Resources

Learn about CYREBRO’s platform, technology, and capabilities, read about industry insights, watch webinars with cyber experts, and much more in the resources below.  

  • VMWare Patches Critical Authentication Bypass Vulnerability
    Threat Intelligence

    VMWare Patches Critical Authentication Bypass Vulnerability

    May 19, 2022  VMWare Patches Critical Authentication Bypass Vulnerability VMWare has patched a critical vulnerability, which may allow attackers to obtain administrative access without the need to authenticate.  The Vulnerability CVE-2022-22972, (CVSS 3.1: 9.8, Critical) – A malicious actor with network access to the UI may be able to obtain administrative access without authentication.  Affected Products VMware…

  • NVIDIA fixes 10 vulnerabilities, 2 Leading to ACE in Windows GPU display drivers
    Threat Intelligence

    NVIDIA fixes 10 vulnerabilities, 2 Leading to ACE in Windows GPU display drivers

    May 18, 2022  NVIDIA fixes 10 vulnerabilities, 2 Leading to ACE in Windows GPU display drivers NVIDIA has released a security update that addresses 4 high-severity and 6 medium-severity vulnerabilities in its GPU drivers.   The vulnerabilities can lead denial of service, information exposure, privilege elevation, arbitrary code execution (ACE), etc.  The ACE Vulnerabilities CVE-2022-28181, High…

  • Apple Patches 50 Vulnerabilities in Apple macOS Big Sur 11.6.6, Including 2 Zero-Days
    Threat Intelligence

    Apple Patches 50 Vulnerabilities in Apple macOS Big Sur 11.6.6, Including 2 Zero-Days

    May 17, 2022  Apple Patches 50 Vulnerabilities in Apple macOS Big Sur 11.6.6, Including 2 Zero-Days Apple has released security updates to address 2 zero-day vulnerabilities actively exploited in the wiled in attacks targeting Macs and Apple Watch devices.  Overall, Apple has patched 50 vulnerabilities in Apple macOS Big Sur 11.6.6,  including several arbitrary code…

  • Zyxel Patches a Critical Firewall Vulnerability
    Threat Intelligence

    Zyxel Patches a Critical Firewall Vulnerability

    May 15, 2022  Zyxel Patches a Critical Firewall Vulnerability Zyxel has released a security advisory addressing a critical unauthenticated remote command Injection vulnerability affecting several firewall models.  The Vulnerability CVE-2022-30525 (CVSS:9.8 – critical) – An unauthenticated remote command injection via the HTTP interface vulnerability, affecting Zyxel firewalls supporting Zero Touch Provisioning (ZTP). Successful Exploitation could…

  • Microsoft Patches 3 0-Days & 24 RCEs
    Threat Intelligence

    Microsoft Patches 3 0-Days & 24 RCEs

    May 11, 2022  Microsoft Patches 3 0-Days & 24 RCEs As part of May’s monthly security rollup updates, Microsoft has patched 3 0-Days (1 actively exploited), and 24 remote code execution vulnerabilities.  Overall, Microsoft has patched 75 vulnerabilities across Windows, Windows Server, Hyper-V, Azure, Office and other products.  The Zero-Day Vulnerabilities CVE-2022-26904 (CVSS 3.1: 8.1, High Severity) –…

  • F5 Patches Critical BIG-IP Device Takeover Vulnerability
    Threat Intelligence

    F5 Patches Critical BIG-IP Device Takeover Vulnerability

    May 8, 2022  F5 Patches Critical BIG-IP Device Takeover Vulnerability  F5 has patched a critical vulnerability affecting BIG-IP devices that may lead to device takeover.   The Vulnerability CVE-2022-1388 (CVSS 3.1: 9.8, Critical) – Undisclosed requests may bypass iControl REST authentication. This may result in remote code execution and modification of files and services.  Affected Products…

  • Apple Patches 50 Vulnerabilities in Apple macOS Big Sur 11.6.6, Including 2 Zero-Days
    Threat Intelligence

    Apple Patches 50 Vulnerabilities in Apple macOS Big Sur 11.6.6, Including 2 Zero-Days

    May 17, 2022  Apple Patches 50 Vulnerabilities in Apple macOS Big Sur 11.6.6, Including 2 Zero-Days Apple has released security updates to address 2 zero-day vulnerabilities actively exploited in the wiled in attacks targeting Macs and Apple Watch devices.  Overall, Apple has patched 50 vulnerabilities in Apple macOS Big Sur 11.6.6,  including several arbitrary code…

  • Zyxel Patches a Critical Firewall Vulnerability
    Threat Intelligence

    Zyxel Patches a Critical Firewall Vulnerability

    May 15, 2022  Zyxel Patches a Critical Firewall Vulnerability Zyxel has released a security advisory addressing a critical unauthenticated remote command Injection vulnerability affecting several firewall models.  The Vulnerability CVE-2022-30525 (CVSS:9.8 – critical) – An unauthenticated remote command injection via the HTTP interface vulnerability, affecting Zyxel firewalls supporting Zero Touch Provisioning (ZTP). Successful Exploitation could…

  • Microsoft Patches 3 0-Days & 24 RCEs
    Threat Intelligence

    Microsoft Patches 3 0-Days & 24 RCEs

    May 11, 2022  Microsoft Patches 3 0-Days & 24 RCEs As part of May’s monthly security rollup updates, Microsoft has patched 3 0-Days (1 actively exploited), and 24 remote code execution vulnerabilities.  Overall, Microsoft has patched 75 vulnerabilities across Windows, Windows Server, Hyper-V, Azure, Office and other products.  The Zero-Day Vulnerabilities CVE-2022-26904 (CVSS 3.1: 8.1, High Severity) –…

  • F5 Patches Critical BIG-IP Device Takeover Vulnerability
    Threat Intelligence

    F5 Patches Critical BIG-IP Device Takeover Vulnerability

    May 8, 2022  F5 Patches Critical BIG-IP Device Takeover Vulnerability  F5 has patched a critical vulnerability affecting BIG-IP devices that may lead to device takeover.   The Vulnerability CVE-2022-1388 (CVSS 3.1: 9.8, Critical) – Undisclosed requests may bypass iControl REST authentication. This may result in remote code execution and modification of files and services.  Affected Products…

  • Cisco Patches 2 NFVIS RCE Vulnerabilities
    Threat Intelligence

    Cisco Patches 2 NFVIS RCE Vulnerabilities

    May 8, 2022  Cisco Patches 2 NFVIS RCE Vulnerabilities Cisco has patched 2 NFV Infrastructure Software remote code execution vulnerabilities, one rated critical.  Cisco NFVIS is a Linux-based infrastructure software for deploying virtualized network functions (virtual router, firewall, WAN acceleration, etc.) on a supported Cisco appliance.  The Vulnerabilities CVE-2022-20777 (CVSS 3.1: 9.9, Critical) – A…

  • Atlassian Patches Critical Jira Authentication Bypass Vulnerability
    Threat Intelligence

    Atlassian Patches Critical Jira Authentication Bypass Vulnerability

    April 24, 2022  Atlassian Patches Critical Jira Authentication Bypass Vulnerability  Atlassian has issued a security advisory addressing a critical authentication bypass vulnerability affecting Jira and Jira Service Management (non-cloud versions).  Exploiting the vulnerability may lead to remote code execution on the affected system.  The Vulnerability CVE-2022-0540 (CVSS 3.1: 9.9, Critical) – A vulnerability in Jira…