Resources
Learn about CYREBRO’s platform, technology, and capabilities, read about industry insights, watch webinars with cyber experts, and much more in the resources below.
-
Threat Intelligence
Zyxel Patches a Critical Firewall Vulnerability
May 15, 2022 Zyxel Patches a Critical Firewall Vulnerability Zyxel has released a security advisory addressing a critical unauthenticated remote command Injection vulnerability affecting several firewall models. The Vulnerability CVE-2022-30525 (CVSS:9.8 – critical) – An unauthenticated remote command injection via the HTTP interface vulnerability, affecting Zyxel firewalls supporting Zero Touch Provisioning (ZTP). Successful Exploitation could…
-
Threat Intelligence
Microsoft Patches 3 0-Days & 24 RCEs
May 11, 2022 Microsoft Patches 3 0-Days & 24 RCEs As part of May’s monthly security rollup updates, Microsoft has patched 3 0-Days (1 actively exploited), and 24 remote code execution vulnerabilities. Overall, Microsoft has patched 75 vulnerabilities across Windows, Windows Server, Hyper-V, Azure, Office and other products. The Zero-Day Vulnerabilities CVE-2022-26904 (CVSS 3.1: 8.1, High Severity) –…
-
Threat Intelligence
F5 Patches Critical BIG-IP Device Takeover Vulnerability
May 8, 2022 F5 Patches Critical BIG-IP Device Takeover Vulnerability F5 has patched a critical vulnerability affecting BIG-IP devices that may lead to device takeover. The Vulnerability CVE-2022-1388 (CVSS 3.1: 9.8, Critical) – Undisclosed requests may bypass iControl REST authentication. This may result in remote code execution and modification of files and services. Affected Products…
-
Threat Intelligence
Cisco Patches 2 NFVIS RCE Vulnerabilities
May 8, 2022 Cisco Patches 2 NFVIS RCE Vulnerabilities Cisco has patched 2 NFV Infrastructure Software remote code execution vulnerabilities, one rated critical. Cisco NFVIS is a Linux-based infrastructure software for deploying virtualized network functions (virtual router, firewall, WAN acceleration, etc.) on a supported Cisco appliance. The Vulnerabilities CVE-2022-20777 (CVSS 3.1: 9.9, Critical) – A…
-
Threat Intelligence
Atlassian Patches Critical Jira Authentication Bypass Vulnerability
April 24, 2022 Atlassian Patches Critical Jira Authentication Bypass Vulnerability Atlassian has issued a security advisory addressing a critical authentication bypass vulnerability affecting Jira and Jira Service Management (non-cloud versions). Exploiting the vulnerability may lead to remote code execution on the affected system. The Vulnerability CVE-2022-0540 (CVSS 3.1: 9.9, Critical) – A vulnerability in Jira…
-
Threat Intelligence
Microsoft Patches Zero-Day Vulnerability in Edge browser Exploited in the Wild
April 17, 2022 Microsoft Patches Zero-Day Vulnerability in Edge browser Exploited in the Wild Following the update of Google Chrome, Microsoft has released an emergency update for Edge, addressing an actively exploited Zero-Day. The updated version is 100.0.1185.44 for Windows, Mac, and Linux. The Vulnerability CVE-2021-4102, High Severity – type confusion weakness in the Chrome V8…
-
Threat Intelligence
Microsoft Patches 3 Zero-Days, HP Patches 16 UEFI Vulnerabilities & Critical Vulnerabilities patched in APC Smart UPS
March 10, 2022 Microsoft Patches 3 Zero-Days & 3 Critical RCE vulnerabilities As part of the monthly security rollup updates, Microsoft has patched 3 Zero-Days, one being actively exploited in the wild, and 3 Critical-Rated Microsoft Security vulnerabilities. In total, Microsoft has patched 71 vulnerabilities, not including 21 Microsoft Edge vulnerabilities. The Vulnerabilities: The Zero-Day…
-
Threat Intelligence
Google Patches Exploited in the Wild Chrome Zero-Day
February 16, 2022 Google has released an emergency update, addressing an exploited in the wild zero-day vulnerability in Chrome. No further details were released regarding the vulnerability except that it is a ‘use after free’ bug in the animation component, a type of vulnerability that typically leads to remote code execution on affected systems. The…
-
Threat Intelligence
‘OAuth’ Phishing Campaign Targeting ‘Microsoft 365’ Users & Adobe Patches 2 Zero-Days and 8 ACEs
January 27, 2022 Note: this CTI contains 2 alerts: Microsoft Advisory & Apple Updates Phishing Campaign Targeting ‘Microsoft 365’ Users Abuses ‘OAuth Request’ Links Microsoft has recently detected a ‘Consent Phishing’ campaign targeting ‘Microsoft 365’ users in which threat actors abuse ‘OAuth’ request links to allow a malicious app called ‘Upgrade’ to access victims’ email, contacts and…
-
Threat Intelligence
SolarWinds Patches Serv-U Vulnerability Actively Exploited for Log4J Attacks
January 20, 2022 SolarWinds released an update addressing an improper input validation vulnerability in Serv-U. The vulnerability has been actively exploited by threat actors to spread Log4J attacks to internal network devices. The Vulnerability CVE-2021-35247 (CVSS 3.1: 4.3) – Improper Input Validation: The Serv-U web login screen to LDAP authentication was allowing characters that were not…
-
Threat Intelligence
Microsoft Patches 6 Zero-Days & 29 RCEs, 97 Vulnerabilities Overall
January 12, 2022 As part of January’s monthly rollup updates, Microsoft has patched 6 Zero-Days and a total of 29 Remote Code Execution vulnerabilities. Overall, Microsoft has patched 97 vulnerabilities across Windows, Hyper-V, and Office. The Zero-Day Vulnerabilities CVE-2022-21919 (CVSS 3.1: 7.0, High Severity) – Windows User Profile Service Elevation of Privilege Vulnerability. CVE-2022-21874 (CVSS 3.1: 7.8, High Severity) – Windows…
-
Threat Intelligence
Google Patches 37 Chrome Vulnerabilities, 1 Critical RCE
January 06, 2022 Google has released Chrome version 97.0.4692.71, patching 37 vulnerabilities, including 1 Critical ‘use-after-free’ vulnerability, exploitation of which leads to remote code execution (RCE). The RCE Vulnerability CVE-2022-0096, Critical use-after-free in the Storage component. The vulnerability can be exploited remotely, which could have devastating effects ranging from corruption of valid data to the execution of malicious code on…