SecPod Labs
Security Research
In-depth CVE write-ups, vulnerability analysis, and security intelligence from the SecPod Research team.
CVE Research
The Vital Role of a Vulnerability Database in Your Vulnerability Management Program
Attackers are continuously looking for new vulnerabilities to take advantage of. They easily exploit the ones that are not remediated and the ones that are still prevalent among the endpoints. At the same time, we come across various tools and strategies to execute Vulnerability Management. Therefor...
CVE Research
Patch Tuesday: Microsoft Security Bulletin Summary for April 2021
Microsoft Security Bulletin April 2021 has released Patch Tuesday, security updates with a total of 108 vulnerabilities in the family of Windows operating systems and related products. In the release by Microsoft, 19 were rated as Critical and 89 as Important. Six Chromium Edge vulnerabilities relea...
CVE Research
The Most Notorious Security Risks Tagging Along from 2020
2020 has been a disaster for many organizations: multiple data breaches, ransomware attacks, and internal threats. After 2020, IT as a department and a role have changed for the good. Leaders are more receptive to the opinions and initiatives of CIO/CISO/IT Head roles. Every IT professional now give...
CVE Research
VMware Fixes Critical Bugs that Can Be Chained Together to Gain RCE
VMware, the virtualization giant, has released two advisories addressing three critical vulnerabilities in multiple products. VMSA-2021-0004 advisory fixes CVE-2021-21975, CVE-2021-21983 can be chained together to gain remote code execution (RCE) on the affected system. The other, VMSA-2021-0005 adv...
CVE Research
OpenSSL Patches Two High Severity Crypto Vulnerabilities
Two high-severity vulnerabilities were recently revealed to be present in the popular cryptography library, OpenSSL. While one of the vulnerabilities can allow an attacker to bypass CA Certificate checks, the other could lead to a Denial of Service (DoS) condition. However, a vulnerability managemen...
CVE Research
Cisco Releases Security Updates for Multiple Products
Cisco has rolled out security patches for critical, high, and medium severity vulnerabilities. In the Advisory, Cisco Security Updates March 2021, released for Cisco Jabber Desktop and Mobile Client Software has been rated with Critical impact from Cisco. Among the bugs reported, some of the vulner...
CVE Research
Critical Code Execution Vulnerability in Adobe ColdFusion
Adobe has released a critical security update that impacted Adobe ColdFusion and is assigned with a priority rating of 2. The Adobe Coldfusion Exploit found in the product affects ColdFusion versions 2016, 2018, and 2021 that would lead to arbitrary code execution. Using a patch management tool can ...
CVE Research
Critical Remote Code Execution Vulnerabilities in MyBB Forum Software
Two critical vulnerabilities have been found in popular bulletin board software called MyBB. The vulnerabilities can be chained together to get remote code execution without prior access to a privileged account. The independent security researchers Simon Scannell and Carl Smith found the flaws. They...
CVE Research
Another Zero-Day in Google Chrome Under Active Exploitation
Google has released a second emergency update for its Chrome Browser this month. Chrome version 89.0.4389.90 for Windows, Mac, and Linux fix five security bugs, one of which is an actively exploited zero-day issue (identified by CVE-2021-21193) which is a Use after free in Chrome’s Blink rendering e...