Sign-up

VARIoT news about IoT security

MOA 225-24-015 | FDA

Trust: 3.75

Fetched: Aug. 9, 2024, 9:15 a.m., Published: Aug. 7, 2024, 4:06 p.m.
 Vulnerabilities: information disclosure
Affected productsExternal IDs
vendor: serve model: serve

Dahua Vulnerability Leads to Device Crash (CVE-2024-39947) | SecurityVulnerability.io - SecuirtyVulnerability.io

Trust: 3.25

Fetched: Aug. 9, 2024, 9:15 a.m., Published: Aug. 9, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2024-39947

Chrome, Safari and other browsers vulnerable to 0.0.0.0 Day vulnerability - what you need to know | Tom's Guide

Trust: 3.75

Fetched: Aug. 9, 2024, 9:15 a.m., Published: Aug. 8, 2024, 5:03 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: google model: google chrome
vendor: google model: chrome
vendor: apple model: webkit
vendor: apple model: safari
vendor: apple model: macos

0.0.0.0 Day: 18-Year-Old Browser Vulnerability Impacts MacOS and Linux Devices

Trust: 4.75

Fetched: Aug. 9, 2024, 9:14 a.m., Published: Aug. 8, 2024, 1:25 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: google model: google chrome
vendor: google model: chrome
vendor: apple model: safari
vendor: apple model: macos

CISA Warns of Hackers Exploiting Legacy Cisco Smart Install Feature

Trust: 5.75

Fetched: Aug. 9, 2024, 9:12 a.m., Published: Aug. 9, 2024, 5:41 a.m.
 Vulnerabilities: buffer overflow, weak password
Affected productsExternal IDs
vendor: cisco model: ip phones
vendor: cisco model: small business
vendor: cisco model: spa500
vendor: cisco model: series ip phones
vendor: cisco model: series
vendor: cisco model: spa300
vendor: cisco model: spa500 series ip phones
vendor: cisco model: small business spa300 series
db: NVD ids: CVE-2024-20454, CVE-2024-20450, CVE-2024-20452, CVE-2024-20419

Hackers Exploit Cisco Smart Install Vulnerability: CISA Warns

Trust: 3.75

Fetched: Aug. 9, 2024, 9:12 a.m., Published: Aug. 9, 2024, 5:41 a.m.
 Vulnerabilities: weak password
Affected productsExternal IDs

Mobile Device Forensics: Enhancing Enterprise Security

Trust: 3.25

Fetched: Aug. 9, 2024, 9:11 a.m., Published: May 31, 2024, 9:24 p.m.
 Vulnerabilities: sql injection, cross-site scripting
Affected productsExternal IDs
vendor: essential model: phone
vendor: google model: android
vendor: apple model: icloud

BlackHat USA 2024: NCC Group reveals vulnerabilities on Sonos devices

Trust: 3.0

Fetched: Aug. 9, 2024, 9:11 a.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs
vendor: sonos model: sonos

IoT exploitation during security engagements

Trust: 4.25

Fetched: Aug. 9, 2024, 9:11 a.m., Published: Aug. 8, 2024, midnight
 Vulnerabilities: command injection, privilege escalation, command execution
Affected productsExternal IDs
vendor: lighttpd model: lighttpd
vendor: serve model: serve
db: NVD ids: CVE-2024-30169, CVE-2024-30168

Apple fixes Siri vulnerabilities that could have allowed sensitive data theft from locked device. Update now! | Malwarebytes

Trust: 3.75

Fetched: Aug. 9, 2024, 9:10 a.m., Published: July 31, 2024, 1:04 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: apple model: ipod touch
vendor: apple model: iphone
vendor: apple model: ipad air
vendor: apple model: safari
vendor: apple model: apple tv
vendor: apple model: macos
vendor: apple model: ipad
vendor: apple model: software update
vendor: apple model: watch

Configuration vulnerability analysis and management in Device Farm - AWS Device Farm

Trust: 3.0

Fetched: Aug. 9, 2024, 9:10 a.m., Published: April 4, 2002, midnight
 Vulnerabilities: configuration vulnerability
Affected productsExternal IDs

New Ransomware Group Exploiting Veeam Backup Software Vulnerability

Trust: 3.5

Fetched: Aug. 7, 2024, 9:34 a.m., Published: July 10, 2024, 1:06 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: blackberry model: storm
vendor: blackberry model: blackberry
db: NVD ids: CVE-2023-27532

CVE-2024-23711 - Microsoft Device Driver Kernel Code Execution Vulnerability

Trust: 6.0

Fetched: Aug. 7, 2024, 9:33 a.m., Published: July 9, 2024, 9:15 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: google model: android
db: NVD ids: CVE-2024-23711

CISA adds Microsoft COM for Windows bug to its Known Exploited Vulnerabilities catalog

Trust: 3.75

Fetched: Aug. 7, 2024, 9:31 a.m., Published: Aug. 6, 2024, 1:51 p.m.
 Vulnerabilities: privilege escalation, code execution
Affected productsExternal IDs
db: NVD ids: CVE-2018-0824

Microsoft Outlook Faced Critical Zero-Click RCE Vulnerability - Infosecurity Magazine

Trust: 5.0

Fetched: Aug. 7, 2024, 9:31 a.m., Published: July 10, 2024, 4:30 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2024-30103, CVE-2024-38021

Automotive IoT: How to Secure Connected Cars

Trust: 3.75

Fetched: Aug. 7, 2024, 9:29 a.m., Published: Aug. 27, 2024, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs

Samsung rolls out August 2024 update with security patch to Galaxy devices

Trust: 3.75

Fetched: Aug. 7, 2024, 9:27 a.m., Published: Aug. 7, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: samsung model: android phone
vendor: samsung model: galaxy
vendor: samsung model: samsung
vendor: google model: android
vendor: apple model: software update
db: NVD ids: CVE-2024-36971

Western Digital’s Discovery App Vulnerability Allows Code Execution

Trust: 5.25

Fetched: Aug. 7, 2024, 9:27 a.m., Published: Aug. 6, 2024, 2:47 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: node.js model: node.js

'Highly Severe': CERT Sounds Alert For iPhone Users, Flags 'Multiple Vulnerabilities' In Apple Devices - Details Inside

Trust: 4.5

Fetched: Aug. 7, 2024, 9:26 a.m., Published: Aug. 4, 2024, 12:45 p.m.
 Vulnerabilities: code execution, denial of service
Affected productsExternal IDs
vendor: apple model: macos
vendor: apple model: safari
vendor: apple model: iphone
vendor: apple model: watchos

CERT-EU - Multiple Vulnerabilities in Microsoft Products

Trust: 4.25

Fetched: Aug. 7, 2024, 9:25 a.m., Published: -
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2024-38023, CVE-2024-38060, CVE-2024-38074, CVE-2024-38076, CVE-2024-35264, CVE-2024-38112, CVE-2024-38077, CVE-2024-37985, CVE-2024-38080, CVE-2024-38021