Resources

Learn about CYREBRO’s platform, technology, and capabilities, read about industry insights, watch webinars with cyber experts, and much more in the resources below.  

  • Sophos Patches an Actively Exploited RCE Firewall Vulnerability
    Threat Intelligence

    Sophos Patches an Actively Exploited RCE Firewall Vulnerability

    Sophos Patches an Actively Exploited RCE Firewall Vulnerability Sophos has released a security advisory addressing a critical remote code Injection vulnerability affecting several firewall models, allowing unauthenticated attackers to preform remote code execution. The Vulnerability CVE-2022-3236 (CVSS:9.8 – critical) – A remote code injection vulnerability in the User Portal and Webadmin components, affects Sophos Firewall…

  • Microsoft Patches 63 Vulnerabilities, 2 0-Days & 30 RCEs
    Threat Intelligence

    Microsoft Patches 63 Vulnerabilities, 2 0-Days & 30 RCEs

    September 14, 2022 Microsoft Patches 63 Vulnerabilities, 2 0-Days & 30 RCEs As part of September’s monthly security rollup updates, Microsoft has patched 2 actively exploited Zero-day and 30 remote code execution vulnerabilities. Overall, Microsoft has patched 63 vulnerabilities across Windows, Windows Server, Office, Azure, Visual studio, and other products. The Zero-Day Vulnerabilities CVE-2022-37969 (CVSS 3.1: 7.8,…

  • Critical WordPress WPGateway premium plugin Actively Exploited 0-Day
    Threat Intelligence

    Critical WordPress WPGateway premium plugin Actively Exploited 0-Day

    September 14, 2022 Critical WordPress WPGateway premium plugin Actively Exploited 0-Day According to an advisory by WordFence, a critical privilege escalation 0-Day vulnerability affecting the “WPGateway” WordPress plugin was identified Actively Exploited in the Wild. The Vulnerability CVE-2022-3180 (CVSS 3.1: 9.8, Critical) – A critical privilege escalation vulnerability allows unauthenticated attackers to add a rogue user…

  • HP Patches a Severe Vulnerability in Pre-Installed Support Assistant Tool
    Threat Intelligence

    HP Patches a Severe Vulnerability in Pre-Installed Support Assistant Tool

    September 9, 2022 HP Patches a Severe Vulnerability in Pre-Installed Support Assistant Tool A recently discovered vulnerability in HP Support Assistant, a software that comes pre-installed on all HP laptops and desktop PCs, was publicly disclosed by HP in a security advisory. The Vulnerability: CVE-2022-38395 (CVSS score: 8.2) – A DLL hijacking vulnerability that occurs…

  • QNAP Patches Zero-day Vulnerability Exploited by Deadbolt Ransomware
    Threat Intelligence

    QNAP Patches Zero-day Vulnerability Exploited by Deadbolt Ransomware

    September 6, 2022 QNAP Patches Zero-day Vulnerability Exploited by Deadbolt Ransomware QNAP has issued a warning to customers of ongoing “DeadBolt” ransomware attacks that started on Saturday by exploiting a zero-day vulnerability in Photo Station. Affected Products QTS 5.0.1 Photo Station Fixed in 6.1.2 and later. QTS 5.0.0/4.5.x Photo Station Fixed in 6.0.22 and later.…

  • Google Chrome 0-Day Vulnerability Exploited in the Wild
    Threat Intelligence

    Google Chrome 0-Day Vulnerability Exploited in the Wild

    September 4, 2022 Google Chrome 0-Day Vulnerability Exploited in the Wild Google has released an emergency update for Chrome, addressing an actively exploited Zero-Day. The updated version is 105.0.5195.102 for Windows, Mac and Linux. The 0-Day Vulnerability CVE-2022-3075, High severity -Insufficient data validation Vulnerability in Mojo. Successful exploitation of this vulnerability may lead to Remote Code…

  • 2022 Fraud and Email Compromise Analysis Report
    Guides & E-books

    2022 Fraud and Email Compromise Analysis Report

    This report details analysis that CYREBRO performed to understand the leading causes of a fraud attack, and what your organization can do to protect itself from fraud and email compromise.

  • Incident Response Analysis Report
    Guides & E-books

    Incident Response Analysis Report

    After analyzing numerous internal incident response (IR) reports, CYREBRO discovered a shocking statistic: 75% of reported security incidents were caused by inadequate investment in security solutions that caused blind spots in network visibility. Given that a single, minor blind spot can put your business at risk, ensuring that you achieve 100% visibility is critical.

