Resources

Learn about CYREBRO’s platform, technology, and capabilities, read about industry insights, watch webinars with cyber experts, and much more in the resources below.

  • Spring Patched ‘Spring4Shell’ 0-Day RCE Vulnerability
    Threat Intelligence

    Spring Patched ‘Spring4Shell’ 0-Day RCE Vulnerability

    April 3, 2022 Spring Patched ‘Spring4Shell’ 0-Day RCE Vulnerability In an official advisory, Spring has addressed the ‘Spring4Shell’ remote code execution 0-day vulnerability, clarifying which ‘Spring Framework’ configurations are vulnerable, how to detect impact, and assigning a proper CVE to the vulnerability. The Vulnerability CVE-2022-22965 (dubbed ‘Spring4Shell’), Critical – A Spring MVC or Spring WebFlux application running on JDK 9+ may…

    Read More
  • Spring: 2 RCE Vulnerabilities, 1 Zero-Day
    Threat Intelligence

    Spring: 2 RCE Vulnerabilities, 1 Zero-Day

    March 31, 2022  Spring: 2 RCE Vulnerabilities, 1 Zero-Day Multiple sources have reported of 2 remote code execution vulnerabilities. One RCE affects ‘Spring Cloud Function’, and the second RCE is a critical zero-day vulnerability dubbed ‘Spring4Shell‘, affecting ‘Spring Core’ with JDK version 9.0 or newer, running specific configurations. Currently, the ‘Spring4Shell’ vulnerability has only a workaround available.…

    Read More
  • CISO Series Podcast Featuring CYREBRO’s CTO, Ori Arbel – What’s Next in Security
    Podcast & Webinars

    CISO Series Podcast Featuring CYREBRO’s CTO, Ori Arbel – What’s Next in Security

    How do CISOs digest the latest cybersecurity trends of 2022? What struggles do companies deal with surrounding cloud migrations and how can they overcome them?

    Read More
  • SonicWall Patches a Critical SonicOS RCE Vulnerability
    Threat Intelligence

    SonicWall Patches a Critical SonicOS RCE Vulnerability

    March 29, 2022 SonicWall Patches a Critical SonicOS RCE Vulnerability SonicWall has released a security advisory addressing a critical vulnerability in SonicOS which may lead to an unauthenticated remote code execution in a wide range of SonicWall firewall products. The Vulnerability CVE-2022-22274 (CVSS 3.0: 9.4, Critical) – A Stack-based buffer overflow vulnerability in the SonicOS via HTTP request allows a remote unauthenticated…

    Read More
  • ‘Okta’ Data Breach – 23/03 Update
    Threat Intelligence

    ‘Okta’ Data Breach – 23/03 Update

    March 23, 2022 ‘Okta’ Data Breach – 23/03 Update ‘Okta’ has published an updated statement regarding the incident. The statements are updated frequently and can be found on ‘Okta’s official blog. Meanwhile, Microsoft – who has also fallen victim to ‘LAPSUS$’s attacks – has addressed the recent spike in cybersecurity incidents caused by the threat group…

    Read More
  • Apple Patches 87 Vulnerabilities, 3 macOS Monterey RCEs
    Threat Intelligence

    Apple Patches 87 Vulnerabilities, 3 macOS Monterey RCEs

    March 16, 2022 Apple has patched 3 remote code execution vulnerabilities in the ‘WebKit’ component, affecting macOS Monterey prior to version 12.3. Overall, Apple has patched 87 vulnerabilities over multiple products. The full updated products list can be found on the Apple security updates page. The RCE Vulnerabilities All RCE vulnerabilities are in the ‘WebKit’ component, one…

    Read More
View More
  • Microsoft Patches 6 0-Days, 1 Actively Exploited, Apple Patches 24 RCEs
    Threat Intelligence

    Microsoft Patches 6 0-Days, 1 Actively Exploited, Apple Patches 24 RCEs

    Last published on: December 14, 2021 Microsoft Patches 6 0-Days, 1 Actively Exploited, 26 RCE Vulnerabilities As part of December’s security rollup updates, Microsoft has patched 6 Zero-Days (1 actively exploited in the wild), as well as 26 Remote Code Execution vulnerabilities. Overall, Microsoft has patched 55 (67 including Microsoft Edge) vulnerabilities across  Windows, Office,…

    Read More
  • Google Chrome 0-Day Vulnerability Exploited in the Wild
    Threat Intelligence

    Google Chrome 0-Day Vulnerability Exploited in the Wild

    Google has released an emergency update for Chrome, addressing an actively exploited Zero-Day, as well as 4 additional vulnerabilities.

    Read More
  • New Log4j Patch, Vendors Release Security Advisories
    Threat Intelligence

    New Log4j Patch, Vendors Release Security Advisories

    Last published on: December 15, 2021 New Log4j Vulnerability – Patch Available Apache has released a new patch for the Log4j, addressing a new vulnerability discovered, tracked as CVE-2021-45046 (CVSS 3.0 score 3.7), that may allow threat actors to cause Denial-of-Service (DoS) attacks in certain scenarios. According to Apache, this vulnerability is not patched in…

    Read More
  • GoDaddy Data Breach Affects 1.2M Costumers
    Threat Intelligence

    GoDaddy Data Breach Affects 1.2M Costumers

    GoDaddy, the web-hosting giant, has disclosed it has suffered from a data breach. The attackers have gained access to GoDaddy’s Managed WordPress hosting environment. Although the breach was discovered on November 17, according to GoDaddy’s investigation the attackers have infiltrated the systems on September 6. The attackers have gained access to the following information: Up…

    Read More
  • Cisco has released updates fixing critical RCE vulnerabilities
    Threat Intelligence

    Cisco has released updates fixing critical RCE vulnerabilities

    Cisco has released updates fixing multiple critical vulnerabilities in Cisco Policy Suite and Cisco Catalyst PON Series Switches Optical Network Terminal. Successful exploitation of the vulnerabilities may lead to Remote Code Execution and Full System Compromise. The Vulnerabilities CVE-2021-40119(CVSS 3.1: 9.8, Critical) A vulnerability in the key-based SSH authentication mechanism of Cisco Policy Suite could allow an unauthenticated, remote attacker to log in to an affected system…

    Read More
  • Apache Patches Critical Apache HTTP Server RCE Vulnerability Exploited-in-the-Wild
    Threat Intelligence

    Apache Patches Critical Apache HTTP Server RCE Vulnerability Exploited-in-the-Wild

    Apache Software has released an update patching critical remote code execution vulnerability in Apache HTTP Server.

    Read More
View More