Sign-up

VARIoT news about IoT security

16th December - Threat Intelligence Report - Check Point Research

Trust: 4.5

Fetched: Dec. 17, 2024, 9:45 a.m., Published: Dec. 16, 2024, 7:36 a.m.
 Vulnerabilities: privilege escalation, use after free
Affected productsExternal IDs
vendor: google model: chrome
vendor: google model: google chrome
vendor: check point model: check point
db: NVD ids: CVE-2024-49138, CVE-2024-54526, CVE-2024-12381, CVE-2024-12382

Cleo File Transfer Vulnerabilities (CVE-2024-50623, CVE-2024-55956) - Cl0P's Latest Attack Vector - SOCRadar® Cyber Intelligence Inc.

Trust: 5.25

Fetched: Dec. 17, 2024, 9:45 a.m., Published: Dec. 16, 2024, 1:34 p.m.
 Vulnerabilities: command execution, code execution
Affected productsExternal IDs
vendor: trend model: security
vendor: sophos model: firewall
db: NVD ids: CVE-2024-55956, CVE-2024-50623

Nine Updated Security Measures For The Modern Smart Home

Trust: 3.5

Fetched: Dec. 17, 2024, 9:43 a.m., Published: Dec. 17, 2024, 5:16 a.m.
 Vulnerabilities: default password
Affected productsExternal IDs

INTEL-SA-01185

Trust: 5.75

Fetched: Dec. 17, 2024, 9:41 a.m., Published: Dec. 3, 2024, 10:26 p.m.
 Vulnerabilities: information disclosure, denial of service, improper access control
Affected productsExternal IDs
vendor: asus model: asus
db: NVD ids: CVE-2024-23498, CVE-2024-36297, CVE-2024-23197, CVE-2024-34159, CVE-2024-36483

Update now! Apple releases new security patches for vulnerabilities in iPhones, Macs, and more | Malwarebytes

Trust: 3.75

Fetched: Dec. 17, 2024, 9:41 a.m., Published: Dec. 12, 2024, 3:14 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: software update
vendor: apple model: safari
vendor: apple model: macos
db: NVD ids: CVE-2024-54529, CVE-2024-45490

New NoviSpy Android Spyware Exploits Flaw in Qualcomm Chips

Trust: 4.75

Fetched: Dec. 17, 2024, 9:41 a.m., Published: Dec. 16, 2024, 12:49 p.m.
 Vulnerabilities: kernel panic, code execution, heap corruption
Affected productsExternal IDs
vendor: google model: android
db: NVD ids: CVE-2024-43047

Samsung Electronics Scales Up Mobile Security Rewards Program To Boost Industry Collaboration and Safety - Samsung Newsroom Malaysia

Trust: 3.5

Fetched: Dec. 17, 2024, 9:40 a.m., Published: Dec. 16, 2024, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: samsung model: mobile
vendor: samsung model: samsung galaxy
vendor: samsung model: samsung
vendor: samsung model: samsung mobile
vendor: samsung model: galaxy
vendor: samsung model: mobile devices

Data | Smart Security Enhancer as a Device Guardian to Mitigate Software Vulnerabilities | Dell Technologies Info Hub

Trust: 3.0

Fetched: Dec. 17, 2024, 9:29 a.m., Published: Dec. 1, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2020-9558

Command Injection Vulnerability in D-Link NAS Devices: Recommended Fixes -SecureMyOrg - SecureMyOrg

Trust: 4.25

Fetched: Dec. 17, 2024, 9:29 a.m., Published: Dec. 12, 2024, 5:01 a.m.
 Vulnerabilities: command injection
Affected productsExternal IDs

Firefox and Chrome Mobile Vulnerabilities | Threat Intel

Trust: 5.0

Fetched: Dec. 17, 2024, 9:27 a.m., Published: Oct. 30, 2024, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: google model: chrome
vendor: google model: android
vendor: google model: google chrome
db: NVD ids: CVE-2024-9956, CVE-2024-10231, CVE-2024-9966, CVE-2024-9955, CVE-2024-9936, CVE-2024-10230, CVE-2024-9680, CVE-2024-9954

Notes on ThroughTek Kalay Vulnerabilities and Their Impact on the IoT Ecosystem

Trust: 4.5

Fetched: Dec. 17, 2024, 9:19 a.m., Published: Dec. 3, 2024, midnight
 Vulnerabilities: command execution, code execution, buffer overflow
Affected productsExternal IDs
vendor: roku model: roku
db: NVD ids: CVE-2023-6324, CVE-2023-6322, CVE-2023-6321, CVE-2023-6323

Open Sesame Attack: Ruijie Networks Devices Vulnerable to Remote Takeover

Trust: 3.75

Fetched: Dec. 17, 2024, 9:19 a.m., Published: Dec. 16, 2024, 2:23 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2024-52324, CVE-2024-47146

2024-12-10: Improved naming convention for vulnerabilities using Device Agent

Trust: 3.25

Fetched: Dec. 15, 2024, 10:05 a.m., Published: Dec. 10, 2024, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs

Internet of Risks: Cybersecurity Risk in the Internet of Things | UpGuard

Trust: 3.25

Fetched: Dec. 15, 2024, 10:04 a.m., Published: Dec. 15, 2025, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: google home
vendor: google model: home
vendor: google model: wifi

Critical Zero-Click Shortcuts Vulnerability Uncovered in Apple Devices - Advisories

Trust: 3.75

Fetched: Dec. 15, 2024, 10:03 a.m., Published: April 9, 2024, 4:59 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: macos
vendor: apple model: watchos
db: NVD ids: CVE-2024-23204

Acunetix Web Vulnerability Scanner (free version) download for PC

Trust: 3.0

Fetched: Dec. 15, 2024, 10:03 a.m., Published: Nov. 27, 2024, 10:34 a.m.
 Vulnerabilities: cross-site scripting, sql injection
Affected productsExternal IDs

9 essential IoT security trends: safeguarding the future of connected devices - IoT Business News

Trust: 3.25

Fetched: Dec. 15, 2024, 9:59 a.m., Published: Dec. 13, 2024, 10:13 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: home
vendor: sonos model: sonos
vendor: axis model: axis
vendor: axis model: communications
vendor: tesla model: model

Weekly Cybersecurity Bulletin: Data Leaks, Vulnerabilities & Cybersecurity News

Trust: 3.5

Fetched: Dec. 15, 2024, 9:58 a.m., Published: Dec. 8, 2024, 3:46 p.m.
 Vulnerabilities: privilege escalation, cross-site scripting, code execution
Affected productsExternal IDs
vendor: google model: google chrome
vendor: google model: chrome
vendor: google model: home
vendor: google model: android
vendor: apple model: safari
vendor: cisco model: security manager
vendor: cisco model: routers
vendor: essential model: phone
vendor: tp-link model: routers

US Sanctions Chinese Firm at Center of Global Firewall Hack - Infosecurity Magazine

Trust: 3.25

Fetched: Dec. 15, 2024, 9:57 a.m., Published: Dec. 11, 2024, 11:15 a.m.
 Vulnerabilities: privilege escalation, command injection
Affected productsExternal IDs
vendor: trend model: security
vendor: sophos model: firewall

Can a VPN Be Hacked? Yes. Here’s How You Stay Safe in 2025

Trust: 3.5

Fetched: Dec. 15, 2024, 9:50 a.m., Published: Nov. 30, 2024, 4:40 p.m.
 Vulnerabilities: session hijacking
Affected productsExternal IDs
vendor: pulse secure model: pulse connect secure
vendor: pulse secure model: connect secure