SecPod Labs
Security Research
In-depth CVE write-ups, vulnerability analysis, and security intelligence from the SecPod Research team.
CVE Research
Detect Vulnerabilities Before Attackers Do
Although there are several ways to secure IT assets, the only way to truly understand the existing security’s effectiveness is to scan and assess the report with several tests. Vulnerability scanning is necessary to evaluate and enhance an organization’s cybersecurity network. The computing environm...
CVE Research
Most Painful Products that Keep IT Security Admins Up on their Toes
There will always be an IT admin team that consistently remediates vulnerabilities due to the possibility of security threats. The higher the number of vulnerabilities in an application, the greater the likelihood of security threats. And businesses need to remediate those vulnerabilities with a vul...
CVE Research
Apple Critical Security Updates January 2022
Apple critical security update Jan 2022 has released security updates for multiple products. A total of 16 vulnerabilities were addressed. Exploiting some of these security flaws could allow an attacker to take control of an affected system.
CVE Research
PwnKit Linux vulnerability Jan-2022: Local Privilege Escalation Vulnerability In Major Linux Distributions
Most of the Linux distributions have the pkexec binary. The vulnerability (CVE-2021-4034) lies in that binary. The pkexec is a part PwnKit Linux vulnerability Jan-2022, which affects the Polkit open-source application framework used for interaction between privileged and unprivileged processes. Furt...
CVE Research
Automated Patching: A Sure Way to Deal with the Rising Rate of Vulnerabilities
According to a study by Ponemon Institute, 55% of enterprises say they spend more time manually navigating through the various processes involved in a patch management platform than actually patching vulnerabilities.
CVE Research
Oracle Critical Security Updates January 2022
Oracle has released 497 new security patches for various product families, including Oracle Communications, Oracle MySQL, Oracle Financial Services Applications, Oracle Retail Applications, etc. This advisory covers multiple products which are prone to many vulnerabilities. Having a vulnerability ma...
CVE Research
False Positives and the story of Rob’s failed Vulnerability Management Program
Like most security admins, Rob is always on his toes to protect the digital infrastructure of his organization from bad actors. Rob, aka Robbie, that’s what his colleagues and employers used to call him, relied on a static vulnerability management program and went ahead with a 14-day free trial. For...
CVE Research
Why Is It Important To Prioritize Vulnerabilities Beyond CVSS?
We all know the importance of vulnerability management in cyber-security. The pace with which the vulnerabilities are rising and their patches overwhelmed enterprises to deal with every loophole. Hence, enterprises tend to focus on flaws with high severity from CVSS.
CVE Research
Zoho Patches a Critical Vulnerability in ManageEngine Desktop Central
Zoho Corporation has released patches for its ManageEngine Desktop Central and Desktop Central MSP solutions affected by CVE-2021-44757, a critical authentication bypass vulnerability. A reliable vulnerability management tool can solve these problems.