Sign-up

VARIoT news about IoT security

Zyxel Firewalls Exploited for Ransomware Attacks; 20 Security Flaws Discovered in Advantech Access Points - SOCRadar® Cyber Intelligence Inc.

Trust: 4.5

Fetched: Dec. 1, 2024, 9:16 a.m., Published: Nov. 29, 2024, 12:27 p.m.
 Vulnerabilities: denial of service, cross-site scripting, os command injection...
Affected productsExternal IDs
vendor: serve model: serve
db: NVD ids: CVE-2024-50375, CVE-2024-50370, CVE-2024-50376, CVE-2024-50374, CVE-2024-50359, CVE-2024-11667

CVE-2024-11120 - Securin

Trust: 3.5

Fetched: Dec. 1, 2024, 9:15 a.m., Published: Nov. 24, 2024, 7:10 a.m.
 Vulnerabilities: command injection, os command injection
Affected productsExternal IDs
db: NVD ids: CVE-2024-11120

Business.Scoop " Over-The-Air Vulnerabilities Discovered In Advantech EKI Access Points

Trust: 5.5

Fetched: Nov. 29, 2024, 9:17 a.m., Published: -
 Vulnerabilities: cross-site scripting, code execution, command injection...
Affected productsExternal IDs
vendor: nozomi model: guardian
db: NVD ids: CVE-2024-50376, CVE-2024-50359

The Authentication Dilemma: Rising Vulnerabilities and Reluctance to Patch in OT

Related entries in the VARIoT vulnerabilities database: VAR-202410-3402, VAR-202410-0128

Trust: 4.25

Fetched: Nov. 29, 2024, 9:16 a.m., Published: Nov. 8, 2024, midnight
 Vulnerabilities: weak password, authentication vulnerability
Affected productsExternal IDs
vendor: siemens model: modbus tcp
vendor: mitsubishi electric model: melsec iq-r series
vendor: mitsubishi electric model: melsec iq-r
vendor: mitsubishi model: melsec iq-r series
vendor: mitsubishi model: melsec iq-r
db: NVD ids: CVE-2024-10386, CVE-2024-41798, CVE-2023-2060, CVE-2024-45274

CVE-2024-7029 scanner - Command Injection vulnerability in AVTECH IP Camera

Trust: 7.0

Fetched: Nov. 29, 2024, 9:16 a.m., Published: -
 Vulnerabilities: command injection, code execution
Affected productsExternal IDs
vendor: avtech model: ip camera
db: NVD ids: CVE-2024-7029

Penetration Testing for IoT Devices: Ensuring Security in a Connected World | by Akitra | Medium

Trust: 3.75

Fetched: Nov. 29, 2024, 9:15 a.m., Published: Sept. 20, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: wireshark model: wireshark

VDE-2024-047 | CERT@VDE

Trust: 3.0

Fetched: Nov. 27, 2024, 10:13 a.m., Published: Nov. 18, 2024, noon
 Vulnerabilities: -
Affected productsExternal IDs
vendor: wago model: pfc100
vendor: wago model: wago
vendor: wago model: pfc200
vendor: wago model: wago pfc200

Apple Patches Two Zero-Day Attack Vectors

Trust: 4.25

Fetched: Nov. 27, 2024, 10:11 a.m., Published: Nov. 21, 2024, 7:55 p.m.
 Vulnerabilities: code execution, memory corruption
Affected productsExternal IDs
vendor: apple model: macos
vendor: apple model: safari
db: NVD ids: CVE-2024-23296, CVE-2024-27834, CVE-2024-23222, CVE-2024-44309, CVE-2024-23225, CVE-2024-44308

Windows 11 security book - Operating System security | Microsoft Learn

Trust: 3.25

Fetched: Nov. 27, 2024, 10:10 a.m., Published: Nov. 18, 2024, midnight
 Vulnerabilities: privilege escalation
Affected productsExternal IDs

What is Malware? | UpGuard

Trust: 3.5

Fetched: Nov. 27, 2024, 10:08 a.m., Published: -
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: google model: android
vendor: google model: home

Deezer Bug Bounty Program bug bounty program - YesWeHack

Trust: 3.0

Fetched: Nov. 27, 2024, 10:07 a.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: android

Thousands of PAN-OS devices compromised by critical exploits • The Register

Trust: 4.25

Fetched: Nov. 27, 2024, 10:06 a.m., Published: -
 Vulnerabilities: code execution, privilege escalation, authentication bypass
Affected productsExternal IDs
vendor: palo model: pan-os
vendor: palo model: networks
vendor: palo model: firewall
vendor: palo alto networks model: pan-os
vendor: palo alto networks model: networks
vendor: palo alto networks model: firewall
db: NVD ids: CVE-2024-9474, CVE-2024-0012

What to do if your wifi is hacked? Identify and Protect Your Network - AstrillVPN Blog

Trust: 4.25

Fetched: Nov. 27, 2024, 10:05 a.m., Published: Nov. 21, 2024, 7:38 p.m.
 Vulnerabilities: default password
Affected productsExternal IDs
vendor: essential model: phone
vendor: trend model: security
vendor: trend model: antivirus

OpenSSL Vulnerability: What Do You Need to Know?

