Sign-up

VARIoT news about IoT security

Android Security Bulletin November 2024 | Android Open Source Project

Trust: 4.25

Fetched: Nov. 5, 2024, 9:16 a.m., Published: Nov. 5, 2024, midnight
 Vulnerabilities: information disclosure, denial of service, code execution
Affected productsExternal IDs
vendor: huawei model: huawei
vendor: motorola model: android
vendor: motorola model: motorola
vendor: samsung model: mobile
vendor: samsung model: note
vendor: samsung model: notes
vendor: samsung model: samsung
vendor: google model: pixel
vendor: google model: android
vendor: google model: wifi
db: NVD ids: CVE-2024-43082, CVE-2023-35659, CVE-2024-20104, CVE-2024-43093, CVE-2024-43087, CVE-2024-23715, CVE-2024-43084, CVE-2024-31337, CVE-2024-43088, CVE-2024-43081, CVE-2024-34729, CVE-2024-38424, CVE-2024-38408, CVE-2024-34747, CVE-2024-43089, CVE-2023-35686, CVE-2024-43080, CVE-2024-23385, CVE-2024-43086, CVE-2024-43090, CVE-2024-43083, CVE-2024-40671, CVE-2024-43085, CVE-2024-38403, CVE-2024-29779, CVE-2024-43091, CVE-2024-40661, CVE-2024-43047, CVE-2024-20106, CVE-2024-34719, CVE-2024-40660

Detecting command injection vulnerabilities in Linux-based embedded firmware with LLM-based taint analysis of library functions | Computers and Security

Trust: 3.75

Fetched: Nov. 3, 2024, 10:01 a.m., Published: Sept. 3, 2024, midnight
 Vulnerabilities: command injection
Affected productsExternal IDs

Cellular IoT Vulnerabilities: Another Door to Cellular Networks | Trend Micro (PH)

Related entries in the VARIoT vulnerabilities database: VAR-202408-1859, VAR-202310-0004, VAR-202011-1308

Trust: 4.5

Fetched: Nov. 3, 2024, 10 a.m., Published: -
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: tp-link model: routers
vendor: tp-link model: gateway
vendor: trend micro model: security
vendor: d-link model: router
vendor: trend model: security
db: NVD ids: CVE-2023-47610, CVE-2024-20082, CVE-2023-43261, CVE-2020-3657

Samsung Galaxy Security Alert: Exynos Chip Vulnerability Exploited by Attackers| Certo Software

Trust: 3.75

Fetched: Nov. 3, 2024, 9:55 a.m., Published: Nov. 1, 2024, 2:07 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: samsung model: mobile
vendor: samsung model: galaxy
vendor: samsung model: galaxy note
vendor: samsung model: mobile devices
vendor: samsung model: exynos
vendor: samsung model: samsung
vendor: samsung model: note
vendor: samsung model: galaxy s10
vendor: samsung model: note 10
vendor: samsung model: samsung galaxy
vendor: trend model: security
db: NVD ids: CVE-2024-44068

A security flaw in Synology's Photos App exposes users to Zero-Click Attacks - Neowin

Trust: 5.75

Fetched: Nov. 3, 2024, 9:53 a.m., Published: Nov. 10, 2024, midnight
 Vulnerabilities: os command injection, code execution, command injection...
Affected productsExternal IDs
vendor: synology model: diskstation
db: NVD ids: CVE-2024-50388

New Zero-Day Vulnerability in Windows Themes Threatens NTLM Security - SOCRadar® Cyber Intelligence Inc.

Trust: 3.0

Fetched: Nov. 3, 2024, 9:52 a.m., Published: Oct. 30, 2024, 10:29 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2024-21320, CVE-2024-38030

GreyNoise uncovers key cyber vulnerabilities - with the help of AI | TechRadar

Trust: 3.75

Fetched: Nov. 3, 2024, 9:51 a.m., Published: Oct. 31, 2024, 12:01 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2024-8957, CVE-2024-8956

Fortinet finds more malicious IPs linked to widely exploited zero-day | Cybersecurity Dive

Trust: 3.0

Fetched: Nov. 3, 2024, 9:50 a.m., Published: Oct. 31, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2024-47575

