Resources
Learn about CYREBRO’s platform, technology, and capabilities, read about industry insights, watch webinars with cyber experts, and much more in the resources below.
-
Threat Intelligence
Zyxel Patches Critical RCE Vulnerability Affecting NAS Devices
June 21, 2023 Zyxel released a security advisory addressing critical vulnerability affecting its network-attached storage (NAS) devices which might result in remote code execution (RCE). The Vulnerability CVE-2023-27992 (CVSS:3.1 – 9.8, Critical) – RCE vulnerability in Zyxel NAS different versions. An unauthenticated threat actor could exploit this vulnerability by remotely executing certain operating system (OS) commands through…
-
Threat Intelligence
SAP Patches High-Severity Vulnerabilities
June 14, 2023 As part of June monthly security rollup updates, SAP has released patches to resolve several vulnerabilities which affect several SAP products, with a particular focus on Cross-Site Scripting (XSS) vulnerabilities The Notable High-Severity Vulnerabilities CVE-2023-33991 (CVSS 3.1: 8.2, High) – Cross-Site Scripting (XSS) vulnerability in SAP UI5 Variant Management After successful exploitation,…
-
Threat Intelligence
VMware Tools Actively Exploited Zero-Day Vulnerability
June 14, 2023 VMware has addressed a zero-day vulnerability in VMware Tools that has been actively exploited. Exploitation of this vulnerability enables attackers to bypass authentication and execute privileged commands on guest virtual machines running Windows, Linux, and PhotonOS (vCenter). This can occur without leaving any trace or logs of the malicious activity within the…
-
Threat Intelligence
Microsoft Patches 6 Critical & 38 RCE Vulnerabilities
June 14, 2023 In the latest round of monthly security rollup updates in June, Microsoft has addressed a total of 78 vulnerabilities, with 38 of them categorized as remote code execution (RCE) vulnerabilities. Out of the identified vulnerabilities, only 6 are considered critical, encompassing denial of service, remote code execution and privilege escalation. Overall, Microsoft…
-
Threat Intelligence
Fortinet Patches Pre-authentication RCE Vulnerability
June 12, 2023 Fortinet Patches Pre-authentication RCE Vulnerability Fortinet patched a critical remote code exaction (RCE) vulnerability in its FortiGate firewalls, which does not require the threat actor to logged in to exploit it. The Vulnerability CVE-2023-27997 (Critical) – A pre-authentication RCE Vulnerability affects the SSL-VPN component of Fertigate firewalls. This could allow a threat actor to…
-
Threat Intelligence
VMware Patches Critical Vulnerabilities in VMware Aria Operations for Networks
June 8, 2023 VMware Patches Critical Vulnerabilities in VMware Aria Operations for Networks VMware published various security patches today to address 3 critical and high-severity vulnerabilities in VMware Aria Operations for Networks, allowing threat actors to perform remote execution or access sensitive information. The Critical Vulnerabilities CVE-2023-20887 (CVSS 3.1: 9.8, Critical) – A command injection…
-
Guides & E-books
Cybersecurity and Data Protection Laws: European Financial Services Firms
Financial services firms’ exact data protection and cybersecurity obligations may vary according to where in Europe there are based and what services they provide
-
Guides & E-books
How to Choose Cyber Security Tools That Won’t Get You Fired
Prepare for the never-ending uphill battle every security leader faces with an overview of the types of security tools on the market and how to decide which are best for your needs.
-
Guides & E-books
Questions to Ask Your Incident Response Provider
Incident response (IR) is critical to mitigating the fallout from a data breach. If your business uses a managed SOC provider for its cybersecurity, then incident response must be included in your package.
-
Guides & E-books
Ransomware Explained (Part 2): What is it and how to prevent it
Ransomware attacks are all too common in the cyber world. As such, understanding what they are is critical, and can be found here.
-
Guides & E-books
Ransomware Explained (Part 1): What is it and how to prevent it
Ransomware is essentially malware that uses encryption to hold a victim’s data at ransom.
-
Guides & E-books
How to Predict Attacks Using an Interactive SOC Platform in the Cloud
As threats increase, companies have to take a proactive, preventative approach to protect their data and livelihoods.
-
Threat Intelligence
VMware Patches Critical Vulnerabilities in VMware Aria Operations for Networks
June 8, 2023 VMware Patches Critical Vulnerabilities in VMware Aria Operations for Networks VMware published various security patches today to address 3 critical and high-severity vulnerabilities in VMware Aria Operations for Networks, allowing threat actors to perform remote execution or access sensitive information. The Critical Vulnerabilities CVE-2023-20887 (CVSS 3.1: 9.8, Critical) – A command injection…
-
Threat Intelligence
Cisco Patches Privilege Escalation Vulnerability in AnyConnect
June 8, 2023 Cisco Patches Privilege Escalation Vulnerability in AnyConnect Cisco has patched a high-severity vulnerability found in the Cisco Secure Client (formerly AnyConnect Secure Mobility Client) software that could allow low-privileged, local threat actors to escalate privileges to the SYSTEM account used by the operating system in low-complexity attacks without user interaction. The Vulnerability…
-
Threat Intelligence
A zero-day vulnerability in MOVEit transfer MFT application is being exploited in the wild
June 5, 2023 A zero-day vulnerability in MOVEit transfer MFT application is being exploited in the wild Progress Software has patched a zero day vulnerability in MOVEit Transfer managed file transfer (MFT) solution that could lead to escalated privileges and potential unauthorized access to the environment. This was exploited in the wild in May and June…
-
Threat Intelligence
Gravity Forms Patches Vulnerability in WordPress Plugin
May 31, 2023 Gravity Forms Patches Vulnerability in WordPress Plugin Gravity Forms has released a patch for a PHP Object Injection vulnerability. Gravity Forms plugin is a tool that website owners can use to create custom forms for transactions involving site visitors, such as payment forms, registration forms, file upload forms, and others. The Vulnerability CVE-2023-28782…
-
Threat Intelligence
RCE Vulnerability Affecting ReportLab PDF library Exploited in The Wild
June 1, 2023 RCE Vulnerability Affecting ReportLab PDF library Exploited in The Wild Researcher released an exploit for a Remote Code Exaction (RCE) vulnerability affecting ReportLab Toolkit, a popular Python library for generating PDF files from HTML input. the issue was reported to ReportLab’s developers upon discovery. The Vulnerability CVE-2023-3733 – RCE vulnerability which allows an…
-
Threat Intelligence
Zyxel Patches Critical Buffer-Overflow Vulnerabilities Affecting Firewall Devices
May 30, 2023 Zyxel Patches Critical Buffer-Overflow Vulnerabilities Affecting Firewall Devices Zyxel has released a security advisory addressing two critical buffer-overflow vulnerabilities affecting firewall devices. The vulnerabilities are caused by buffer copy without checking size of input, which might result in remote code execution (RCE). The Critical Vulnerabilities CVE-2023-33009 (CVSS:9.8 – critical) – An unauthenticated…