SecPod

Learn Search

Search across all Learn content

SecPod Labs

Security Research

In-depth CVE write-ups, vulnerability analysis, and security intelligence from the SecPod Research team.

In-depth Understanding of the Terms CVE vs CVSS

CVE Research

In-depth Understanding of the Terms CVE vs CVSS

In cybersecurity, the terms CVE vs CVSS often create confusion for those trying to understand vulnerabilities and their severity. While they are definitely related, they serve distinct purposes in the process of assessing and prioritizing risks. Remediating such risks is simpler with a patch managem...

Aug 11, 2024 • 3 min read

Critical Apache OFBiz Flaw Makes Waves Worldwide

CVE Research

Critical Apache OFBiz Flaw Makes Waves Worldwide

Apache just patched a critical vulnerability (christened CVE-2024-38856) in OFBiz, their open-source ERP system. Discovered by SonicWall Capture Labs, this pre-authentication remote code execution flaw has a CVSS score of 9.8 and involves the exposure of critical endpoints to unauthenticated threat ...

Aug 06, 2024 • 3 min read

The Art of Automating Vulnerability Management: The How and the Best Practices

CVE Research

The Art of Automating Vulnerability Management: The How and the Best Practices

Scale. One word we can use to define the cybersecurity world over the past few decades. Networks and devices in them have scaled up and so have the number of security risks in them. As a result, the number of cyberattacks has scaled up, too! With this gigantic increase, traditional vulnerability man...

Jul 31, 2024 • 6 min read

Apple Security Updates in July 2024

CVE Research

Apple Security Updates in July 2024

Apple just rolled out its latest security updates for various products in the Apple Security Updates in July 2024. This new update promises to strengthen the security of Apple devices and address several critical vulnerabilities. Here’s a closer look at what these updates entail and why you should i...

Jul 31, 2024 • 5 min read

The Story of Cyberattack – CISCO Breach

CVE Research

The Story of Cyberattack – CISCO Breach

The technology company Cisco was hacked by a group called the Ynalouwang Ransomware Group in 2022. This breach showed that even big companies have weak spots in their security. In this blog, you will get to know who hacked, how , what’s the breach’s impact, and how SanerNow prevents such cyberattack...

Jul 30, 2024 • 4 min read

Vulnerabilities vs Exposures: Know the Difference

CVE Research

Vulnerabilities vs Exposures: Know the Difference

The cybersecurity world is filled with many CVEs (common vulnerabilities and exposures). However, enterprises have been busy only focusing on vulnerabilities; exposures have taken backstage.

Jul 30, 2024 • 3 min read

Guide to Enterprise Patch Management

CVE Research

Guide to Enterprise Patch Management

Patch Management stands as a critical component of a robust cybersecurity strategy. It involves the timely updating of software to fix vulnerabilities, enhance functionality, and ensure overall security.

Jul 24, 2024 • 4 min read

Critical Flaw in Cisco Smart Software Manager Allows Attackers to Control the Device

CVE Research

Critical Flaw in Cisco Smart Software Manager Allows Attackers to Control the Device

A critical vulnerability in the Cisco Smart Software Manager On-Prem (SSM On-prem) authentication system that allowed unauthenticated, remote attackers to change the password of any user, including that of administrators, has been fixed.

Jul 21, 2024 • 2 min read

NIST Vulnerability Management

CVE Research

NIST Vulnerability Management

Cybersecurity is important. It’s a hard truth we all must accept. Cyber threats are constantly evolving, targeting individuals, businesses, and governments. As much as I hate to say it, protecting sensitive information and maintaining secure systems is crucial.

Jul 18, 2024 • 4 min read