Resources
Learn about CYREBRO’s platform, technology, and capabilities, read about industry insights, watch webinars with cyber experts, and much more in the resources below.
-
Threat Intelligence
Cisco Patches 2 Critical RCE Vulnerabilities Impacting VPN routers
August 4, 2022 Cisco Patches 2 Critical RCE Vulnerabilities Impacting VPN routers Cisco has patched critical security vulnerabilities that allowed unauthenticated remote attackers to execute arbitrary code or commands and cause denial of service (DoS) conditions on vulnerable devices. The vulnerabilities were discovered in the web-based management interfaces and the web filter database update feature,…
-
Threat Intelligence
Critical VMware RCE & Auth Bypass Vulnerabilities Existed In The Wild
August 2, 2022 Critical VMware RCE & Auth Bypass Vulnerabilities Existed In The Wild VMware has released a patch to address a critical authentication bypass vulnerability that affects local domain users in a number of products and allows unauthenticated attackers to gain administrative access. In addition, VMware addressed a number of additional security vulnerabilities that allowed…
-
Threat Intelligence
SonicWall Patches a Critical SQL Injection Vulnerability
July 25, 2022 SonicWall Patches a Critical SQL Injection Vulnerability A critical SQL injection (SQLi) vulnerability affecting Analytics On-Premise and Global Management System (GMS) products has been patched by SonicWall. The Vulnerability CVE-2022-22280 (CVSS 3.0: 9.4, Critical) – Allows SQL injection due to improper neutralization of special elements used in an SQL Command. The vulnerability…
-
Threat Intelligence
Apple Patches 127 Vulnerabilities that Affect a Variety of Products
July 21, 2022 Apple’s security response team has released software updates for at least 127 software vulnerabilities affecting several Apple products. Some of these vulnerabilities may lead to remote code execution. The Critical Vulnerabilities CVE-2022-32832 – An APFS vulnerability might allow an app with root privileges to execute arbitrary code with kernel privileges. CVE-2022-32788 –…
-
Threat Intelligence
Cisco Patches Critical Vulnerabilities Impacting Nexus Dashboard
July 21, 2022 Cisco Patches Critical Vulnerabilities Impacting Nexus Dashboard Cisco released security fixes for 45 vulnerabilities impacting a wide range of devices, some of which might be abused to execute arbitrary code with elevated privileges on affected systems. One security vulnerability is rated Critical, three are rated High, and 41 are rated Medium among…
-
Threat Intelligence
Critical WordPress Plugin Vulnerability Could Lead to a Website Takeover
July 17, 2022 Critical WordPress Plugin Vulnerability Could Lead to a Website Takeover According to reports, there is a new campaign targeting WordPress websites. Attackers have scanned nearly 1.6 million websites in an effort to take advantage of a previously exposed vulnerability in a WordPress plugin that allows arbitrary file uploads. The vulnerability affects Kaswara…
-
Threat Intelligence
High Severity Vulnerability Affecting All Major Linux Distros Exploited in the Wild
June 30, 2022 High Severity Vulnerability Affecting All Major Linux Distros Exploited in the Wild A high severity privilege escalation vulnerability in the ‘Polkit’s ‘pkexec’ component, used by all major Linux distributions (including Ubuntu, Debian, Fedora, and CentOS) has been reported to be exploited in the wild. The vulnerability allows unauthorized users to gain root…
-
Threat Intelligence
Google has patched 3 remote code execution vulnerabilities in Chrome.
June 23, 2022 Google has patched 3 remote code execution vulnerabilities in Chrome The newly released Chrome version 103.0.5060.53 for Windows, Mac and Linux addresses 14 vulnerabilities overall. The Vulnerabilities CVE-2022-2156, Critical severity – ‘Use after free’ in ‘Base’. CVE-2022-2157, High severity – Use after free in ‘Interest groups’. CVE-2022-2161, Medium severity – Use after free…
-
Threat Intelligence
Citrix Patches ADM Account Takeover Vulnerability
June 15, 2022 Citrix Patches ADM Account Takeover Vulnerability Citrix has patched an improper access control vulnerability affecting the Application Delivery Management solution (Citrix ADM), which may lead to an account takeover. The Vulnerability CVE-2022-27511 – Corruption of the system by a remote, unauthenticated user potentially leading to the reset of the administrator password,…
-
Threat Intelligence
Microsoft Patches ‘Follina’ 0-Day & 27 RCE Vulnerabilities
June 15, 2022 Microsoft Patches ‘Follina’ 0-Day & 27 RCE Vulnerabilities As part of June’s monthly security rollup updates, Microsoft has patched the recent ‘Follina‘ 0-Day as well as 27 Remote Code Execution vulnerabilities. Overall, Microsoft has patched 55 vulnerabilities across Windows, Azure, Office, SQL Server, Hyper-V, Edge, RVSS, .NET & Visual Studio. The 0-Day Vulnerability CVE-2022-30190…
-
Threat Intelligence
Google Patches 7 Chrome Vulnerabilities, 1 RCE
June 12, 2022 Google Patches 7 Chrome Vulnerabilities, 1 RCE Google has patched a remote code execution vulnerability in Chrome. The newly released Chrome version 102.0.5005.115 for Windows, Mac and Linux addresses 7 vulnerabilities overall. The RCE Vulnerability CVE-2022-2007, High Severity – Use after free in WebGPU. The vulnerability is remotely exploitable and doesn’t require…
-
Threat Intelligence
GitLab Patches a Critical Account Takeover Vulnerability
June 6, 2022 GitLab Patches a Critical Account Takeover Vulnerability GitLab has released a critical security update, patching a critical account takeover vulnerability, as well as 7 other, less severe vulnerabilities. The critical vulnerability affects only GitLab Enterprise Edition (EE) under certain conditions, described in the next section below. The Critical Vulnerability CVE-2022-1680, (CVSS 3.0:…