SecPod Labs
Security Research
In-depth CVE write-ups, vulnerability analysis, and security intelligence from the SecPod Research team.
CVE Research
Chrome Zero-Day Under Active Exploitation – Patch Now
We all know the popularity and extensive audience of the Google Chrome browser, which can be used on Windows, Mac, or Linux computers and Android devices. To those currently using the same and who have not yet deployed the patch, it’s time to update their Chrome browsers to the latest version, 86.0....
CVE Research
AgeLocker Ransomware Targeting QNAP NAS Devices
AgeLocker Ransomware targeting QNAP network-attached storage (NAS) devices have been used by attackers to encrypt user data and demand a ransom. It has been found after research that no unpatched vulnerability was found to be exploited in the use of AgeLocker ransomware attack, whereas all the known...
CVE Research
Alert! Zerologon: Your Windows Domain Controller Can’t Handle Zero Properly (CVE-2020-1472)
Microsoft team patched a critical and exciting vulnerability in the Netlogon Remote Protocol of the Windows server last month. zero logon vulnerability discovered by the Cybersecurity firm Secura (dubbed as Zerologon), has received the highest severity score of 10.0. The vulnerability is identified ...
CVE Research
Patch Tuesday: Microsoft Security Bulletin Summary for September 2020
Microsoft Patch Tuesday September 2020 has released September Patch Tuesday security updates with a total release of 129 vulnerabilities, In which 23 are classified as Critical with Remote Code Execution(RCE) 105 are classified as important and 1 is classified as moderate that reside in the Microsof...
CVE Research
WordPress File Manager Plugin Under Active Exploitation
File Manager is a popular WordPress plugin that manages files to upload on WordPress sites. It allows a WordPress administrator to edit, delete, upload, download, archive, copy and paste files and folders directly from the WordPress backend. A critical remote code execution vulnerability identified ...
CVE Research
Cisco IOS XR Zero Day Vulnerabilities Being Actively Exploited in the Wild
The high severity zero-day vulnerabilities found in Cisco IOS XR – An Internetwork Operating System (IOS) that shipped with Cisco’s networking equipment. The vulnerabilities allow an unauthenticated, remote attacker to exhaust process memory. And crash the other processes running on the affected dev...
CVE Research
High-Severity Remote Code Execution Vulnerability in Google Chrome
A high-severity ‘use-after-free vulnerability tracked as CVE-2020-6492 with a CVSSv3 base score of 8.3 exists in WebGL [Web Graphics Library] component of the Google Chrome web browser that could be used to execute arbitrary code in the context of the browser process.
CVE Research
Critical Jenkins Vulnerability can Cause Memory Corruption and Disclose Sensitive Information
Jenkins, an open-source automation server software released an advisory pertaining to a critical vulnerability present in its application. Jenkins enables developers to build, test, and deploy applications. This vulnerability tracked as CVE-2019-17638 using a vulnerability scanning tool when exploi...