard Cisco released security fixes for 45 vulnerabilities impacting a wide range of devices, some of which might be abused to execute arbitrary code with elevated privileges on affected systems. One security vulnerability is rated Critical, three are rated High, and 41 are rated Medium among…
-
Threat Intelligence
Critical WordPress Plugin Vulnerability Could Lead to a Website Takeover
July 17, 2022 Critical WordPress Plugin Vulnerability Could Lead to a Website Takeover According to reports, there is a new campaign targeting WordPress websites. Attackers have scanned nearly 1.6 million websites in an effort to take advantage of a previously exposed vulnerability in a WordPress plugin that allows arbitrary file uploads. The vulnerability affects Kaswara…
-
Threat Intelligence
Microsoft Patches 84 Vulnerabilities, one 0-Days & 4 RCEs
July 14, 2022 Microsoft Patches 84 Vulnerabilities, one 0-Days & 4 RCEs As part of July’s monthly security rollup updates, Microsoft has patched 1 actively exploited Zero-day and 4 remote code execution vulnerabilities. Overall, Microsoft has patched 84 vulnerabilities across Windows, Windows Server, Office, Azure, AD, and other products. The Zero-Day Vulnerability CVE-2022-22047 (CVSS 3.1: 7.8, High…