Related entries in the VARIoT vulnerabilities database: VAR-202203-0005, VAR-202201-1080

Trust: 3.75

Fetched: Nov. 27, 2024, 10:03 a.m., Published: March 17, 2022, 3:13 p.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs
db: NVD ids: CVE-2022-0778, CVE-2021-4160

ServiceNow Now Platform Vulnerabilities Enable RCE and SQL Injection Risks (CVE-2024-8923, CVE-2024-8924) - Patch Now - SOCRadar® Cyber Intelligence Inc.

Trust: 4.75

Fetched: Nov. 27, 2024, 10:02 a.m., Published: Nov. 1, 2024, 10 a.m.
 Vulnerabilities: code execution, sql injection, input validation error
Affected productsExternal IDs
db: NVD ids: CVE-2024-8923, CVE-2024-8924, CVE-2024-5178, CVE-2024-5217, CVE-2024-4879

Heimdal®’s Semiannual Rundown of the Most Exploited Vulnerabilities of 2023

Related entries in the VARIoT vulnerabilities database: VAR-202304-2073, VAR-202305-2285, VAR-202303-1844, VAR-202305-2121, VAR-202303-1268, VAR-202308-2021, VAR-202302-1097

Trust: 5.5

Fetched: Nov. 27, 2024, 10 a.m., Published: Sept. 6, 2023, 11:40 a.m.
 Vulnerabilities: integer overflow, input validation vulnerability, cross-site scripting...
Affected productsExternal IDs
vendor: ruckus model: zonedirector
vendor: apple model: tvos
vendor: apple model: watchos
vendor: apple model: safari
vendor: apple model: webkit
vendor: apple model: macos
vendor: google model: chrome
vendor: google model: google chrome
vendor: google model: android
vendor: minio model: minio
vendor: zyxel model: zywall
vendor: ruckus wireless model: zonedirector
db: NVD ids: CVE-2023-28205, CVE-2023-28771, CVE-2023-27997, CVE-2023-36884, CVE-2023-38606, CVE-2023-2868, CVE-2023-35311, CVE-2023-32439, CVE-2023-33010, CVE-2023-28204, CVE-2023-32315, CVE-2023-24880, CVE-2023-28432, CVE-2023-23376, CVE-2023-28252, CVE-2023-33009, CVE-2023-2033, CVE-2023-26359, CVE-2023-25717, CVE-2023-22952, CVE-2023-1389, CVE-2023-2136, CVE-2023-21492, CVE-2023-29492, CVE-2023-28206, CVE-2023-21715, CVE-2023-37580, CVE-2023-26360, CVE-2023-29298, CVE-2023-27532, CVE-2023-27350, CVE-2023-32373, CVE-2023-32409, CVE-2023-20963, CVE-2023-24489, CVE-2023-34362, CVE-2023-36874, CVE-2023-32435, CVE-2023-32046, CVE-2023-20867, CVE-2023-37450, CVE-2023-21674, CVE-2023-0266, CVE-2023-32049, CVE-2023-0669, CVE-2023-29336, CVE-2023-26083, CVE-2023-38205, CVE-2023-20887, CVE-2023-38180, CVE-2023-32434, CVE-2023-27992, CVE-2023-23529, CVE-2023-23397, CVE-2023-38831, CVE-2023-3519, CVE-2023-3079, CVE-2023-21823, CVE-2023-21839

DEF CON 32 - From getting JTAG on the iPhone 15 to hacking Apple's USB-C Controller - Stacksmashing - YouTube

Trust: 3.0

Fetched: Nov. 27, 2024, 9:43 a.m., Published: Oct. 16, 2024, 9:29 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: iphone

Android 15 users alert: Government flags high-risk security threats - India TV

Trust: 3.75

Fetched: Nov. 27, 2024, 9:42 a.m., Published: Nov. 26, 2024, 7:36 p.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: google model: chrome
vendor: google model: google chrome
vendor: google model: android

Using iPhone or MacBook? Govt says update your Apple devices now to protect them from hacking - India Today

Trust: 4.75

Fetched: Nov. 27, 2024, 9:41 a.m., Published: Nov. 26, 2024, 9:30 a.m.
 Vulnerabilities: code execution, cross-site scripting
Affected productsExternal IDs
vendor: apple model: iphone
vendor: apple model: software update
vendor: apple model: safari
vendor: apple model: webkit
vendor: apple model: macos
vendor: apple model: macbook
db: NVD ids: CVE-2024-44308, CVE-2024-44309

Support Content Notification - Support Portal - Broadcom support portal

Trust: 4.5

Fetched: Nov. 27, 2024, 9:39 a.m., Published: Nov. 1, 2024, midnight
 Vulnerabilities: privilege escalation, cross-site scripting
Affected productsExternal IDs
db: NVD ids: CVE-2024-38832, CVE-2024-38833, CVE-2024-38831, CVE-2024-38830, CVE-2024-38834