Sign-up

VARIoT news about IoT security

Google issues patches for 46 bugs: 3 faced targeted exploitation, 1 critical | SC Media

Trust: 4.5

Fetched: Aug. 11, 2023, 9:54 a.m., Published: March 7, 2023, 7 p.m.
 Vulnerabilities: memory leak, code execution
Affected productsExternal IDs
vendor: google model: chrome
vendor: google model: android
db: NVD ids: CVE-2023-21250, CVE-2023-26083, CVE-2023-2136, CVE-2021-29256

Cisco Bug: CSCwb92675 - Cisco Secure Web Appliance Privilege Escalation Vulnerability

Trust: 4.0

Fetched: Aug. 11, 2023, 9:53 a.m., Published: -
 Vulnerabilities: privilege escalation
Affected productsExternal IDs

Claroty exposes vulnerabilities in Teltonika’s IIoT products

Trust: 4.0

Fetched: Aug. 11, 2023, 9:53 a.m., Published: May 19, 2023, 7:11 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2023-32348

Google reveals bug bounty program for its own Android apps like Chrome, Gmail and the search widget | TechSpot

Trust: 4.5

Fetched: Aug. 11, 2023, 9:52 a.m., Published: Aug. 11, 4070, midnight
 Vulnerabilities: path traversal, code execution
Affected productsExternal IDs
vendor: samsung model: mobile
vendor: google model: chrome
vendor: google model: google chrome
vendor: google model: pixel
vendor: google model: android

2 More Apple Zero-Days Exploited in Ongoing iOS Spy Campaign

Related entries in the VARIoT vulnerabilities database: VAR-202212-1442

Trust: 4.5

Fetched: Aug. 11, 2023, 9:51 a.m., Published: June 22, 2023, 12:33 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: apple model: macos
vendor: apple model: webkit
db: NVD ids: CVE-2022-46690, CVE-2023-32439, CVE-2023-32434

Update your firmware immediately if you own one of these 19 Asus routers | TechSpot

Trust: 4.75

Fetched: Aug. 11, 2023, 9:50 a.m., Published: Aug. 19, 2023, midnight
 Vulnerabilities: memory corruption, code execution, denial of service
Affected productsExternal IDs
vendor: asus model: routers
vendor: asus model: asus
vendor: asus model: router

Credential access security alerts - Microsoft Defender for Identity | Microsoft Learn

Trust: 3.75

Fetched: Aug. 11, 2023, 9:49 a.m., Published: April 16, 2023, midnight
 Vulnerabilities: brute force attack, privilege escalation, account lockout
Affected productsExternal IDs
db: NVD ids: CVE-2021-42287, CVE-2021-42278

Can a VPN Be Hacked? 5+ Vulnerabilities and How to Stay Safe

Trust: 3.0

Fetched: Aug. 11, 2023, 9:47 a.m., Published: May 11, 2023, midnight
 Vulnerabilities: brute force attack
Affected productsExternal IDs

Initial setup of Kaspersky Endpoint Security Cloud

Trust: 3.0

Fetched: Aug. 11, 2023, 9:46 a.m., Published: April 11, 2019, midnight
 Vulnerabilities: -
Affected productsExternal IDs

Kaspersky Says New Zero-Day Malware Hit iPhones-Including Its Own | WIRED

Related entries in the VARIoT vulnerabilities database: VAR-202212-1442

Trust: 3.5

Fetched: Aug. 11, 2023, 9:44 a.m., Published: June 1, 2023, 8:52 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: iphone
vendor: apple model: macos
vendor: apple model: webkit
db: NVD ids: CVE-2022-46690

Microsoft and Adobe Patch Tuesday, June 2023 Security Update Review | Qualys Security Blog

Trust: 3.75

Fetched: Aug. 11, 2023, 9:41 a.m., Published: June 13, 2023, 7:58 p.m.
 Vulnerabilities: code execution, denial of service, feature bypass...
Affected productsExternal IDs
db: NVD ids: CVE-2023-29357, CVE-2023-29358, CVE-2023-29371, CVE-2023-32014, CVE-2023-32031, CVE-2023-32015, CVE-2023-29363, CVE-2023-29361, CVE-2023-32021, CVE-2023-29360, CVE-2023-24897, CVE-2023-29355, CVE-2023-32022, CVE-2023-28310, CVE-2023-29359, CVE-2023-32013

