SecPod Labs
Security Research
In-depth CVE write-ups, vulnerability analysis, and security intelligence from the SecPod Research team.
CVE Research
Critical Dell SupportAssist Vulnerability (CVE-2024-52535) Exploited
Dell announced a critical security vulnerability affecting its SupportAssist software, widely used for system diagnostics and updates on Dell PCs. Identified as CVE-2024-52535, this flaw poses significant risks to cybersecurity experts and end-users.
CVE Research
Understanding DDoS Attacks: A Comprehensive Guide
Businesses and services rely heavily on online presence, the threat of cyberattacks looms large. Among these threats, Distributed Denial of Service (DDoS) attacks stand out due to their ability to paralyze websites and online services. A DDoS attack occurs when multiple compromised systems target a ...
CVE Research
Security Alert: Critical Remote Code Execution Vulnerability Discovered in Sophos Firewall
Sophos has addressed three security flaws in Sophos Firewall products that could enable remote, unauthenticated attackers to execute SQL injection and remote code execution, as well as gain privileged SSH access to affected devices.
CVE Research
Critical Security Fixes: Sophos Firewall Vulnerabilities CVE-2024-12727, CVE-2024-12728, and CVE-2024-12729
Sophos addressed three critical vulnerabilities in its Firewall product: CVE-2024-12727, CVE-2024-12728, and CVE-2024-12729. These vulnerabilities posed significant security risks, including remote code execution and unauthorized system access.
CVE Research
CVE-2024-50379: Apache Tomcat Remote Code Execution Vulnerability
Apache Tomcat, one of the most widely used open-source application servers for running Java applications, has long been trusted by organizations around the world. However, as with all widely used software, vulnerabilities can pose significant risks if not addressed promptly.
CVE Research
CVE-2023-34990: Critical Path Traversal Flaw Found in Fortinet FortiWLM
On 12 May 2023, Horizon3 researcher Zach Hanley found an unauthenticated limited file read vulnerability in FortiWLM that he promptly disclosed to Fortinet. On 18 December 2024, it was given a name—CVE-2023-34990—and Fortinet released an advisory warning users of its severity.
CVE Research
Security Alert: Critical Apache Struts Vulnerability Under Active Exploitation
Apache has revealed a critical vulnerability in Apache Struts, a widely utilized Java-based web application framework. The vulnerability tracked as CVE-2024-53677 has a CVSS Score of 9.5 out of 10, indicating critical severity.Struts is a key component in many enterprise environments, valued for its...
CVE Research
Apple Security Updates in December 2024
The Apple Security Update December 2024 addresses flaws in Safari, macOS Sonoma, macOS Ventura, and macOS Sequoia. These flaws might allow attackers to execute arbitrary code, access sensitive data, or gain elevated privileges. The updates address issues in components like AppleMobileFileIntegrity, ...
CVE Research
Story of Cyberattack: Petya
The Petya cyberattack, also known as NotPetya, was one of the most devastating cyberattacks in recent history. First discovered in June 2017, it caused widespread damage across the globe, affecting major enterprises and governments. Initially believed to be a ransomware attack, it was later determin...