SecPod Labs
Security Research
In-depth CVE write-ups, vulnerability analysis, and security intelligence from the SecPod Research team.
CVE Research
How Effectively are you Handling Hidden Vulnerabilities?
Addressing vulnerabilities and fixing them is easier said than done. What notion do you get when you hear about vulnerability management? All a vulnerability management system does is scan, discover, and remediate vulnerabilities. Only the security teams know how winding and bumpy the road is betwee...
CVE Research
Microsoft’s October 2021 Patch Tuesday Squashes 4 Zero-days and a Total of 81 Vulnerabilities
Microsoft has released October Patch Tuesday security updates with a total of 81 vulnerabilities, which include Four Zero-Days, Three CVEs rated as critical, and 70 rated as important by a vulnerability scanning tool. The products covered in October’s security update include Microsoft Office, Window...
CVE Research
Why Is It Important To Manage Vulnerabilities Beyond CVEs?
CVE stands for Common Vulnerabilities and Exposures. It is the database of publicly disclosed information on security issues. All organizations use CVEs to identify and track the number of vulnerabilities. However, not all the vulnerabilities discovered have a CVE number. For instance, the CVE datab...
CVE Research
Apache HTTP Server Zero-Day Vulnerability Exploited in the Wild
Apache HTTP server recently fixed two security vulnerabilities, out of which a wildly exploited Zero-Day flaw also existed. Attackers use a path traversal flaw existing in the application to map URLs to files outside the expected document root, leading to information disclosure. This zero-day CVE-20...
CVE Research
How Fast, Accurate, and Continuous are your Vulnerability Scans?
With time, cybercriminals have begun employing sophisticated mediums to unleash chaos and vulnerabilities digitally. Vulnerabilities are becoming the most common and significant cause of many cyberattacks today. Managing them and preventing vulnerability exploits have become the most critical tasks ...
CVE Research
VMware vCenter Servers Under Active Attack, Patch Now!
VMware, the virtualization giant, has patched 19 vulnerabilities, including one critical vulnerability, ten important vulnerabilities, and eight moderate vulnerabilities, in its latest security advisory VMSA-2021-0020. The vulnerabilities tracked as CVE-2021-21991, CVE-2021-21992, CVE-2021-21993, CV...
CVE Research
Apple Patches Critical Zero-Days Vulnerabilities Exploited in the Wild
Apple released security updates for multiple products, with their patches for critical zero-days vulnerabilities including Safari, Xcode, tvOS, watchOS, iOS, iPadOS, and iTunes. A total of 30 vulnerabilities are addressed, including Arbitrary Code Execution, Denial of Service, Privilege Escalation, ...
CVE Research
Microsoft Open Management Infrastructure (OMI) Critical Vulnerabilities Under Active Exploitation – OMIGOD
Microsoft Open Management Infrastructure (OMI) is an open-source project which allows users to manage configurations across remote and local environments and collect statistics. The primary goal of OMI is to provide a rich, high-performance, standard-based management stack that is suitable for a wid...
CVE Research
How to Measure the Efficacy of Your Vulnerability Management Program?
With the changing security landscape and the complex threat surface, security teams are engaged in the battle of their lives today. Even after deploying multiple solutions to execute each step of vulnerability management and trying different techniques, they still lack a tight hold on the process. I...