Resources
Learn about CYREBRO’s platform, technology, and capabilities, read about industry insights, watch webinars with cyber experts, and much more in the resources below.
-
Threat Intelligence
Fortinet Patches 40 Vulnerabilities Affecting a Variety of Products, 2 Critical RCE Vulnerabilities
February 19, 2023 Fortinet Patches 40 Vulnerabilities Affecting a Variety of Products, 2 Critical RCE Vulnerabilities Fortinet patched 40 vulnerabilities in various products, 2 of which had a Critical-Severity level. Successful exploitation of the critical vulnerabilities allows unauthenticated remote attacker to perform arbitrary write (RCE) on the affected system. The Critical Vulnerabilities CVE-2022-39952 (CVSS 3.1:…
-
Threat Intelligence
Apple Patches Actively Exploited 0-Day Vulnerability in MacOS & Safari
February 14, 2023 Apple Patches Actively Exploited 0-Day Vulnerability in MacOS & Safari Apple has released an emergency update patching actively exploited 0-day RCE vulnerability, which allows malicious actor to perform remote code execution (RCE) with kernel privileges. The Zero-Day Vulnerability CVE-2023-23529 (Critical) – Type-confusion vulnerability in ‘Webkit’, that could be exploited to trigger OS crashes…
-
Threat Intelligence
QNAP Patches Critical Vulnerability
February 2, 2023 QNAP Patches Critical Vulnerability QNAP has patched a critical vulnerability affecting its network-attached storage (NAS) devices which could allow to threat actor to perform remote code injection (RCE). The Vulnerability CVE-2022-27596, (CVSS 3.1: 9.8, Critical) – SQL injection vulnerability which allows remote threat actor to inject malicious code and allow access to…
-
Threat Intelligence
KeePass Vulnerability Allows to Obtain Cleartext Passwords
February 2, 2023 KeePass Vulnerability Allows to Obtain Cleartext Passwords A new vulnerability was found in KeePass Password Manager allowing threat actors with write access to a target’s system to modify the XML configuration file and inject a malicious trigger that would export the database, including all usernames and passwords in cleartext. The Vulnerability CVE-2023-24055,…
-
Threat Intelligence
Jenkins patches 9 high-severity Vulnerabilities in 22 Plugins
January 25, 2023 Jenkins patches 9 high-severity Vulnerabilities in 22 Plugins The Jenkins security team has reported 38 vulnerabilities (29 of them rated high-severity) affecting 22 Jenkins plugins. Successful exploitation of the vulnerabilities may lead to Sandbox bypass, gain administrator access to Jenkins and more. The Vulnerabilities & Affected Plugins A full list of the vulnerabilities…
-
Threat Intelligence
Critical WordPress ”LearnPress” Plugin Vulnerabilities
January 25, 2023 Critical WordPress ”LearnPress” Plugin Vulnerabilities Multiple critical-severity WordPress vulnerabilities, including pre-auth SQL injection and local file inclusion, were discovered by security researchers in the “LearnPress” plugin for WordPress online courses. The Critical Vulnerabilities CVE-2022-45808 (CVSS 3.1: 9.9, Critical) – An SQL Injection vulnerability, might allow a malicious actor to directly interact with…
-
Guides & E-books
7 Steps to Effective Incident Response
This guide is meant to help you take the first steps to creating an effective incident response plan. Every organization is different, so use this guide as a framework to create an incident response plan (IRP) that is uniquely tailored to your organization.
-
Guide
Predictions for 2022
Cybersecurity should be considered a right, not a privilege. As such, investment into solutions that can transform chaos into clarity, as well as improving employee awareness, will be critical when facing threats into 2022 and beyond
-
Guides & E-books
The Real State of DevSecOps and Where It’s Going
Get the ultimate 2021 DevSecOps guide to bolster the capabilities of your DevSecOps team. Find out about the challenges facing the field, what to watch out for, how to boost protection, and key takeaways regarding consolidation, compartmentalization, and accountability.
-
Guides & E-books
Hacker Simulation and Strategic Monitoring
Hacker Simulators are tools and exercises that help businesses understand and improve their security posture by evaluating the effectiveness of their cybersecurity.
-
Guides & E-books
Cybersecurity and Data Protection Laws: European Financial Services Firms
Financial services firms’ exact data protection and cybersecurity obligations may vary according to where in Europe there are based and what services they provide
-
Guides & E-books
How to Choose Cyber Security Tools That Won’t Get You Fired
Prepare for the never-ending uphill battle every security leader faces with an overview of the types of security tools on the market and how to decide which are best for your needs.
-
Threat Intelligence
Apple Patches Actively Exploited 0-Day Vulnerability in MacOS & Safari
February 14, 2023 Apple Patches Actively Exploited 0-Day Vulnerability in MacOS & Safari Apple has released an emergency update patching actively exploited 0-day RCE vulnerability, which allows malicious actor to perform remote code execution (RCE) with kernel privileges. The Zero-Day Vulnerability CVE-2023-23529 (Critical) – Type-confusion vulnerability in ‘Webkit’, that could be exploited to trigger OS crashes…
-
Threat Intelligence
QNAP Patches Critical Vulnerability
February 2, 2023 QNAP Patches Critical Vulnerability QNAP has patched a critical vulnerability affecting its network-attached storage (NAS) devices which could allow to threat actor to perform remote code injection (RCE). The Vulnerability CVE-2022-27596, (CVSS 3.1: 9.8, Critical) – SQL injection vulnerability which allows remote threat actor to inject malicious code and allow access to…
-
Threat Intelligence
KeePass Vulnerability Allows to Obtain Cleartext Passwords
February 2, 2023 KeePass Vulnerability Allows to Obtain Cleartext Passwords A new vulnerability was found in KeePass Password Manager allowing threat actors with write access to a target’s system to modify the XML configuration file and inject a malicious trigger that would export the database, including all usernames and passwords in cleartext. The Vulnerability CVE-2023-24055,…
-
Threat Intelligence
Jenkins patches 9 high-severity Vulnerabilities in 22 Plugins
January 25, 2023 Jenkins patches 9 high-severity Vulnerabilities in 22 Plugins The Jenkins security team has reported 38 vulnerabilities (29 of them rated high-severity) affecting 22 Jenkins plugins. Successful exploitation of the vulnerabilities may lead to Sandbox bypass, gain administrator access to Jenkins and more. The Vulnerabilities & Affected Plugins A full list of the vulnerabilities…
-
Threat Intelligence
Critical WordPress ”LearnPress” Plugin Vulnerabilities
January 25, 2023 Critical WordPress ”LearnPress” Plugin Vulnerabilities Multiple critical-severity WordPress vulnerabilities, including pre-auth SQL injection and local file inclusion, were discovered by security researchers in the “LearnPress” plugin for WordPress online courses. The Critical Vulnerabilities CVE-2022-45808 (CVSS 3.1: 9.9, Critical) – An SQL Injection vulnerability, might allow a malicious actor to directly interact with…
-
Threat Intelligence
Google Patches Chrome Vulnerabilities, 2 Critical RCEs
January 25, 2023 Google Patches Chrome Vulnerabilities, 2 Critical RCEs Google has released Chrome version 109.0.5414.119/120 for Mac and Linux and Windows, patching 2 RCE vulnerabilities. Successful exploitation might lead to remote code execution (RCE). The RCE Vulnerabilities CVE-2023-0471, High-Severity – Use after free vulnerability in WebTransport. CVE-2023-0472, High-Severity – Use after free vulnerability in…