Resources

Learn about CYREBRO’s platform, technology, and capabilities, read about industry insights, watch webinars with cyber experts, and much more in the resources below.

  • Cisco Patches Privilege Escalation Vulnerability in AnyConnect
    Threat Intelligence

    Cisco Patches Privilege Escalation Vulnerability in AnyConnect

    June 8, 2023 Cisco Patches Privilege Escalation Vulnerability in AnyConnect Cisco has patched a high-severity vulnerability found in the Cisco Secure Client (formerly AnyConnect Secure Mobility Client) software that could allow low-privileged, local threat actors to escalate privileges to the SYSTEM account used by the operating system in low-complexity attacks without user interaction. The Vulnerability…

  • A zero-day vulnerability in MOVEit transfer MFT application is being exploited in the wild
    Threat Intelligence

    A zero-day vulnerability in MOVEit transfer MFT application is being exploited in the wild

    June 5, 2023 A zero-day vulnerability in MOVEit transfer MFT application is being exploited in the wild Progress Software has patched a zero day vulnerability in MOVEit Transfer managed file transfer (MFT) solution that could lead to escalated privileges and potential unauthorized access to the environment. This was exploited in the wild in May and June…

  • Gravity Forms Patches Vulnerability in WordPress Plugin
    Threat Intelligence

    Gravity Forms Patches Vulnerability in WordPress Plugin

    May 31, 2023 Gravity Forms Patches Vulnerability in WordPress Plugin Gravity Forms has released a patch for a PHP Object Injection vulnerability. Gravity Forms plugin is a tool that website owners can use to create custom forms for transactions involving site visitors, such as payment forms, registration forms, file upload forms, and others. The Vulnerability CVE-2023-28782…

  • RCE Vulnerability Affecting ReportLab PDF library Exploited in The Wild
    Threat Intelligence

    RCE Vulnerability Affecting ReportLab PDF library Exploited in The Wild

    June 1, 2023 RCE Vulnerability Affecting ReportLab PDF library Exploited in The Wild Researcher released an exploit for a Remote Code Exaction (RCE) vulnerability affecting ReportLab Toolkit, a popular Python library for generating PDF files from HTML input. the issue was reported to ReportLab’s developers upon discovery. The Vulnerability CVE-2023-3733  – RCE vulnerability which allows an…

  • Zyxel Patches Critical Buffer-Overflow Vulnerabilities Affecting Firewall Devices
    Threat Intelligence

    Zyxel Patches Critical Buffer-Overflow Vulnerabilities Affecting Firewall Devices

    May 30, 2023 Zyxel Patches Critical Buffer-Overflow Vulnerabilities Affecting Firewall Devices Zyxel has released a security advisory addressing two critical buffer-overflow vulnerabilities affecting firewall devices. The vulnerabilities are caused by buffer copy without checking size of input, which might result in remote code execution (RCE). The Critical Vulnerabilities CVE-2023-33009 (CVSS:9.8 – critical) – An unauthenticated…

  • GitLab Patches a Critical Account Takeover Vulnerability
    Threat Intelligence

    GitLab Patches a Critical Account Takeover Vulnerability

    May 28, 2023 GitLab Patches a Critical Account Takeover Vulnerability GitLab released an emergency security update, version 16.0.1, to address a path traversal critical vulnerability with a maximum severity (CVSS score 10.0). Successful exploitation may allow an unauthenticated attacker to access any file on the server and disclose sensitive data, including proprietary software code, user…

  • GitLab Patches a Critical Account Takeover Vulnerability
    Threat Intelligence

    GitLab Patches a Critical Account Takeover Vulnerability

    May 28, 2023 GitLab Patches a Critical Account Takeover Vulnerability GitLab released an emergency security update, version 16.0.1, to address a path traversal critical vulnerability with a maximum severity (CVSS score 10.0). Successful exploitation may allow an unauthenticated attacker to access any file on the server and disclose sensitive data, including proprietary software code, user…

  • KeePass Vulnerability Allows Obtaining Cleartext Passwords
    Threat Intelligence

    KeePass Vulnerability Allows Obtaining Cleartext Passwords

    May 22, 2023 KeePass Vulnerability Allows Obtaining Cleartext Passwords A recently discovered vulnerability in the open-source password management tool KeePass might allow the master password to be retrieved. The vulnerability has a proof-of-concept (PoC) exploit available. The Vulnerability CVE-2023-32784 –  Vulnerability in “SecureTextBoxEx” in KeePass –  where the master password and other passwords are entered…

  • Trend Micro Patches Critical RCE Vulnerability in Apex One
    Threat Intelligence

    Trend Micro Patches Critical RCE Vulnerability in Apex One

    May 22, 2023 Trend Micro Patches Critical RCE Vulnerability in Apex One Trend Micro has issued a new Critical Patch (CP) for Trend Micro Apex One and Trend Micro Apex One as a Service, which addresses a number of previously identified vulnerabilities. The Critical RCE Vulnerability CVE-2023-32557, (CVSS 3.1: 9.8, Critical) – Management Server Path…

  • Apple Patches Three Zero-Day Vulnerabilities
    Threat Intelligence

    Apple Patches Three Zero-Day Vulnerabilities

    May 21, 2023 Apple Patches Three Zero-Day Vulnerabilities Apple has addressed three zero-days vulnerabilities in macOS and additional products. The Zero-day Vulnerabilities CVE-2023-28204 – Sandbox Escape Vulnerability. A remote threat actor can exploit this vulnerability to break out of web content sandboxes. CVE-2023-32409, CVE-2023-32373 – Out-Of-Bounds Read Vulnerabilities. A threat actor can exploit these vulnerabilities…

  • CISCO Patches Critical Vulnerabilities
    Threat Intelligence

    CISCO Patches Critical Vulnerabilities

    May 18, 2023 CISCO Patches Critical Vulnerabilities Cisco has addressed four critical RCE (Remote Code Execution) vulnerabilities discovered in multiple Small Business Series Switches. Successful exploit of any of the vulnerabilities could allow a threat actor to execute arbitrary code with root privileges on compromised devices. The vulnerabilities are triggered by incorrect validation of requests…

  • Google Patches RCE Vulnerabilities in Chrome
    Threat Intelligence

    Google Patches RCE Vulnerabilities in Chrome

    May 17, 2023 Google Patches RCE Vulnerabilities in Chrome Google has released Chrome version 113.0.5672.126/127 (Stable Channel), patching 12 vulnerabilities. Successful exploitation of some of these vulnerabilities could allow remote code execution (RCE) on the targeted system. The RCE Vulnerabilities CVE-2023-2721, Critical – Use after free vulnerability in Navigation which allows a remote attacker to…