Resources

Learn about CYREBRO’s platform, technology, and capabilities, read about industry insights, watch webinars with cyber experts, and much more in the resources below.

  • SAP Patches High-Severity Vulnerabilities
    Threat Intelligence

    SAP Patches High-Severity Vulnerabilities

    June 14, 2023 As part of June monthly security rollup updates, SAP has released patches to resolve several vulnerabilities which affect several SAP products, with a particular focus on Cross-Site Scripting (XSS) vulnerabilities The Notable High-Severity Vulnerabilities CVE-2023-33991 (CVSS 3.1: 8.2, High) – Cross-Site Scripting (XSS) vulnerability in SAP UI5 Variant Management After successful exploitation,…

  • VMware Tools Actively Exploited Zero-Day Vulnerability
    Threat Intelligence

    VMware Tools Actively Exploited Zero-Day Vulnerability

    June 14, 2023 VMware has addressed a zero-day vulnerability in VMware Tools that has been actively exploited. Exploitation of this vulnerability enables attackers to bypass authentication and execute privileged commands on guest virtual machines running Windows, Linux, and PhotonOS (vCenter). This can occur without leaving any trace or logs of the malicious activity within the…

  • Microsoft Patches 6 Critical & 38 RCE Vulnerabilities
    Threat Intelligence

    Microsoft Patches 6 Critical & 38 RCE Vulnerabilities

    June 14, 2023 In the latest round of monthly security rollup updates in June, Microsoft has addressed a total of 78 vulnerabilities, with 38 of them categorized as remote code execution (RCE) vulnerabilities. Out of the identified vulnerabilities, only 6 are considered critical, encompassing denial of service, remote code execution and privilege escalation. Overall, Microsoft…

  • Fortinet Patches Pre-authentication RCE Vulnerability
    Threat Intelligence

    Fortinet Patches Pre-authentication RCE Vulnerability

    June 12, 2023 Fortinet Patches Pre-authentication RCE Vulnerability Fortinet patched a critical remote code exaction (RCE) vulnerability in its FortiGate firewalls, which does not require the threat actor to logged in to exploit it. The Vulnerability CVE-2023-27997 (Critical) – A pre-authentication RCE Vulnerability affects the SSL-VPN component of Fertigate firewalls. This could allow a threat actor to…

  • VMware Patches Critical Vulnerabilities in VMware Aria Operations for Networks
    Threat Intelligence

    VMware Patches Critical Vulnerabilities in VMware Aria Operations for Networks

    June 8, 2023 VMware Patches Critical Vulnerabilities in VMware Aria Operations for Networks VMware published various security patches today to address 3 critical and high-severity vulnerabilities in VMware Aria Operations for Networks, allowing threat actors to perform remote execution or access sensitive information. The Critical Vulnerabilities CVE-2023-20887 (CVSS 3.1: 9.8, Critical) – A command injection…

  • Cisco Patches Privilege Escalation Vulnerability in AnyConnect
    Threat Intelligence

    Cisco Patches Privilege Escalation Vulnerability in AnyConnect

    June 8, 2023 Cisco Patches Privilege Escalation Vulnerability in AnyConnect Cisco has patched a high-severity vulnerability found in the Cisco Secure Client (formerly AnyConnect Secure Mobility Client) software that could allow low-privileged, local threat actors to escalate privileges to the SYSTEM account used by the operating system in low-complexity attacks without user interaction. The Vulnerability…

  • VMware Patches Critical Vulnerabilities in VMware Aria Operations for Networks
    Threat Intelligence

    VMware Patches Critical Vulnerabilities in VMware Aria Operations for Networks

    June 8, 2023 VMware Patches Critical Vulnerabilities in VMware Aria Operations for Networks VMware published various security patches today to address 3 critical and high-severity vulnerabilities in VMware Aria Operations for Networks, allowing threat actors to perform remote execution or access sensitive information. The Critical Vulnerabilities CVE-2023-20887 (CVSS 3.1: 9.8, Critical) – A command injection…

  • Cisco Patches Privilege Escalation Vulnerability in AnyConnect
    Threat Intelligence

    Cisco Patches Privilege Escalation Vulnerability in AnyConnect

    June 8, 2023 Cisco Patches Privilege Escalation Vulnerability in AnyConnect Cisco has patched a high-severity vulnerability found in the Cisco Secure Client (formerly AnyConnect Secure Mobility Client) software that could allow low-privileged, local threat actors to escalate privileges to the SYSTEM account used by the operating system in low-complexity attacks without user interaction. The Vulnerability…

  • A zero-day vulnerability in MOVEit transfer MFT application is being exploited in the wild
    Threat Intelligence

    A zero-day vulnerability in MOVEit transfer MFT application is being exploited in the wild

    June 5, 2023 A zero-day vulnerability in MOVEit transfer MFT application is being exploited in the wild Progress Software has patched a zero day vulnerability in MOVEit Transfer managed file transfer (MFT) solution that could lead to escalated privileges and potential unauthorized access to the environment. This was exploited in the wild in May and June…

  • Gravity Forms Patches Vulnerability in WordPress Plugin
    Threat Intelligence

    Gravity Forms Patches Vulnerability in WordPress Plugin

    May 31, 2023 Gravity Forms Patches Vulnerability in WordPress Plugin Gravity Forms has released a patch for a PHP Object Injection vulnerability. Gravity Forms plugin is a tool that website owners can use to create custom forms for transactions involving site visitors, such as payment forms, registration forms, file upload forms, and others. The Vulnerability CVE-2023-28782…

  • RCE Vulnerability Affecting ReportLab PDF library Exploited in The Wild
    Threat Intelligence

    RCE Vulnerability Affecting ReportLab PDF library Exploited in The Wild

    June 1, 2023 RCE Vulnerability Affecting ReportLab PDF library Exploited in The Wild Researcher released an exploit for a Remote Code Exaction (RCE) vulnerability affecting ReportLab Toolkit, a popular Python library for generating PDF files from HTML input. the issue was reported to ReportLab’s developers upon discovery. The Vulnerability CVE-2023-3733  – RCE vulnerability which allows an…

  • Zyxel Patches Critical Buffer-Overflow Vulnerabilities Affecting Firewall Devices
    Threat Intelligence

    Zyxel Patches Critical Buffer-Overflow Vulnerabilities Affecting Firewall Devices

    May 30, 2023 Zyxel Patches Critical Buffer-Overflow Vulnerabilities Affecting Firewall Devices Zyxel has released a security advisory addressing two critical buffer-overflow vulnerabilities affecting firewall devices. The vulnerabilities are caused by buffer copy without checking size of input, which might result in remote code execution (RCE). The Critical Vulnerabilities CVE-2023-33009 (CVSS:9.8 – critical) – An unauthenticated…