Resources

Learn about CYREBRO’s platform, technology, and capabilities, read about industry insights, watch webinars with cyber experts, and much more in the resources below.

  • Fortinet Patches 40 Vulnerabilities Affecting a Variety of Products, 2 Critical RCE Vulnerabilities
    Threat Intelligence

    Fortinet Patches 40 Vulnerabilities Affecting a Variety of Products, 2 Critical RCE Vulnerabilities

    February 19, 2023 Fortinet Patches 40 Vulnerabilities Affecting a Variety of Products, 2 Critical RCE Vulnerabilities Fortinet patched 40 vulnerabilities in various products, 2 of which had a Critical-Severity level. Successful exploitation of the critical vulnerabilities allows unauthenticated remote attacker to perform arbitrary write (RCE) on the affected system. The Critical Vulnerabilities CVE-2022-39952 (CVSS 3.1:…

  • Apple Patches Actively Exploited 0-Day Vulnerability in MacOS & Safari
    Threat Intelligence

    Apple Patches Actively Exploited 0-Day Vulnerability in MacOS & Safari

    February 14, 2023 Apple Patches Actively Exploited 0-Day Vulnerability in MacOS & Safari Apple has released an emergency update patching actively exploited 0-day RCE vulnerability, which allows malicious actor to perform remote code execution (RCE) with kernel privileges. The Zero-Day Vulnerability CVE-2023-23529 (Critical) – Type-confusion vulnerability in ‘Webkit’, that could be exploited to trigger OS crashes…

  • QNAP Patches Critical Vulnerability
    Threat Intelligence

    QNAP Patches Critical Vulnerability

    February 2, 2023 QNAP Patches Critical Vulnerability QNAP has patched a critical vulnerability affecting its network-attached storage (NAS) devices which could allow to threat actor to perform remote code injection (RCE). The Vulnerability CVE-2022-27596, (CVSS 3.1: 9.8, Critical) – SQL injection vulnerability which allows remote threat actor to inject malicious code and allow access to…

  • KeePass Vulnerability Allows to Obtain Cleartext Passwords
    Threat Intelligence

    KeePass Vulnerability Allows to Obtain Cleartext Passwords

    February 2, 2023 KeePass Vulnerability Allows to Obtain Cleartext Passwords A new vulnerability was found in KeePass Password Manager allowing threat actors with write access to a target’s system to modify the XML configuration file and inject a malicious trigger that would export the database, including all usernames and passwords in cleartext. The Vulnerability CVE-2023-24055,…

  • Jenkins patches 9 high-severity Vulnerabilities in 22 Plugins
    Threat Intelligence

    Jenkins patches 9 high-severity Vulnerabilities in 22 Plugins

    January 25, 2023 Jenkins patches 9 high-severity Vulnerabilities in 22 Plugins The Jenkins security team has reported 38 vulnerabilities (29 of them rated high-severity) affecting 22 Jenkins plugins. Successful exploitation of the vulnerabilities may lead to Sandbox bypass, gain administrator access to Jenkins and more. The Vulnerabilities & Affected Plugins A full list of the vulnerabilities…

  • Critical WordPress ”LearnPress” Plugin Vulnerabilities
    Threat Intelligence

    Critical WordPress ”LearnPress” Plugin Vulnerabilities

    January 25, 2023 Critical WordPress ”LearnPress” Plugin Vulnerabilities Multiple critical-severity WordPress vulnerabilities, including pre-auth SQL injection and local file inclusion, were discovered by security researchers in the “LearnPress” plugin for WordPress online courses. The Critical Vulnerabilities CVE-2022-45808 (CVSS 3.1: 9.9, Critical) – An SQL Injection vulnerability, might allow a malicious actor to directly interact with…

  • Apple Patches Actively Exploited 0-Day Vulnerability in MacOS & Safari
    Threat Intelligence

    Apple Patches Actively Exploited 0-Day Vulnerability in MacOS & Safari

    February 14, 2023 Apple Patches Actively Exploited 0-Day Vulnerability in MacOS & Safari Apple has released an emergency update patching actively exploited 0-day RCE vulnerability, which allows malicious actor to perform remote code execution (RCE) with kernel privileges. The Zero-Day Vulnerability CVE-2023-23529 (Critical) – Type-confusion vulnerability in ‘Webkit’, that could be exploited to trigger OS crashes…

  • QNAP Patches Critical Vulnerability
    Threat Intelligence

    QNAP Patches Critical Vulnerability

    February 2, 2023 QNAP Patches Critical Vulnerability QNAP has patched a critical vulnerability affecting its network-attached storage (NAS) devices which could allow to threat actor to perform remote code injection (RCE). The Vulnerability CVE-2022-27596, (CVSS 3.1: 9.8, Critical) – SQL injection vulnerability which allows remote threat actor to inject malicious code and allow access to…

  • KeePass Vulnerability Allows to Obtain Cleartext Passwords
    Threat Intelligence

    KeePass Vulnerability Allows to Obtain Cleartext Passwords

    February 2, 2023 KeePass Vulnerability Allows to Obtain Cleartext Passwords A new vulnerability was found in KeePass Password Manager allowing threat actors with write access to a target’s system to modify the XML configuration file and inject a malicious trigger that would export the database, including all usernames and passwords in cleartext. The Vulnerability CVE-2023-24055,…

  • Jenkins patches 9 high-severity Vulnerabilities in 22 Plugins
    Threat Intelligence

    Jenkins patches 9 high-severity Vulnerabilities in 22 Plugins

    January 25, 2023 Jenkins patches 9 high-severity Vulnerabilities in 22 Plugins The Jenkins security team has reported 38 vulnerabilities (29 of them rated high-severity) affecting 22 Jenkins plugins. Successful exploitation of the vulnerabilities may lead to Sandbox bypass, gain administrator access to Jenkins and more. The Vulnerabilities & Affected Plugins A full list of the vulnerabilities…

  • Critical WordPress ”LearnPress” Plugin Vulnerabilities
    Threat Intelligence

    Critical WordPress ”LearnPress” Plugin Vulnerabilities

    January 25, 2023 Critical WordPress ”LearnPress” Plugin Vulnerabilities Multiple critical-severity WordPress vulnerabilities, including pre-auth SQL injection and local file inclusion, were discovered by security researchers in the “LearnPress” plugin for WordPress online courses. The Critical Vulnerabilities CVE-2022-45808 (CVSS 3.1: 9.9, Critical) – An SQL Injection vulnerability, might allow a malicious actor to directly interact with…

  • Google Patches Chrome Vulnerabilities, 2 Critical RCEs
    Threat Intelligence

    Google Patches Chrome Vulnerabilities, 2 Critical RCEs

    January 25, 2023 Google Patches Chrome Vulnerabilities, 2 Critical RCEs Google has released Chrome version 109.0.5414.119/120 for Mac and Linux and Windows, patching 2 RCE vulnerabilities. Successful exploitation might lead to remote code execution (RCE). The RCE Vulnerabilities CVE-2023-0471, High-Severity – Use after free vulnerability in WebTransport. CVE-2023-0472, High-Severity – Use after free vulnerability in…