Resources
Learn about CYREBRO’s platform, technology, and capabilities, read about industry insights, watch webinars with cyber experts, and much more in the resources below.
-
Threat Intelligence
Cisco Patches Privilege Escalation Vulnerability in AnyConnect
June 8, 2023 Cisco Patches Privilege Escalation Vulnerability in AnyConnect Cisco has patched a high-severity vulnerability found in the Cisco Secure Client (formerly AnyConnect Secure Mobility Client) software that could allow low-privileged, local threat actors to escalate privileges to the SYSTEM account used by the operating system in low-complexity attacks without user interaction. The Vulnerability…
-
Threat Intelligence
A zero-day vulnerability in MOVEit transfer MFT application is being exploited in the wild
June 5, 2023 A zero-day vulnerability in MOVEit transfer MFT application is being exploited in the wild Progress Software has patched a zero day vulnerability in MOVEit Transfer managed file transfer (MFT) solution that could lead to escalated privileges and potential unauthorized access to the environment. This was exploited in the wild in May and June…
-
Threat Intelligence
Gravity Forms Patches Vulnerability in WordPress Plugin
May 31, 2023 Gravity Forms Patches Vulnerability in WordPress Plugin Gravity Forms has released a patch for a PHP Object Injection vulnerability. Gravity Forms plugin is a tool that website owners can use to create custom forms for transactions involving site visitors, such as payment forms, registration forms, file upload forms, and others. The Vulnerability CVE-2023-28782…
-
Threat Intelligence
RCE Vulnerability Affecting ReportLab PDF library Exploited in The Wild
June 1, 2023 RCE Vulnerability Affecting ReportLab PDF library Exploited in The Wild Researcher released an exploit for a Remote Code Exaction (RCE) vulnerability affecting ReportLab Toolkit, a popular Python library for generating PDF files from HTML input. the issue was reported to ReportLab’s developers upon discovery. The Vulnerability CVE-2023-3733 – RCE vulnerability which allows an…
-
Threat Intelligence
Zyxel Patches Critical Buffer-Overflow Vulnerabilities Affecting Firewall Devices
May 30, 2023 Zyxel Patches Critical Buffer-Overflow Vulnerabilities Affecting Firewall Devices Zyxel has released a security advisory addressing two critical buffer-overflow vulnerabilities affecting firewall devices. The vulnerabilities are caused by buffer copy without checking size of input, which might result in remote code execution (RCE). The Critical Vulnerabilities CVE-2023-33009 (CVSS:9.8 – critical) – An unauthenticated…
-
Threat Intelligence
GitLab Patches a Critical Account Takeover Vulnerability
May 28, 2023 GitLab Patches a Critical Account Takeover Vulnerability GitLab released an emergency security update, version 16.0.1, to address a path traversal critical vulnerability with a maximum severity (CVSS score 10.0). Successful exploitation may allow an unauthenticated attacker to access any file on the server and disclose sensitive data, including proprietary software code, user…
-
Guides & E-books
Will Your Endpoint Security Stand the Test During the Remote Working Revolution
Modern organizations use multiple connected devices to conduct their business, including intelligent printers, appliances, BYOD cellphones and tablets, and more
-
Guide
Strategic Monitoring
Strategic monitoring in cybersecurity is the act of collecting data from several sources such as systems, networks, processes and then analyzing it to identify the signs of a compromise.
-
Guide
SIEM Optimization
When it comes to optimizing cybersecurity, the best tool to protect your business should be scalable, fast, and accurate, especially when under load.
-
Guide
Incident Response
Incident response is the set of policies and procedures that are utilized to address and manage the aftermath of a cyber-attack or data breach, also known as a security, computer, or IT incident.
-
Guide
Forensic Investigation
Forensic Investigations is a basic need for any business which takes its cyber defense seriously.
-
Guides & E-books
Cybersecurity and Data Protection Laws 101
Aside from the obvious need to protect your business, customers, and reputation, there is another reason for businesses of all sizes to use cybersecurity to guard users’ personal information: staying compliant with the law.
-
Threat Intelligence
GitLab Patches a Critical Account Takeover Vulnerability
May 28, 2023 GitLab Patches a Critical Account Takeover Vulnerability GitLab released an emergency security update, version 16.0.1, to address a path traversal critical vulnerability with a maximum severity (CVSS score 10.0). Successful exploitation may allow an unauthenticated attacker to access any file on the server and disclose sensitive data, including proprietary software code, user…
-
Threat Intelligence
KeePass Vulnerability Allows Obtaining Cleartext Passwords
May 22, 2023 KeePass Vulnerability Allows Obtaining Cleartext Passwords A recently discovered vulnerability in the open-source password management tool KeePass might allow the master password to be retrieved. The vulnerability has a proof-of-concept (PoC) exploit available. The Vulnerability CVE-2023-32784 – Vulnerability in “SecureTextBoxEx” in KeePass – where the master password and other passwords are entered…
-
Threat Intelligence
Trend Micro Patches Critical RCE Vulnerability in Apex One
May 22, 2023 Trend Micro Patches Critical RCE Vulnerability in Apex One Trend Micro has issued a new Critical Patch (CP) for Trend Micro Apex One and Trend Micro Apex One as a Service, which addresses a number of previously identified vulnerabilities. The Critical RCE Vulnerability CVE-2023-32557, (CVSS 3.1: 9.8, Critical) – Management Server Path…
-
Threat Intelligence
Apple Patches Three Zero-Day Vulnerabilities
May 21, 2023 Apple Patches Three Zero-Day Vulnerabilities Apple has addressed three zero-days vulnerabilities in macOS and additional products. The Zero-day Vulnerabilities CVE-2023-28204 – Sandbox Escape Vulnerability. A remote threat actor can exploit this vulnerability to break out of web content sandboxes. CVE-2023-32409, CVE-2023-32373 – Out-Of-Bounds Read Vulnerabilities. A threat actor can exploit these vulnerabilities…
-
Threat Intelligence
CISCO Patches Critical Vulnerabilities
May 18, 2023 CISCO Patches Critical Vulnerabilities Cisco has addressed four critical RCE (Remote Code Execution) vulnerabilities discovered in multiple Small Business Series Switches. Successful exploit of any of the vulnerabilities could allow a threat actor to execute arbitrary code with root privileges on compromised devices. The vulnerabilities are triggered by incorrect validation of requests…
-
Threat Intelligence
Google Patches RCE Vulnerabilities in Chrome
May 17, 2023 Google Patches RCE Vulnerabilities in Chrome Google has released Chrome version 113.0.5672.126/127 (Stable Channel), patching 12 vulnerabilities. Successful exploitation of some of these vulnerabilities could allow remote code execution (RCE) on the targeted system. The RCE Vulnerabilities CVE-2023-2721, Critical – Use after free vulnerability in Navigation which allows a remote attacker to…