SecPod Labs
Security Research
In-depth CVE write-ups, vulnerability analysis, and security intelligence from the SecPod Research team.
CVE Research
Microsoft Fixes 60 Vulnerabilities, 2 Rated Critical, in March 2024 Patch Tuesday
It’s been a calm year so far for patches! January saw no zero days, February only saw two, and March has brought us another month with zero zero days, so to speak. Microsoft’s Patch Tuesday states that out of the 60 flaws found, two are critical, and none were previously disclosed or actively exploi...
CVE Research
Strategic Server Patch Management to Safeguard Your IT Landscape
Consider this scenario: many vulnerabilities that don’t have a patch are present in the servers and get wildly exploited. These vulnerabilities will act as an open door to hackers, inviting them to have complete control over organizational information. To prevent this situation, an organization sho...
CVE Research
VMWare Catches New Critical ESXi Sandbox Escape Bugs
VMWare’s latest advisory reveals four new vulnerabilities affecting its ESXi, Workstation, Fusion, and Cloud Foundation products. Each vulnerability has been patched, with support even being extended for end-of-life products – an unusual but vital decision for this unprecedented situation.
CVE Research
Critical Security Vulnerabilities Discovered in JetBrains TeamCity: Urgent Action Required
Recent disclosures have revealed critical vulnerabilities in JetBrains TeamCity. Two vulnerabilities have been identified, namely: CVE-2024-27198 and CVE-2024-27199. It allows unauthenticated attackers to bypass authentication measures and gain unauthorized access to sensitive endpoints within the T...
CVE Research
5 Reasons Vulnerability Management Is So Important for SMEs
Across the web, it’s easy to find countless articles on vulnerability management. This is the process of continuous assessment, identification, management, and updating of a business’ cybersecurity practices, and it’s a process that a lot of companies undertake to protect themselves against the evol...
CVE Research
SanerNow Risk Prioritization vs CVSS-based Risk Prioritization
A mountain of vulnerabilities and no way of knowing the most critical ones. This is the story of every modern organization’s network, including yours probably. “But what about CVSS-based prioritization?” you might ask. While CVSS in cyber security is a popular method, vulnerability management tools ...
CVE Research
“What’s the Proof?” The Most Frequently asked Question by Security Teams, Now Answered by SanerNow
The odds are stacked against the IT team, who are at work daily to protect their organization against cyberattacks. It will make life easier for the security teams if they get clarity on the vulnerabilities of their IT environment. For instance, the name of the vulnerability, the associated CVE ID, ...
CVE Research
SanerNow’s Agentless Scanner for Endpoint Security
An agentless scanner can detect every vulnerability without leaving a trace. It can silently detect vulnerabilities without installing an agent in each device. The agentless scanner operates discreetly, gathers all the vulnerability information, and self-destructs itself.
CVE Research
SolarWinds Fixes Five Potential RCE Vulnerabilities in its Access Rights Manager Solution
Five remote code execution (RCE) vulnerabilities, including three critical severity holes, have been addressed by SolarWinds in its Access Rights Manager (ARM) solution. Three vulnerabilities stand out among the five due to their ability to execute remote code without authentication. These vulnerabi...