Resources
Learn about CYREBRO’s platform, technology, and capabilities, read about industry insights, watch webinars with cyber experts, and much more in the resources below.
-
Threat Intelligence
Google Patches 11 Chrome Vulnerabilities and 1 Actively Exploited Zero-Day
August 17, 2022 Google Patches 11 Chrome Vulnerabilities and 1 Actively Exploited Zero-Day Google has released an emergency update for Chrome, addressing RCE vulnerabilities including an actively exploited Zero-Day. The newly released Chrome version 104.0.5112.101 for Mac and Linux and 104.0.5112.102/101 for Windows, addresses 11 vulnerabilities overall. The Zero-Day Vulnerability CVE-2022-2856, High-severity – The vulnerability caused…
-
Threat Intelligence
Adobe Patches Acrobat 3 Critical ACEs
August 10, 2022 Adobe Patches Acrobat 3 Critical ACEs Adobe has released a serious security update for its Acrobat and Reader products, addressing 7 reported vulnerabilities, 3 of which might lead to arbitrary code execution attacks. In addition, Adobe released updates for the following products – Adobe Commerce, Illustrator, FrameMaker, Premiere Elements. The ACE Vulnerabilities CVE-2022-35665…
-
Threat Intelligence
HP Discloses High-Severity Vulnerabilities Affecting System BIOS of certain HP PC products
August 10, 2022 HP Discloses High-Severity Vulnerabilities Affecting System BIOS of certain HP PC products HP issued an announcement stating that vulnerabilities in the system BIOS of select HP PC models have been detected, which may lead to arbitrary code execution, privilege escalation, denial of service, and information leaking. HP is currently working on the…
-
Threat Intelligence
RARLAB Patches RCE in UnRAR
August 10, 2022 RARLAB Patches RCE in UnRAR RARLAB, the company that also develops WinRAR, has patched a remote code execution vulnerability in UnRAR (the Unix/Linux version of WinRAR). When a program or a victim user extracts an untrusted archive, the attacker has the ability to create files outside of the target extraction directory and execute…
-
Threat Intelligence
Microsoft Patches One 0-Days & 31 RCE Vulnerabilities
August 10, 2022 Microsoft Patches One 0-Days & 31 RCE Vulnerabilities As part of August’s monthly security rollup updates, Microsoft has patched one 0-Day and 31 Remote Code Execution vulnerabilities. Overall, Microsoft has patched 121 vulnerabilities across Windows, Azure, Active Directory, Hyper-V, Exchange, and others. The Zero-Day Vulnerability CVE-2022-34713 (CVSS 3.1: 7.2, High Severity) – Path…
-
Threat Intelligence
Google Patches 7 High-Severity Chrome Vulnerabilities
August 4, 2022 Google Patches 7 High-Severity Chrome Vulnerabilities Google has released Chrome version 104.0.5112.79 (Mac/Linux) and 104.0.5112.79/80/81 (Windows), patching 27 vulnerabilities, including 7 High-Severity ‘use-after-free’ vulnerabilities which may lead to remote code execution (RCE). The High-Severity Vulnerabilities CVE-2022-2603, High Severity – Use after free in Omnibox. CVE-2022-2604, High Severity – Use after free in…
-
Threat Intelligence
Adobe Patches 22 Critical Vulnerabilities in Acrobat
July 14, 2022 Adobe Patches 22 Critical Vulnerabilities in Acrobat Adobe has released a major security update for Acrobat and Reader products, addressing at least 22 reported vulnerabilities, some of which might lead to arbitrary code execution attacks. The Vulnerabilities The vulnerabilities have been documented as ‘use-after-free’ and ‘out-of-bounds read’ memory safety issues that could…
-
Threat Intelligence
High-Severity VMware vCenter Vulnerability
July 14, 2022 High-Severity VMware vCenter Vulnerability VMware has finally made a patch available for one of the impacted versions of vCenter Server, eight months after revealing a high-severity privilege escalation vulnerability. The Vulnerability CVE-2021-22048, (CVSS 3.1: 7.1, High) – Privilege escalation vulnerability in the IWA (Integrated Windows Authentication) authentication mechanism. This vulnerability could be…
-
Threat Intelligence
OpenSSL High-Severity Vulnerability Could Lead to RCE
July 7, 2022 OpenSSL High-Severity Vulnerability Could Lead to RCE OpenSSL has released a security update to address a High-Severity vulnerability affecting OpenSSL 3.0.4. An attacker could exploit this vulnerability to perform Remote Code Execution. The Vulnerability CVE-2022-2274, (High-Severity) – a heap memory corruption with RSA private key operation. This issue causes the RSA implementation…
-
Threat Intelligence
Google Chrome 0-Day Vulnerability Exploited in the Wild
July 5, 2022 Google Chrome 0-Day Vulnerability Exploited in the Wild Google has released an emergency update for Chrome, addressing an actively exploited Zero-Day. The updated version is 103.0.5060.114 for Windows, Mac, and Linux. The Vulnerability CVE-2022-2294 , High Severity – heap-based buffer overflow vulnerability in the WebRTC (Web Real-Time Communications) component. Successful heap overflow exploitation can…
-
Threat Intelligence
Django SQL Injection Vulnerability Exists in the Wild
July 4, 2022 Django SQL Injection Vulnerability Exists in the Wild The Django project, an open-source Python-based web framework, has patched a high severity SQL Injection vulnerability in its latest releases. The vulnerability affects thousands of websites which use Django as their Model-Template-View framework. The Vulnerability CVE-2022-34265 (High severity) – a potential SQL Injection vulnerability…
-
Threat Intelligence
29 0-Day Vulnerabilities Reported in 29 Jenkins Plugins
July 3, 2022 29 0-Day Vulnerabilities Reported in 29 Jenkins Plugins The Jenkins security team has reported 34 vulnerabilities (29 of them being 0-days) affecting 29 Jenkins plugins. Successful exploitation of the vulnerabilities may lead to remote code execution and system compromise. Jenkins is an open-source automation server mostly used for the DevOps process. There…