Resources
Learn about CYREBRO’s platform, technology, and capabilities, read about industry insights, watch webinars with cyber experts, and much more in the resources below.
-
Threat Intelligence
Critical WordPress “Elementor” Addons Plugin Site-Takeover Vulnerability
May 14, 2023 Critical WordPress “Elementor” Addons Plugin Site-Takeover Vulnerability ‘Essential Addons for Elementor’ has released patch for a critical vulnerability. Successful exploitation can allow an unauthenticated attacker to impersonate an administrator and completely take over a website without requiring any user interaction or social engineering. The Vulnerability CVE-2023-32243 (CVSS 3.1: 9.8, Critical) – Improper Authentication vulnerability…
-
Threat Intelligence
Ruckus RCE vulnerability exploits in the wild
May 10, 2023 Ruckus RCE vulnerability exploits in the wild Following the critical vulnerability in Ruckus Wireless Admin panels that was fixed on February 8, 2023. Exploitation of the vulnerability by a botnet named ‘AndoryuBot’ and remote code execution was observed. The Critical Vulnerability CVE-2023-25717 (CVSS 3.1: 9.1, Critical) Vulnerability in Ruckus Wireless Admin panels…
-
Threat Intelligence
SAP Patches Critical Vulnerabilitiy Affects SAP BusinessObjects Intelligence Platform
May 10, 2023 SAP Patches Critical Vulnerabilitiy Affects SAP BusinessObjects Intelligence Platform As part of May monthly security rollup updates, SAP has released patches to resolve several vulnerabilities which affect several SAP products including critical vulnerability affects SAP BusinessObjects Intelligence Platform. The Critical Vulnerability CVE-2023-28762 (CVSS 3.1: 9.1, Critical) -An Information Disclosure vulnerabilities in SAP…
-
Threat Intelligence
Cisco phone adapters vulnerable to RCE attacks
May 10, 2023 Cisco phone adapters vulnerable to RCE attacks Cisco has identified a vulnerability in the web-based management interface of Cisco SPA112 2-Port Phone Adapters that allows an unauthenticated, remote attacker to execute arbitrary code on the devices. Since Cisco SPA112 2-Port Phone Adapters are unlikely to be connected to the Internet, these issues…
-
Threat Intelligence
Mozilla Patches RCE Vulnerabilities in Firefox & Firefox ESR
May 10, 2023 Mozilla Patches RCE Vulnerabilities in Firefox & Firefox ESR Mozilla has released security updates to address vulnerabilities in Firefox. An attacker could exploit these vulnerabilities to take control of an affected system. The RCE Vulnerabilities CVE-2023-32215 High severity – Memory corruption vulnerability, successful exploitation of which may allow a malicious actor to remotely run…
-
Threat Intelligence
Microsoft Patches Actively-Exploited 3 Zero-Days & 12 RCE Vulnerabilities
May 10, 2023 Microsoft Patches Actively-Exploited 3 Zero-Days & 12 RCE Vulnerabilities As part of May monthly security rollup updates, Microsoft has patched 3 Zero-Day and 12 Remote Code Execution (RCE) vulnerabilities. Overall, Microsoft has patched 40 vulnerabilities across Windows, VS, Edge, Office, RDP and others. The Zero-Day Vulnerabilities CVE-2023-29336, (CVSS 3.1: 7.8, High-Severity) –…
-
Guides & E-books
The 6 Critical Capabilities of a Complete SOC Solution
A SOC solution is an ideal way for businesses to maintain proper protection and response against cyberattacks, especially before they occur.
-
Guides & E-books
7 Steps to Effective Incident Response
This guide is meant to help you take the first steps to creating an effective incident response plan. Every organization is different, so use this guide as a framework to create an incident response plan (IRP) that is uniquely tailored to your organization.
