Sign-up

VARIoT news about IoT security

Cyber hygiene: definition, benefits and best practices | Blog - Future Processing

Trust: 3.0

Fetched: Oct. 18, 2024, 9:56 a.m., Published: Oct. 17, 2024, 9:09 a.m.
 Vulnerabilities: weak password
Affected productsExternal IDs

Critical Kubernetes Image Builder Vulnerability Exposes Nodes to Root Access Risk

Trust: 4.5

Fetched: Oct. 18, 2024, 9:55 a.m., Published: Oct. 17, 2024, 5:18 a.m.
 Vulnerabilities: privilege escalation, authentication bypass, information disclosure...
Affected productsExternal IDs
db: NVD ids: CVE-2024-9594, CVE-2024-38139, CVE-2024-45216, CVE-2024-38190, CVE-2024-9486, CVE-2024-38204

Nation-State Attackers Exploiting Ivanti CSA Flaws for Network Infiltration

Trust: 4.75

Fetched: Oct. 18, 2024, 9:49 a.m., Published: Oct. 14, 2024, 11:35 a.m.
 Vulnerabilities: command injection, code execution, path traversal
Affected productsExternal IDs
db: NVD ids: CVE-2024-9380, CVE-2024-8190, CVE-2024-29824, CVE-2024-8963

Cisco ATA 190 Series Analog Telephone Adapter Firmware Vulnerabilities - Cisco

Trust: 5.5

Fetched: Oct. 18, 2024, 9:46 a.m., Published: Oct. 16, 2024, 11:50 a.m.
 Vulnerabilities: denial of service, privilege escalation, information disclosure...
Affected productsExternal IDs
vendor: cisco model: series
db: NVD ids: CVE-2024-20460, CVE-2024-20461, CVE-2024-20458, CVE-2024-20462, CVE-2024-20463, CVE-2024-20420, CVE-2024-20459, CVE-2024-20421

Microsoft Reveals macOS Vulnerability that Bypasses Privacy Controls in Safari Browser

Trust: 3.75

Fetched: Oct. 18, 2024, 9:46 a.m., Published: Oct. 18, 2024, 5:42 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: safari
vendor: apple model: macos
db: NVD ids: CVE-2024-44133

Critical Vulnerabilities Affecting GitHub Enterprise Server, Kubernetes Image Builder, and GiveWP Plugin - SOCRadar® Cyber Intelligence Inc.

Trust: 4.5

Fetched: Oct. 18, 2024, 9:44 a.m., Published: Oct. 16, 2024, 11:02 a.m.
 Vulnerabilities: privilege escalation, authentication bypass, code execution...
Affected productsExternal IDs
db: NVD ids: CVE-2024-9487, CVE-2024-9634, CVE-2024-9594, CVE-2024-9539, CVE-2024-4985, CVE-2024-9486

Tor Browser and Firefox users should update to fix actively exploited vulnerability | Malwarebytes

Trust: 4.0

Fetched: Oct. 18, 2024, 9:39 a.m., Published: Oct. 16, 2024, 11:37 a.m.
 Vulnerabilities: code execution, use after free
Affected productsExternal IDs
db: NVD ids: CVE-2024-9680

Embedded web server input sanitization vulnerability (CVE-2021-44734) | Lexmark M5155

Related entries in the VARIoT vulnerabilities database: VAR-202201-0782

Trust: 4.0

Fetched: Oct. 18, 2024, 9:37 a.m., Published: May 18, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: lexmark model: lexmark
vendor: lexmark model: m5155
db: NVD ids: CVE-2021-44734

New macOS vulnerability, “HM Surf”, could lead to unauthorized data access - Malware News - Malware Analysis, News and Indicators

Trust: 4.5

Fetched: Oct. 18, 2024, 9:34 a.m., Published: Oct. 17, 2024, 4:15 p.m.
 Vulnerabilities: code injection
Affected productsExternal IDs
vendor: google model: google chrome
vendor: google model: chrome
vendor: google model: home
vendor: apple model: safari
vendor: apple model: macos
db: NVD ids: CVE-2024-44133

User Data Encryption (UDE) | Lexmark M5155

Trust: 3.0

Fetched: Oct. 18, 2024, 9:31 a.m., Published: May 18, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: lexmark model: lexmark
vendor: lexmark model: m5155

ERROR: The request could not be satisfied

Trust: 3.25

Fetched: Oct. 18, 2024, 9:30 a.m., Published: -
 Vulnerabilities: configuration error
Affected productsExternal IDs

What I’ve learned in my first 7-ish years in cybersecurity

Trust: 3.5

Fetched: Oct. 18, 2024, 9:30 a.m., Published: Oct. 17, 2024, 6 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: android
vendor: motorola model: motorola
vendor: motorola model: android
vendor: samsung model: samsung
vendor: samsung model: mobile
vendor: cisco model: series
vendor: cisco model: clamav
vendor: clamav model: clamav
vendor: snort model: snort
db: NVD ids: CVE-2024-43047

