SecPod Labs
Security Research
In-depth CVE write-ups, vulnerability analysis, and security intelligence from the SecPod Research team.
CVE Research
SaltStack Salt Critical Vulnerabilities Under Active Exploitation
SaltStack Salt is a very popular open-source remote task and configuration management framework widely used in data centers and cloud environments. Two critical security flaws have been discovered by a vulnerability management tool. In Salt that can allow an attacker to execute arbitrary commands as...
CVE Research
Microsoft out-of-band Security Updates for Office and Paint 3D
Microsoft released an out-of-band security update addressing multiple vulnerabilities that plug remote code execution vulnerabilities in an Autodesk FBX library incorporated into Microsoft Office, Office 365 ProPlus and Paint 3D applications. A vulnerability management tool can detect multiple vulne...
CVE Research
Unpatched Zero-Day Vulnerabilities Put IBM Data Risk Manager At Risk
A security researcher recently uncovered four vulnerabilities in IBM Data Risk Manager and publicly disclosed them following a refusal from the tech giant to act on the same. These Zero-Day vulnerabilities, which have not been assigned any CVEs yet, comprise 3 critical and 1 high severity bugs.
CVE Research
Are You Sure Uninvited Guests Are Not A Part Of Your Online Meetings?
As the global pandemic, COVID-19 is hitting the world hard, organizations’ workforces are now working from home. No company can easily work without regular meetings, team communications, partner and client calls, webinars, online training, video-conferences etc. Not just corporate organizations, eve...
CVE Research
Security Update: Mozilla Fixes Actively Exploited Zero-Days in Firefox
Mozilla fixed two critical zero-days in its popular web browser, Firefox. Using a vulnerability management tool. Mozilla is aware of active exploitation of these vulnerabilities. There is no specific information about the threat groups or malwares utilizing these vulnerabilities. These are the Firef...
CVE Research
Beware : Microsoft Warns of Active Attacks on Windows Using Unpatched Zero-Days
Microsoft and its updates are of utmost interest to the security community during the second Tuesday of every month, the Patch Tuesday. However, Microsoft has filled the headlines of the fourth Tuesday too with important information about two critical unpatched zero-days in Microsoft Windows operati...
CVE Research
5+ Tips to Secure Your Java Code from Attackers
Every software developer must follow certain standards and practices while coding and writing, secure code is one such practice. Everyone who loves to code must ensure their software is not vulnerable to exploits or being a principal cause of a cyber-attack. Here are the few best Java code security ...
CVE Research
From Being Regular Office Goers to Handling the Sudden Situation of Working from Home
COVID-19 has spread across the globe and has forced organizations to embrace work from home culture. We too were faced with a similar situation last weekend when the authorities insisted IT organizations allow employees to work from home. We are a team who are accustomed to working at our office pre...