Resources

Learn about CYREBRO’s platform, technology, and capabilities, read about industry insights, watch webinars with cyber experts, and much more in the resources below.

  • HP Patches 4 TOCTOU Vulnerabilities in PC’s BIOS.
    Threat Intelligence

    HP Patches 4 TOCTOU Vulnerabilities in PC’s BIOS.

    February 23, 2023 HP Patches 4 TOCTOU Vulnerabilities in PC’s BIOS. HP recently discovered potential Time-of-Check to Time-of Use (TOCTOU) vulnerabilities in their PC’s BIOS. The Vulnerabilities CVE-2022-27539, CVE-2022-27541, CVE-2022-43777, CVE-2022-43778 (CVSS:3.1 score: 7.8, High) – A threat actor may carry out remote code execution (RCE), denial of service (DoS), and information disclosure operations. Affected…

  • VMware Patches a Critical Vulnerability in Carbon Black App Control
    Threat Intelligence

    VMware Patches a Critical Vulnerability in Carbon Black App Control

    February 23, 2023 VMware Patches a Critical Vulnerability in Carbon Black App Control Vmware has patched a critical injection vulnerability in VMware Carbon Black App Control. The Vulnerability: CVE-2023-20858 (CVSS:3.1 score: 9.1, Critical) – an injection vulnerability that could allow a threat actor with privileged access to the App Control administrative console to utilize specially…

  • Cyber Insurance Coverage Checklist
    Guides & E-books

    Cyber Insurance Coverage Checklist

    Previously, attaining a cyber insurance policy demanded as little as an antivirus and a computer, today it's become much more difficult.

  • Fortinet Patches 40 Vulnerabilities Affecting a Variety of Products, 2 Critical RCE Vulnerabilities
    Threat Intelligence

    Fortinet Patches 40 Vulnerabilities Affecting a Variety of Products, 2 Critical RCE Vulnerabilities

    February 19, 2023 Fortinet Patches 40 Vulnerabilities Affecting a Variety of Products, 2 Critical RCE Vulnerabilities Fortinet patched 40 vulnerabilities in various products, 2 of which had a Critical-Severity level. Successful exploitation of the critical vulnerabilities allows unauthenticated remote attacker to perform arbitrary write (RCE) on the affected system. The Critical Vulnerabilities CVE-2022-39952 (CVSS 3.1:…

  • Apple Patches Actively Exploited 0-Day Vulnerability in MacOS & Safari
    Threat Intelligence

    Apple Patches Actively Exploited 0-Day Vulnerability in MacOS & Safari

    February 14, 2023 Apple Patches Actively Exploited 0-Day Vulnerability in MacOS & Safari Apple has released an emergency update patching actively exploited 0-day RCE vulnerability, which allows malicious actor to perform remote code execution (RCE) with kernel privileges. The Zero-Day Vulnerability CVE-2023-23529 (Critical) – Type-confusion vulnerability in ‘Webkit’, that could be exploited to trigger OS crashes…

  • QNAP Patches Critical Vulnerability
    Threat Intelligence

    QNAP Patches Critical Vulnerability

    February 2, 2023 QNAP Patches Critical Vulnerability QNAP has patched a critical vulnerability affecting its network-attached storage (NAS) devices which could allow to threat actor to perform remote code injection (RCE). The Vulnerability CVE-2022-27596, (CVSS 3.1: 9.8, Critical) – SQL injection vulnerability which allows remote threat actor to inject malicious code and allow access to…

  • VMWare Patches 2 Critical VMware vRealize Vulnerabilities
    Threat Intelligence

    VMWare Patches 2 Critical VMware vRealize Vulnerabilities

    January 25, 2023 VMWare Patches 2 Critical VMware vRealize Vulnerabilities VMWare has patched two critical vulnerabilities in vRealize Log Insight that might allow a malicious actor to inject files into the operating systems of vulnerable appliances in order to gain remote code execution. In addition to these critical vulnerabilities, VMware patched additional vulnerabilities that might…

  • Google Chrome 0-Day Vulnerability Exploited in the Wild
    Threat Intelligence

    Google Chrome 0-Day Vulnerability Exploited in the Wild

    December 4, 2022 Google Chrome 0-Day Vulnerability Exploited in the Wild Google has released an emergency update for Chrome, addressing an actively exploited Zero-Day vulnerability. The updated version is 108.0.5359.94/.95 for Windows, Mac, and Linux. Google has not shared further information regarding the Zero-Day details and exploitation, however such vulnerabilities typically allow attackers to create unusually…

  • Google Chrome 0-Day Vulnerability Exploited in the Wild
    Threat Intelligence

    Google Chrome 0-Day Vulnerability Exploited in the Wild

    November 27, 2022 Google Chrome 0-Day Vulnerability Exploited in the Wild Google has released an emergency update for Chrome, addressing an actively exploited Zero-Day vulnerability. The updated version is 107.0.5304.121/.122 for Windows, Mac and Linux. Google has not shared further information regarding the Zero-Day details and exploitation, however such vulnerabilities typically allow attackers to create unusually…

  • F5 BIG-IP & BIG-IQ High-Severity RCE Vulnerabilities
    Threat Intelligence

    F5 BIG-IP & BIG-IQ High-Severity RCE Vulnerabilities

    November 20, 2022 F5 BIG-IP & BIG-IQ High-Severity RCE Vulnerabilities F5 has released an advisory regarding 2 High-Severity vulnerabilities affecting BIG-IP and BIG-IQ devices. successful exploitation of these vulnerabilities may lead to remote code execution (RCE) and device takeover. The Vulnerabilities CVE-2022-41622 (CVSS 3.1: 8.8, High-severity) – A cross-site request forgery (CSRF) vulnerability through iControl SOAP, may…

  • Atlassian Critical Bitbucket RCE Vulnerability Exists in the Wild
    Threat Intelligence

    Atlassian Critical Bitbucket RCE Vulnerability Exists in the Wild

    November 20, 2022 Atlassian Critical Bitbucket RCE Vulnerability Exists in the Wild Atlassian has released security patches to address two critical vulnerabilities in Bitbucket Server, Data Center, and Crowd. An attacker might be able to execute remote code (RCE) by exploiting one of the vulnerabilities. The Vulnerabilities CVE-2022-43781, Critical (CVSS 3.1: 9.0) -Environment variable-based command injection…

  • Foxit Patches Several Code-Execution Vulnerabilities in PDF Reader
    Threat Intelligence

    Foxit Patches Several Code-Execution Vulnerabilities in PDF Reader

    November 14, 2022 Foxit Patches Several Code-Execution Vulnerabilities in PDF Reader Foxit PDF document viewer has been updated to address a number of use-after-free security vulnerabilities that might be exploited to execute arbitrary code. To exploit these vulnerabilities, an attacker must persuade a victim into opening a malicious file. The Vulnerabilities CVE-2022-32774, CVE-2022-38097, CVE-2022-37332, CVE-2022-40129…