Resources
Learn about CYREBRO’s platform, technology, and capabilities, read about industry insights, watch webinars with cyber experts, and much more in the resources below.
-
Threat Intelligence
VMWare Patches Critical Authentication Bypass Vulnerability
May 19, 2022 VMWare Patches Critical Authentication Bypass Vulnerability VMWare has patched a critical vulnerability, which may allow attackers to obtain administrative access without the need to authenticate. The Vulnerability CVE-2022-22972, (CVSS 3.1: 9.8, Critical) – A malicious actor with network access to the UI may be able to obtain administrative access without authentication. Affected Products VMware…
-
Threat Intelligence
NVIDIA fixes 10 vulnerabilities, 2 Leading to ACE in Windows GPU display drivers
May 18, 2022 NVIDIA fixes 10 vulnerabilities, 2 Leading to ACE in Windows GPU display drivers NVIDIA has released a security update that addresses 4 high-severity and 6 medium-severity vulnerabilities in its GPU drivers. The vulnerabilities can lead denial of service, information exposure, privilege elevation, arbitrary code execution (ACE), etc. The ACE Vulnerabilities CVE-2022-28181, High…
-
Threat Intelligence
Apple Patches 50 Vulnerabilities in Apple macOS Big Sur 11.6.6, Including 2 Zero-Days
May 17, 2022 Apple Patches 50 Vulnerabilities in Apple macOS Big Sur 11.6.6, Including 2 Zero-Days Apple has released security updates to address 2 zero-day vulnerabilities actively exploited in the wiled in attacks targeting Macs and Apple Watch devices. Overall, Apple has patched 50 vulnerabilities in Apple macOS Big Sur 11.6.6, including several arbitrary code…
-
Threat Intelligence
Zyxel Patches a Critical Firewall Vulnerability
May 15, 2022 Zyxel Patches a Critical Firewall Vulnerability Zyxel has released a security advisory addressing a critical unauthenticated remote command Injection vulnerability affecting several firewall models. The Vulnerability CVE-2022-30525 (CVSS:9.8 – critical) – An unauthenticated remote command injection via the HTTP interface vulnerability, affecting Zyxel firewalls supporting Zero Touch Provisioning (ZTP). Successful Exploitation could…
-
Threat Intelligence
Microsoft Patches 3 0-Days & 24 RCEs
May 11, 2022 Microsoft Patches 3 0-Days & 24 RCEs As part of May’s monthly security rollup updates, Microsoft has patched 3 0-Days (1 actively exploited), and 24 remote code execution vulnerabilities. Overall, Microsoft has patched 75 vulnerabilities across Windows, Windows Server, Hyper-V, Azure, Office and other products. The Zero-Day Vulnerabilities CVE-2022-26904 (CVSS 3.1: 8.1, High Severity) –…
-
Threat Intelligence
F5 Patches Critical BIG-IP Device Takeover Vulnerability
May 8, 2022 F5 Patches Critical BIG-IP Device Takeover Vulnerability F5 has patched a critical vulnerability affecting BIG-IP devices that may lead to device takeover. The Vulnerability CVE-2022-1388 (CVSS 3.1: 9.8, Critical) – Undisclosed requests may bypass iControl REST authentication. This may result in remote code execution and modification of files and services. Affected Products…
-
Threat Intelligence
Apple Patches 2 Exploited in the Wild macOS 0-Days
April 4, 2022 Apple Patches 2 Exploited in the Wild macOS 0-Days Apple has released an emergency update to macOS ‘Monterey’, patching 2 exploited in the wild 0-day vulnerabilities, one of which allows for arbitrary code execution with kernel privileges. The Vulnerabilities CVE-2022-22675 – An out-of-bounds write issue may allow an application to execute arbitrary code with kernel privileges. Apple is aware…
-
Threat Intelligence
Spring Patched ‘Spring4Shell’ 0-Day RCE Vulnerability
April 3, 2022 Spring Patched ‘Spring4Shell’ 0-Day RCE Vulnerability In an official advisory, Spring has addressed the ‘Spring4Shell’ remote code execution 0-day vulnerability, clarifying which ‘Spring Framework’ configurations are vulnerable, how to detect impact, and assigning a proper CVE to the vulnerability. The Vulnerability CVE-2022-22965 (dubbed ‘Spring4Shell’), Critical – A Spring MVC or Spring WebFlux application running on JDK 9+ may…
-
Threat Intelligence
Spring: 2 RCE Vulnerabilities, 1 Zero-Day
March 31, 2022 Spring: 2 RCE Vulnerabilities, 1 Zero-Day Multiple sources have reported of 2 remote code execution vulnerabilities. One RCE affects ‘Spring Cloud Function’, and the second RCE is a critical zero-day vulnerability dubbed ‘Spring4Shell‘, affecting ‘Spring Core’ with JDK version 9.0 or newer, running specific configurations. Currently, the ‘Spring4Shell’ vulnerability has only a workaround available.…
-
Threat Intelligence
SonicWall Patches a Critical SonicOS RCE Vulnerability
March 29, 2022 SonicWall Patches a Critical SonicOS RCE Vulnerability SonicWall has released a security advisory addressing a critical vulnerability in SonicOS which may lead to an unauthenticated remote code execution in a wide range of SonicWall firewall products. The Vulnerability CVE-2022-22274 (CVSS 3.0: 9.4, Critical) – A Stack-based buffer overflow vulnerability in the SonicOS via HTTP request allows a remote unauthenticated…
-
Threat Intelligence
‘Okta’ Data Breach – 23/03 Update
March 23, 2022 ‘Okta’ Data Breach – 23/03 Update ‘Okta’ has published an updated statement regarding the incident. The statements are updated frequently and can be found on ‘Okta’s official blog. Meanwhile, Microsoft – who has also fallen victim to ‘LAPSUS$’s attacks – has addressed the recent spike in cybersecurity incidents caused by the threat group…
-
Threat Intelligence
Apple Patches 87 Vulnerabilities, 3 macOS Monterey RCEs
March 16, 2022 Apple has patched 3 remote code execution vulnerabilities in the ‘WebKit’ component, affecting macOS Monterey prior to version 12.3. Overall, Apple has patched 87 vulnerabilities over multiple products. The full updated products list can be found on the Apple security updates page. The RCE Vulnerabilities All RCE vulnerabilities are in the ‘WebKit’ component, one…