Resources

Learn about CYREBRO’s platform, technology, and capabilities, read about industry insights, watch webinars with cyber experts, and much more in the resources below.

  • Cisco Patches 2 NFVIS RCE Vulnerabilities
    Threat Intelligence

    Cisco Patches 2 NFVIS RCE Vulnerabilities

    May 8, 2022  Cisco Patches 2 NFVIS RCE Vulnerabilities Cisco has patched 2 NFV Infrastructure Software remote code execution vulnerabilities, one rated critical.  Cisco NFVIS is a Linux-based infrastructure software for deploying virtualized network functions (virtual router, firewall, WAN acceleration, etc.) on a supported Cisco appliance.  The Vulnerabilities CVE-2022-20777 (CVSS 3.1: 9.9, Critical) – A…

    Read More
  • Atlassian Patches Critical Jira Authentication Bypass Vulnerability
    Threat Intelligence

    Atlassian Patches Critical Jira Authentication Bypass Vulnerability

    April 24, 2022  Atlassian Patches Critical Jira Authentication Bypass Vulnerability  Atlassian has issued a security advisory addressing a critical authentication bypass vulnerability affecting Jira and Jira Service Management (non-cloud versions).  Exploiting the vulnerability may lead to remote code execution on the affected system.  The Vulnerability CVE-2022-0540 (CVSS 3.1: 9.9, Critical) – A vulnerability in Jira…

    Read More
  • Microsoft Patches Zero-Day Vulnerability in Edge browser Exploited in the Wild 
    Threat Intelligence

    Microsoft Patches Zero-Day Vulnerability in Edge browser Exploited in the Wild 

    April 17, 2022 Microsoft Patches Zero-Day Vulnerability in Edge browser Exploited in the Wild Following the update of Google Chrome, Microsoft has released an emergency update for Edge, addressing an actively exploited Zero-Day.  The updated version is 100.0.1185.44 for Windows, Mac, and Linux.  The Vulnerability CVE-2021-4102, High Severity – type confusion weakness in the Chrome V8…

    Read More
  • Google Chrome 0-Day Vulnerability Exploited in the Wild
    Threat Intelligence

    Google Chrome 0-Day Vulnerability Exploited in the Wild

    April 17, 2022  Google Chrome 0-Day Vulnerability Exploited in the Wild Google has released an emergency update for Chrome, addressing an actively exploited Zero-Day.  The updated version is 100.0.4896.127 for Windows, Mac and Linux.  The Vulnerability CVE-2021-4102, High Severity – type confusion weakness in the Chrome V8 JavaScript engine.  While type confusion vulnerabilities typically cause browser…

    Read More
  • Microsoft Patches 2 0-Days & 47 RCE Vulnerabilities, Google Patches 5 Chrome RCEs, Apache Patches RCE in ‘Struts 2’
    Threat Intelligence

    Microsoft Patches 2 0-Days & 47 RCE Vulnerabilities, Google Patches 5 Chrome RCEs, Apache Patches RCE in ‘Struts 2’

    April 14, 2022 Microsoft Patches 2 0-Days & 47 RCE Vulnerabilities, Google Patches 5 Chrome RCEs, Apache Patches RCE in ‘Struts 2’ Microsoft Patches 2 0-Days & 47 RCE Vulnerabilities As part of April’s monthly security rollup updates, Microsoft has patched 2 0-Day and 47 Remote Code Execution vulnerabilities.  Overall, Microsoft has patched 119 vulnerabilities across…

    Read More
  • VMware Patches 3 RCEs & 2 Authentication Bypass Vulnerabilities Affecting Multiple Products
    Threat Intelligence

    VMware Patches 3 RCEs & 2 Authentication Bypass Vulnerabilities Affecting Multiple Products

    April 7, 2022 VMware Patches 3 RCEs & 2 Authentication Bypass Vulnerabilities Affecting Multiple Products VMware has patched 3 remote code execution vulnerabilities and 2 authentication bypass vulnerabilities.  In total, VMware has patched 8 vulnerabilities affecting ‘Workspace One Access’, ‘Identity Manager’, ‘vRealize Automation’, ‘vRealize Suite Lifecycle Manager’, and ‘Cloud Foundation’. The Vulnerabilities CVE-2022-22954 (CVSS 3.1: 9.8, Critical) – Server-side Template Injection. A malicious…

