SecPod Labs
Security Research
In-depth CVE write-ups, vulnerability analysis, and security intelligence from the SecPod Research team.
CVE Research
The First Step Towards Endpoint Security Brilliance
This year has forced us into a lot of new challenges in the digital world. During the first half of 2020, Microsoft has seen a 150% increase in vulnerabilities than the entirety of 2019. Security breaches and ransomware attacks are being reported at an alarming rate this year. Cybercriminals now hav...
CVE Research
Oracle WebLogic Server Under Active Exploitation (CVE-2020-14882)
Critical Remote Code Execution (RCE) vulnerability CVE-2020-14882 in the console component of the Oracle WebLogic Server Exploitation allows unauthenticated, remote attackers to execute commands on the affected servers. Oracle has assigned this vulnerability a CVSSv3 score of 9.8 out of 10, clearly ...
CVE Research
The 5 Biggest Myths of Vulnerability Management Busted for Good
Vulnerability management has been a standard practice for more than 15 years now. Vulnerability Scanning tool, assessment, and remediation have occupied an important spot in an organization’s endpoint security practices. However, many old beliefs and approaches that were once working fine have turne...
CVE Research
Chrome Zero-Day Under Active Exploitation – Patch Now
We all know the popularity and extensive audience of the Google Chrome browser, which can be used on Windows, Mac, or Linux computers and Android devices. To those currently using the same and who have not yet deployed the patch, it’s time to update their Chrome browsers to the latest version, 86.0....
CVE Research
AgeLocker Ransomware Targeting QNAP NAS Devices
AgeLocker Ransomware targeting QNAP network-attached storage (NAS) devices have been used by attackers to encrypt user data and demand a ransom. It has been found after research that no unpatched vulnerability was found to be exploited in the use of AgeLocker ransomware attack, whereas all the known...
CVE Research
Alert! Zerologon: Your Windows Domain Controller Can’t Handle Zero Properly (CVE-2020-1472)
Microsoft team patched a critical and exciting vulnerability in the Netlogon Remote Protocol of the Windows server last month. zero logon vulnerability discovered by the Cybersecurity firm Secura (dubbed as Zerologon), has received the highest severity score of 10.0. The vulnerability is identified ...
CVE Research
Patch Tuesday: Microsoft Security Bulletin Summary for September 2020
Microsoft Patch Tuesday September 2020 has released September Patch Tuesday security updates with a total release of 129 vulnerabilities, In which 23 are classified as Critical with Remote Code Execution(RCE) 105 are classified as important and 1 is classified as moderate that reside in the Microsof...
CVE Research
WordPress File Manager Plugin Under Active Exploitation
File Manager is a popular WordPress plugin that manages files to upload on WordPress sites. It allows a WordPress administrator to edit, delete, upload, download, archive, copy and paste files and folders directly from the WordPress backend. A critical remote code execution vulnerability identified ...