Resources
Learn about CYREBRO’s platform, technology, and capabilities, read about industry insights, watch webinars with cyber experts, and much more in the resources below.
-
Threat Intelligence
RARLAB Patches RCE in UnRAR
August 10, 2022 RARLAB Patches RCE in UnRAR RARLAB, the company that also develops WinRAR, has patched a remote code execution vulnerability in UnRAR (the Unix/Linux version of WinRAR). When a program or a victim user extracts an untrusted archive, the attacker has the ability to create files outside of the target extraction directory and execute…
-
Threat Intelligence
Microsoft Patches One 0-Days & 31 RCE Vulnerabilities
August 10, 2022 Microsoft Patches One 0-Days & 31 RCE Vulnerabilities As part of August’s monthly security rollup updates, Microsoft has patched one 0-Day and 31 Remote Code Execution vulnerabilities. Overall, Microsoft has patched 121 vulnerabilities across Windows, Azure, Active Directory, Hyper-V, Exchange, and others. The Zero-Day Vulnerability CVE-2022-34713 (CVSS 3.1: 7.2, High Severity) – Path…
-
Threat Intelligence
Google Patches 7 High-Severity Chrome Vulnerabilities
August 4, 2022 Google Patches 7 High-Severity Chrome Vulnerabilities Google has released Chrome version 104.0.5112.79 (Mac/Linux) and 104.0.5112.79/80/81 (Windows), patching 27 vulnerabilities, including 7 High-Severity ‘use-after-free’ vulnerabilities which may lead to remote code execution (RCE). The High-Severity Vulnerabilities CVE-2022-2603, High Severity – Use after free in Omnibox. CVE-2022-2604, High Severity – Use after free in…
-
Threat Intelligence
Cisco Patches 2 Critical RCE Vulnerabilities Impacting VPN routers
August 4, 2022 Cisco Patches 2 Critical RCE Vulnerabilities Impacting VPN routers Cisco has patched critical security vulnerabilities that allowed unauthenticated remote attackers to execute arbitrary code or commands and cause denial of service (DoS) conditions on vulnerable devices. The vulnerabilities were discovered in the web-based management interfaces and the web filter database update feature,…
-
Threat Intelligence
Critical VMware RCE & Auth Bypass Vulnerabilities Existed In The Wild
August 2, 2022 Critical VMware RCE & Auth Bypass Vulnerabilities Existed In The Wild VMware has released a patch to address a critical authentication bypass vulnerability that affects local domain users in a number of products and allows unauthenticated attackers to gain administrative access. In addition, VMware addressed a number of additional security vulnerabilities that allowed…
-
Threat Intelligence
SonicWall Patches a Critical SQL Injection Vulnerability
July 25, 2022 SonicWall Patches a Critical SQL Injection Vulnerability A critical SQL injection (SQLi) vulnerability affecting Analytics On-Premise and Global Management System (GMS) products has been patched by SonicWall. The Vulnerability CVE-2022-22280 (CVSS 3.0: 9.4, Critical) – Allows SQL injection due to improper neutralization of special elements used in an SQL Command. The vulnerability…
-
Threat Intelligence
Adobe Patches 22 Critical Vulnerabilities in Acrobat
July 14, 2022 Adobe Patches 22 Critical Vulnerabilities in Acrobat Adobe has released a major security update for Acrobat and Reader products, addressing at least 22 reported vulnerabilities, some of which might lead to arbitrary code execution attacks. The Vulnerabilities The vulnerabilities have been documented as ‘use-after-free’ and ‘out-of-bounds read’ memory safety issues that could…
-
Threat Intelligence
High-Severity VMware vCenter Vulnerability
July 14, 2022 High-Severity VMware vCenter Vulnerability VMware has finally made a patch available for one of the impacted versions of vCenter Server, eight months after revealing a high-severity privilege escalation vulnerability. The Vulnerability CVE-2021-22048, (CVSS 3.1: 7.1, High) – Privilege escalation vulnerability in the IWA (Integrated Windows Authentication) authentication mechanism. This vulnerability could be…
-
Threat Intelligence
OpenSSL High-Severity Vulnerability Could Lead to RCE
July 7, 2022 OpenSSL High-Severity Vulnerability Could Lead to RCE OpenSSL has released a security update to address a High-Severity vulnerability affecting OpenSSL 3.0.4. An attacker could exploit this vulnerability to perform Remote Code Execution. The Vulnerability CVE-2022-2274, (High-Severity) – a heap memory corruption with RSA private key operation. This issue causes the RSA implementation…
-
Threat Intelligence
Google Chrome 0-Day Vulnerability Exploited in the Wild
July 5, 2022 Google Chrome 0-Day Vulnerability Exploited in the Wild Google has released an emergency update for Chrome, addressing an actively exploited Zero-Day. The updated version is 103.0.5060.114 for Windows, Mac, and Linux. The Vulnerability CVE-2022-2294 , High Severity – heap-based buffer overflow vulnerability in the WebRTC (Web Real-Time Communications) component. Successful heap overflow exploitation can…
-
Threat Intelligence
Django SQL Injection Vulnerability Exists in the Wild
July 4, 2022 Django SQL Injection Vulnerability Exists in the Wild The Django project, an open-source Python-based web framework, has patched a high severity SQL Injection vulnerability in its latest releases. The vulnerability affects thousands of websites which use Django as their Model-Template-View framework. The Vulnerability CVE-2022-34265 (High severity) – a potential SQL Injection vulnerability…
-
Threat Intelligence
29 0-Day Vulnerabilities Reported in 29 Jenkins Plugins
July 3, 2022 29 0-Day Vulnerabilities Reported in 29 Jenkins Plugins The Jenkins security team has reported 34 vulnerabilities (29 of them being 0-days) affecting 29 Jenkins plugins. Successful exploitation of the vulnerabilities may lead to remote code execution and system compromise. Jenkins is an open-source automation server mostly used for the DevOps process. There…