SecPod Labs
Security Research
In-depth CVE write-ups, vulnerability analysis, and security intelligence from the SecPod Research team.
CVE Research
Google Has Released a Fix For High-Severity RCE Vulnerability in Chrome Browser
Google has released a new version 90 to fix high severity vulnerability in the V8 Javascript component of Google Chrome. Google Chrome RCE Vulnerability is tracked as CVE-2021-21227 is an insufficient data validation vulnerability. Successful exploitation of the vulnerability allows remote attackers...
CVE Research
Apple Critical Security Updates April 2021
Apple released security updates for multiple products. The exploitation of some of these security flaws will allow an attacker to bypass many core Apple security mechanisms, crash the application, potentially control affected systems, and putting Mac users at great risk. A vulnerability management s...
CVE Research
Trend Micro Antivirus Products Exploited Wildly
A threat actor is actively exploiting a bug currently in Trend Micro’s security products to do privilege escalation on Windows systems. The vulnerability is tracked as CVE-2020-24557 and is affecting two major security products of the company – Apex One and OfficeScan. A good Vulnerability managemen...
CVE Research
Pulse Connect Secure Zero-Day Vulnerability Under Active Exploitation (CVE-2021-22893)
Pulse Secure released an advisory on April 19 about a Critical Zero-day Authentication Bypass vulnerability identified as CVE-2021-22893 in Pulse Connect Secure SSL VPN appliances. The vulnerability allows a remote attacker to bypass authentication and perform remote arbitrary file execution on the ...
CVE Research
Second Zero-Day Exploit for Google Chrome in the Same Week
Google Chrome users who were relieved by patching the recent zero-day advisory are taken aback by the news of another PoC exploit posted on Twitter by a security researcher, Frust. This affects the recent version of Chrome, 89.0.4389.128, which was the fix for the first zero-day vulnerability of the...
CVE Research
Cloud Based Patch Management Solution: Five Reasons Why It Thrives Better!
Cloud based patch management software play a major role to secure your IT infrastructure. Time and again, unpatched software is exploited to breach the network, spread malware, and execute attacks. With the onset of remote work, detecting and deploying missing patches are now more difficult than eve...
CVE Research
The Vital Role of a Vulnerability Database in Your Vulnerability Management Program
Attackers are continuously looking for new vulnerabilities to take advantage of. They easily exploit the ones that are not remediated and the ones that are still prevalent among the endpoints. At the same time, we come across various tools and strategies to execute Vulnerability Management. Therefor...
CVE Research
Patch Tuesday: Microsoft Security Bulletin Summary for April 2021
Microsoft Security Bulletin April 2021 has released Patch Tuesday, security updates with a total of 108 vulnerabilities in the family of Windows operating systems and related products. In the release by Microsoft, 19 were rated as Critical and 89 as Important. Six Chromium Edge vulnerabilities relea...
CVE Research
The Most Notorious Security Risks Tagging Along from 2020
2020 has been a disaster for many organizations: multiple data breaches, ransomware attacks, and internal threats. After 2020, IT as a department and a role have changed for the good. Leaders are more receptive to the opinions and initiatives of CIO/CISO/IT Head roles. Every IT professional now give...