Resources

Learn about CYREBRO’s platform, technology, and capabilities, read about industry insights, watch webinars with cyber experts, and much more in the resources below.

  • GitLab Patches a Critical Account Takeover Vulnerability
    Threat Intelligence

    GitLab Patches a Critical Account Takeover Vulnerability

    June 6, 2022  GitLab Patches a Critical Account Takeover Vulnerability GitLab has released a critical security update, patching a critical account takeover vulnerability, as well as 7 other, less severe vulnerabilities. The critical vulnerability affects only GitLab Enterprise Edition (EE) under certain conditions, described in the next section below. The Critical Vulnerability CVE-2022-1680, (CVSS 3.0:…

    Read More
  • Atlassian Patches a Critical Confluence RCE Vulnerability Exploited in the Wild
    Threat Intelligence

    Atlassian Patches a Critical Confluence RCE Vulnerability Exploited in the Wild

    June 6, 2022  Atlassian Patches a Critical Confluence RCE Vulnerability Exploited in the Wild Atlassian has released new Confluence ‘Server’ and ‘Data Center’ versions addressing an exploited in the wild critical remote code execution vulnerability. The Vulnerability CVE-2022-26134, Critical Severity – OGNL injection vulnerability allows an unauthenticated user to execute arbitrary code on a Confluence…

    Read More
  • ‘Follina’: A Microsoft 0-Day RCE Vulnerability Exploited in the Wild
    Threat Intelligence

    ‘Follina’: A Microsoft 0-Day RCE Vulnerability Exploited in the Wild

    May 31, 2022  ‘Follina’: A Microsoft 0-Day RCE Vulnerability Exploited in the Wild Microsoft has released an advisory regarding a new 0-day remote code execution vulnerability in Microsoft Windows support diagnostic tool (MSDT). The vulnerability is exploited in the wild.  Named ‘Follina’ by the cybersecurity community, Microsoft have not released a patch for this vulnerability…

    Read More
  • Google Patches 32 Chrome Vulnerabilities, 1 Critical RCE 
    Threat Intelligence

    Google Patches 32 Chrome Vulnerabilities, 1 Critical RCE 

    May 26, 2022  Google Patches 32 Chrome Vulnerabilities, 1 Critical RCE Google has released Chrome version 102.0.5005.61 for Desktop, patching 32 vulnerabilities, including 1 critical remote code execution vulnerability.  The Critical Vulnerability CVE-2022-1853, Critical Severity – A ‘use-after-free’ in IndexedDB. Successful exploitation of the vulnerability may result in remote code execution.   For the full list…

    Read More
  • Cash Register Vendors Targeted, AutoSoft Compromised by Ransomware in a Supply-Chain Attack 
    Threat Intelligence

    Cash Register Vendors Targeted, AutoSoft Compromised by Ransomware in a Supply-Chain Attack 

    May 22, 2022 Cash Register Vendors Targeted, AutoSoft Compromised by Ransomware in a Supply-Chain Attack  On May 17th, the cash register vendor AutoSoft has been targeted by the infamous ‘LockBit 2.0’ ransomware.  According to a private statement sent to their customers by AutoSoft, 200 computers have been compromised, and attempts are being made to contact…

    Read More
  • Critical WordPress ‘Jupiter’ Theme & Plugin Privilege Escalation
    Threat Intelligence

    Critical WordPress ‘Jupiter’ Theme & Plugin Privilege Escalation

    May 18, 2022 Critical WordPress ‘Jupiter’ Theme & Plugin Privilege Escalation According to an advisory by WordFence, a critical privilege escalation vulnerability affecting ‘Jupiter’ theme and ‘JupiterX Core’ plugin for WordPress was detected and patched. The Vulnerability CVE-2022-1654 (CVSS 3.1: 9.9, Critical) – Authenticated Privilege Escalation and Post deletion. The vulnerability enables any authenticated attacker,…

    Read More
View More
  • Atlassian Patches Critical Jira Authentication Bypass Vulnerability
    Threat Intelligence

