SecPod Labs
Security Research
In-depth CVE write-ups, vulnerability analysis, and security intelligence from the SecPod Research team.
CVE Research
Apple Critical Security Updates December 2020
Apple released security updates for multiple products. The exploitation of some of these security flaws will allow an attacker to crash the application or potentially control affected systems. However, a patch management solution can stop the exploitation.
CVE Research
Critical Command Injection Vulnerabilities in D-Link DSR VPN Routers
Multiple critical command injection vulnerabilities have identified in the D-Link DSR VPN router family products. These vulnerabilities are identified with CVE-2020-25757, CVE-2020-25759, CVE-2020-25758 and can allow an attacker to gain complete root access to the affected device. Vulnerability mana...
CVE Research
VMware Products Under Active Attack Through a Critical Zero-Day Vulnerability
VMware has released security updates to fix a critical vulnerability that is being exploited in the wild. According to the advisory, CVE-2020-4006 is a command injection bug, and attackers can take control of the system once exploited. This fix supersedes an initial workaround released by VMware in ...
CVE Research
Closing the Ever-Widening Gap Between Vulnerability Scanning and Patch Management
Security risk management is a complicated and time-consuming affair. Organizations spend many resources to ensure all their business operations and data are running and stored by risk-free assets. Patch management tools are the most common tools to manage and mitigate risks. You scan, detect and reg...
CVE Research
DarkIRC Botnet: Infecting Thousands of Unpatched Oracle WebLogic Servers
DarkIRC is a multi-featured botnet. The bot comes with a variety of capabilities like keylogging, the ability to download files and execute commands on the infected server, steal credentials, spread to other devices via MSSQL and RDP (brute force), SMB, or USB, as well as perform several versions of...
CVE Research
Open-Source Vulnerability Scanners: How a Free Tool Carries Hidden Challenges
Over the past 15 years, vulnerability management has evolved from a simple process to a complex business practice. The increasing number of vulnerabilities, rising cyber-attacks, and software vulnerabilities as the leading cause of breaches have highlighted the limitations of open source vulnerabili...
CVE Research
Mozilla Patches Zero-Day and High-Severity Vulnerabilities
Mozilla has released three security advisories to address the vulnerabilities present in Firefox, Firefox ESR, and Thunderbird. A zero-day vulnerability (CVE-2020-15999) has also been addressed in the latest version of Firefox. Firefox version 83 also introduces a new “HTTPS-only mode“, if enabled a...
CVE Research
Best Practices to Win at Vulnerability Management
Vulnerability management is hard to execute as a continuous process in the long run. In huge networks of organizations, the number of devices, software applications, and the vulnerabilities associated with them is multiplying rapidly. The complexity of devices and software is always growing. Organiz...
CVE Research
Google Chrome Under Active Exploitation With Two Zero-Days!
Google has released a security advisory for its Chrome users on Windows, Mac, and Linux, addressing two very critical Zero-Day exploits exploited in the wild. These google chrome security vulnerabilities tracked as CVE-2020-16013 and CVE-2020-16017. Endpoints not been patched are advised to deploy p...