Resources
Learn about CYREBRO’s platform, technology, and capabilities, read about industry insights, watch webinars with cyber experts, and much more in the resources below.
-
Threat Intelligence
KeePass Vulnerability Allows Obtaining Cleartext Passwords
May 22, 2023 KeePass Vulnerability Allows Obtaining Cleartext Passwords A recently discovered vulnerability in the open-source password management tool KeePass might allow the master password to be retrieved. The vulnerability has a proof-of-concept (PoC) exploit available. The Vulnerability CVE-2023-32784 – Vulnerability in “SecureTextBoxEx” in KeePass – where the master password and other passwords are entered…
-
Threat Intelligence
Trend Micro Patches Critical RCE Vulnerability in Apex One
May 22, 2023 Trend Micro Patches Critical RCE Vulnerability in Apex One Trend Micro has issued a new Critical Patch (CP) for Trend Micro Apex One and Trend Micro Apex One as a Service, which addresses a number of previously identified vulnerabilities. The Critical RCE Vulnerability CVE-2023-32557, (CVSS 3.1: 9.8, Critical) – Management Server Path…
-
Threat Intelligence
Apple Patches Three Zero-Day Vulnerabilities
May 21, 2023 Apple Patches Three Zero-Day Vulnerabilities Apple has addressed three zero-days vulnerabilities in macOS and additional products. The Zero-day Vulnerabilities CVE-2023-28204 – Sandbox Escape Vulnerability. A remote threat actor can exploit this vulnerability to break out of web content sandboxes. CVE-2023-32409, CVE-2023-32373 – Out-Of-Bounds Read Vulnerabilities. A threat actor can exploit these vulnerabilities…
-
Threat Intelligence
CISCO Patches Critical Vulnerabilities
May 18, 2023 CISCO Patches Critical Vulnerabilities Cisco has addressed four critical RCE (Remote Code Execution) vulnerabilities discovered in multiple Small Business Series Switches. Successful exploit of any of the vulnerabilities could allow a threat actor to execute arbitrary code with root privileges on compromised devices. The vulnerabilities are triggered by incorrect validation of requests…
-
Threat Intelligence
Google Patches RCE Vulnerabilities in Chrome
May 17, 2023 Google Patches RCE Vulnerabilities in Chrome Google has released Chrome version 113.0.5672.126/127 (Stable Channel), patching 12 vulnerabilities. Successful exploitation of some of these vulnerabilities could allow remote code execution (RCE) on the targeted system. The RCE Vulnerabilities CVE-2023-2721, Critical – Use after free vulnerability in Navigation which allows a remote attacker to…
-
Threat Intelligence
Critical WordPress “Elementor” Addons Plugin Site-Takeover Vulnerability
May 14, 2023 Critical WordPress “Elementor” Addons Plugin Site-Takeover Vulnerability ‘Essential Addons for Elementor’ has released patch for a critical vulnerability. Successful exploitation can allow an unauthenticated attacker to impersonate an administrator and completely take over a website without requiring any user interaction or social engineering. The Vulnerability CVE-2023-32243 (CVSS 3.1: 9.8, Critical) – Improper Authentication vulnerability…
-
Guides & E-books
SOC-as-a-Service vs. cloud-based SOC platform comparison
Establishing and running an in-house SOC may not always be feasible, as there are many options to choose from. Many organizations opt for outsourcing the SOC to a third-party provider of managed security services.
-
Guide
Threat Hunting Tools
Cyber threat hunting is a proactive and iterative search through endpoints, networks, and datasets to detect suspicious, malicious, and risky activities that have evaded detection by existing cybersecurity controls.
-
Guide
SOC Threat Intelligence
Cyber threat hunting is a proactive and iterative search through endpoints, networks, and datasets to detect suspicious, malicious, and risky activities that have evaded detection by existing cybersecurity controls.
-
Guides & E-books
The SMB’s Guide to Large Enterprise-Like Cybersecurity
The cyberattacks that are launched on large enterprises are the ones that tend to grab the big headlines because of the big numbers involved with their colossal impact.
-
Guides & E-books
What’s the Best Cyber Security Approach for Your Small-to-Medium Business?
Nearly 70% of small-to-medium businesses (SMBs) are not worried about getting hacked, mostly because they don’t think they have the resources that hackers typically seek out, whether it’s funds or valuable sensitive information.
-
Threat Intelligence
Critical WordPress “Elementor” Addons Plugin Site-Takeover Vulnerability
May 14, 2023 Critical WordPress “Elementor” Addons Plugin Site-Takeover Vulnerability ‘Essential Addons for Elementor’ has released patch for a critical vulnerability. Successful exploitation can allow an unauthenticated attacker to impersonate an administrator and completely take over a website without requiring any user interaction or social engineering. The Vulnerability CVE-2023-32243 (CVSS 3.1: 9.8, Critical) – Improper Authentication vulnerability…
-
Threat Intelligence
Ruckus RCE vulnerability exploits in the wild
May 10, 2023 Ruckus RCE vulnerability exploits in the wild Following the critical vulnerability in Ruckus Wireless Admin panels that was fixed on February 8, 2023. Exploitation of the vulnerability by a botnet named ‘AndoryuBot’ and remote code execution was observed. The Critical Vulnerability CVE-2023-25717 (CVSS 3.1: 9.1, Critical) Vulnerability in Ruckus Wireless Admin panels…
-
Threat Intelligence
SAP Patches Critical Vulnerabilitiy Affects SAP BusinessObjects Intelligence Platform
May 10, 2023 SAP Patches Critical Vulnerabilitiy Affects SAP BusinessObjects Intelligence Platform As part of May monthly security rollup updates, SAP has released patches to resolve several vulnerabilities which affect several SAP products including critical vulnerability affects SAP BusinessObjects Intelligence Platform. The Critical Vulnerability CVE-2023-28762 (CVSS 3.1: 9.1, Critical) -An Information Disclosure vulnerabilities in SAP…
-
Threat Intelligence
Cisco phone adapters vulnerable to RCE attacks
May 10, 2023 Cisco phone adapters vulnerable to RCE attacks Cisco has identified a vulnerability in the web-based management interface of Cisco SPA112 2-Port Phone Adapters that allows an unauthenticated, remote attacker to execute arbitrary code on the devices. Since Cisco SPA112 2-Port Phone Adapters are unlikely to be connected to the Internet, these issues…
-
Threat Intelligence
Mozilla Patches RCE Vulnerabilities in Firefox & Firefox ESR
May 10, 2023 Mozilla Patches RCE Vulnerabilities in Firefox & Firefox ESR Mozilla has released security updates to address vulnerabilities in Firefox. An attacker could exploit these vulnerabilities to take control of an affected system. The RCE Vulnerabilities CVE-2023-32215 High severity – Memory corruption vulnerability, successful exploitation of which may allow a malicious actor to remotely run…
-
Threat Intelligence
Microsoft Patches Actively-Exploited 3 Zero-Days & 12 RCE Vulnerabilities
May 10, 2023 Microsoft Patches Actively-Exploited 3 Zero-Days & 12 RCE Vulnerabilities As part of May monthly security rollup updates, Microsoft has patched 3 Zero-Day and 12 Remote Code Execution (RCE) vulnerabilities. Overall, Microsoft has patched 40 vulnerabilities across Windows, VS, Edge, Office, RDP and others. The Zero-Day Vulnerabilities CVE-2023-29336, (CVSS 3.1: 7.8, High-Severity) –…