IT Vulnerability Weekly Report: Cyble Urges Fixes For Fortinet, Palo Alto & More

Trust: 5.5

Fetched: Oct. 18, 2024, 9:26 a.m., Published: Oct. 18, 2024, 8:37 a.m.
 Vulnerabilities: privilege escalation, format string vulnerability, os command injection...
Affected productsExternal IDs
vendor: google model: android
vendor: google model: google chrome
vendor: google model: chrome
vendor: palo model: networks
vendor: palo model: firewall
vendor: palo model: pan-os
vendor: cisco model: firepower
vendor: cisco model: adaptive security appliance
vendor: cisco model: firepower threat defense
vendor: cisco model: cisco finesse
vendor: cisco model: finesse
vendor: palo alto networks model: networks
vendor: palo alto networks model: firewall
vendor: palo alto networks model: pan-os
db: NVD ids: CVE-2024-20404, CVE-2024-9465, CVE-2024-9464, CVE-2024-20353, CVE-2024-23113, CVE-2024-9164, CVE-2024-38816, CVE-2024-9466, CVE-2024-7479, CVE-2024-40711, CVE-2024-30088, CVE-2024-38178, CVE-2024-30052, CVE-2024-42640, CVE-2024-0044, CVE-2024-45200, CVE-2024-7481, CVE-2024-9463, CVE-2024-45519, CVE-2024-5830, CVE-2024-9379, CVE-2024-45409, CVE-2024-9467, CVE-2024-6769, CVE-2024-9486

High-Risk Vulnerability Found in MediaTek Wi-Fi Chips

Trust: 4.75

Fetched: Oct. 18, 2024, 9:25 a.m., Published: Sept. 5, 2024, 1:53 p.m.
 Vulnerabilities: address corruption, code execution, buffer overflow...
Affected productsExternal IDs
db: NVD ids: CVE-2024-20017

Camera Vulnerability: Tutorial, Sample CVEs, and Best Practices - SecuriThings

Related entries in the VARIoT vulnerabilities database: VAR-201804-0561, VAR-202001-0856, VAR-201705-3742, VAR-201807-0267, VAR-201806-0699, VAR-201806-0696, VAR-202004-2030, VAR-201806-0698, VAR-201803-2290, VAR-201705-3762, VAR-202108-1018, VAR-202009-0800, VAR-201011-0101, VAR-201812-0472

Trust: 6.0

Fetched: Oct. 18, 2024, 9:22 a.m., Published: -
 Vulnerabilities: buffer overflow, directory traversal, code execution...
Affected productsExternal IDs
vendor: d-link model: dcs-2103
vendor: genie access model: wip3bvaf
vendor: axis model: axis
vendor: axis model: ip cameras
vendor: foscam model: ip camera
vendor: foscam model: system
vendor: foscam model: c1 indoor hd cameras
vendor: foscam model: foscam
vendor: bosch model: ip cameras
vendor: bosch model: bosch ip cameras
vendor: hikvision model: ip cameras
vendor: hikvision model: hikvision
vendor: dahua model: camera
vendor: dahua model: ip camera
vendor: dahua model: camera firmware
db: NVD ids: CVE-2017-2871, CVE-2013-2574, CVE-2017-7923, CVE-2017-3223, CVE-2018-10661, CVE-2022-2471, CVE-2018-10664, CVE-2020-6852, CVE-2022-30563, CVE-2018-10662, CVE-2018-7698, CVE-2017-7921, CVE-2021-23849, CVE-2020-25748, CVE-2010-4231, CVE-2018-19036

Security Advisory | Rockwell Automation

Trust: 3.75

Fetched: Oct. 18, 2024, 9:21 a.m., Published: May 16, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: rockwell model: guardlogix
vendor: rockwell model: controllogix
vendor: rockwell automation model: guardlogix
vendor: rockwell automation model: controllogix
db: NVD ids: CVE-2024-6242

Helmholz REX100 Industrial Routers Found Vulnerable to Critical Security Exploits

Related entries in the VARIoT vulnerabilities database: VAR-202410-0405

Trust: 4.25

Fetched: Oct. 16, 2024, 9:52 a.m., Published: Oct. 15, 2024, 8:50 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2024-45274, CVE-2024-45275, CVE-2024-45271, CVE-2024-45273, CVE-2024-45276

ALAS-2024-737

Trust: 5.75

Fetched: Oct. 16, 2024, 9:46 a.m., Published: Oct. 16, 2024, 1 a.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: clam model: clamav
vendor: clamav model: clamav
db: NVD ids: CVE-2024-20506, CVE-2024-20505

Forescout Finds 14 Vulnerabilities in Popular DrayTek Routers Affecting Hundreds of Thousands of Exposed Devices Globally - Forescout

Trust: 3.25

Fetched: Oct. 16, 2024, 9:43 a.m., Published: Oct. 3, 2024, 12:37 p.m.
 Vulnerabilities: command injection, code execution, os command injection
Affected productsExternal IDs
vendor: draytek model: draytek routers
vendor: draytek model: routers

Tens of thousands of IPs vulnerable to Fortinet flaw dubbed 'must patch' by feds | CyberScoop

Trust: 3.0

Fetched: Oct. 16, 2024, 9:43 a.m., Published: Oct. 14, 2024, 4:22 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs