SecPod Labs
Security Research
In-depth CVE write-ups, vulnerability analysis, and security intelligence from the SecPod Research team.
Ransomware Types That Target Businesses
CVE Research
Ransomware Types That Target Businesses
Although the ransomware types took a nosedive in terms of the victim count years ago, it’s still alive and kicking. By using a vulnerability management tool, we can remediate these. It used to home in on any computers indiscriminately, but at some point, the malicious actors realized they could sque...
CVE Research
Critical Code Execution Vulnerabilities in Zoom Client Application
Two critical vulnerabilities were recently disclosed by Cisco Talos in the widely used video conferencing software Zoom. It can be exploited by a remote attacker who can hack into the host’s machine and can execute arbitrary code. Given the current scenario of the COVID-19 pandemic, several companie...
CVE Research
Alert for Apple Users: Apple Patches a Zero-Day Unc0ver Jailbreak Vulnerability
The IT giant, Apple has quietly patched a zero-day vulnerability which was recently discovered by a team of cyber-security researchers and hackers in the iOS kernel. Apple has patched this vulnerability in all of its operating systems across various devices along with iOS. The researchers who discov...
CVE Research
Critical Vulnerabilities in SAP Adaptive Server Enterprise (ASE)
The SAP Adaptive Server Enterprise (ASE), previously known as Sybase SQL Server, is a high-performance relational database server that can be hosted on-premise or cloud structure that is used by over 30,000 organizations worldwide, including banking institutions, healthcare companies, security firms...
CVE Research
Are Your Organization’s IT Assets ‘Really’ Under Control?
Every organization has its own IT Assets and IT asset control can be done by the internal team by using a vulnerability management tool. They might range from desktops, laptops, mobile devices to switches, hubs, routers, the list does not stop here. As organizations expand their business, it leads t...
CVE Research
Beware : NXNSAttack on DNS Servers Could Bring Down Major Sections of the Internet
A new vulnerability in the architecture of the global Domain Name System (DNS) was brought to light. By a team of Israeli researchers. The team also published a paper highlighting how this flaw could be leveraged with an attack. Dubbed as NXNSAttack to bring down target websites. A vulnerability man...
CVE Research
6 Common Myths And Misbeliefs About Patching
Patching is one of the best security practices followed to fix software vulnerabilities. Studies show that much serious ransomware like WannaCry could have been easily prevented if software updates were patched on time. For cyber attackers, un-updated software is always a welcome sign to intrude the...
CVE Research
Adobe Critical Security Updates May 2020
Adobe had released security updates providing fixes for 16 critical vulnerabilities in Adobe Acrobat, Reader, and Adobe DNG Software Development Kit. A total of 36 security bugs were patched in this release. The critical vulnerabilities could allow the attackers to execute arbitrary code or bypass t...
CVE Research
Cisco Releases Security Updates for Multiple Products
Cisco has rolled out May 2020 security patches for eleven different products using auto patching. Advisories released for Cisco Adaptive Security Appliance Software and Cisco Firepower Threat Defense Software are considered important. The most severe of these vulnerabilities could enable an attacker...