Resources

Learn about CYREBRO’s platform, technology, and capabilities, read about industry insights, watch webinars with cyber experts, and much more in the resources below.

  • Fortinet Patches 40 Vulnerabilities Affecting a Variety of Products, 2 Critical RCE Vulnerabilities
    Threat Intelligence

    Fortinet Patches 40 Vulnerabilities Affecting a Variety of Products, 2 Critical RCE Vulnerabilities

    February 19, 2023 Fortinet Patches 40 Vulnerabilities Affecting a Variety of Products, 2 Critical RCE Vulnerabilities Fortinet patched 40 vulnerabilities in various products, 2 of which had a Critical-Severity level. Successful exploitation of the critical vulnerabilities allows unauthenticated remote attacker to perform arbitrary write (RCE) on the affected system. The Critical Vulnerabilities CVE-2022-39952 (CVSS 3.1:…

    Read More
  • Apple Patches Actively Exploited 0-Day Vulnerability in MacOS & Safari
    Threat Intelligence

    Apple Patches Actively Exploited 0-Day Vulnerability in MacOS & Safari

    February 14, 2023 Apple Patches Actively Exploited 0-Day Vulnerability in MacOS & Safari Apple has released an emergency update patching actively exploited 0-day RCE vulnerability, which allows malicious actor to perform remote code execution (RCE) with kernel privileges. The Zero-Day Vulnerability CVE-2023-23529 (Critical) – Type-confusion vulnerability in ‘Webkit’, that could be exploited to trigger OS crashes…

    Read More
  • QNAP Patches Critical Vulnerability
    Threat Intelligence

    QNAP Patches Critical Vulnerability

    February 2, 2023 QNAP Patches Critical Vulnerability QNAP has patched a critical vulnerability affecting its network-attached storage (NAS) devices which could allow to threat actor to perform remote code injection (RCE). The Vulnerability CVE-2022-27596, (CVSS 3.1: 9.8, Critical) – SQL injection vulnerability which allows remote threat actor to inject malicious code and allow access to…

    Read More
  • KeePass Vulnerability Allows to Obtain Cleartext Passwords
    Threat Intelligence

    KeePass Vulnerability Allows to Obtain Cleartext Passwords

    February 2, 2023 KeePass Vulnerability Allows to Obtain Cleartext Passwords A new vulnerability was found in KeePass Password Manager allowing threat actors with write access to a target’s system to modify the XML configuration file and inject a malicious trigger that would export the database, including all usernames and passwords in cleartext. The Vulnerability CVE-2023-24055,…

    Read More
  • Jenkins patches 9 high-severity Vulnerabilities in 22 Plugins
    Threat Intelligence

    Jenkins patches 9 high-severity Vulnerabilities in 22 Plugins

    January 25, 2023 Jenkins patches 9 high-severity Vulnerabilities in 22 Plugins The Jenkins security team has reported 38 vulnerabilities (29 of them rated high-severity) affecting 22 Jenkins plugins. Successful exploitation of the vulnerabilities may lead to Sandbox bypass, gain administrator access to Jenkins and more. The Vulnerabilities & Affected Plugins A full list of the vulnerabilities…

    Read More
  • Critical WordPress ”LearnPress” Plugin Vulnerabilities
    Threat Intelligence

    Critical WordPress ”LearnPress” Plugin Vulnerabilities

    January 25, 2023 Critical WordPress ”LearnPress” Plugin Vulnerabilities Multiple critical-severity WordPress vulnerabilities, including pre-auth SQL injection and local file inclusion, were discovered by security researchers in the “LearnPress” plugin for WordPress online courses. The Critical Vulnerabilities CVE-2022-45808 (CVSS 3.1: 9.9, Critical) – An SQL Injection vulnerability, might allow a malicious actor to directly interact with…

    Read More
View More
View More
  • Apple Patches Actively Exploited 0-Day Vulnerability in MacOS & Safari
    Threat Intelligence

    Apple Patches Actively Exploited 0-Day Vulnerability in MacOS & Safari

    February 14, 2023 Apple Patches Actively Exploited 0-Day Vulnerability in MacOS & Safari Apple has released an emergency update patching actively exploited 0-day RCE vulnerability, which allows malicious actor to perform remote code execution (RCE) with kernel privileges. The Zero-Day Vulnerability CVE-2023-23529 (Critical) – Type-confusion vulnerability in ‘Webkit’, that could be exploited to trigger OS crashes…

    Read More
  • QNAP Patches Critical Vulnerability
    Threat Intelligence

    QNAP Patches Critical Vulnerability

    February 2, 2023 QNAP Patches Critical Vulnerability QNAP has patched a critical vulnerability affecting its network-attached storage (NAS) devices which could allow to threat actor to perform remote code injection (RCE). The Vulnerability CVE-2022-27596, (CVSS 3.1: 9.8, Critical) – SQL injection vulnerability which allows remote threat actor to inject malicious code and allow access to…

    Read More
  • KeePass Vulnerability Allows to Obtain Cleartext Passwords
    Threat Intelligence

    KeePass Vulnerability Allows to Obtain Cleartext Passwords

    February 2, 2023 KeePass Vulnerability Allows to Obtain Cleartext Passwords A new vulnerability was found in KeePass Password Manager allowing threat actors with write access to a target’s system to modify the XML configuration file and inject a malicious trigger that would export the database, including all usernames and passwords in cleartext. The Vulnerability CVE-2023-24055,…

    Read More
  • Jenkins patches 9 high-severity Vulnerabilities in 22 Plugins
    Threat Intelligence

    Jenkins patches 9 high-severity Vulnerabilities in 22 Plugins

    January 25, 2023 Jenkins patches 9 high-severity Vulnerabilities in 22 Plugins The Jenkins security team has reported 38 vulnerabilities (29 of them rated high-severity) affecting 22 Jenkins plugins. Successful exploitation of the vulnerabilities may lead to Sandbox bypass, gain administrator access to Jenkins and more. The Vulnerabilities & Affected Plugins A full list of the vulnerabilities…

    Read More
  • Critical WordPress ”LearnPress” Plugin Vulnerabilities
    Threat Intelligence

    Critical WordPress ”LearnPress” Plugin Vulnerabilities

    January 25, 2023 Critical WordPress ”LearnPress” Plugin Vulnerabilities Multiple critical-severity WordPress vulnerabilities, including pre-auth SQL injection and local file inclusion, were discovered by security researchers in the “LearnPress” plugin for WordPress online courses. The Critical Vulnerabilities CVE-2022-45808 (CVSS 3.1: 9.9, Critical) – An SQL Injection vulnerability, might allow a malicious actor to directly interact with…

    Read More
  • Google Patches Chrome Vulnerabilities, 2 Critical RCEs
    Threat Intelligence

    Google Patches Chrome Vulnerabilities, 2 Critical RCEs

    January 25, 2023 Google Patches Chrome Vulnerabilities, 2 Critical RCEs Google has released Chrome version 109.0.5414.119/120 for Mac and Linux and Windows, patching 2 RCE vulnerabilities. Successful exploitation might lead to remote code execution (RCE). The RCE Vulnerabilities CVE-2023-0471, High-Severity – Use after free vulnerability in WebTransport. CVE-2023-0472, High-Severity – Use after free vulnerability in…

    Read More
View More

Cybersecurity Solution Comparison Guide for SMBs

With nearly half of all cyberattacks targeting small businesses, choosing the right cybersecurity solution has never been more important. Use this guide to compare enterprise-grade cybersecurity solutions that are for an SMB.

Get Access Get Access