Resources
Learn about CYREBRO’s platform, technology, and capabilities, read about industry insights, watch webinars with cyber experts, and much more in the resources below.
-
Threat Intelligence
GitLab Patches a Critical Account Takeover Vulnerability
June 6, 2022 GitLab Patches a Critical Account Takeover Vulnerability GitLab has released a critical security update, patching a critical account takeover vulnerability, as well as 7 other, less severe vulnerabilities. The critical vulnerability affects only GitLab Enterprise Edition (EE) under certain conditions, described in the next section below. The Critical Vulnerability CVE-2022-1680, (CVSS 3.0:…
-
Threat Intelligence
Atlassian Patches a Critical Confluence RCE Vulnerability Exploited in the Wild
June 6, 2022 Atlassian Patches a Critical Confluence RCE Vulnerability Exploited in the Wild Atlassian has released new Confluence ‘Server’ and ‘Data Center’ versions addressing an exploited in the wild critical remote code execution vulnerability. The Vulnerability CVE-2022-26134, Critical Severity – OGNL injection vulnerability allows an unauthenticated user to execute arbitrary code on a Confluence…
-
Threat Intelligence
‘Follina’: A Microsoft 0-Day RCE Vulnerability Exploited in the Wild
May 31, 2022 ‘Follina’: A Microsoft 0-Day RCE Vulnerability Exploited in the Wild Microsoft has released an advisory regarding a new 0-day remote code execution vulnerability in Microsoft Windows support diagnostic tool (MSDT). The vulnerability is exploited in the wild. Named ‘Follina’ by the cybersecurity community, Microsoft have not released a patch for this vulnerability…
-
Threat Intelligence
Google Patches 32 Chrome Vulnerabilities, 1 Critical RCE
May 26, 2022 Google Patches 32 Chrome Vulnerabilities, 1 Critical RCE Google has released Chrome version 102.0.5005.61 for Desktop, patching 32 vulnerabilities, including 1 critical remote code execution vulnerability. The Critical Vulnerability CVE-2022-1853, Critical Severity – A ‘use-after-free’ in IndexedDB. Successful exploitation of the vulnerability may result in remote code execution. For the full list…
-
Threat Intelligence
Cash Register Vendors Targeted, AutoSoft Compromised by Ransomware in a Supply-Chain Attack
May 22, 2022 Cash Register Vendors Targeted, AutoSoft Compromised by Ransomware in a Supply-Chain Attack On May 17th, the cash register vendor AutoSoft has been targeted by the infamous ‘LockBit 2.0’ ransomware. According to a private statement sent to their customers by AutoSoft, 200 computers have been compromised, and attempts are being made to contact…
-
Threat Intelligence
Critical WordPress ‘Jupiter’ Theme & Plugin Privilege Escalation
May 18, 2022 Critical WordPress ‘Jupiter’ Theme & Plugin Privilege Escalation According to an advisory by WordFence, a critical privilege escalation vulnerability affecting ‘Jupiter’ theme and ‘JupiterX Core’ plugin for WordPress was detected and patched. The Vulnerability CVE-2022-1654 (CVSS 3.1: 9.9, Critical) – Authenticated Privilege Escalation and Post deletion. The vulnerability enables any authenticated attacker,…
-
Guides & E-books
The Real State of DevSecOps and Where It’s Going
Get the ultimate 2021 DevSecOps guide to bolster the capabilities of your DevSecOps team. Find out about the challenges facing the field, what to watch out for, how to boost protection, and key takeaways regarding consolidation, compartmentalization, and accountability.
-
Guides & E-books
Hacker Simulation and Strategic Monitoring
Hacker Simulators are tools and exercises that help businesses understand and improve their security posture by evaluating the effectiveness of their cybersecurity.
-
Guides & E-books
Cybersecurity and Data Protection Laws: European Financial Services Firms
Financial services firms’ exact data protection and cybersecurity obligations may vary according to where in Europe there are based and what services they provide
-
Guides & E-books
How to Choose Cyber Security Tools That Won’t Get You Fired
Prepare for the never-ending uphill battle every security leader faces with an overview of the types of security tools on the market and how to decide which are best for your needs.
-
Guides & E-books
Questions to Ask Your Incident Response Provider
Incident response (IR) is critical to mitigating the fallout from a data breach. If your business uses a managed SOC provider for its cybersecurity, then incident response must be included in your package.
-
Guides & E-books
Ransomware Explained (Part 2): What is it and how to prevent it
Ransomware attacks are all too common in the cyber world. As such, understanding what they are is critical, and can be found here.
-
Threat Intelligence
‘Follina’: A Microsoft 0-Day RCE Vulnerability Exploited in the Wild
May 31, 2022 ‘Follina’: A Microsoft 0-Day RCE Vulnerability Exploited in the Wild Microsoft has released an advisory regarding a new 0-day remote code execution vulnerability in Microsoft Windows support diagnostic tool (MSDT). The vulnerability is exploited in the wild. Named ‘Follina’ by the cybersecurity community, Microsoft have not released a patch for this vulnerability…
-
Threat Intelligence
Google Patches 32 Chrome Vulnerabilities, 1 Critical RCE
May 26, 2022 Google Patches 32 Chrome Vulnerabilities, 1 Critical RCE Google has released Chrome version 102.0.5005.61 for Desktop, patching 32 vulnerabilities, including 1 critical remote code execution vulnerability. The Critical Vulnerability CVE-2022-1853, Critical Severity – A ‘use-after-free’ in IndexedDB. Successful exploitation of the vulnerability may result in remote code execution. For the full list…
-
Threat Intelligence
Cash Register Vendors Targeted, AutoSoft Compromised by Ransomware in a Supply-Chain Attack
May 22, 2022 Cash Register Vendors Targeted, AutoSoft Compromised by Ransomware in a Supply-Chain Attack On May 17th, the cash register vendor AutoSoft has been targeted by the infamous ‘LockBit 2.0’ ransomware. According to a private statement sent to their customers by AutoSoft, 200 computers have been compromised, and attempts are being made to contact…
-
Threat Intelligence
Critical WordPress ‘Jupiter’ Theme & Plugin Privilege Escalation
May 18, 2022 Critical WordPress ‘Jupiter’ Theme & Plugin Privilege Escalation According to an advisory by WordFence, a critical privilege escalation vulnerability affecting ‘Jupiter’ theme and ‘JupiterX Core’ plugin for WordPress was detected and patched. The Vulnerability CVE-2022-1654 (CVSS 3.1: 9.9, Critical) – Authenticated Privilege Escalation and Post deletion. The vulnerability enables any authenticated attacker,…
-
Threat Intelligence
VMWare Patches Critical Authentication Bypass Vulnerability
May 19, 2022 VMWare Patches Critical Authentication Bypass Vulnerability VMWare has patched a critical vulnerability, which may allow attackers to obtain administrative access without the need to authenticate. The Vulnerability CVE-2022-22972, (CVSS 3.1: 9.8, Critical) – A malicious actor with network access to the UI may be able to obtain administrative access without authentication. Affected Products VMware…
-
Threat Intelligence
NVIDIA fixes 10 vulnerabilities, 2 Leading to ACE in Windows GPU display drivers
May 18, 2022 NVIDIA fixes 10 vulnerabilities, 2 Leading to ACE in Windows GPU display drivers NVIDIA has released a security update that addresses 4 high-severity and 6 medium-severity vulnerabilities in its GPU drivers. The vulnerabilities can lead denial of service, information exposure, privilege elevation, arbitrary code execution (ACE), etc. The ACE Vulnerabilities CVE-2022-28181, High…