SecPod Labs
Security Research
In-depth CVE write-ups, vulnerability analysis, and security intelligence from the SecPod Research team.
CVE Research
Patch Tuesday: The Fix You cannot Miss
How many times have you blissfully ignored the update notification and clicked on “remind me later”? Yes, in the busy life, the severity of the updates goes unnoticed, and it often becomes the Achilles heel in the ‘trojan’ war. Patching and securing the endpoints has become a supreme task over the y...
CVE Research
Multiple Zero-Days in Microsoft Exchange Server Actively Exploited in the Wild
Microsoft has released patches for Exchange Server. The advisory addresses the following vulnerabilities – CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065. Microsoft has also reported that zero-day exploits were being used to attack Microsoft Exchange Server in the wild. Microsoft...
CVE Research
Google Chrome Zero-Day Under Active Exploitation
Google has released a security advisory for its Chrome users on Windows, Mac, and Linux, addressing 47 security vulnerabilities. This release includes one very critical Zero-Day exploit exploited in the wild. This vulnerability tracked as CVE-2021-21166. However, Endpoints that have not been patched...
CVE Research
Thousands of VMware Centers Exposed to New Remote Code Execution Vulnerability
The CVE-2021-21972 remote code execution vulnerability was reported by Mikhail Klyuchnikov from Positive Technologies. A vulnerability management tool discovered this. The organization also published a detailed write-up for this vulnerability to share the impact of the flaw.
CVE Research
QNAP Patches Critical Vulnerabilities in NAS Appliances
QNAP addresses multiple vulnerabilities in its product line affecting Surveillance Station and Photo Station applications using a vulnerability management tool. These vulnerable software applications are powered by Network Attached Storage (NAS), a storage management technology powering file sharing...
CVE Research
Adobe Fixes Critical Zero-Day Flaw Actively Exploited in the Wild – Security Updates February 2021
Adobe Security updates February 2021 released security updates providing fixes for 33 critical vulnerabilities in Adobe Magento, Adobe Acrobat, Reader, Photoshop, Animate, Illustrator, and Dreamweaver. A total of 50 security vulnerabilities are patched in this release. The patched vulnerabilities ar...
CVE Research
Patch Tuesday: Microsoft Security Bulletin Summary for February 2021
Microsoft has roll-out its February 2021 patch Tuesday security updates on this month’s for 56 vulnerabilities, including a zero-day in its product line. Released patches include products such as Windows operating system, Edge browser, Microsoft Office, and services. Out of these, 11 are classified ...
CVE Research
5 Setbacks of Multi-Tool Endpoint Security Stacks
An average IT team uses a vast collection of tools and techniques to execute security tasks. A vulnerability management tool, patching tools for different platforms and apps, incident detection and response software, and compliance management software to deal with audits. These tools are their stand...
CVE Research
Cisco Releases Security Updates for Multiple Products
Cisco Security Updates February 2021 has been released address high severity vulnerabilities for twelve different Cisco products using a patch management tool. Exploit on some of these vulnerabilities allow an unauthenticated attacker to execute code with root privileges remotely.