Resources

Learn about CYREBRO’s platform, technology, and capabilities, read about industry insights, watch webinars with cyber experts, and much more in the resources below.

  • 3CX Desktop App Was Compromised in a Supply Chain Attack
    Threat Intelligence

    3CX Desktop App Was Compromised in a Supply Chain Attack

    March 30, 2023 3CX Desktop App Was Compromised in a Supply Chain Attack Several security firms have recently discovered unexpected malicious activity emanating from the legitimate, signed binary, softphone application 3CXDesktopApp from 3CX. Malicious activity includes beaconing to actor-controlled infrastructure, deployment of second-stage payloads, and in a few cases, hands-on-keyboard activity. This supply chain attack…

  • QNAP Patches High-Severity Vulnerability Exists In The Wild
    Threat Intelligence

    QNAP Patches High-Severity Vulnerability Exists In The Wild

    March 30, 2023 QNAP Patches High-Severity Vulnerability Exists In The Wild QNAP has issued a warning to consumers that some of its Network Attached Storage (NAS) devices are vulnerable to high-severity privilege escalation vulnerability. The Vulnerability CVE-2023-22809 (CVSS 3.1 : 7.8, High-severity) – Privilage escalation vulnerability (sudoers policy bypass) in Sudo version 1.9.12p1. Successful exploitation on…

  • From GDPR to CCPA – Staying Ahead of the Curve in a Rapidly Changing Regulatory Landscape
    Blog Post

    From GDPR to CCPA – Staying Ahead of the Curve in a Rapidly Changing Regulatory Landscape

    In 1986, the United States enacted a vital piece of legislation known as the Computer Fraud and Abuse Act (CFAA) to address a rise in computer-related crimes. CFAA made many computer-based offenses illegal, including hacking, computer trespassing, unauthorized access to computers and computer networks, and using computers to commit fraud or access national security information.…

  • Aruba Networks fixes 6 critical vulnerabilities in ArubaOS
    Threat Intelligence

    Aruba Networks fixes 6 critical vulnerabilities in ArubaOS

    March 2, 2023 Aruba Networks fixes 6 critical vulnerabilities in ArubaOS Aruba Networks issued a security advisory regarding six critical-severity vulnerabilities affecting multiple versions of ArubaOS, its proprietary network operating system. Aruba’s critical vulnerabilities are divided into two categories: command injection vulnerabilities and stack-based buffer vulnerabilities in the PAPI protocol (Aruba Networks access point management…

  • Cisco Patches Critical Web UI RCE Vulnerability in Multiple IP Phones
    Threat Intelligence

    Cisco Patches Critical Web UI RCE Vulnerability in Multiple IP Phones

    March 2, 2023 Cisco Patches Critical Web UI RCE Vulnerability in Multiple IP Phones Cisco has patched a critical security vulnerability discovered in the Web UI of several IP Phone models, which unauthenticated and remote threat actors can exploit in remote code execution (RCE) attacks. The RCE Vulnerability CVE-2023-20078 (CVSS score: 9.8) – A vulnerability…

  • Remove AV Exclusions for Microsoft’s Exchange
    Threat Intelligence

    Remove AV Exclusions for Microsoft’s Exchange

    February 27, 2023 Remove AV Exclusions for Microsoft’s Exchange According to Microsoft’s Exchange Team, it is recommended to remove specific folders and processes exclusions from the file-level Antivirus (AV) scanner. The Issue: Keeping the exclusions may prevent detections of Internet Information Services (IIS) webshells and backdoor modules. Threat actors might exploit malicious IIS web server…

  • Apple Patches Actively Exploited 0-Day Vulnerability in MacOS & Safari
    Threat Intelligence

    Apple Patches Actively Exploited 0-Day Vulnerability in MacOS & Safari

    February 14, 2023 Apple Patches Actively Exploited 0-Day Vulnerability in MacOS & Safari Apple has released an emergency update patching actively exploited 0-day RCE vulnerability, which allows malicious actor to perform remote code execution (RCE) with kernel privileges. The Zero-Day Vulnerability CVE-2023-23529 (Critical) – Type-confusion vulnerability in ‘Webkit’, that could be exploited to trigger OS crashes…

  • QNAP Patches Critical Vulnerability
    Threat Intelligence

    QNAP Patches Critical Vulnerability

    February 2, 2023 QNAP Patches Critical Vulnerability QNAP has patched a critical vulnerability affecting its network-attached storage (NAS) devices which could allow to threat actor to perform remote code injection (RCE). The Vulnerability CVE-2022-27596, (CVSS 3.1: 9.8, Critical) – SQL injection vulnerability which allows remote threat actor to inject malicious code and allow access to…

  • KeePass Vulnerability Allows to Obtain Cleartext Passwords
    Threat Intelligence

    KeePass Vulnerability Allows to Obtain Cleartext Passwords

    February 2, 2023 KeePass Vulnerability Allows to Obtain Cleartext Passwords A new vulnerability was found in KeePass Password Manager allowing threat actors with write access to a target’s system to modify the XML configuration file and inject a malicious trigger that would export the database, including all usernames and passwords in cleartext. The Vulnerability CVE-2023-24055,…

  • Jenkins patches 9 high-severity Vulnerabilities in 22 Plugins
    Threat Intelligence

    Jenkins patches 9 high-severity Vulnerabilities in 22 Plugins

    January 25, 2023 Jenkins patches 9 high-severity Vulnerabilities in 22 Plugins The Jenkins security team has reported 38 vulnerabilities (29 of them rated high-severity) affecting 22 Jenkins plugins. Successful exploitation of the vulnerabilities may lead to Sandbox bypass, gain administrator access to Jenkins and more. The Vulnerabilities & Affected Plugins A full list of the vulnerabilities…

  • Critical WordPress ”LearnPress” Plugin Vulnerabilities
    Threat Intelligence

    Critical WordPress ”LearnPress” Plugin Vulnerabilities

    January 25, 2023 Critical WordPress ”LearnPress” Plugin Vulnerabilities Multiple critical-severity WordPress vulnerabilities, including pre-auth SQL injection and local file inclusion, were discovered by security researchers in the “LearnPress” plugin for WordPress online courses. The Critical Vulnerabilities CVE-2022-45808 (CVSS 3.1: 9.9, Critical) – An SQL Injection vulnerability, might allow a malicious actor to directly interact with…

  • Google Patches Chrome Vulnerabilities, 2 Critical RCEs
    Threat Intelligence

    Google Patches Chrome Vulnerabilities, 2 Critical RCEs

    January 25, 2023 Google Patches Chrome Vulnerabilities, 2 Critical RCEs Google has released Chrome version 109.0.5414.119/120 for Mac and Linux and Windows, patching 2 RCE vulnerabilities. Successful exploitation might lead to remote code execution (RCE). The RCE Vulnerabilities CVE-2023-0471, High-Severity – Use after free vulnerability in WebTransport. CVE-2023-0472, High-Severity – Use after free vulnerability in…