SecPod Labs
Security Research
In-depth CVE write-ups, vulnerability analysis, and security intelligence from the SecPod Research team.
CVE Research
15 Cloud Security Challenges Every InfoSec Professional Should Know About
Cloud adoption can feel like navigating uncharted territory — brimming with potential but fraught with hidden dangers. Cloud security challenges such as vulnerabilities in APIs and configuration missteps can turn the cloud’s openness into a double-edged sword. As cloud adoption accelerates, so do th...
CVE Research
Ivanti Patch Management vs SanerNow and others
It’s a call no IT or security manager would want to take: “Our systems are down, and we can’t figure out the cause.” After hours of going through and fro the IT security, the answer starts becoming clear: an unpatched vulnerability was exploited, bringing operations to a halt!Every unpatched system...
CVE Research
Unlocking Cybersecurity Success: Why Your Scanning Report is the Key to Protection
Staying a step ahead of potential threats is key to preventing devastating cyberattacks. One of the most effective ways to maintain this edge is through regular scanning reports. A scanning report is a snapshot of your enterprise’s vulnerabilities and risks at a given point in time. Cybersecurity is...
CVE Research
Enhancing Safety in Government Enterprises
As government agencies and public institutions increasingly rely on digital systems to deliver services, manage resources, and store sensitive information, the importance of cybersecurity has never been more pronounced.Cyber threats—whether from individual hackers, organized cybercriminals, or natio...
CVE Research
Microsoft’s November 2024 Patch Tuesday Resolves 88 Flaws, Including 4 Zero Days
This month, Microsoft released security updates addressing 88 vulnerabilities, four of which were zero-days and four critical. Two of the zero-days are known to have been actively exploited, and three have been publicly disclosed. The chart below offers some insight into the types of vulnerabilities...
CVE Research
Cybersecurity Best Practices to Keep your Enterprise Protected
As we are in the AI era, cybersecurity remains a top concern for enterprises, especially as the holiday season approaches. With an increase in online shopping and digital transactions, cybercriminals are more active than ever, looking to exploit vulnerabilities in systems.
CVE Research
Cisco ASA and FTD Are Being Actively Exploited, Urgent Patch Released for CVE-2024-20481
Cisco is warning users of a new flaw in the Remote Access VPN (RAVPN) service of its Adaptive Security Appliance and Firepower Threat Defense Software. CVE-2024-20481 has a CVSS score of 5.8, which can lead to a denial-of-service (DoS) condition. An unauthenticated, remote attacker could exploit thi...
CVE Research
CVE-2024-38812: VMWare Patches Critical RCE Flaw In vCenter Server
Broadcom has released security updates addressing CVE-2024-38812, a heap-overflow vulnerability in VMWare vCenter Server. With a CVSS score of 9.8, this critical vulnerability is present in implementing the DCE/RPC protocol and could lead to RCE. An attacker with network access to the vCenter Server...