Resources
Learn about CYREBRO’s platform, technology, and capabilities, read about industry insights, watch webinars with cyber experts, and much more in the resources below.
-
Threat Intelligence
Microsoft Patches Zero-Day Privilege Escalation Vulnerability in Windows
April 27, 2023 Microsoft Patches Zero-Day Privilege Escalation Vulnerability in Windows Microsoft has patched a zero-day privilege escalation vulnerability in win32kfull driver, which caused by a failure to validate an object’s existence before performing operations on it. The Critical Vulnerability CVE-2022-24542 (CVSS 3.1: 8.8, High) – Privilege Escalation Vulnerability. Successful exploit of this vulnerability allows a…
-
Podcast & Webinars
Evolution of Cyber Insurance and the Growing SOC Requirement
The evolution of cyber insurance, drivers for new policy requirements, and how a SOC is a must-have for businesses that want to reduce cybersecurity risks.
-
Threat Intelligence
Drupal Patches Critical Access Bypass Vulnerability
April 25, 2023 Drupal Patches Critical Access Bypass Vulnerability Drupal Core releases security advisory to address vulnerability affecting multiple Drupal versions. In some circumstances, the file download facility doesn’t sufficiently sanitize file paths. Users might gain access to private files that they should not have access to. The Vulnerability SA-CORE-2023-005 – Bypass Vulnerability. Successful exploit…
-
Threat Intelligence
APC Patches Critical UPS Software Vulnerabilities
April 25, 2023 APC Patches Critical UPS Software Vulnerabilities APC has addressed critical security vulnerabilities discovered in Easy UPS Online Monitoring Software. Successful exploit of these vulnerabilities by a threat actor could lead to remote code execution (RCE) and a Denial-of-Service (DoS) attack. The Vulnerabilities CVE-2023-29411 (CVSS score: 9.8, Critical) – Missing Authentication for Function…
-
Threat Intelligence
PaperCut Vulnerabilities Exploited in the Wild
April 24, 2023 PaperCut Vulnerabilities Exploited in the Wild PaperCut addressed critical and high vulnerabilities affecting PaperCut MF and PaperCut NG. Unpatched servers exploited in the wild. The Vulnerability CVE-2023-27350 (CVSS score: 9.8, Critical) – Unauthenticated Remote Code Execution Vulnerability. Successful exploit of this vulnerability could allow a threat actor to bypass authentication and execute…
-
Threat Intelligence
Cisco Patches Critical Command Injection Vulnerability in Cisco Industrial Network Director
April 24, 2023 Cisco Patches Critical Command Injection Vulnerability in Cisco Industrial Network Director Cisco has addressed a critical security vulnerability discovered in the web UI component of Industrial Network Director (IND), which results from improper input validation while uploading a device pack. The Vulnerability CVE-2023-20036 (CVSS score: 9.9, Critical) – Command Injection Vulnerability. Successful…
-
Threat Intelligence
Google Patches High-Severity Vulnerabilities in Chrome, One Being Exploited in the wild
April 19, 2023 Google Patches High-Severity Vulnerabilities in Chrome, One Being Exploited in the wild Google has released Chrome version 112.0.5615.137/138 (Stable and Extended Stable Channel), patching 8 vulnerabilities, including one exploited in the wild. Successful exploitation of some of these vulnerabilities could allow remote code execution in the context of the logged on user.…
-
Threat Intelligence
Two Critical Vulnerabilities in VM2 JS Sandbox Library
April 19, 2023 Two Critical Vulnerabilities in VM2 JS Sandbox Library Two critical vulnerabilities have been discovered in the VM2 JS Sandbox Library. Successful exploitation of these vulnerabilities could lead to a threat actor to escape the sandbox and execute a remote code on the host running the sandbox. VM2 library is a JavaScript sandbox…
-
Threat Intelligence
High Severity SNMP RCE Vulnerabilities in Cisco IOS and IOS XE Software Exploited in the Wild
April 18, 2023 High Severity SNMP RCE Vulnerabilities in Cisco IOS and IOS XE Software Exploited in the Wild Cisco has published that multiple five-years-old high severity RCE vulnerabilities were exploited in the wild. The vulnerabilities are in Cisco’s IOS and IOS XE software’s SNMP (Simple Network Management Protocol) subsystem. The RCE Vulnerabilities CVE-2017-6736, CVE-2017-6737,…
-
Threat Intelligence
Google Chrome 0-Day Vulnerability Exploited in the Wild
April 16, 2023 Google Chrome 0-Day Vulnerability Exploited in the Wild Google has released an emergency update for Chrome, addressing an actively exploited Zero-Day. The updated version is 112.0.5615.121 for Windows, Mac, and Linux. The 0-Day RCE Vulnerability CVE-2023-2033, High-severity – type confusion vulnerability in the Chrome V8 Javascript engine.While type confusion vulnerabilities typically cause browser crashes…
-
Threat Intelligence
Juniper Patches Critical Third-Party Vulnerabilities
April 16, 2023 Juniper Patches Critical Third-Party Vulnerabilities Juniper Networks has issued security advisories to address vulnerabilities in JunosOS, Paragon Active Assurance (PAA), and Juniper Secure Analytics (JSA) Series. Some of these vulnerabilities could allow an attacker to gain control over a vulnerable system. The Critical Advisories JunosOS, (Critical) – Multiple critical-severity vulnerabilities in Expat…
-
Threat Intelligence
Apple Patches 2 Zero-Days RCE Vulnerabilities Affect macOS Ventura
April 10, 2023 Apple Patches 2 Zero-Days RCE Vulnerabilities Affect macOS Ventura Apple released security updates to address two RCE zero-day vulnerabilities, one of them was found to be exploited in the wild. The vulnerabilities were fixed in macOS Ventura 13.3.1 The 0-Day Vulnerabilities CVE-2023-28205 – (CVSS 3.1: 5.5, Medium) – WebKit use-after-free vulnerability, allows a…