    Read More
View More
  • Microsoft Patches 3 Zero-Days, HP Patches 16 UEFI Vulnerabilities & Critical Vulnerabilities patched in APC Smart UPS
    Threat Intelligence

    Microsoft Patches 3 Zero-Days, HP Patches 16 UEFI Vulnerabilities & Critical Vulnerabilities patched in APC Smart UPS

    March 10, 2022  Microsoft Patches 3 Zero-Days & 3 Critical RCE vulnerabilities As part of the monthly security rollup updates, Microsoft has patched 3 Zero-Days, one being actively exploited in the wild, and 3 Critical-Rated Microsoft Security vulnerabilities.  In total, Microsoft has patched 71 vulnerabilities, not including 21 Microsoft Edge vulnerabilities.  The Vulnerabilities: The Zero-Day…

    Read More
  • Google Patches Exploited in the Wild Chrome Zero-Day
    Threat Intelligence

    Google Patches Exploited in the Wild Chrome Zero-Day

    February 16, 2022  Google has released an emergency update, addressing an exploited in the wild zero-day vulnerability in Chrome. No further details were released regarding the vulnerability except that it is a ‘use after free’ bug in the animation component, a type of vulnerability that typically leads to remote code execution on affected systems.  The…

    Read More
  • ‘OAuth’ Phishing Campaign Targeting ‘Microsoft 365’ Users & Adobe Patches 2 Zero-Days and 8 ACEs
    Threat Intelligence

    ‘OAuth’ Phishing Campaign Targeting ‘Microsoft 365’ Users & Adobe Patches 2 Zero-Days and 8 ACEs

    January 27, 2022  Note: this CTI contains 2 alerts: Microsoft Advisory & Apple Updates  Phishing Campaign Targeting ‘Microsoft 365’ Users Abuses ‘OAuth Request’ Links  Microsoft has recently detected a ‘Consent Phishing’ campaign targeting ‘Microsoft 365’ users in which threat actors abuse ‘OAuth’ request links to allow a malicious app called ‘Upgrade’ to access victims’ email, contacts and…

    Read More
  • SolarWinds Patches Serv-U Vulnerability Actively Exploited for Log4J Attacks
    Threat Intelligence

    SolarWinds Patches Serv-U Vulnerability Actively Exploited for Log4J Attacks

    January 20, 2022  SolarWinds released an update addressing an improper input validation vulnerability in Serv-U.  The vulnerability has been actively exploited by threat actors to spread Log4J attacks to internal network devices.  The Vulnerability CVE-2021-35247 (CVSS 3.1: 4.3) – Improper Input Validation: The Serv-U web login screen to LDAP authentication was allowing characters that were not…

    Read More
  • Microsoft Patches 6 Zero-Days & 29 RCEs, 97 Vulnerabilities Overall
    Threat Intelligence

    Microsoft Patches 6 Zero-Days & 29 RCEs, 97 Vulnerabilities Overall

    January 12, 2022 As part of January’s monthly rollup updates, Microsoft has patched 6 Zero-Days and a total of 29 Remote Code Execution vulnerabilities. Overall, Microsoft has patched 97 vulnerabilities across Windows, Hyper-V, and Office. The Zero-Day Vulnerabilities CVE-2022-21919 (CVSS 3.1: 7.0, High Severity) – Windows User Profile Service Elevation of Privilege Vulnerability. CVE-2022-21874 (CVSS 3.1: 7.8, High Severity) – Windows…

    Read More
  • Google Patches 37 Chrome Vulnerabilities, 1 Critical RCE
    Threat Intelligence

    Google Patches 37 Chrome Vulnerabilities, 1 Critical RCE

    January 06, 2022 Google has released Chrome version 97.0.4692.71, patching 37 vulnerabilities, including 1 Critical ‘use-after-free’ vulnerability, exploitation of which leads to remote code execution (RCE). The RCE Vulnerability CVE-2022-0096, Critical use-after-free in the Storage component. The vulnerability can be exploited remotely, which could have devastating effects ranging from corruption of valid data to the execution of malicious code on…

    Read More
View More