Resources
Learn about CYREBRO’s platform, technology, and capabilities, read about industry insights, watch webinars with cyber experts, and much more in the resources below.
-
Threat Intelligence
Apple Patches 127 Vulnerabilities that Affect a Variety of Products
July 21, 2022 Apple’s security response team has released software updates for at least 127 software vulnerabilities affecting several Apple products. Some of these vulnerabilities may lead to remote code execution. The Critical Vulnerabilities CVE-2022-32832 – An APFS vulnerability might allow an app with root privileges to execute arbitrary code with kernel privileges. CVE-2022-32788 –…
-
Threat Intelligence
Cisco Patches Critical Vulnerabilities Impacting Nexus Dashboard
July 21, 2022 Cisco Patches Critical Vulnerabilities Impacting Nexus Dashboard Cisco released security fixes for 45 vulnerabilities impacting a wide range of devices, some of which might be abused to execute arbitrary code with elevated privileges on affected systems. One security vulnerability is rated Critical, three are rated High, and 41 are rated Medium among…
-
Threat Intelligence
Critical WordPress Plugin Vulnerability Could Lead to a Website Takeover
July 17, 2022 Critical WordPress Plugin Vulnerability Could Lead to a Website Takeover According to reports, there is a new campaign targeting WordPress websites. Attackers have scanned nearly 1.6 million websites in an effort to take advantage of a previously exposed vulnerability in a WordPress plugin that allows arbitrary file uploads. The vulnerability affects Kaswara…
-
Threat Intelligence
Microsoft Patches 84 Vulnerabilities, one 0-Days & 4 RCEs
July 14, 2022 Microsoft Patches 84 Vulnerabilities, one 0-Days & 4 RCEs As part of July’s monthly security rollup updates, Microsoft has patched 1 actively exploited Zero-day and 4 remote code execution vulnerabilities. Overall, Microsoft has patched 84 vulnerabilities across Windows, Windows Server, Office, Azure, AD, and other products. The Zero-Day Vulnerability CVE-2022-22047 (CVSS 3.1: 7.8, High…
-
Threat Intelligence
Adobe Patches 22 Critical Vulnerabilities in Acrobat
July 14, 2022 Adobe Patches 22 Critical Vulnerabilities in Acrobat Adobe has released a major security update for Acrobat and Reader products, addressing at least 22 reported vulnerabilities, some of which might lead to arbitrary code execution attacks. The Vulnerabilities The vulnerabilities have been documented as ‘use-after-free’ and ‘out-of-bounds read’ memory safety issues that could…
-
Threat Intelligence
High-Severity VMware vCenter Vulnerability
July 14, 2022 High-Severity VMware vCenter Vulnerability VMware has finally made a patch available for one of the impacted versions of vCenter Server, eight months after revealing a high-severity privilege escalation vulnerability. The Vulnerability CVE-2021-22048, (CVSS 3.1: 7.1, High) – Privilege escalation vulnerability in the IWA (Integrated Windows Authentication) authentication mechanism. This vulnerability could be…
-
Threat Intelligence
High Severity Vulnerability Affecting All Major Linux Distros Exploited in the Wild
June 30, 2022 High Severity Vulnerability Affecting All Major Linux Distros Exploited in the Wild A high severity privilege escalation vulnerability in the ‘Polkit’s ‘pkexec’ component, used by all major Linux distributions (including Ubuntu, Debian, Fedora, and CentOS) has been reported to be exploited in the wild. The vulnerability allows unauthorized users to gain root…
-
Threat Intelligence
Google has patched 3 remote code execution vulnerabilities in Chrome.
June 23, 2022 Google has patched 3 remote code execution vulnerabilities in Chrome The newly released Chrome version 103.0.5060.53 for Windows, Mac and Linux addresses 14 vulnerabilities overall. The Vulnerabilities CVE-2022-2156, Critical severity – ‘Use after free’ in ‘Base’. CVE-2022-2157, High severity – Use after free in ‘Interest groups’. CVE-2022-2161, Medium severity – Use after free…
-
Threat Intelligence
Citrix Patches ADM Account Takeover Vulnerability
June 15, 2022 Citrix Patches ADM Account Takeover Vulnerability Citrix has patched an improper access control vulnerability affecting the Application Delivery Management solution (Citrix ADM), which may lead to an account takeover. The Vulnerability CVE-2022-27511 – Corruption of the system by a remote, unauthenticated user potentially leading to the reset of the administrator password,…
-
Threat Intelligence
Microsoft Patches ‘Follina’ 0-Day & 27 RCE Vulnerabilities
June 15, 2022 Microsoft Patches ‘Follina’ 0-Day & 27 RCE Vulnerabilities As part of June’s monthly security rollup updates, Microsoft has patched the recent ‘Follina‘ 0-Day as well as 27 Remote Code Execution vulnerabilities. Overall, Microsoft has patched 55 vulnerabilities across Windows, Azure, Office, SQL Server, Hyper-V, Edge, RVSS, .NET & Visual Studio. The 0-Day Vulnerability CVE-2022-30190…
-
Threat Intelligence
Google Patches 7 Chrome Vulnerabilities, 1 RCE
June 12, 2022 Google Patches 7 Chrome Vulnerabilities, 1 RCE Google has patched a remote code execution vulnerability in Chrome. The newly released Chrome version 102.0.5005.115 for Windows, Mac and Linux addresses 7 vulnerabilities overall. The RCE Vulnerability CVE-2022-2007, High Severity – Use after free in WebGPU. The vulnerability is remotely exploitable and doesn’t require…
-
Threat Intelligence
GitLab Patches a Critical Account Takeover Vulnerability
June 6, 2022 GitLab Patches a Critical Account Takeover Vulnerability GitLab has released a critical security update, patching a critical account takeover vulnerability, as well as 7 other, less severe vulnerabilities. The critical vulnerability affects only GitLab Enterprise Edition (EE) under certain conditions, described in the next section below. The Critical Vulnerability CVE-2022-1680, (CVSS 3.0:…