SecPod Labs
Security Research
In-depth CVE write-ups, vulnerability analysis, and security intelligence from the SecPod Research team.
CVE Research
Critical Security Vulnerabilities Discovered in JetBrains TeamCity: Urgent Action Required
Recent disclosures have revealed critical vulnerabilities in JetBrains TeamCity. Two vulnerabilities have been identified, namely: CVE-2024-27198 and CVE-2024-27199. It allows unauthenticated attackers to bypass authentication measures and gain unauthorized access to sensitive endpoints within the T...
CVE Research
5 Reasons Vulnerability Management Is So Important for SMEs
Across the web, it’s easy to find countless articles on vulnerability management. This is the process of continuous assessment, identification, management, and updating of a business’ cybersecurity practices, and it’s a process that a lot of companies undertake to protect themselves against the evol...
CVE Research
SanerNow Risk Prioritization vs CVSS-based Risk Prioritization
A mountain of vulnerabilities and no way of knowing the most critical ones. This is the story of every modern organization’s network, including yours probably. “But what about CVSS-based prioritization?” you might ask. While CVSS in cyber security is a popular method, vulnerability management tools ...
CVE Research
“What’s the Proof?” The Most Frequently asked Question by Security Teams, Now Answered by SanerNow
The odds are stacked against the IT team, who are at work daily to protect their organization against cyberattacks. It will make life easier for the security teams if they get clarity on the vulnerabilities of their IT environment. For instance, the name of the vulnerability, the associated CVE ID, ...
CVE Research
SanerNow’s Agentless Scanner for Endpoint Security
An agentless scanner can detect every vulnerability without leaving a trace. It can silently detect vulnerabilities without installing an agent in each device. The agentless scanner operates discreetly, gathers all the vulnerability information, and self-destructs itself.
CVE Research
SolarWinds Fixes Five Potential RCE Vulnerabilities in its Access Rights Manager Solution
Five remote code execution (RCE) vulnerabilities, including three critical severity holes, have been addressed by SolarWinds in its Access Rights Manager (ARM) solution. Three vulnerabilities stand out among the five due to their ability to execute remote code without authentication. These vulnerabi...
CVE Research
Patch Immediately! Critical Exchange Server Vulnerability Actively Exploited
A recently discovered critical vulnerability in Microsoft Exchange Server (CVE-2024-21410) is being actively exploited by attackers. A privilege escalation vulnerability allows attackers to use leaked login credentials (like those from compromised Outlook clients) to gain unauthorized access and con...
CVE Research
The February 2024 Microsoft Patch Tuesday Addresses 73 Vulnerabilities, Including 2 zero-day exploits
Microsoft’s latest security updates for Patch Tuesday in February 2024 address a total of 73 vulnerabilities. Among these, five are classified as critical, including two zero-day vulnerabilities (CVE-2024-21351 and CVE-2024-21412), with thirty vulnerabilities linked to remote code execution. The uti...