-
Guide
Predictions for 2022
Cybersecurity should be considered a right, not a privilege. As such, investment into solutions that can transform chaos into clarity, as well as improving employee awareness, will be critical when facing threats into 2022 and beyond
-
Guides & E-books
The Real State of DevSecOps and Where It’s Going
Get the ultimate 2021 DevSecOps guide to bolster the capabilities of your DevSecOps team. Find out about the challenges facing the field, what to watch out for, how to boost protection, and key takeaways regarding consolidation, compartmentalization, and accountability.
-
Guides & E-books
Hacker Simulation and Strategic Monitoring
Hacker Simulators are tools and exercises that help businesses understand and improve their security posture by evaluating the effectiveness of their cybersecurity.
-
Guides & E-books
Cybersecurity and Data Protection Laws: European Financial Services Firms
Financial services firms’ exact data protection and cybersecurity obligations may vary according to where in Europe there are based and what services they provide
-
Threat Intelligence
Ruckus RCE vulnerability exploits in the wild
May 10, 2023 Ruckus RCE vulnerability exploits in the wild Following the critical vulnerability in Ruckus Wireless Admin panels that was fixed on February 8, 2023. Exploitation of the vulnerability by a botnet named ‘AndoryuBot’ and remote code execution was observed. The Critical Vulnerability CVE-2023-25717 (CVSS 3.1: 9.1, Critical) Vulnerability in Ruckus Wireless Admin panels…
-
Threat Intelligence
SAP Patches Critical Vulnerabilitiy Affects SAP BusinessObjects Intelligence Platform
May 10, 2023 SAP Patches Critical Vulnerabilitiy Affects SAP BusinessObjects Intelligence Platform As part of May monthly security rollup updates, SAP has released patches to resolve several vulnerabilities which affect several SAP products including critical vulnerability affects SAP BusinessObjects Intelligence Platform. The Critical Vulnerability CVE-2023-28762 (CVSS 3.1: 9.1, Critical) -An Information Disclosure vulnerabilities in SAP…
-
Threat Intelligence
Cisco phone adapters vulnerable to RCE attacks
May 10, 2023 Cisco phone adapters vulnerable to RCE attacks Cisco has identified a vulnerability in the web-based management interface of Cisco SPA112 2-Port Phone Adapters that allows an unauthenticated, remote attacker to execute arbitrary code on the devices. Since Cisco SPA112 2-Port Phone Adapters are unlikely to be connected to the Internet, these issues…
-
Threat Intelligence
Mozilla Patches RCE Vulnerabilities in Firefox & Firefox ESR
May 10, 2023 Mozilla Patches RCE Vulnerabilities in Firefox & Firefox ESR Mozilla has released security updates to address vulnerabilities in Firefox. An attacker could exploit these vulnerabilities to take control of an affected system. The RCE Vulnerabilities CVE-2023-32215 High severity – Memory corruption vulnerability, successful exploitation of which may allow a malicious actor to remotely run…
-
Threat Intelligence
Microsoft Patches Actively-Exploited 3 Zero-Days & 12 RCE Vulnerabilities
May 10, 2023 Microsoft Patches Actively-Exploited 3 Zero-Days & 12 RCE Vulnerabilities As part of May monthly security rollup updates, Microsoft has patched 3 Zero-Day and 12 Remote Code Execution (RCE) vulnerabilities. Overall, Microsoft has patched 40 vulnerabilities across Windows, VS, Edge, Office, RDP and others. The Zero-Day Vulnerabilities CVE-2023-29336, (CVSS 3.1: 7.8, High-Severity) –…
-
Threat Intelligence
Critical RCE Vulnerability in Linux Kernel
May 10, 2023 Critical RCE Vulnerability in Linux Kernel A novel Linux NetFilter kernel use-after-free vulnerability has been discovered, allows unprivileged local users to escalate their privileges to root level and perform code execution, and potentially total control over a machine. The Vulnerability CVE-2023-32233 – An use-after-free in Netfilter nf_tables when processing batch requests, allows…