Trend Micro ZDI Hosts Hacking Contest for Vulnerabilities in AI-Enabled Devices | Trend Micro (NZ)

Trust: 3.75

Fetched: Nov. 3, 2024, 9:49 a.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs
vendor: trend micro model: security
vendor: trend model: security

Inside a Firewall Vendor's 5-Year War With the Chinese Hackers Hijacking Its Devices - Slashdot

Trust: 3.0

Fetched: Nov. 3, 2024, 9:43 a.m., Published: Nov. 5, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: sophos model: firewall

HardPwn 2024: a Researcher's Passion for Hacking IoT Devices

Trust: 4.75

Fetched: Nov. 3, 2024, 9:43 a.m., Published: Nov. 3, 2024, midnight
 Vulnerabilities: command injection
Affected productsExternal IDs
vendor: google model: home

IoT Device Security: Risks & Mitigation Strategies | Part 1 of 3: Theory | SRX

Trust: 3.0

Fetched: Nov. 3, 2024, 9:43 a.m., Published: Jan. 3, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs

10 Tips to Secure Your IoT Devices from Hackers

Trust: 4.5

Fetched: Nov. 3, 2024, 9:41 a.m., Published: Nov. 1, 2024, 2 p.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: wireshark model: wireshark
vendor: cisco model: routers
vendor: cisco model: router

Patch now! New Chrome update for two critical vulnerabilities | Malwarebytes

Trust: 5.75

Fetched: Nov. 3, 2024, 9:41 a.m., Published: Oct. 30, 2024, 2:55 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: google model: chrome
db: NVD ids: CVE-2024-10488, CVE-2024-10487

QNAP patches worrying NAS security flaw, so update now | TechRadar

Trust: 4.5

Fetched: Nov. 3, 2024, 9:40 a.m., Published: Oct. 30, 2024, 3:10 p.m.
 Vulnerabilities: os command injection, command injection
Affected productsExternal IDs
db: NVD ids: CVE-2024-50388

Trend Micro ZDI Hosts Hacking Contest for Vulnerabilities in AI-Enabled Devices | Trend Micro (AU)

Trust: 3.75

Fetched: Nov. 3, 2024, 9:40 a.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs
vendor: trend micro model: security
vendor: trend model: security

Millions of Samsung phones at risk of hacking - update these devices right now | Tom's Guide

Trust: 3.75

Fetched: Nov. 3, 2024, 9:40 a.m., Published: Oct. 30, 2024, 12:37 p.m.
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
vendor: google model: android
vendor: samsung model: galaxy
vendor: samsung model: galaxy note
vendor: samsung model: exynos
vendor: samsung model: samsung
vendor: samsung model: note
vendor: samsung model: galaxy s10
vendor: samsung model: note 10

20K Ubiquiti IoT Cameras & Routers Are Sitting Ducks for Hackers

Trust: 4.0

Fetched: Nov. 3, 2024, 9:38 a.m., Published: Nov. 5, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: check point model: check point
db: NVD ids: CVE-2017-0938

Critical Authentication Vulnerabilities Threaten Smart Factory Equipment - VULNERA

Related entries in the VARIoT vulnerabilities database: VAR-202410-2617, VAR-202410-3402

Trust: 5.5

Fetched: Nov. 3, 2024, 9:38 a.m., Published: Nov. 1, 2024, 5:15 p.m.
 Vulnerabilities: weak password, authentication bypass, code execution
Affected productsExternal IDs
vendor: mitsubishi model: melsec iq-r
vendor: mitsubishi model: melsec iq-r series
vendor: mitsubishi electric model: melsec iq-r
vendor: mitsubishi electric model: melsec iq-r series
vendor: rockwell model: automation factorytalk
vendor: rockwell model: factorytalk
vendor: rockwell automation model: automation factorytalk
vendor: rockwell automation model: factorytalk
db: NVD ids: CVE-2024-10387, CVE-2023-6943, CVE-2023-6942, CVE-2023-2060, CVE-2024-10386

Unveiling Mobile App Vulnerabilities: How Popular Apps Leak Sensitive Data | Symantec Enterprise Blogs

Trust: 3.0

Fetched: Nov. 3, 2024, 9:36 a.m., Published: Nov. 1, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: android