SecPod Labs
Security Research
In-depth CVE write-ups, vulnerability analysis, and security intelligence from the SecPod Research team.
CVE Research
Apache HTTP Server Zero-Day Vulnerability Exploited in the Wild
Apache HTTP server recently fixed two security vulnerabilities, out of which a wildly exploited Zero-Day flaw also existed. Attackers use a path traversal flaw existing in the application to map URLs to files outside the expected document root, leading to information disclosure. This zero-day CVE-20...
CVE Research
How Fast, Accurate, and Continuous are your Vulnerability Scans?
With time, cybercriminals have begun employing sophisticated mediums to unleash chaos and vulnerabilities digitally. Vulnerabilities are becoming the most common and significant cause of many cyberattacks today. Managing them and preventing vulnerability exploits have become the most critical tasks ...
CVE Research
VMware vCenter Servers Under Active Attack, Patch Now!
VMware, the virtualization giant, has patched 19 vulnerabilities, including one critical vulnerability, ten important vulnerabilities, and eight moderate vulnerabilities, in its latest security advisory VMSA-2021-0020. The vulnerabilities tracked as CVE-2021-21991, CVE-2021-21992, CVE-2021-21993, CV...
CVE Research
Apple Patches Critical Zero-Days Vulnerabilities Exploited in the Wild
Apple released security updates for multiple products, with their patches for critical zero-days vulnerabilities including Safari, Xcode, tvOS, watchOS, iOS, iPadOS, and iTunes. A total of 30 vulnerabilities are addressed, including Arbitrary Code Execution, Denial of Service, Privilege Escalation, ...
CVE Research
Microsoft Open Management Infrastructure (OMI) Critical Vulnerabilities Under Active Exploitation – OMIGOD
Microsoft Open Management Infrastructure (OMI) is an open-source project which allows users to manage configurations across remote and local environments and collect statistics. The primary goal of OMI is to provide a rich, high-performance, standard-based management stack that is suitable for a wid...
CVE Research
How to Measure the Efficacy of Your Vulnerability Management Program?
With the changing security landscape and the complex threat surface, security teams are engaged in the battle of their lives today. Even after deploying multiple solutions to execute each step of vulnerability management and trying different techniques, they still lack a tight hold on the process. I...
CVE Research
Adobe Critical Security Updates September 2021
Adobe Critical Security Updates September 2021 fixes for 34 critical vulnerabilities in Adobe Acrobat and Reader, Premiere Pro, InCopy, etc. Moreover, a total of 52 security vulnerabilities have been patched in this release. Most of these vulnerabilities could lead to arbitrary code execution on suc...
CVE Research
Microsoft September Patch Tuesday Addresses 60 CVEs Including 3 Critical
Microsoft Patch Tuesday September 2021 security update fixes a total of 60 vulnerabilities, which include Three CVEs rated as critical and the rest rated as important. The products covered in September’s security update include Microsoft Office, Windows Common Log File System Driver, Windows Print S...
CVE Research
From Vulnerability Detection to Remediation: The SanerNow Way
According to Gartner, vulnerabilities are the prime cause of the majority of security breaches today. Although most of these are not zero days, the firm says that the security teams and IT professionals will already know most of the exploited vulnerabilities. A big question arises now on why securit...