Resources
Learn about CYREBRO’s platform, technology, and capabilities, read about industry insights, watch webinars with cyber experts, and much more in the resources below.
-
Threat Intelligence
Grafana Patches Critical Vulnerability due to Azure Integration
June 26, 2023 Grafana has released a security patch for a critical Authentication Bypass vulnerability found in multiple versions of its application. This vulnerability allows attackers to bypass authentication and gain control over any Grafana account that uses Azure Active Directory OAuth with a multi-tenant Azure application and that do not have allowed_groups configured. Grafana is…
-
Threat Intelligence
VMware Patches Critical Vulnerabilities in vCenter Server
June 25, 2023 VMware has patched a number of high-severity vulnerabilities in vCenter Server that may allow attackers to gain code execution and bypass authentication on unpatched systems. The Vulnerabilities CVE-2023-20892 (CVSS 3.1: 8.1, High-severity) – a heap-overflow vulnerability due to the usage of uninitialized memory in the implementation of the DCERPC protocol, a malicious…
-
Threat Intelligence
Fortinet Patches Critical RCE Vulnerability in FortiNAC
June 25, 2023 Fortinet has updated FortiNAC to address various of vulnerabilities, including critical RCE vulnerability that might be exploited by malicious actors in order to perform remote code execution without authentication. The Critical Vulnerability CVE-2023-33299 (CVSS score: 9.6, Critical) – A deserialization of untrusted data vulnerability, successful exploitation may allow an unauthenticated user to…
-
Threat Intelligence
ISC Patches BIND9 DNS Software Vulnerabilities
June 22, 2023 The Internet Systems Consortium (ISC) has published patches to address various security vulnerabilities in the Berkeley Internet Name Domain (BIND) 9 Domain Name System (DNS) software suite that might lead to a denial-of-service (DoS). The Vulnerabilities CVE-2023-2911 CVE-2023-2829 CVE-2023-2828 Affected Versions BIND: 9.16.33 -> 9.16.41 9.18.7 -> 9.18.15 BIND Supported Preview Edition…
-
Threat Intelligence
Apple Patches 3 Zero-Day Vulnerabilities affect Variety of Products
June 22, 2023 Apple published security upgrades to address three RCE zero-day vulnerabilities that were discovered to be exploited in the wild. The Vulnerabilities CVE-2023-32434 – An integer overflow vulnerability in the Kernel that could be exploited by a malicious app to execute arbitrary code with kernel privileges. CVE-2023-32435 – A memory corruption vulnerability in…
-
Threat Intelligence
Critical WooCommerce Payments Plugin Vulnerability
June 22, 2023 A critical security flaw has been discovered in the WordPress “Abandoned Cart Lite for WooCommerce” plugin. Successful exploitation may allow threat actors to access the accounts of users who have abandoned their carts, who are typically consumers but may also include other high-level users The Vulnerability CVE-2023-2986– (CVSS 3.1: 9.8, Critical) Authentication…
-
Guides & E-books
How to Build a SOC: A Complete Guide
Building a SOC is no small feat. A company should be ready to invest extensive resources into the technology and personnel needed to get a SOC up and running, plan long-term to maintain and optimize tools and systems, and provide regular training for SOC analysts. Before you embark down this path, we recommend learning what it really takes to build and maintain a SOC.
-
Guides & E-books
2022 Attack Vector Landscape Analysis
This report details this attack vector landscape analysis and provides readers with insights that can help inform their cybersecurity strategy in 2022 and beyond.
-
Guides & E-books
The 6 Critical Capabilities of a Complete SOC Solution
A SOC solution is an ideal way for businesses to maintain proper protection and response against cyberattacks, especially before they occur.
-
Guides & E-books
7 Steps to Effective Incident Response
This guide is meant to help you take the first steps to creating an effective incident response plan. Every organization is different, so use this guide as a framework to create an incident response plan (IRP) that is uniquely tailored to your organization.
-
Guide
Predictions for 2022
Cybersecurity should be considered a right, not a privilege. As such, investment into solutions that can transform chaos into clarity, as well as improving employee awareness, will be critical when facing threats into 2022 and beyond
-
Guides & E-books
The Real State of DevSecOps and Where It’s Going
Get the ultimate 2021 DevSecOps guide to bolster the capabilities of your DevSecOps team. Find out about the challenges facing the field, what to watch out for, how to boost protection, and key takeaways regarding consolidation, compartmentalization, and accountability.
-
Threat Intelligence
Critical WooCommerce Payments Plugin Vulnerability
June 22, 2023 A critical security flaw has been discovered in the WordPress “Abandoned Cart Lite for WooCommerce” plugin. Successful exploitation may allow threat actors to access the accounts of users who have abandoned their carts, who are typically consumers but may also include other high-level users The Vulnerability CVE-2023-2986– (CVSS 3.1: 9.8, Critical) Authentication…
-
Threat Intelligence
Zyxel Patches Critical RCE Vulnerability Affecting NAS Devices
June 21, 2023 Zyxel released a security advisory addressing critical vulnerability affecting its network-attached storage (NAS) devices which might result in remote code execution (RCE). The Vulnerability CVE-2023-27992 (CVSS:3.1 – 9.8, Critical) – RCE vulnerability in Zyxel NAS different versions. An unauthenticated threat actor could exploit this vulnerability by remotely executing certain operating system (OS) commands through…
-
Threat Intelligence
SAP Patches High-Severity Vulnerabilities
June 14, 2023 As part of June monthly security rollup updates, SAP has released patches to resolve several vulnerabilities which affect several SAP products, with a particular focus on Cross-Site Scripting (XSS) vulnerabilities The Notable High-Severity Vulnerabilities CVE-2023-33991 (CVSS 3.1: 8.2, High) – Cross-Site Scripting (XSS) vulnerability in SAP UI5 Variant Management After successful exploitation,…
-
Threat Intelligence
VMware Tools Actively Exploited Zero-Day Vulnerability
June 14, 2023 VMware has addressed a zero-day vulnerability in VMware Tools that has been actively exploited. Exploitation of this vulnerability enables attackers to bypass authentication and execute privileged commands on guest virtual machines running Windows, Linux, and PhotonOS (vCenter). This can occur without leaving any trace or logs of the malicious activity within the…
-
Threat Intelligence
Microsoft Patches 6 Critical & 38 RCE Vulnerabilities
June 14, 2023 In the latest round of monthly security rollup updates in June, Microsoft has addressed a total of 78 vulnerabilities, with 38 of them categorized as remote code execution (RCE) vulnerabilities. Out of the identified vulnerabilities, only 6 are considered critical, encompassing denial of service, remote code execution and privilege escalation. Overall, Microsoft…
-
Threat Intelligence
Fortinet Patches Pre-authentication RCE Vulnerability
June 12, 2023 Fortinet Patches Pre-authentication RCE Vulnerability Fortinet patched a critical remote code exaction (RCE) vulnerability in its FortiGate firewalls, which does not require the threat actor to logged in to exploit it. The Vulnerability CVE-2023-27997 (Critical) – A pre-authentication RCE Vulnerability affects the SSL-VPN component of Fertigate firewalls. This could allow a threat actor to…