SecPod Labs
Security Research
In-depth CVE write-ups, vulnerability analysis, and security intelligence from the SecPod Research team.
CVE Research
F5 BIG-IP Devices Under Active Exploitation (CVE-2020-5902)
F5 BIG-IP is a multi-purpose networking device manufactured by F5 Networks which can be configured to work as a traffic shaping system, firewall, load balancer, access gateway, rate limiter, or SSL middleware. F5 BIG-IP devices are one of the most popular networking products and are widely used in g...
CVE Research
Apache Guacamole Critical Vulnerabilities Put Remote Desktops at Risk
Security researchers at Check Point have uncovered multiple critical reverse RDP vulnerabilities in the Apache Guacamole. Apache Guacamole is a clientless remote desktop gateway. It supports standard protocols like VNC, RDP, and SSH, together with MFA (Multi-Factor Authentication), compliance checks...
CVE Research
Microsoft HEVC emergency security updates for critical RCE vulnerabilities
Microsoft has released patches to fix two remote code execution vulnerabilities in Microsoft Windows Codecs Library. HEVC or Windows codecs library is responsible for handling large media files and decoding them for playback. HEVC by developers as it supports a multitude of different file formats. T...
CVE Research
Data Breaches are a Major Threat to Endpoint Security : SecPod Talks
The term data breach refers to any misfortunate event where confidential information is exposed to unauthorized users. Such incidents not only cause life-damaging fines but also destroys an organization’s hard-earned reputation and trust. A vulnerability management software helps stop data breaches.
CVE Research
‘Ripple20’ Vulnerabilities Affecting Millions of Internet Connected Devices Worldwide
Treck TCP/IP is a high-performance TCP/IP protocol suite designed for embedded systems. A set of 19 critical and high-severity security vulnerabilities have been discovered using a vulnerability scanning tool by Israeli security research firm JSOF in a low-level TCP/IP software library, Ripple 20 Vu...
CVE Research
A Critical Vulnerability ‘SMBleed’ Impacts Windows SMB Protocol
The Server Message Block Protocol (SMB protocol), which runs over TCP port 445, is a client-server communication protocol for sharing access to files, printers, network browsing, and inter-process communication.
Ransomware Types That Target Businesses
CVE Research
Ransomware Types That Target Businesses
Although the ransomware types took a nosedive in terms of the victim count years ago, it’s still alive and kicking. By using a vulnerability management tool, we can remediate these. It used to home in on any computers indiscriminately, but at some point, the malicious actors realized they could sque...
CVE Research
Critical Code Execution Vulnerabilities in Zoom Client Application
Two critical vulnerabilities were recently disclosed by Cisco Talos in the widely used video conferencing software Zoom. It can be exploited by a remote attacker who can hack into the host’s machine and can execute arbitrary code. Given the current scenario of the COVID-19 pandemic, several companie...
CVE Research
Alert for Apple Users: Apple Patches a Zero-Day Unc0ver Jailbreak Vulnerability
The IT giant, Apple has quietly patched a zero-day vulnerability which was recently discovered by a team of cyber-security researchers and hackers in the iOS kernel. Apple has patched this vulnerability in all of its operating systems across various devices along with iOS. The researchers who discov...