Resources

Learn about CYREBRO’s platform, technology, and capabilities, read about industry insights, watch webinars with cyber experts, and much more in the resources below.

  • Microsoft Patches ‘Follina’ 0-Day & 27 RCE Vulnerabilities  
    Threat Intelligence

    Microsoft Patches ‘Follina’ 0-Day & 27 RCE Vulnerabilities  

    June 15, 2022  Microsoft Patches ‘Follina’ 0-Day & 27 RCE Vulnerabilities As part of June’s monthly security rollup updates, Microsoft has patched the recent ‘Follina‘ 0-Day as well as 27 Remote Code Execution vulnerabilities.  Overall, Microsoft has patched 55 vulnerabilities across Windows, Azure, Office, SQL Server, Hyper-V, Edge, RVSS, .NET & Visual Studio.  The 0-Day Vulnerability CVE-2022-30190…

    Read More
  • Incident Response Analysis Report
    Guides & E-books

    Incident Response Analysis Report

    After analyzing numerous internal incident response (IR) reports, CYREBRO discovered a shocking statistic: 75% of reported security incidents were caused by inadequate investment in security solutions that caused blind spots in network visibility. Given that a single, minor blind spot can put your business at risk, ensuring that you achieve 100% visibility is critical.

    Read More
  • Google Patches 7 Chrome Vulnerabilities, 1 RCE
    Threat Intelligence

    Google Patches 7 Chrome Vulnerabilities, 1 RCE

    June 12, 2022  Google Patches 7 Chrome Vulnerabilities, 1 RCE Google has patched a remote code execution vulnerability in Chrome.   The newly released Chrome version 102.0.5005.115 for Windows, Mac and Linux addresses 7 vulnerabilities overall.  The RCE Vulnerability CVE-2022-2007, High Severity – Use after free in WebGPU. The vulnerability is remotely exploitable and doesn’t require…

    Read More
  • GitLab Patches a Critical Account Takeover Vulnerability
    Threat Intelligence

    GitLab Patches a Critical Account Takeover Vulnerability

    June 6, 2022  GitLab Patches a Critical Account Takeover Vulnerability GitLab has released a critical security update, patching a critical account takeover vulnerability, as well as 7 other, less severe vulnerabilities. The critical vulnerability affects only GitLab Enterprise Edition (EE) under certain conditions, described in the next section below. The Critical Vulnerability CVE-2022-1680, (CVSS 3.0:…

    Read More
  • Atlassian Patches a Critical Confluence RCE Vulnerability Exploited in the Wild
    Threat Intelligence

    Atlassian Patches a Critical Confluence RCE Vulnerability Exploited in the Wild

    June 6, 2022  Atlassian Patches a Critical Confluence RCE Vulnerability Exploited in the Wild Atlassian has released new Confluence ‘Server’ and ‘Data Center’ versions addressing an exploited in the wild critical remote code execution vulnerability. The Vulnerability CVE-2022-26134, Critical Severity – OGNL injection vulnerability allows an unauthenticated user to execute arbitrary code on a Confluence…

    Read More
  • ‘Follina’: A Microsoft 0-Day RCE Vulnerability Exploited in the Wild
    Threat Intelligence

    ‘Follina’: A Microsoft 0-Day RCE Vulnerability Exploited in the Wild

    May 31, 2022  ‘Follina’: A Microsoft 0-Day RCE Vulnerability Exploited in the Wild Microsoft has released an advisory regarding a new 0-day remote code execution vulnerability in Microsoft Windows support diagnostic tool (MSDT). The vulnerability is exploited in the wild.  Named ‘Follina’ by the cybersecurity community, Microsoft have not released a patch for this vulnerability…

    Read More
View More
  • Atlassian Patches Critical Jira Authentication Bypass Vulnerability
    Threat Intelligence

