Resources
Learn about CYREBRO’s platform, technology, and capabilities, read about industry insights, watch webinars with cyber experts, and much more in the resources below.
-
Threat Intelligence
Atlassian Critical Bitbucket RCE Vulnerability Exists in the Wild
August 28, 2022 Atlassian Critical Bitbucket RCE Vulnerability Exists in the Wild Atlassian has released a patch for Bitbucket ‘Server’ and ‘Data Center’ addressing a critical Remote Code Execution vulnerability existing in the wild. The Vulnerability CVE-2022-36804, Critical (CVSS 3.1 : 9.9) – Command injection vulnerability in multiple API endpoints of Bitbucket Server and Data Center,…
-
Threat Intelligence
Apple Patches 2 Actively Exploited 0-Day RCE Vulnerabilities in MacOS & iOS
August 18, 2022 Apple Patches 2 Actively Exploited 0-Day RCE Vulnerabilities in MacOS & iOS Apple has released an emergency update patching 2 actively exploited 0-day RCE vulnerabilities, one of which allows arbitrary code execution with kernel privileges. Both vulnerabilities affect macOS ‘Monterey’, iOS and iPadOS. The Vulnerabilities CVE-2022-32894 – An out-of-bounds write vulnerability in…
-
Critical Realtek RCE Vulnerability Affecting Various Networking Devices Exploited in The Wild
August 17, 2022 Critical Realtek RCE Vulnerability Affecting Various Networking Devices Exploited in The Wild Researchers released an exploit for a critical zero-click RCE vulnerability affecting networking devices using Realtek’s system on a chip (SoC). A remote attacker might use it to compromise vulnerable devices without requiring authentication or user interaction. The vulnerability was disclosed…
-
Threat Intelligence
Google Patches 11 Chrome Vulnerabilities and 1 Actively Exploited Zero-Day
August 17, 2022 Google Patches 11 Chrome Vulnerabilities and 1 Actively Exploited Zero-Day Google has released an emergency update for Chrome, addressing RCE vulnerabilities including an actively exploited Zero-Day. The newly released Chrome version 104.0.5112.101 for Mac and Linux and 104.0.5112.102/101 for Windows, addresses 11 vulnerabilities overall. The Zero-Day Vulnerability CVE-2022-2856, High-severity – The vulnerability caused…
-
Threat Intelligence
Adobe Patches Acrobat 3 Critical ACEs
August 10, 2022 Adobe Patches Acrobat 3 Critical ACEs Adobe has released a serious security update for its Acrobat and Reader products, addressing 7 reported vulnerabilities, 3 of which might lead to arbitrary code execution attacks. In addition, Adobe released updates for the following products – Adobe Commerce, Illustrator, FrameMaker, Premiere Elements. The ACE Vulnerabilities CVE-2022-35665…
-
Threat Intelligence
HP Discloses High-Severity Vulnerabilities Affecting System BIOS of certain HP PC products
August 10, 2022 HP Discloses High-Severity Vulnerabilities Affecting System BIOS of certain HP PC products HP issued an announcement stating that vulnerabilities in the system BIOS of select HP PC models have been detected, which may lead to arbitrary code execution, privilege escalation, denial of service, and information leaking. HP is currently working on the…
-
Threat Intelligence
Critical VMware RCE & Auth Bypass Vulnerabilities Existed In The Wild
August 2, 2022 Critical VMware RCE & Auth Bypass Vulnerabilities Existed In The Wild VMware has released a patch to address a critical authentication bypass vulnerability that affects local domain users in a number of products and allows unauthenticated attackers to gain administrative access. In addition, VMware addressed a number of additional security vulnerabilities that allowed…
-
Threat Intelligence
SonicWall Patches a Critical SQL Injection Vulnerability
July 25, 2022 SonicWall Patches a Critical SQL Injection Vulnerability A critical SQL injection (SQLi) vulnerability affecting Analytics On-Premise and Global Management System (GMS) products has been patched by SonicWall. The Vulnerability CVE-2022-22280 (CVSS 3.0: 9.4, Critical) – Allows SQL injection due to improper neutralization of special elements used in an SQL Command. The vulnerability…
-
Threat Intelligence
Apple Patches 127 Vulnerabilities that Affect a Variety of Products
July 21, 2022 Apple’s security response team has released software updates for at least 127 software vulnerabilities affecting several Apple products. Some of these vulnerabilities may lead to remote code execution. The Critical Vulnerabilities CVE-2022-32832 – An APFS vulnerability might allow an app with root privileges to execute arbitrary code with kernel privileges. CVE-2022-32788 –…
-
Threat Intelligence
Cisco Patches Critical Vulnerabilities Impacting Nexus Dashboard
July 21, 2022 Cisco Patches Critical Vulnerabilities Impacting Nexus Dashboard Cisco released security fixes for 45 vulnerabilities impacting a wide range of devices, some of which might be abused to execute arbitrary code with elevated privileges on affected systems. One security vulnerability is rated Critical, three are rated High, and 41 are rated Medium among…
-
Threat Intelligence
Critical WordPress Plugin Vulnerability Could Lead to a Website Takeover
July 17, 2022 Critical WordPress Plugin Vulnerability Could Lead to a Website Takeover According to reports, there is a new campaign targeting WordPress websites. Attackers have scanned nearly 1.6 million websites in an effort to take advantage of a previously exposed vulnerability in a WordPress plugin that allows arbitrary file uploads. The vulnerability affects Kaswara…
-
Threat Intelligence
Microsoft Patches 84 Vulnerabilities, one 0-Days & 4 RCEs
July 14, 2022 Microsoft Patches 84 Vulnerabilities, one 0-Days & 4 RCEs As part of July’s monthly security rollup updates, Microsoft has patched 1 actively exploited Zero-day and 4 remote code execution vulnerabilities. Overall, Microsoft has patched 84 vulnerabilities across Windows, Windows Server, Office, Azure, AD, and other products. The Zero-Day Vulnerability CVE-2022-22047 (CVSS 3.1: 7.8, High…