SecPod Labs
Security Research
In-depth CVE write-ups, vulnerability analysis, and security intelligence from the SecPod Research team.
CVE Research
Zoom Zero-Day Critical Vulnerability Allows RCE
A critical zero-day vulnerability has been found in Zoom – A video conferencing software, for Windows 7 or below. The vulnerability allows an attacker to execute remote code on the victim’s system without triggering any security warning. To successfully exploit this vulnerability, the attacker trick...
CVE Research
Critical Vulnerabilities in Palo Alto Networks PAN-OS devices
Palo Alto Network (PAN) has recently fixed a critical vulnerability related to the PAN-OS operating systems. The operating systems are known to power Palo Alto’s next-generation firewall. The vulnerability is tracked as CVE-2020-2021 with a CVSSv3 base score of 10. PAN-OS is the custom operating sys...
CVE Research
Citrix Security Updates for Critical vulnerabilities in Citrix ADC, Gateway and SD-WAN
Citrix announces the release of patches for fixing a set of 11 critical flaws found in three of its networking products: Citrix ADC, Citrix Gateway, and Citrix SD-WAN WANOP appliance models 4000-WO, 4100-WO, 5000-WO, and 5100-WO. However, As per the Citrix sources, the vulnerabilities don’t have an...
CVE Research
F5 BIG-IP Devices Under Active Exploitation (CVE-2020-5902)
F5 BIG-IP is a multi-purpose networking device manufactured by F5 Networks which can be configured to work as a traffic shaping system, firewall, load balancer, access gateway, rate limiter, or SSL middleware. F5 BIG-IP devices are one of the most popular networking products and are widely used in g...
CVE Research
Apache Guacamole Critical Vulnerabilities Put Remote Desktops at Risk
Security researchers at Check Point have uncovered multiple critical reverse RDP vulnerabilities in the Apache Guacamole. Apache Guacamole is a clientless remote desktop gateway. It supports standard protocols like VNC, RDP, and SSH, together with MFA (Multi-Factor Authentication), compliance checks...
CVE Research
Microsoft HEVC emergency security updates for critical RCE vulnerabilities
Microsoft has released patches to fix two remote code execution vulnerabilities in Microsoft Windows Codecs Library. HEVC or Windows codecs library is responsible for handling large media files and decoding them for playback. HEVC by developers as it supports a multitude of different file formats. T...
CVE Research
Data Breaches are a Major Threat to Endpoint Security : SecPod Talks
The term data breach refers to any misfortunate event where confidential information is exposed to unauthorized users. Such incidents not only cause life-damaging fines but also destroys an organization’s hard-earned reputation and trust. A vulnerability management software helps stop data breaches.
CVE Research
‘Ripple20’ Vulnerabilities Affecting Millions of Internet Connected Devices Worldwide
Treck TCP/IP is a high-performance TCP/IP protocol suite designed for embedded systems. A set of 19 critical and high-severity security vulnerabilities have been discovered using a vulnerability scanning tool by Israeli security research firm JSOF in a low-level TCP/IP software library, Ripple 20 Vu...
CVE Research
A Critical Vulnerability ‘SMBleed’ Impacts Windows SMB Protocol
The Server Message Block Protocol (SMB protocol), which runs over TCP port 445, is a client-server communication protocol for sharing access to files, printers, network browsing, and inter-process communication.