    Atlassian Patches Critical Jira Authentication Bypass Vulnerability

    April 24, 2022  Atlassian Patches Critical Jira Authentication Bypass Vulnerability  Atlassian has issued a security advisory addressing a critical authentication bypass vulnerability affecting Jira and Jira Service Management (non-cloud versions).  Exploiting the vulnerability may lead to remote code execution on the affected system.  The Vulnerability CVE-2022-0540 (CVSS 3.1: 9.9, Critical) – A vulnerability in Jira…

    Read More
  • Microsoft Patches Zero-Day Vulnerability in Edge browser Exploited in the Wild 
    Threat Intelligence

    Microsoft Patches Zero-Day Vulnerability in Edge browser Exploited in the Wild 

    April 17, 2022 Microsoft Patches Zero-Day Vulnerability in Edge browser Exploited in the Wild Following the update of Google Chrome, Microsoft has released an emergency update for Edge, addressing an actively exploited Zero-Day.  The updated version is 100.0.1185.44 for Windows, Mac, and Linux.  The Vulnerability CVE-2021-4102, High Severity – type confusion weakness in the Chrome V8…

    Read More
  • Google Chrome 0-Day Vulnerability Exploited in the Wild
    Threat Intelligence

    Google Chrome 0-Day Vulnerability Exploited in the Wild

    April 17, 2022  Google Chrome 0-Day Vulnerability Exploited in the Wild Google has released an emergency update for Chrome, addressing an actively exploited Zero-Day.  The updated version is 100.0.4896.127 for Windows, Mac and Linux.  The Vulnerability CVE-2021-4102, High Severity – type confusion weakness in the Chrome V8 JavaScript engine.  While type confusion vulnerabilities typically cause browser…

    Read More
  • Microsoft Patches 2 0-Days & 47 RCE Vulnerabilities, Google Patches 5 Chrome RCEs, Apache Patches RCE in ‘Struts 2’
    Threat Intelligence

    Microsoft Patches 2 0-Days & 47 RCE Vulnerabilities, Google Patches 5 Chrome RCEs, Apache Patches RCE in ‘Struts 2’

    April 14, 2022 Microsoft Patches 2 0-Days & 47 RCE Vulnerabilities, Google Patches 5 Chrome RCEs, Apache Patches RCE in ‘Struts 2’ Microsoft Patches 2 0-Days & 47 RCE Vulnerabilities As part of April’s monthly security rollup updates, Microsoft has patched 2 0-Day and 47 Remote Code Execution vulnerabilities.  Overall, Microsoft has patched 119 vulnerabilities across…

    Read More
  • VMware Patches 3 RCEs & 2 Authentication Bypass Vulnerabilities Affecting Multiple Products
    Threat Intelligence

    VMware Patches 3 RCEs & 2 Authentication Bypass Vulnerabilities Affecting Multiple Products

    April 7, 2022 VMware Patches 3 RCEs & 2 Authentication Bypass Vulnerabilities Affecting Multiple Products VMware has patched 3 remote code execution vulnerabilities and 2 authentication bypass vulnerabilities.  In total, VMware has patched 8 vulnerabilities affecting ‘Workspace One Access’, ‘Identity Manager’, ‘vRealize Automation’, ‘vRealize Suite Lifecycle Manager’, and ‘Cloud Foundation’. The Vulnerabilities CVE-2022-22954 (CVSS 3.1: 9.8, Critical) – Server-side Template Injection. A malicious…

    Read More
  • Zyxel Patches a Critical Firewall Authentication Bypass Vulnerability
    Threat Intelligence

    Zyxel Patches a Critical Firewall Authentication Bypass Vulnerability

    April 5, 2022 Zyxel Patches a Critical Firewall Authentication Bypass Vulnerability Zyxel has released a security advisory addressing a critical authentication bypass vulnerability affecting several firewall models. The Vulnerability CVE-2022-0342 (CVSS 3.1: 9.8, Critical) – An authentication bypass vulnerability which could allow an attacker to bypass the web authentication and obtain administrative access of the device. Vulnerable Products The following…

    Read More
View More