SecPod Labs
Security Research
In-depth CVE write-ups, vulnerability analysis, and security intelligence from the SecPod Research team.
CVE Research
Mozilla Patches Zero-Day and High-Severity Vulnerabilities
Mozilla has released three security advisories to address the vulnerabilities present in Firefox, Firefox ESR, and Thunderbird. A zero-day vulnerability (CVE-2020-15999) has also been addressed in the latest version of Firefox. Firefox version 83 also introduces a new “HTTPS-only mode“, if enabled a...
CVE Research
Best Practices to Win at Vulnerability Management
Vulnerability management is hard to execute as a continuous process in the long run. In huge networks of organizations, the number of devices, software applications, and the vulnerabilities associated with them is multiplying rapidly. The complexity of devices and software is always growing. Organiz...
CVE Research
Google Chrome Under Active Exploitation With Two Zero-Days!
Google has released a security advisory for its Chrome users on Windows, Mac, and Linux, addressing two very critical Zero-Day exploits exploited in the wild. These google chrome security vulnerabilities tracked as CVE-2020-16013 and CVE-2020-16017. Endpoints not been patched are advised to deploy p...
CVE Research
5 Steps to Build an Effective Vulnerability Management Program
Vulnerability management program is a standardized process across most organizations. However, even organizations that follow periodic compliance audits and patch software vulnerabilities are hit by cyber-attacks. If attack surfaces are open despite following a documented vulnerability management pr...
CVE Research
Oracle Emergency Fix for Critical RCE Flaw in WebLogic Server
Oracle has addressed a critical Remote Code Execution (RCE) vulnerability in the rare out-of-band patch in numerous versions of Oracle WebLogic Server. The vulnerability is assigned CVE-2020-14750, which has a CVSS base score of 9.8 out of 10 and is remotely exploitable without authentication or use...
CVE Research
Three Takeaways from the National Security Agency’s Cybersecurity Advisory in October 2020
On October 20, 2020, the National Security Agency (NSA), a national-level intelligence agency of the United States Department of Defense, released an NSA cybersecurity advisory highlighting 25 vulnerabilities in commonly-used software that are currently under active exploitation. They released the a...
CVE Research
UNC1945 Infiltrates Corporate Networks through a Solaris Zero-Day Bug
A new zero-day vulnerability (CVE-2020-14871) in Oracle Solaris has been brought to light by the FireEye security research team, Mandiant. Moreover, the vulnerability has been reported as being actively exploited. A Vulnerability Management System can resolve these issues. Hence, the sophisticated ...
CVE Research
Google Discloses Windows Zero-Day Vulnerability Being Exploited in the Wild
Google Project Zero disclosed details for a zero-day vulnerability CVE-2020-17087 found in the Windows operating system that being currently exploited in the wild. A vulnerability management tool discovered this.
CVE Research
System Hardening: The Key to Minimizing Attack Surfaces
Cyber-attacks are busting in from all directions. The biggest and most widespread attack was in 2017, called Wannacry. More than 230,000 computers were affected by ransomware, amounting to more than $4 billion in losses. This attack was due to an old SMB protocol enabled in Windows devices. Prevent ...