SecPod Labs
Security Research
In-depth CVE write-ups, vulnerability analysis, and security intelligence from the SecPod Research team.
CVE Research
A Cup Half Empty: Linux RCE Flaws Discovered In CUPS
It’s been a rough year for Linux! The XZ Utils bug caused tremors worldwide in March, and with the recent discovery of a potential chain attack on the CUPS open-source printing system, Linux seems to be caught in a veritable maelstrom of vulnerabilities.
CVE Research
Vulnerability Management Framework: A 5-Step Blueprint for Cyber Defense
How can you consistently identify and patch security risks while improving your cybersecurity posture. The answer lies in strong vulnerability management framework. 50% of organizations around the world experienced a breach caused by unpatched vulnerabilities. Without a structured approach to manage...
CVE Research
Estimating the Impact of Vulnerability Debt
You can’t easily measure the impact of a vulnerability in your network. To add salt to the wound, the impact is multi-fold. Not just monetarily, risks in your network can damage everything else, too. To measure this impact, security leaders around the world are leveraging the concept of vulnerabilit...
CVE Research
Attack Surface Management v/s Vulnerability Management: Know the Difference!
Attack surface management and Vulnerability Management have always been mistaken. Knowing the difference between managing your attack surface and managing vulnerabilities is key. These two terms may sound familiar, but each tackles a different aspect of security. So, let’s dive into the world of att...
CVE Research
SolarWinds Fixed Critical RCE (CVE-2024-28991) in Access Rights Manager. Patch Now!
SolarWinds has released critical updates to address two security vulnerabilities in its Access Rights Manager (ARM) software, including a severe flaw that could lead to remote code execution (RCE). These vulnerabilities pose significant security risks to organizations using ARM for managing access r...
CVE Research
Critical GitLab Pipeline Execution Vulnerability (CVE-2024-6678)
Recently, GitLab issued an urgent security advisory regarding a critical vulnerability, CVE-2024-6678, which impacts both GitLab Community Edition (CE) and Enterprise Edition (EE). This flaw, with a CVSS score of 9.9, allows attackers to execute pipeline jobs as arbitrary users, potentially leading ...
CVE Research
Adobe Critical Security Updates Sept 2024
In September 2024, Adobe has rolled out a series of crucial security updates for several of its major products. This release addresses multiple vulnerabilities across its software suite, including Adobe Media Encoder, Adobe Audition, Adobe After Effects, Adobe Premiere Pro, Adobe Illustrator, Adobe ...
CVE Research
Microsoft Addresses 79 Flaws, 4 Zero Days in September 2024 Patch Tuesday
September’s coming in hot! Out of the 79 vulnerabilities it has under its belt, 4 are zero-days, and each zero-day is known to have been actively exploited. Luckily, Microsoft has saved us from impending calamity once more and released patches for them all.