Resources

Learn about CYREBRO’s platform, technology, and capabilities, read about industry insights, watch webinars with cyber experts, and much more in the resources below.  

  • GitLab Patches a Critical Account Takeover Vulnerability
    Threat Intelligence

    GitLab Patches a Critical Account Takeover Vulnerability

    June 6, 2022  GitLab Patches a Critical Account Takeover Vulnerability GitLab has released a critical security update, patching a critical account takeover vulnerability, as well as 7 other, less severe vulnerabilities. The critical vulnerability affects only GitLab Enterprise Edition (EE) under certain conditions, described in the next section below. The Critical Vulnerability CVE-2022-1680, (CVSS 3.0:…

  • Atlassian Patches a Critical Confluence RCE Vulnerability Exploited in the Wild
    Threat Intelligence

    Atlassian Patches a Critical Confluence RCE Vulnerability Exploited in the Wild

    June 6, 2022  Atlassian Patches a Critical Confluence RCE Vulnerability Exploited in the Wild Atlassian has released new Confluence ‘Server’ and ‘Data Center’ versions addressing an exploited in the wild critical remote code execution vulnerability. The Vulnerability CVE-2022-26134, Critical Severity – OGNL injection vulnerability allows an unauthenticated user to execute arbitrary code on a Confluence…

  • ‘Follina’: A Microsoft 0-Day RCE Vulnerability Exploited in the Wild
    Threat Intelligence

    ‘Follina’: A Microsoft 0-Day RCE Vulnerability Exploited in the Wild

    May 31, 2022  ‘Follina’: A Microsoft 0-Day RCE Vulnerability Exploited in the Wild Microsoft has released an advisory regarding a new 0-day remote code execution vulnerability in Microsoft Windows support diagnostic tool (MSDT). The vulnerability is exploited in the wild.  Named ‘Follina’ by the cybersecurity community, Microsoft have not released a patch for this vulnerability…

  • Google Patches 32 Chrome Vulnerabilities, 1 Critical RCE 
    Threat Intelligence

    Google Patches 32 Chrome Vulnerabilities, 1 Critical RCE 

    May 26, 2022  Google Patches 32 Chrome Vulnerabilities, 1 Critical RCE Google has released Chrome version 102.0.5005.61 for Desktop, patching 32 vulnerabilities, including 1 critical remote code execution vulnerability.  The Critical Vulnerability CVE-2022-1853, Critical Severity – A ‘use-after-free’ in IndexedDB. Successful exploitation of the vulnerability may result in remote code execution.   For the full list…

  • Cash Register Vendors Targeted, AutoSoft Compromised by Ransomware in a Supply-Chain Attack 
    Threat Intelligence

    Cash Register Vendors Targeted, AutoSoft Compromised by Ransomware in a Supply-Chain Attack 

    May 22, 2022 Cash Register Vendors Targeted, AutoSoft Compromised by Ransomware in a Supply-Chain Attack  On May 17th, the cash register vendor AutoSoft has been targeted by the infamous ‘LockBit 2.0’ ransomware.  According to a private statement sent to their customers by AutoSoft, 200 computers have been compromised, and attempts are being made to contact…

  • Critical WordPress ‘Jupiter’ Theme & Plugin Privilege Escalation
    Threat Intelligence

    Critical WordPress ‘Jupiter’ Theme & Plugin Privilege Escalation

    May 18, 2022  Critical WordPress ‘Jupiter’ Theme & Plugin Privilege Escalation According to an advisory by WordFence, a critical privilege escalation vulnerability affecting ‘Jupiter’ theme and ‘JupiterX Core’ plugin for WordPress was detected and patched.  The Vulnerability CVE-2022-1654 (CVSS 3.1: 9.9, Critical) – Authenticated Privilege Escalation and Post deletion. The vulnerability enables any authenticated attacker,…

  • ‘Follina’: A Microsoft 0-Day RCE Vulnerability Exploited in the Wild
    Threat Intelligence

    ‘Follina’: A Microsoft 0-Day RCE Vulnerability Exploited in the Wild

    May 31, 2022  ‘Follina’: A Microsoft 0-Day RCE Vulnerability Exploited in the Wild Microsoft has released an advisory regarding a new 0-day remote code execution vulnerability in Microsoft Windows support diagnostic tool (MSDT). The vulnerability is exploited in the wild.  Named ‘Follina’ by the cybersecurity community, Microsoft have not released a patch for this vulnerability…

  • Google Patches 32 Chrome Vulnerabilities, 1 Critical RCE 
    Threat Intelligence

    Google Patches 32 Chrome Vulnerabilities, 1 Critical RCE 

    May 26, 2022  Google Patches 32 Chrome Vulnerabilities, 1 Critical RCE Google has released Chrome version 102.0.5005.61 for Desktop, patching 32 vulnerabilities, including 1 critical remote code execution vulnerability.  The Critical Vulnerability CVE-2022-1853, Critical Severity – A ‘use-after-free’ in IndexedDB. Successful exploitation of the vulnerability may result in remote code execution.   For the full list…

  • Cash Register Vendors Targeted, AutoSoft Compromised by Ransomware in a Supply-Chain Attack 
    Threat Intelligence

    Cash Register Vendors Targeted, AutoSoft Compromised by Ransomware in a Supply-Chain Attack 

    May 22, 2022 Cash Register Vendors Targeted, AutoSoft Compromised by Ransomware in a Supply-Chain Attack  On May 17th, the cash register vendor AutoSoft has been targeted by the infamous ‘LockBit 2.0’ ransomware.  According to a private statement sent to their customers by AutoSoft, 200 computers have been compromised, and attempts are being made to contact…

  • Critical WordPress ‘Jupiter’ Theme & Plugin Privilege Escalation
    Threat Intelligence

    Critical WordPress ‘Jupiter’ Theme & Plugin Privilege Escalation

    May 18, 2022  Critical WordPress ‘Jupiter’ Theme & Plugin Privilege Escalation According to an advisory by WordFence, a critical privilege escalation vulnerability affecting ‘Jupiter’ theme and ‘JupiterX Core’ plugin for WordPress was detected and patched.  The Vulnerability CVE-2022-1654 (CVSS 3.1: 9.9, Critical) – Authenticated Privilege Escalation and Post deletion. The vulnerability enables any authenticated attacker,…

  • VMWare Patches Critical Authentication Bypass Vulnerability
    Threat Intelligence

    VMWare Patches Critical Authentication Bypass Vulnerability

    May 19, 2022  VMWare Patches Critical Authentication Bypass Vulnerability VMWare has patched a critical vulnerability, which may allow attackers to obtain administrative access without the need to authenticate.  The Vulnerability CVE-2022-22972, (CVSS 3.1: 9.8, Critical) – A malicious actor with network access to the UI may be able to obtain administrative access without authentication.  Affected Products VMware…

  • NVIDIA fixes 10 vulnerabilities, 2 Leading to ACE in Windows GPU display drivers
    Threat Intelligence

    NVIDIA fixes 10 vulnerabilities, 2 Leading to ACE in Windows GPU display drivers

    May 18, 2022  NVIDIA fixes 10 vulnerabilities, 2 Leading to ACE in Windows GPU display drivers NVIDIA has released a security update that addresses 4 high-severity and 6 medium-severity vulnerabilities in its GPU drivers.   The vulnerabilities can lead denial of service, information exposure, privilege elevation, arbitrary code execution (ACE), etc.  The ACE Vulnerabilities CVE-2022-28181, High…