Resources
Learn about CYREBRO’s platform, technology, and capabilities, read about industry insights, watch webinars with cyber experts, and much more in the resources below.
-
Threat Intelligence
Critical RCE Vulnerability in Linux Kernel
May 10, 2023 Critical RCE Vulnerability in Linux Kernel A novel Linux NetFilter kernel use-after-free vulnerability has been discovered, allows unprivileged local users to escalate their privileges to root level and perform code execution, and potentially total control over a machine. The Vulnerability CVE-2023-32233 – An use-after-free in Netfilter nf_tables when processing batch requests, allows…
-
Zyxel Patches a Critical RCE Vulnerability Affecting its Firewall Devices
April 30, 2023 Zyxel Patches a Critical RCE Vulnerability Affecting its Firewall Devices Zyxel has released a security advisory addressing a critical Remote Code Execution (RCE) vulnerability affecting its Firewall devices. Zyxel has also fixed several high-severity vulnerabilities in its firewalls that could result in denial-of-service (DoS), command execution, core dump, and encrypted information retrieval.…
-
Threat Intelligence
Service Location Protocol (SLP) Vulnerability Affecting Various Products
April 27, 2023 Service Location Protocol (SLP) Vulnerability Affecting Various Products Researchers discovered a new vulnerability in the Service Location Protocol (SLP). SLP is a protocol created to provide configuration for local area networks. Using SLP, a system registers itself with a directory agent, which makes its services available to other systems. Daemons providing SLP…
-
Threat Intelligence
INEA Patches Vulnerability in ME RTU
April 27, 2023 INEA Patches Vulnerability in ME RTU INEA issued a security advisory regarding OS Command Injection vulnerability in ME RTU (Remote Terminal Unit). The Critical Vulnerability CVE-2023-2131 (CVSS 3.1: 10, Critical) – OS Command Injection Vulnerability. Successful exploit of this vulnerability could allow a threat actor to remotely execute arbitrary code. Affected Products…
-
Threat Intelligence
Apache Superset Patches Vulnerability Caused by Insecure Default Configuration Exposes Servers to RCE
April 27, 2023 Apache Superset Patches Vulnerability Caused by Insecure Default Configuration Exposes Servers to RCE Apache Superset, which is an open source data visualization and exploration tool software, has been found vulnerable to authentication bypass and remote code execution due to usage of its default configurations. This allows attackers to potentially access and modify…
-
Threat Intelligence
VMware Patches Vulnerabilities in Workstation and Fusion Software
April 27, 2023 VMware Patches Vulnerabilities in Workstation and Fusion Software VMware issued a security advisory regarding four vulnerabilities affecting VMware Workstation and Fusion software, The critical one among them could allow a local attacker to carry out code execution. The Critical Vulnerability CVE-2023-20869 (CVSS 3.1: 9.3, Critical) – Stack-based buffer-overflow vulnerability. Successful exploit of…
-
Threat Intelligence
Drupal Patches Critical Access Bypass Vulnerability
April 25, 2023 Drupal Patches Critical Access Bypass Vulnerability Drupal Core releases security advisory to address vulnerability affecting multiple Drupal versions. In some circumstances, the file download facility doesn’t sufficiently sanitize file paths. Users might gain access to private files that they should not have access to. The Vulnerability SA-CORE-2023-005 – Bypass Vulnerability. Successful exploit…
-
Threat Intelligence
APC Patches Critical UPS Software Vulnerabilities
April 25, 2023 APC Patches Critical UPS Software Vulnerabilities APC has addressed critical security vulnerabilities discovered in Easy UPS Online Monitoring Software. Successful exploit of these vulnerabilities by a threat actor could lead to remote code execution (RCE) and a Denial-of-Service (DoS) attack. The Vulnerabilities CVE-2023-29411 (CVSS score: 9.8, Critical) – Missing Authentication for Function…
-
Threat Intelligence
PaperCut Vulnerabilities Exploited in the Wild
April 24, 2023 PaperCut Vulnerabilities Exploited in the Wild PaperCut addressed critical and high vulnerabilities affecting PaperCut MF and PaperCut NG. Unpatched servers exploited in the wild. The Vulnerability CVE-2023-27350 (CVSS score: 9.8, Critical) – Unauthenticated Remote Code Execution Vulnerability. Successful exploit of this vulnerability could allow a threat actor to bypass authentication and execute…
-
Threat Intelligence
Cisco Patches Critical Command Injection Vulnerability in Cisco Industrial Network Director
April 24, 2023 Cisco Patches Critical Command Injection Vulnerability in Cisco Industrial Network Director Cisco has addressed a critical security vulnerability discovered in the web UI component of Industrial Network Director (IND), which results from improper input validation while uploading a device pack. The Vulnerability CVE-2023-20036 (CVSS score: 9.9, Critical) – Command Injection Vulnerability. Successful…
-
Threat Intelligence
VMware Releases Aria Operations for Logs Updates
April 24, 2023 VMware Releases Aria Operations for Logs Updates VMware issued a security advisory regarding two vulnerabilities affecting VMware Aria Operations for Logs. The Vulnerabilities CVE-2023-20864 (CVSS 3.1: 9.8, Critical) – Deserialization Vulnerability. Successful exploit of this vulnerability by an unauthenticated threat actor, may lead to arbitrary code execution as root. CVE-2023-20865 (CVSS 3.1:…
-
Threat Intelligence
Oracle Patches 72 Critical Vulnerabilities Across a Wide Variety of Products
April 19, 2023 Oracle Patches 72 Critical Vulnerabilities Across a Wide Variety of Products As part of their quarterly report, Oracle published a critical advisory including a collection of patches for various security vulnerabilities. These patches address issues in Oracle code as well as third-party components used in Oracle products. The Vulnerabilities A total of…