SecPod Labs
Security Research
In-depth CVE write-ups, vulnerability analysis, and security intelligence from the SecPod Research team.
CVE Research
High-Risk Vulnerability in TeamViewer Could be Exploited to Crack Users’ Password
The discovery of a high-risk vulnerability was in TeamViewer for Windows. It has a tracking as “CVE-2020-13699“, with a CVSS base score of “8.8,” in which exploits can happen by remote attacks to crack users’ passwords and, thereupon, lead to further system exploitation. Vulnerability Management Sof...
CVE Research
Billions of Linux and Windows Systems at Risk due to Critical GRUB2 Vulnerabilities
A team of cybersecurity researchers found multiple vulnerabilities that affect billions of devices that run on either Windows or Linux. Affected devices include laptops, servers, workstations, or even IoT devices. Boot hole vulnerabilities affect Linux and other Operating Systems using GRUB@ boot lo...
CVE Research
3 Years of WannaCry: Millions of Endpoints Are Still Vulnerable Out There!
Are you aware of the worst cyberattack of 2017, the WannaCry ransomware attack? WannaCry was one of the worst-hit ransomware attacks that surfaced around May 2017 in Asia. The malware spread like wildfire and infected more than 230,000 computers in a day. The WannaCry attack mainly affected the Wind...
CVE Research
Cisco Read-Only Path Traversal Vulnerability (CVE-2020-3452)
Cisco has released a Security Advisory for the actively exploited worldwide CVE-2020-3452. Cisco Read-Only Path Traversal Vulnerability in the web services interface of Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attac...
CVE Research
Latest Trends in IT Security Software
The worldwide web is arguably the best source of information and opportunities currently. On the other hand, there are countless threats looming at every nook and cranny of the web as well. The truth is that everyone is at risk when going online. This includes private individuals, small businesses, ...
CVE Research
SIGRed – Microsoft Windows DNS Server RCE Vulnerability (CVE-2020-1350)
A critical and wormable 17 years-old vulnerability (CVE-2020-1350) has been discovered in Microsoft Windows DNS Servers which can allow an attacker to run arbitrary code on the vulnerable system. The vulnerability is identified as CVE-2020-1350 and resides in the way how DNS Server parses incoming q...
CVE Research
Zoom Zero-Day Critical Vulnerability Allows RCE
A critical zero-day vulnerability has been found in Zoom – A video conferencing software, for Windows 7 or below. The vulnerability allows an attacker to execute remote code on the victim’s system without triggering any security warning. To successfully exploit this vulnerability, the attacker trick...
CVE Research
Critical Vulnerabilities in Palo Alto Networks PAN-OS devices
Palo Alto Network (PAN) has recently fixed a critical vulnerability related to the PAN-OS operating systems. The operating systems are known to power Palo Alto’s next-generation firewall. The vulnerability is tracked as CVE-2020-2021 with a CVSSv3 base score of 10. PAN-OS is the custom operating sys...
CVE Research
Citrix Security Updates for Critical vulnerabilities in Citrix ADC, Gateway and SD-WAN
Citrix announces the release of patches for fixing a set of 11 critical flaws found in three of its networking products: Citrix ADC, Citrix Gateway, and Citrix SD-WAN WANOP appliance models 4000-WO, 4100-WO, 5000-WO, and 5100-WO. However, As per the Citrix sources, the vulnerabilities don’t have an...