    Atlassian Patches Critical Jira Authentication Bypass Vulnerability

    April 24, 2022  Atlassian Patches Critical Jira Authentication Bypass Vulnerability  Atlassian has issued a security advisory addressing a critical authentication bypass vulnerability affecting Jira and Jira Service Management (non-cloud versions).  Exploiting the vulnerability may lead to remote code execution on the affected system.  The Vulnerability CVE-2022-0540 (CVSS 3.1: 9.9, Critical) – A vulnerability in Jira…

    Read More
  • Microsoft Patches Zero-Day Vulnerability in Edge browser Exploited in the Wild 
    Threat Intelligence

    Microsoft Patches Zero-Day Vulnerability in Edge browser Exploited in the Wild 

    April 17, 2022 Microsoft Patches Zero-Day Vulnerability in Edge browser Exploited in the Wild Following the update of Google Chrome, Microsoft has released an emergency update for Edge, addressing an actively exploited Zero-Day.  The updated version is 100.0.1185.44 for Windows, Mac, and Linux.  The Vulnerability CVE-2021-4102, High Severity – type confusion weakness in the Chrome V8…

    Read More
  • Google Chrome 0-Day Vulnerability Exploited in the Wild
    Threat Intelligence

    Google Chrome 0-Day Vulnerability Exploited in the Wild

    April 17, 2022  Google Chrome 0-Day Vulnerability Exploited in the Wild Google has released an emergency update for Chrome, addressing an actively exploited Zero-Day.  The updated version is 100.0.4896.127 for Windows, Mac and Linux.  The Vulnerability CVE-2021-4102, High Severity – type confusion weakness in the Chrome V8 JavaScript engine.  While type confusion vulnerabilities typically cause browser…

    Read More
  • Microsoft Patches 2 0-Days & 47 RCE Vulnerabilities, Google Patches 5 Chrome RCEs, Apache Patches RCE in ‘Struts 2’
    Threat Intelligence

    Microsoft Patches 2 0-Days & 47 RCE Vulnerabilities, Google Patches 5 Chrome RCEs, Apache Patches RCE in ‘Struts 2’

    April 14, 2022 Microsoft Patches 2 0-Days & 47 RCE Vulnerabilities, Google Patches 5 Chrome RCEs, Apache Patches RCE in ‘Struts 2’ Microsoft Patches 2 0-Days & 47 RCE Vulnerabilities As part of April’s monthly security rollup updates, Microsoft has patched 2 0-Day and 47 Remote Code Execution vulnerabilities.  Overall, Microsoft has patched 119 vulnerabilities across…

    Read More
  • VMware Patches 3 RCEs & 2 Authentication Bypass Vulnerabilities Affecting Multiple Products
    Threat Intelligence

    VMware Patches 3 RCEs & 2 Authentication Bypass Vulnerabilities Affecting Multiple Products

    April 7, 2022 VMware Patches 3 RCEs & 2 Authentication Bypass Vulnerabilities Affecting Multiple Products VMware has patched 3 remote code execution vulnerabilities and 2 authentication bypass vulnerabilities.  In total, VMware has patched 8 vulnerabilities affecting ‘Workspace One Access’, ‘Identity Manager’, ‘vRealize Automation’, ‘vRealize Suite Lifecycle Manager’, and ‘Cloud Foundation’. The Vulnerabilities CVE-2022-22954 (CVSS 3.1: 9.8, Critical) – Server-side Template Injection. A malicious…

    Read More
  • Zyxel Patches a Critical Firewall Authentication Bypass Vulnerability
    Threat Intelligence

    Zyxel Patches a Critical Firewall Authentication Bypass Vulnerability

    April 5, 2022 Zyxel Patches a Critical Firewall Authentication Bypass Vulnerability Zyxel has released a security advisory addressing a critical authentication bypass vulnerability affecting several firewall models. The Vulnerability CVE-2022-0342 (CVSS 3.1: 9.8, Critical) – An authentication bypass vulnerability which could allow an attacker to bypass the web authentication and obtain administrative access of the device. Vulnerable Products The following…

    Read More
View More