What is a firewall? Firewalls explained and why you need one - Norton

Trust: 5.0

Fetched: Aug. 11, 2023, 9:40 a.m., Published: -
 Vulnerabilities: default password
Affected productsExternal IDs
vendor: nats model: server

CISA Warns Samsung and D-Link Devices Flaws

Related entries in the VARIoT vulnerabilities database: VAR-202003-0963, VAR-202110-0167, VAR-202110-0169, VAR-201912-1012

Trust: 4.75

Fetched: Aug. 11, 2023, 9:39 a.m., Published: July 4, 2023, 10:26 a.m.
 Vulnerabilities: command injection
Affected productsExternal IDs
vendor: samsung model: mobile
vendor: samsung model: mobile devices
vendor: samsung model: samsung mobile
vendor: d-link model: dwl-2600ap
db: NVD ids: CVE-2021-25372, CVE-2019-20500, CVE-2021-25487, CVE-2021-25489, CVE-2019-17621

10 Best Network Security Testing tools in 2023

Trust: 4.5

Fetched: Aug. 11, 2023, 9:38 a.m., Published: Dec. 16, 2021, 6:28 p.m.
 Vulnerabilities: cross-site scripting, brute force attack, sql injection
Affected productsExternal IDs
vendor: snort model: snort

Controlling user access to the features of Android devices

Trust: 3.0

Fetched: Aug. 11, 2023, 9:31 a.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: android

Report: Critical Flaws in Cybersecurity Devices Exposed Entire Networks to Attack and Takeover

Trust: 4.25

Fetched: Aug. 11, 2023, 9:30 a.m., Published: Aug. 5, 2023, midnight
 Vulnerabilities: command execution, default credentials
Affected productsExternal IDs
vendor: essential model: phone
vendor: sophos model: anti-virus
vendor: sophos model: firewall
vendor: sophos model: mobile
vendor: sophos model: cyberoamos
vendor: sophos model: cyberoam

Healthcare Cybersecurity: The Biggest Stats and Trends in 2023

Trust: 5.5

Fetched: Aug. 11, 2023, 9:28 a.m., Published: May 20, 2021, 2:27 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: trend model: security
vendor: essential model: phone
vendor: google model: home
db: NVD ids: CVE-2019-11510, CVE-2019-19781

CVE-2023-27997: Critical Fortinet Fortigate RCE Vulnerability | Rapid7 Blog

Trust: 5.75

Fetched: Aug. 11, 2023, 9:27 a.m., Published: June 12, 2023, 6:16 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: fortigate model: fortios
db: NVD ids: CVE-2023-27997

Wemo Smart Plug flaw found, no patch coming - 9to5Mac

Trust: 6.25

Fetched: Aug. 11, 2023, 9:25 a.m., Published: May 15, 2023, 4:12 p.m.
 Vulnerabilities: command injection, command execution, buffer overflow
Affected productsExternal IDs
vendor: google model: home
vendor: wemo model: mini smart plug
db: NVD ids: CVE-2023-27217

23-034 (August 8, 2023) - Threat Encyclopedia

Trust: 4.5

Fetched: Aug. 9, 2023, 9:41 a.m., Published: Aug. 8, 2023, midnight
 Vulnerabilities: file upload vulnerability, code injection, privilege escalation...
Affected productsExternal IDs
vendor: trend micro model: security
vendor: solarwinds model: network performance monitor
vendor: trend model: security
db: NVD ids: CVE-2023-32531, CVE-2017-11317, CVE-2023-32533, CVE-2017-11357, CVE-2023-28121, CVE-2023-33246, CVE-2023-29524, CVE-2023-36469, CVE-2023-35150, CVE-2023-23752, CVE-2022-34713, CVE-2023-32071, CVE-2023-21554, CVE-2023-1861, CVE-2023-1578, CVE-2023-36932, CVE-2023-2034, CVE-2022-38111, CVE-2023-21931