Resources
Learn about CYREBRO’s platform, technology, and capabilities, read about industry insights, watch webinars with cyber experts, and much more in the resources below.
-
Guides & E-books
2022 Fraud and Email Compromise Analysis Report
This report details analysis that CYREBRO performed to understand the leading causes of a fraud attack, and what your organization can do to protect itself from fraud and email compromise.
-
Threat Intelligence
OpenSSL High-Severity Vulnerability Could Lead to RCE
July 7, 2022 OpenSSL High-Severity Vulnerability Could Lead to RCE OpenSSL has released a security update to address a High-Severity vulnerability affecting OpenSSL 3.0.4. An attacker could exploit this vulnerability to perform Remote Code Execution. The Vulnerability CVE-2022-2274, (High-Severity) – a heap memory corruption with RSA private key operation. This issue causes the RSA implementation…
-
Threat Intelligence
Google Chrome 0-Day Vulnerability Exploited in the Wild
July 5, 2022 Google Chrome 0-Day Vulnerability Exploited in the Wild Google has released an emergency update for Chrome, addressing an actively exploited Zero-Day. The updated version is 103.0.5060.114 for Windows, Mac, and Linux. The Vulnerability CVE-2022-2294 , High Severity – heap-based buffer overflow vulnerability in the WebRTC (Web Real-Time Communications) component. Successful heap overflow exploitation can…
-
Threat Intelligence
Django SQL Injection Vulnerability Exists in the Wild
July 4, 2022 Django SQL Injection Vulnerability Exists in the Wild The Django project, an open-source Python-based web framework, has patched a high severity SQL Injection vulnerability in its latest releases. The vulnerability affects thousands of websites which use Django as their Model-Template-View framework. The Vulnerability CVE-2022-34265 (High severity) – a potential SQL Injection vulnerability…
-
Threat Intelligence
29 0-Day Vulnerabilities Reported in 29 Jenkins Plugins
July 3, 2022 29 0-Day Vulnerabilities Reported in 29 Jenkins Plugins The Jenkins security team has reported 34 vulnerabilities (29 of them being 0-days) affecting 29 Jenkins plugins. Successful exploitation of the vulnerabilities may lead to remote code execution and system compromise. Jenkins is an open-source automation server mostly used for the DevOps process. There…
-
Threat Intelligence
High Severity Vulnerability Affecting All Major Linux Distros Exploited in the Wild
June 30, 2022 High Severity Vulnerability Affecting All Major Linux Distros Exploited in the Wild A high severity privilege escalation vulnerability in the ‘Polkit’s ‘pkexec’ component, used by all major Linux distributions (including Ubuntu, Debian, Fedora, and CentOS) has been reported to be exploited in the wild. The vulnerability allows unauthorized users to gain root…
-
Threat Intelligence
Atlassian Patches a Critical Confluence RCE Vulnerability Exploited in the Wild
June 6, 2022 Atlassian Patches a Critical Confluence RCE Vulnerability Exploited in the Wild Atlassian has released new Confluence ‘Server’ and ‘Data Center’ versions addressing an exploited in the wild critical remote code execution vulnerability. The Vulnerability CVE-2022-26134, Critical Severity – OGNL injection vulnerability allows an unauthenticated user to execute arbitrary code on a Confluence…
-
Threat Intelligence
‘Follina’: A Microsoft 0-Day RCE Vulnerability Exploited in the Wild
May 31, 2022 ‘Follina’: A Microsoft 0-Day RCE Vulnerability Exploited in the Wild Microsoft has released an advisory regarding a new 0-day remote code execution vulnerability in Microsoft Windows support diagnostic tool (MSDT). The vulnerability is exploited in the wild. Named ‘Follina’ by the cybersecurity community, Microsoft have not released a patch for this vulnerability…
-
Threat Intelligence
Google Patches 32 Chrome Vulnerabilities, 1 Critical RCE
May 26, 2022 Google Patches 32 Chrome Vulnerabilities, 1 Critical RCE Google has released Chrome version 102.0.5005.61 for Desktop, patching 32 vulnerabilities, including 1 critical remote code execution vulnerability. The Critical Vulnerability CVE-2022-1853, Critical Severity – A ‘use-after-free’ in IndexedDB. Successful exploitation of the vulnerability may result in remote code execution. For the full list…
-
Threat Intelligence
Cash Register Vendors Targeted, AutoSoft Compromised by Ransomware in a Supply-Chain Attack
May 22, 2022 Cash Register Vendors Targeted, AutoSoft Compromised by Ransomware in a Supply-Chain Attack On May 17th, the cash register vendor AutoSoft has been targeted by the infamous ‘LockBit 2.0’ ransomware. According to a private statement sent to their customers by AutoSoft, 200 computers have been compromised, and attempts are being made to contact…
-
Threat Intelligence
Critical WordPress ‘Jupiter’ Theme & Plugin Privilege Escalation
May 18, 2022 Critical WordPress ‘Jupiter’ Theme & Plugin Privilege Escalation According to an advisory by WordFence, a critical privilege escalation vulnerability affecting ‘Jupiter’ theme and ‘JupiterX Core’ plugin for WordPress was detected and patched. The Vulnerability CVE-2022-1654 (CVSS 3.1: 9.9, Critical) – Authenticated Privilege Escalation and Post deletion. The vulnerability enables any authenticated attacker,…
-
Threat Intelligence
VMWare Patches Critical Authentication Bypass Vulnerability
May 19, 2022 VMWare Patches Critical Authentication Bypass Vulnerability VMWare has patched a critical vulnerability, which may allow attackers to obtain administrative access without the need to authenticate. The Vulnerability CVE-2022-22972, (CVSS 3.1: 9.8, Critical) – A malicious actor with network access to the UI may be able to obtain administrative access without authentication. Affected Products VMware…