Resources
Learn about CYREBRO’s platform, technology, and capabilities, read about industry insights, watch webinars with cyber experts, and much more in the resources below.
-
Threat Intelligence
VMware Releases Aria Operations for Logs Updates
April 24, 2023 VMware Releases Aria Operations for Logs Updates VMware issued a security advisory regarding two vulnerabilities affecting VMware Aria Operations for Logs. The Vulnerabilities CVE-2023-20864 (CVSS 3.1: 9.8, Critical) – Deserialization Vulnerability. Successful exploit of this vulnerability by an unauthenticated threat actor, may lead to arbitrary code execution as root. CVE-2023-20865 (CVSS 3.1:…
-
Threat Intelligence
Oracle Patches 72 Critical Vulnerabilities Across a Wide Variety of Products
April 19, 2023 Oracle Patches 72 Critical Vulnerabilities Across a Wide Variety of Products As part of their quarterly report, Oracle published a critical advisory including a collection of patches for various security vulnerabilities. These patches address issues in Oracle code as well as third-party components used in Oracle products. The Vulnerabilities A total of…
-
Threat Intelligence
Google Patches High-Severity Vulnerabilities in Chrome, One Being Exploited in the wild
April 19, 2023 Google Patches High-Severity Vulnerabilities in Chrome, One Being Exploited in the wild Google has released Chrome version 112.0.5615.137/138 (Stable and Extended Stable Channel), patching 8 vulnerabilities, including one exploited in the wild. Successful exploitation of some of these vulnerabilities could allow remote code execution in the context of the logged on user.…
-
Threat Intelligence
Two Critical Vulnerabilities in VM2 JS Sandbox Library
April 19, 2023 Two Critical Vulnerabilities in VM2 JS Sandbox Library Two critical vulnerabilities have been discovered in the VM2 JS Sandbox Library. Successful exploitation of these vulnerabilities could lead to a threat actor to escape the sandbox and execute a remote code on the host running the sandbox. VM2 library is a JavaScript sandbox…
-
Threat Intelligence
High Severity SNMP RCE Vulnerabilities in Cisco IOS and IOS XE Software Exploited in the Wild
April 18, 2023 High Severity SNMP RCE Vulnerabilities in Cisco IOS and IOS XE Software Exploited in the Wild Cisco has published that multiple five-years-old high severity RCE vulnerabilities were exploited in the wild. The vulnerabilities are in Cisco’s IOS and IOS XE software’s SNMP (Simple Network Management Protocol) subsystem. The RCE Vulnerabilities CVE-2017-6736, CVE-2017-6737,…
-
Threat Intelligence
Google Chrome 0-Day Vulnerability Exploited in the Wild
April 16, 2023 Google Chrome 0-Day Vulnerability Exploited in the Wild Google has released an emergency update for Chrome, addressing an actively exploited Zero-Day. The updated version is 112.0.5615.121 for Windows, Mac, and Linux. The 0-Day RCE Vulnerability CVE-2023-2033, High-severity – type confusion vulnerability in the Chrome V8 Javascript engine.While type confusion vulnerabilities typically cause browser crashes…
-
Threat Intelligence
Critical Vulnerability in VM2 JS Sandbox Library
April 8, 2023 Critical Vulnerability in VM2 JS Sandbox Library A critical vulnerability found in VM2 can be used by a threat actor to bypass the sandbox protections and to execute a remote code on the host running the sandbox. The vulnerability is caused due to an asynchronous error not being handled properly by VM2…
-
Threat Intelligence
HP Discovers Critical Vulnerability in LaserJet Printers
April 5, 2023 HP Discovers Critical Vulnerability in LaserJet Printers HP has released an advisory addressing critical vulnerability affecting certain models of HP Enterprise LaserJet and HP LaserJet Managed Printers when IPsec protocol is enabled with FutureSmart firmware version 5.6. The Vulnerability CVE-2023-1707 (CVSS 3.1: 9.1, Critical) – An information disclosure vulnerability. Exploitation of this…
-
Threat Intelligence
SAMBA Patches High-Severity Vulnerability
April 2, 2023 SAMBA Patches High-Severity Vulnerability Samba has released software updates to address a variety of vulnerabilities, one of the vulnerabilities which is classified as high-severity can allow attackers to gain access to information from a Samba AD DC. The High-Severity Vulnerabilities CVE-2022-38023 (CVSS score: 7.7) – Confidential attribute disclosure vulnerability, Successful exploitation might allow…
-
Threat Intelligence
Critical WordPress “Elementor” Plugin Site-Takeover Vulnerability
April 2, 2023 Critical WordPress “Elementor” Plugin Site-Takeover Vulnerability ‘Elementor’ has released patch for a critical vulnerability, affecting the ‘Elementor’ WordPress page builder plugin. Successful exploitation can allow an unauthenticated attacker to impersonate an administrator and completely take over a website without requiring any user interaction or social engineering. The Vulnerability Authentication bypass and privilege escalation vulnerability…
-
Threat Intelligence
3CX Desktop App Was Compromised in a Supply Chain Attack
March 30, 2023 3CX Desktop App Was Compromised in a Supply Chain Attack Several security firms have recently discovered unexpected malicious activity emanating from the legitimate, signed binary, softphone application 3CXDesktopApp from 3CX. Malicious activity includes beaconing to actor-controlled infrastructure, deployment of second-stage payloads, and in a few cases, hands-on-keyboard activity. This supply chain attack…
-
Threat Intelligence
QNAP Patches High-Severity Vulnerability Exists In The Wild
March 30, 2023 QNAP Patches High-Severity Vulnerability Exists In The Wild QNAP has issued a warning to consumers that some of its Network Attached Storage (NAS) devices are vulnerable to high-severity privilege escalation vulnerability. The Vulnerability CVE-2023-22809 (CVSS 3.1 : 7.8, High-severity) – Privilage escalation vulnerability (sudoers policy bypass) in Sudo version 1.9.12p1. Successful exploitation on…