Resources
Learn about CYREBRO’s platform, technology, and capabilities, read about industry insights, watch webinars with cyber experts, and much more in the resources below.
-
Threat Intelligence
KeePass Vulnerability Allows to Obtain Cleartext Passwords
February 2, 2023 KeePass Vulnerability Allows to Obtain Cleartext Passwords A new vulnerability was found in KeePass Password Manager allowing threat actors with write access to a target’s system to modify the XML configuration file and inject a malicious trigger that would export the database, including all usernames and passwords in cleartext. The Vulnerability CVE-2023-24055,…
-
Threat Intelligence
Jenkins patches 9 high-severity Vulnerabilities in 22 Plugins
January 25, 2023 Jenkins patches 9 high-severity Vulnerabilities in 22 Plugins The Jenkins security team has reported 38 vulnerabilities (29 of them rated high-severity) affecting 22 Jenkins plugins. Successful exploitation of the vulnerabilities may lead to Sandbox bypass, gain administrator access to Jenkins and more. The Vulnerabilities & Affected Plugins A full list of the vulnerabilities…
-
Threat Intelligence
Critical WordPress ”LearnPress” Plugin Vulnerabilities
January 25, 2023 Critical WordPress ”LearnPress” Plugin Vulnerabilities Multiple critical-severity WordPress vulnerabilities, including pre-auth SQL injection and local file inclusion, were discovered by security researchers in the “LearnPress” plugin for WordPress online courses. The Critical Vulnerabilities CVE-2022-45808 (CVSS 3.1: 9.9, Critical) – An SQL Injection vulnerability, might allow a malicious actor to directly interact with…
-
Threat Intelligence
Google Patches Chrome Vulnerabilities, 2 Critical RCEs
January 25, 2023 Google Patches Chrome Vulnerabilities, 2 Critical RCEs Google has released Chrome version 109.0.5414.119/120 for Mac and Linux and Windows, patching 2 RCE vulnerabilities. Successful exploitation might lead to remote code execution (RCE). The RCE Vulnerabilities CVE-2023-0471, High-Severity – Use after free vulnerability in WebTransport. CVE-2023-0472, High-Severity – Use after free vulnerability in…
-
Threat Intelligence
VMWare Patches 2 Critical VMware vRealize Vulnerabilities
January 25, 2023 VMWare Patches 2 Critical VMware vRealize Vulnerabilities VMWare has patched two critical vulnerabilities in vRealize Log Insight that might allow a malicious actor to inject files into the operating systems of vulnerable appliances in order to gain remote code execution. In addition to these critical vulnerabilities, VMware patched additional vulnerabilities that might…
-
Blog Post
The Benefits of Choosing a Reliable MSSP (Part 2 of 2)
Businesses are facing an uphill battle when it comes to cybersecurity. The number of threat actors is multiplying daily, as are their skills and attacks. Simultaneously, security leaders, already dealing with staff and skills shortages, must do more with lower budgets. How can a business amp up its security in such turbulent times? In a…
-
Threat Intelligence
Intel has Released Security Updates that Affect a Wide Variety of Products
November 9, 2022 Intel has Released Security Updates that Affect a Wide Variety of Products As part of Patch Tuesday, Intel released several firmware and software updates, patching vulnerabilities that may lead to Arbitrary Code Execution, escalation of privilege, denial of service (DoS), and information disclosure. Affected Components: Intel NUC Firmware Intel DCM Intel Glorp…
-
Threat Intelligence
HP has Released Firmware Updates that Affect a Wide Variety of Products
November 9, 2022 HP has Released Firmware Updates that Affect a Wide Variety of Products As part of Patch Tuesday, HP released several firmware and software updates, patching vulnerabilities that may lead to Arbitrary Code Execution, escalation of privilege, denial of service (DoS), and information disclosure. Affected Products HP PC BIOS AMD Graphics Driver Intel®…
-
Threat Intelligence
Citrix patches 3 critical authentication bypass vulnerabilities that affects Citrix ADC and Citrix Gateway
November 9, 2022 Citrix patches 3 critical authentication bypass vulnerabilities that affects Citrix ADC and Citrix Gateway Citrix has released security updates for Citrix ADC and Citrix Gateway to address a critical authentication bypass vulnerabilities. The 3 vulnerabilities, in some configurations, can allow attackers to obtain unauthorized access to the device, perform remote desktop takeover,…
-
Threat Intelligence
VMware Patches 3 Critical Auth-Bypass Vulnerabilities in Remote Access Tool
November 9, 2022 VMware Patches 3 Critical Auth-Bypass Vulnerabilities in Remote Access Tool VMware has released security updates to address three critical severity vulnerabilities in the Workspace ONE Assist solution, which allow remote attackers to bypass authentication and gain administrative privileges. The Vulnerabilities CVE-2022-31685 (CVSS 3.1: .9.8, Critical) -A uthentication Bypass vulnerability, malicious actor with…
-
Threat Intelligence
Google Patches 6 RCEs in Chrome
November 9, 2022 Google Patches 6 RCEs in Chrome Google has updated Chrome, patching 6 remote code execution vulnerabilities and 10 vulnerabilities overall. The updated version is 107.0.5304.106/107 for Windows, and 107.0.5304.110 for Mac and Linux. The RCE Vulnerabilities CVE-2022-3885 (High Severity) – Use after free in V8. CVE-2022-3886 (High Severity) – Use after free in…
-
Threat Intelligence
Microsoft Patches 6 0-Days & 16 RCE Vulnerabilities
November 9, 2022 Microsoft Patches 6 0-Days & 16 RCE Vulnerabilities As part of November’s monthly security rollup updates, Microsoft has patched 6 0-Day and 16 Remote Code Execution vulnerabilities. Overall, Microsoft has patched 68 vulnerabilities across Windows, Windows Server, Exchange, Hyper-V, Azure, Visual Studio, Office and others. The Zero-Day Vulnerabilities CVE-2022-41128 (CVSS 3.1: 8.8, High Severity)…