Resources
Learn about CYREBRO’s platform, technology, and capabilities, read about industry insights, watch webinars with cyber experts, and much more in the resources below.
-
Threat Intelligence
Google Patches 32 Chrome Vulnerabilities, 1 Critical RCE
May 26, 2022 Google Patches 32 Chrome Vulnerabilities, 1 Critical RCE Google has released Chrome version 102.0.5005.61 for Desktop, patching 32 vulnerabilities, including 1 critical remote code execution vulnerability. The Critical Vulnerability CVE-2022-1853, Critical Severity – A ‘use-after-free’ in IndexedDB. Successful exploitation of the vulnerability may result in remote code execution. For the full list…
-
Threat Intelligence
Cash Register Vendors Targeted, AutoSoft Compromised by Ransomware in a Supply-Chain Attack
May 22, 2022 Cash Register Vendors Targeted, AutoSoft Compromised by Ransomware in a Supply-Chain Attack On May 17th, the cash register vendor AutoSoft has been targeted by the infamous ‘LockBit 2.0’ ransomware. According to a private statement sent to their customers by AutoSoft, 200 computers have been compromised, and attempts are being made to contact…
-
Threat Intelligence
Critical WordPress ‘Jupiter’ Theme & Plugin Privilege Escalation
May 18, 2022 Critical WordPress ‘Jupiter’ Theme & Plugin Privilege Escalation According to an advisory by WordFence, a critical privilege escalation vulnerability affecting ‘Jupiter’ theme and ‘JupiterX Core’ plugin for WordPress was detected and patched. The Vulnerability CVE-2022-1654 (CVSS 3.1: 9.9, Critical) – Authenticated Privilege Escalation and Post deletion. The vulnerability enables any authenticated attacker,…
-
Threat Intelligence
VMWare Patches Critical Authentication Bypass Vulnerability
May 19, 2022 VMWare Patches Critical Authentication Bypass Vulnerability VMWare has patched a critical vulnerability, which may allow attackers to obtain administrative access without the need to authenticate. The Vulnerability CVE-2022-22972, (CVSS 3.1: 9.8, Critical) – A malicious actor with network access to the UI may be able to obtain administrative access without authentication. Affected Products VMware…
-
Threat Intelligence
NVIDIA fixes 10 vulnerabilities, 2 Leading to ACE in Windows GPU display drivers
May 18, 2022 NVIDIA fixes 10 vulnerabilities, 2 Leading to ACE in Windows GPU display drivers NVIDIA has released a security update that addresses 4 high-severity and 6 medium-severity vulnerabilities in its GPU drivers. The vulnerabilities can lead denial of service, information exposure, privilege elevation, arbitrary code execution (ACE), etc. The ACE Vulnerabilities CVE-2022-28181, High…
-
Threat Intelligence
Apple Patches 50 Vulnerabilities in Apple macOS Big Sur 11.6.6, Including 2 Zero-Days
May 17, 2022 Apple Patches 50 Vulnerabilities in Apple macOS Big Sur 11.6.6, Including 2 Zero-Days Apple has released security updates to address 2 zero-day vulnerabilities actively exploited in the wiled in attacks targeting Macs and Apple Watch devices. Overall, Apple has patched 50 vulnerabilities in Apple macOS Big Sur 11.6.6, including several arbitrary code…
-
Threat Intelligence
Apple Patches 2 Exploited in the Wild macOS 0-Days
April 4, 2022 Apple Patches 2 Exploited in the Wild macOS 0-Days Apple has released an emergency update to macOS ‘Monterey’, patching 2 exploited in the wild 0-day vulnerabilities, one of which allows for arbitrary code execution with kernel privileges. The Vulnerabilities CVE-2022-22675 – An out-of-bounds write issue may allow an application to execute arbitrary code with kernel privileges. Apple is aware…
-
Threat Intelligence
Spring Patched ‘Spring4Shell’ 0-Day RCE Vulnerability
April 3, 2022 Spring Patched ‘Spring4Shell’ 0-Day RCE Vulnerability In an official advisory, Spring has addressed the ‘Spring4Shell’ remote code execution 0-day vulnerability, clarifying which ‘Spring Framework’ configurations are vulnerable, how to detect impact, and assigning a proper CVE to the vulnerability. The Vulnerability CVE-2022-22965 (dubbed ‘Spring4Shell’), Critical – A Spring MVC or Spring WebFlux application running on JDK 9+ may…
-
Threat Intelligence
Spring: 2 RCE Vulnerabilities, 1 Zero-Day
March 31, 2022 Spring: 2 RCE Vulnerabilities, 1 Zero-Day Multiple sources have reported of 2 remote code execution vulnerabilities. One RCE affects ‘Spring Cloud Function’, and the second RCE is a critical zero-day vulnerability dubbed ‘Spring4Shell‘, affecting ‘Spring Core’ with JDK version 9.0 or newer, running specific configurations. Currently, the ‘Spring4Shell’ vulnerability has only a workaround available.…
-
Threat Intelligence
SonicWall Patches a Critical SonicOS RCE Vulnerability
March 29, 2022 SonicWall Patches a Critical SonicOS RCE Vulnerability SonicWall has released a security advisory addressing a critical vulnerability in SonicOS which may lead to an unauthenticated remote code execution in a wide range of SonicWall firewall products. The Vulnerability CVE-2022-22274 (CVSS 3.0: 9.4, Critical) – A Stack-based buffer overflow vulnerability in the SonicOS via HTTP request allows a remote unauthenticated…
-
Threat Intelligence
‘Okta’ Data Breach – 23/03 Update
March 23, 2022 ‘Okta’ Data Breach – 23/03 Update ‘Okta’ has published an updated statement regarding the incident. The statements are updated frequently and can be found on ‘Okta’s official blog. Meanwhile, Microsoft – who has also fallen victim to ‘LAPSUS$’s attacks – has addressed the recent spike in cybersecurity incidents caused by the threat group…
-
Threat Intelligence
Apple Patches 87 Vulnerabilities, 3 macOS Monterey RCEs
March 16, 2022 Apple has patched 3 remote code execution vulnerabilities in the ‘WebKit’ component, affecting macOS Monterey prior to version 12.3. Overall, Apple has patched 87 vulnerabilities over multiple products. The full updated products list can be found on the Apple security updates page. The RCE Vulnerabilities All RCE vulnerabilities are in the ‘WebKit’ component, one…