  • How to Build a SOC: A Complete Guide
    Guides & E-books

    How to Build a SOC: A Complete Guide

    Building a SOC is no small feat. A company should be ready to invest extensive resources into the technology and personnel needed to get a SOC up and running, plan long-term to maintain and optimize tools and systems, and provide regular training for SOC analysts. Before you embark down this path, we recommend learning what it really takes to build and maintain a SOC.

  • 2022 Attack Vector Landscape Analysis
    Guides & E-books

    2022 Attack Vector Landscape Analysis

    This report details this attack vector landscape analysis and provides readers with insights that can help inform their cybersecurity strategy in 2022 and beyond.

  • The 6 Critical Capabilities of a Complete SOC Solution
    Guides & E-books

    The 6 Critical Capabilities of a Complete SOC Solution

    A SOC solution is an ideal way for businesses to maintain proper protection and response against cyberattacks, especially before they occur.

  • 7 Steps to Effective Incident Response
    Guides & E-books

    7 Steps to Effective Incident Response

    This guide is meant to help you take the first steps to creating an effective incident response plan. Every organization is different, so use this guide as a framework to create an incident response plan (IRP) that is uniquely tailored to your organization.  

  • Sophos Patches an Actively Exploited RCE Firewall Vulnerability
    Threat Intelligence

    Sophos Patches an Actively Exploited RCE Firewall Vulnerability

    Sophos Patches an Actively Exploited RCE Firewall Vulnerability Sophos has released a security advisory addressing a critical remote code Injection vulnerability affecting several firewall models, allowing unauthenticated attackers to preform remote code execution. The Vulnerability CVE-2022-3236 (CVSS:9.8 – critical) – A remote code injection vulnerability in the User Portal and Webadmin components, affects Sophos Firewall…

  • Microsoft Patches 63 Vulnerabilities, 2 0-Days & 30 RCEs
    Threat Intelligence

    Microsoft Patches 63 Vulnerabilities, 2 0-Days & 30 RCEs

    September 14, 2022 Microsoft Patches 63 Vulnerabilities, 2 0-Days & 30 RCEs As part of September’s monthly security rollup updates, Microsoft has patched 2 actively exploited Zero-day and 30 remote code execution vulnerabilities. Overall, Microsoft has patched 63 vulnerabilities across Windows, Windows Server, Office, Azure, Visual studio, and other products. The Zero-Day Vulnerabilities CVE-2022-37969 (CVSS 3.1: 7.8,…

  • Critical WordPress WPGateway premium plugin Actively Exploited 0-Day
    Threat Intelligence

    Critical WordPress WPGateway premium plugin Actively Exploited 0-Day

    September 14, 2022 Critical WordPress WPGateway premium plugin Actively Exploited 0-Day According to an advisory by WordFence, a critical privilege escalation 0-Day vulnerability affecting the “WPGateway” WordPress plugin was identified Actively Exploited in the Wild. The Vulnerability CVE-2022-3180 (CVSS 3.1: 9.8, Critical) – A critical privilege escalation vulnerability allows unauthenticated attackers to add a rogue user…

  • HP Patches a Severe Vulnerability in Pre-Installed Support Assistant Tool
    Threat Intelligence

    HP Patches a Severe Vulnerability in Pre-Installed Support Assistant Tool

    September 9, 2022 HP Patches a Severe Vulnerability in Pre-Installed Support Assistant Tool A recently discovered vulnerability in HP Support Assistant, a software that comes pre-installed on all HP laptops and desktop PCs, was publicly disclosed by HP in a security advisory. The Vulnerability: CVE-2022-38395 (CVSS score: 8.2) – A DLL hijacking vulnerability that occurs…

  • QNAP Patches Zero-day Vulnerability Exploited by Deadbolt Ransomware
    Threat Intelligence

    QNAP Patches Zero-day Vulnerability Exploited by Deadbolt Ransomware

    September 6, 2022 QNAP Patches Zero-day Vulnerability Exploited by Deadbolt Ransomware QNAP has issued a warning to customers of ongoing “DeadBolt” ransomware attacks that started on Saturday by exploiting a zero-day vulnerability in Photo Station. Affected Products QTS 5.0.1 Photo Station Fixed in 6.1.2 and later. QTS 5.0.0/4.5.x Photo Station Fixed in 6.0.22 and later.…

  • Google Chrome 0-Day Vulnerability Exploited in the Wild
    Threat Intelligence

    Google Chrome 0-Day Vulnerability Exploited in the Wild

    September 4, 2022 Google Chrome 0-Day Vulnerability Exploited in the Wild Google has released an emergency update for Chrome, addressing an actively exploited Zero-Day. The updated version is 105.0.5195.102 for Windows, Mac and Linux. The 0-Day Vulnerability CVE-2022-3075, High severity -Insufficient data validation Vulnerability in Mojo. Successful exploitation of this vulnerability may lead to Remote Code…