Resources
Learn about CYREBRO’s platform, technology, and capabilities, read about industry insights, watch webinars with cyber experts, and much more in the resources below.
-
Threat Intelligence
Microsoft Patches 84 Vulnerabilities, one 0-Days & 4 RCEs
July 14, 2022 Microsoft Patches 84 Vulnerabilities, one 0-Days & 4 RCEs As part of July’s monthly security rollup updates, Microsoft has patched 1 actively exploited Zero-day and 4 remote code execution vulnerabilities. Overall, Microsoft has patched 84 vulnerabilities across Windows, Windows Server, Office, Azure, AD, and other products. The Zero-Day Vulnerability CVE-2022-22047 (CVSS 3.1: 7.8, High…
-
Threat Intelligence
Adobe Patches 22 Critical Vulnerabilities in Acrobat
July 14, 2022 Adobe Patches 22 Critical Vulnerabilities in Acrobat Adobe has released a major security update for Acrobat and Reader products, addressing at least 22 reported vulnerabilities, some of which might lead to arbitrary code execution attacks. The Vulnerabilities The vulnerabilities have been documented as ‘use-after-free’ and ‘out-of-bounds read’ memory safety issues that could…
-
Threat Intelligence
High-Severity VMware vCenter Vulnerability
July 14, 2022 High-Severity VMware vCenter Vulnerability VMware has finally made a patch available for one of the impacted versions of vCenter Server, eight months after revealing a high-severity privilege escalation vulnerability. The Vulnerability CVE-2021-22048, (CVSS 3.1: 7.1, High) – Privilege escalation vulnerability in the IWA (Integrated Windows Authentication) authentication mechanism. This vulnerability could be…
-
Guides & E-books
2022 Fraud and Email Compromise Analysis Report
This report details analysis that CYREBRO performed to understand the leading causes of a fraud attack, and what your organization can do to protect itself from fraud and email compromise.
-
Threat Intelligence
OpenSSL High-Severity Vulnerability Could Lead to RCE
July 7, 2022 OpenSSL High-Severity Vulnerability Could Lead to RCE OpenSSL has released a security update to address a High-Severity vulnerability affecting OpenSSL 3.0.4. An attacker could exploit this vulnerability to perform Remote Code Execution. The Vulnerability CVE-2022-2274, (High-Severity) – a heap memory corruption with RSA private key operation. This issue causes the RSA implementation…
-
Threat Intelligence
Google Chrome 0-Day Vulnerability Exploited in the Wild
July 5, 2022 Google Chrome 0-Day Vulnerability Exploited in the Wild Google has released an emergency update for Chrome, addressing an actively exploited Zero-Day. The updated version is 103.0.5060.114 for Windows, Mac, and Linux. The Vulnerability CVE-2022-2294 , High Severity – heap-based buffer overflow vulnerability in the WebRTC (Web Real-Time Communications) component. Successful heap overflow exploitation can…
-
Threat Intelligence
Atlassian Patches a Critical Confluence RCE Vulnerability Exploited in the Wild
June 6, 2022 Atlassian Patches a Critical Confluence RCE Vulnerability Exploited in the Wild Atlassian has released new Confluence ‘Server’ and ‘Data Center’ versions addressing an exploited in the wild critical remote code execution vulnerability. The Vulnerability CVE-2022-26134, Critical Severity – OGNL injection vulnerability allows an unauthenticated user to execute arbitrary code on a Confluence…
-
Threat Intelligence
‘Follina’: A Microsoft 0-Day RCE Vulnerability Exploited in the Wild
May 31, 2022 ‘Follina’: A Microsoft 0-Day RCE Vulnerability Exploited in the Wild Microsoft has released an advisory regarding a new 0-day remote code execution vulnerability in Microsoft Windows support diagnostic tool (MSDT). The vulnerability is exploited in the wild. Named ‘Follina’ by the cybersecurity community, Microsoft have not released a patch for this vulnerability…
-
Threat Intelligence
Google Patches 32 Chrome Vulnerabilities, 1 Critical RCE
May 26, 2022 Google Patches 32 Chrome Vulnerabilities, 1 Critical RCE Google has released Chrome version 102.0.5005.61 for Desktop, patching 32 vulnerabilities, including 1 critical remote code execution vulnerability. The Critical Vulnerability CVE-2022-1853, Critical Severity – A ‘use-after-free’ in IndexedDB. Successful exploitation of the vulnerability may result in remote code execution. For the full list…
-
Threat Intelligence
Cash Register Vendors Targeted, AutoSoft Compromised by Ransomware in a Supply-Chain Attack
May 22, 2022 Cash Register Vendors Targeted, AutoSoft Compromised by Ransomware in a Supply-Chain Attack On May 17th, the cash register vendor AutoSoft has been targeted by the infamous ‘LockBit 2.0’ ransomware. According to a private statement sent to their customers by AutoSoft, 200 computers have been compromised, and attempts are being made to contact…
-
Threat Intelligence
Critical WordPress ‘Jupiter’ Theme & Plugin Privilege Escalation
May 18, 2022 Critical WordPress ‘Jupiter’ Theme & Plugin Privilege Escalation According to an advisory by WordFence, a critical privilege escalation vulnerability affecting ‘Jupiter’ theme and ‘JupiterX Core’ plugin for WordPress was detected and patched. The Vulnerability CVE-2022-1654 (CVSS 3.1: 9.9, Critical) – Authenticated Privilege Escalation and Post deletion. The vulnerability enables any authenticated attacker,…
-
Threat Intelligence
VMWare Patches Critical Authentication Bypass Vulnerability
May 19, 2022 VMWare Patches Critical Authentication Bypass Vulnerability VMWare has patched a critical vulnerability, which may allow attackers to obtain administrative access without the need to authenticate. The Vulnerability CVE-2022-22972, (CVSS 3.1: 9.8, Critical) – A malicious actor with network access to the UI may be able to obtain administrative access without authentication. Affected Products VMware…