SecPod Labs
Security Research
In-depth CVE write-ups, vulnerability analysis, and security intelligence from the SecPod Research team.
CVE Research
CVE-2014-2120: Ten-year-old Cisco ASA Flaw Exploited In The Wild
First discovered in 2014 by researcher Jonathan Claudius, CVE-2014-2120 is a vulnerability caused by insufficient input validation in the WebVPN login page of Cisco Adaptive Security Appliance (ASA) Software. This flaw could allow an unauthenticated remote attacker to execute an XSS attack against a...
CVE Research
When CVE Met CVE: RomCom Hackers Exploit Firefox and Windows Zero-Days
The Russian cybercrime group RomCom has been linked to a series of cyberattacks launched across the world. The notorious hackers are chaining two Firefox and Windows flaws to deliver a backdoor and compromise vulnerable systems.
CVE Research
The Hidden Risks of Third-Party Resources and How to Avoid Them
Businesses today increasingly depend on a wide variety of third-party resources to meet their cloud computing requirements, which range from customer service and analytics to data security and storage. Although this interconnected ecosystem drives operational efficiency and workforce productivity, i...
CVE Research
Mastering IT Patch Management: Your Shield Against Cyber Threats
IT Patch Management isn’t the most glamorous topic in the tech world, but it’s a silent hero shielding system from attacks, plugging vulnerabilities, and keeping software in peak condition. In a world where cyber threats grow by the second, staying patched and protected can make all the difference b...
CVE Research
15 Cloud Security Challenges Every InfoSec Professional Should Know About
Cloud adoption can feel like navigating uncharted territory — brimming with potential but fraught with hidden dangers. Cloud security challenges such as vulnerabilities in APIs and configuration missteps can turn the cloud’s openness into a double-edged sword. As cloud adoption accelerates, so do th...
CVE Research
Ivanti Patch Management vs SanerNow and others
It’s a call no IT or security manager would want to take: “Our systems are down, and we can’t figure out the cause.” After hours of going through and fro the IT security, the answer starts becoming clear: an unpatched vulnerability was exploited, bringing operations to a halt!Every unpatched system...
CVE Research
Unlocking Cybersecurity Success: Why Your Scanning Report is the Key to Protection
Staying a step ahead of potential threats is key to preventing devastating cyberattacks. One of the most effective ways to maintain this edge is through regular scanning reports. A scanning report is a snapshot of your enterprise’s vulnerabilities and risks at a given point in time. Cybersecurity is...