SecPod Labs
Security Research
In-depth CVE write-ups, vulnerability analysis, and security intelligence from the SecPod Research team.
CVE Research
Arcadyan-Based Routers and Modems Under Active Exploitation
Millions of routers are exposed to a security flaw that existed for a decade in home routers with Arcadyan firmware. This actively exploited flaw tracked under CVE identifier CVE-2021-20090 has found its way into routers provided by at least 20 models across 17 different vendors and 11 countries. A ...
CVE Research
Cisco Patches Critical and High Severity Flaws in Its VPN Routers
Cisco is one of the popularly known firms for manufacturing networking products along with developing software products. Recently it addressed three vulnerabilities, one is critical, and the other two are high severity flaws in its VPN routers. These vulnerabilities are said to be a part of the web-...
CVE Research
Introducing A Fresh Perspective to Cybersecurity: Continuous Vulnerability and Exposure Management!
IT landscape is expanding and getting more complex day by day. With the growing number of cyberattacks and changing working norms, organizations are in a critical situation to protect what they have built and save themselves from the eyes of the attackers. Achieving IT security is not an easy proces...
CVE Research
The elevation of Privilege Vulnerabilities affects Windows and Linux.
There are two new vulnerabilities that were discovered on Tuesday, which affect Windows and Linux machines. An easily exploitable privilege escalation vulnerability has been identified in Windows 10 build 1809 and above, and its name is SeriousSAM, aka HiveNightmare. SeriousSAM allows a local non-ad...
CVE Research
Oracle Critical Security Updates July 2021
Oracle Critical Security Updates July 2021 has released 342 new security patches for a wide range of product families. However, these include Oracle E-Business Suite, Oracle MySQL, Oracle Java SE, Oracle Hospitality Applications, Oracle Siebel CRM, Database Server, etc. Moreover, multiple products c...
CVE Research
Severe Vulnerabilities Patched in WooCommerce and Google Chrome
A critical SQL injection vulnerability was recently fixed in the WordPress plug-in, WooCommerce. The vulnerability poses a threat to over 5 million WordPress websites and can be exploited to obtain access to information stored in the databases of online stores. On a different but related subject, a ...
CVE Research
Microsoft July 2021 Patch Tuesday Addresses 117 CVEs Including 9 Zero-Days
Microsoft has released July Patch Tuesday security updates with a total of 117 vulnerabilities in the family of Windows, Mac, and Android operating systems and related products. In the release by Microsoft, 13 were rated as Critical, 1 as moderate, and 103 as Important. The products covered in the J...
CVE Research
SanerNow has become more powerful than ever. The most awaited 5.0 release is here!
After numerous discussions, brainstorming sessions, day-night development, and rigorous testing, we are thrilled to announce the most exciting release of SecPod in the recent past. SanerNow 5.0 is here to put an end to the eternal search for a full-fledged and automated vulnerability management solu...
CVE Research
Kaseya’s Virtual System/Server Administrator (VSA) Zero-Day Under Active Exploitation By REvil Ransomware
Kaseya is a US-based organization that provides IT and security management solutions for managed service providers (MSPs) and small to medium-sized businesses (SMBs) worldwide. One of its tools, called Kaseya’s VSA, is under active exploitation and used as an attack vector to install REvil ransomwar...