Resources

Learn about CYREBRO’s platform, technology, and capabilities, read about industry insights, watch webinars with cyber experts, and much more in the resources below.

  • ISC Patches BIND9 DNS Software Vulnerabilities
    Threat Intelligence

    ISC Patches BIND9 DNS Software Vulnerabilities

    June 22, 2023 The Internet Systems Consortium (ISC) has published patches to address various security vulnerabilities in the Berkeley Internet Name Domain (BIND) 9 Domain Name System (DNS) software suite that might lead to a denial-of-service (DoS). The Vulnerabilities CVE-2023-2911 CVE-2023-2829 CVE-2023-2828 Affected Versions BIND: 9.16.33 -> 9.16.41 9.18.7 -> 9.18.15 BIND Supported Preview Edition…

  • Apple Patches 3 Zero-Day Vulnerabilities affect Variety of Products
    Threat Intelligence

    Apple Patches 3 Zero-Day Vulnerabilities affect Variety of Products

    June 22, 2023 Apple published security upgrades to address three RCE zero-day vulnerabilities that were discovered to be exploited in the wild. The Vulnerabilities CVE-2023-32434 – An integer overflow vulnerability in the Kernel that could be exploited by a malicious app to execute arbitrary code with kernel privileges. CVE-2023-32435 – A memory corruption vulnerability in…

  • Critical WooCommerce Payments Plugin Vulnerability
    Threat Intelligence

    Critical WooCommerce Payments Plugin Vulnerability

    June 22, 2023 A critical security flaw has been discovered in the WordPress “Abandoned Cart Lite for WooCommerce” plugin. Successful exploitation may allow threat actors to access the accounts of users who have abandoned their carts, who are typically consumers but may also include other high-level users The Vulnerability CVE-2023-2986–  (CVSS 3.1: 9.8, Critical)  Authentication…

  • Zyxel Patches Critical RCE Vulnerability Affecting NAS Devices
    Threat Intelligence

    Zyxel Patches Critical RCE Vulnerability Affecting NAS Devices

    June 21, 2023 Zyxel released a security advisory addressing critical vulnerability affecting its network-attached storage (NAS) devices which might result in remote code execution (RCE). The Vulnerability CVE-2023-27992 (CVSS:3.1 – 9.8, Critical) – RCE vulnerability in Zyxel NAS different versions. An unauthenticated threat actor could exploit this vulnerability by remotely executing certain operating system (OS) commands through…

  • SAP Patches High-Severity Vulnerabilities
    Threat Intelligence

    SAP Patches High-Severity Vulnerabilities

    June 14, 2023 As part of June monthly security rollup updates, SAP has released patches to resolve several vulnerabilities which affect several SAP products, with a particular focus on Cross-Site Scripting (XSS) vulnerabilities The Notable High-Severity Vulnerabilities CVE-2023-33991 (CVSS 3.1: 8.2, High) – Cross-Site Scripting (XSS) vulnerability in SAP UI5 Variant Management After successful exploitation,…

  • VMware Tools Actively Exploited Zero-Day Vulnerability
    Threat Intelligence

    VMware Tools Actively Exploited Zero-Day Vulnerability

    June 14, 2023 VMware has addressed a zero-day vulnerability in VMware Tools that has been actively exploited. Exploitation of this vulnerability enables attackers to bypass authentication and execute privileged commands on guest virtual machines running Windows, Linux, and PhotonOS (vCenter). This can occur without leaving any trace or logs of the malicious activity within the…

  • Critical WooCommerce Payments Plugin Vulnerability
    Threat Intelligence

    Critical WooCommerce Payments Plugin Vulnerability

    June 22, 2023 A critical security flaw has been discovered in the WordPress “Abandoned Cart Lite for WooCommerce” plugin. Successful exploitation may allow threat actors to access the accounts of users who have abandoned their carts, who are typically consumers but may also include other high-level users The Vulnerability CVE-2023-2986–  (CVSS 3.1: 9.8, Critical)  Authentication…

  • Zyxel Patches Critical RCE Vulnerability Affecting NAS Devices
    Threat Intelligence

    Zyxel Patches Critical RCE Vulnerability Affecting NAS Devices

    June 21, 2023 Zyxel released a security advisory addressing critical vulnerability affecting its network-attached storage (NAS) devices which might result in remote code execution (RCE). The Vulnerability CVE-2023-27992 (CVSS:3.1 – 9.8, Critical) – RCE vulnerability in Zyxel NAS different versions. An unauthenticated threat actor could exploit this vulnerability by remotely executing certain operating system (OS) commands through…

  • SAP Patches High-Severity Vulnerabilities
    Threat Intelligence

    SAP Patches High-Severity Vulnerabilities

    June 14, 2023 As part of June monthly security rollup updates, SAP has released patches to resolve several vulnerabilities which affect several SAP products, with a particular focus on Cross-Site Scripting (XSS) vulnerabilities The Notable High-Severity Vulnerabilities CVE-2023-33991 (CVSS 3.1: 8.2, High) – Cross-Site Scripting (XSS) vulnerability in SAP UI5 Variant Management After successful exploitation,…

  • VMware Tools Actively Exploited Zero-Day Vulnerability
    Threat Intelligence

    VMware Tools Actively Exploited Zero-Day Vulnerability

    June 14, 2023 VMware has addressed a zero-day vulnerability in VMware Tools that has been actively exploited. Exploitation of this vulnerability enables attackers to bypass authentication and execute privileged commands on guest virtual machines running Windows, Linux, and PhotonOS (vCenter). This can occur without leaving any trace or logs of the malicious activity within the…

  • Microsoft Patches 6 Critical & 38 RCE Vulnerabilities
    Threat Intelligence

    Microsoft Patches 6 Critical & 38 RCE Vulnerabilities

    June 14, 2023 In the latest round of monthly security rollup updates in June, Microsoft has addressed a total of 78 vulnerabilities, with 38 of them categorized as remote code execution (RCE) vulnerabilities. Out of the identified vulnerabilities, only 6 are considered critical, encompassing denial of service, remote code execution and privilege escalation. Overall, Microsoft…

  • Fortinet Patches Pre-authentication RCE Vulnerability
    Threat Intelligence

    Fortinet Patches Pre-authentication RCE Vulnerability

    June 12, 2023 Fortinet Patches Pre-authentication RCE Vulnerability Fortinet patched a critical remote code exaction (RCE) vulnerability in its FortiGate firewalls, which does not require the threat actor to logged in to exploit it. The Vulnerability CVE-2023-27997 (Critical) – A pre-authentication RCE Vulnerability affects the SSL-VPN component of Fertigate firewalls. This could allow a threat actor to…