Resources
Learn about CYREBRO’s platform, technology, and capabilities, read about industry insights, watch webinars with cyber experts, and much more in the resources below.
-
Threat Intelligence
Django SQL Injection Vulnerability Exists in the Wild
July 4, 2022 Django SQL Injection Vulnerability Exists in the Wild The Django project, an open-source Python-based web framework, has patched a high severity SQL Injection vulnerability in its latest releases. The vulnerability affects thousands of websites which use Django as their Model-Template-View framework. The Vulnerability CVE-2022-34265 (High severity) – a potential SQL Injection vulnerability…
-
Threat Intelligence
29 0-Day Vulnerabilities Reported in 29 Jenkins Plugins
July 3, 2022 29 0-Day Vulnerabilities Reported in 29 Jenkins Plugins The Jenkins security team has reported 34 vulnerabilities (29 of them being 0-days) affecting 29 Jenkins plugins. Successful exploitation of the vulnerabilities may lead to remote code execution and system compromise. Jenkins is an open-source automation server mostly used for the DevOps process. There…
-
Threat Intelligence
High Severity Vulnerability Affecting All Major Linux Distros Exploited in the Wild
June 30, 2022 High Severity Vulnerability Affecting All Major Linux Distros Exploited in the Wild A high severity privilege escalation vulnerability in the ‘Polkit’s ‘pkexec’ component, used by all major Linux distributions (including Ubuntu, Debian, Fedora, and CentOS) has been reported to be exploited in the wild. The vulnerability allows unauthorized users to gain root…
-
Threat Intelligence
Google has patched 3 remote code execution vulnerabilities in Chrome.
June 23, 2022 Google has patched 3 remote code execution vulnerabilities in Chrome The newly released Chrome version 103.0.5060.53 for Windows, Mac and Linux addresses 14 vulnerabilities overall. The Vulnerabilities CVE-2022-2156, Critical severity – ‘Use after free’ in ‘Base’. CVE-2022-2157, High severity – Use after free in ‘Interest groups’. CVE-2022-2161, Medium severity – Use after free…
-
Case Studies
Ransomware Attack Prevented: CYREBRO Incident Response Case Study
A global manufacturing company was established well over a century ago, with over 5,000 employees today and an annual revenue of over 1 billion USD.
-
Threat Intelligence
Citrix Patches ADM Account Takeover Vulnerability
June 15, 2022 Citrix Patches ADM Account Takeover Vulnerability Citrix has patched an improper access control vulnerability affecting the Application Delivery Management solution (Citrix ADM), which may lead to an account takeover. The Vulnerability CVE-2022-27511 – Corruption of the system by a remote, unauthenticated user potentially leading to the reset of the administrator password,…
-
Threat Intelligence
NVIDIA fixes 10 vulnerabilities, 2 Leading to ACE in Windows GPU display drivers
May 18, 2022 NVIDIA fixes 10 vulnerabilities, 2 Leading to ACE in Windows GPU display drivers NVIDIA has released a security update that addresses 4 high-severity and 6 medium-severity vulnerabilities in its GPU drivers. The vulnerabilities can lead denial of service, information exposure, privilege elevation, arbitrary code execution (ACE), etc. The ACE Vulnerabilities CVE-2022-28181, High…
-
Threat Intelligence
Apple Patches 50 Vulnerabilities in Apple macOS Big Sur 11.6.6, Including 2 Zero-Days
May 17, 2022 Apple Patches 50 Vulnerabilities in Apple macOS Big Sur 11.6.6, Including 2 Zero-Days Apple has released security updates to address 2 zero-day vulnerabilities actively exploited in the wiled in attacks targeting Macs and Apple Watch devices. Overall, Apple has patched 50 vulnerabilities in Apple macOS Big Sur 11.6.6, including several arbitrary code…
-
Threat Intelligence
Zyxel Patches a Critical Firewall Vulnerability
May 15, 2022 Zyxel Patches a Critical Firewall Vulnerability Zyxel has released a security advisory addressing a critical unauthenticated remote command Injection vulnerability affecting several firewall models. The Vulnerability CVE-2022-30525 (CVSS:9.8 – critical) – An unauthenticated remote command injection via the HTTP interface vulnerability, affecting Zyxel firewalls supporting Zero Touch Provisioning (ZTP). Successful Exploitation could…
-
Threat Intelligence
Microsoft Patches 3 0-Days & 24 RCEs
May 11, 2022 Microsoft Patches 3 0-Days & 24 RCEs As part of May’s monthly security rollup updates, Microsoft has patched 3 0-Days (1 actively exploited), and 24 remote code execution vulnerabilities. Overall, Microsoft has patched 75 vulnerabilities across Windows, Windows Server, Hyper-V, Azure, Office and other products. The Zero-Day Vulnerabilities CVE-2022-26904 (CVSS 3.1: 8.1, High Severity) –…
-
Threat Intelligence
F5 Patches Critical BIG-IP Device Takeover Vulnerability
May 8, 2022 F5 Patches Critical BIG-IP Device Takeover Vulnerability F5 has patched a critical vulnerability affecting BIG-IP devices that may lead to device takeover. The Vulnerability CVE-2022-1388 (CVSS 3.1: 9.8, Critical) – Undisclosed requests may bypass iControl REST authentication. This may result in remote code execution and modification of files and services. Affected Products…
-
Threat Intelligence
Cisco Patches 2 NFVIS RCE Vulnerabilities
May 8, 2022 Cisco Patches 2 NFVIS RCE Vulnerabilities Cisco has patched 2 NFV Infrastructure Software remote code execution vulnerabilities, one rated critical. Cisco NFVIS is a Linux-based infrastructure software for deploying virtualized network functions (virtual router, firewall, WAN acceleration, etc.) on a supported Cisco appliance. The Vulnerabilities CVE-2022-20777 (CVSS 3.1: 9.9, Critical) – A…