VARIoT latest news about IoT security

Fortinet finds more malicious IPs linked to widely exploited zero-day \| Cybersecurity Dive Trust: 3.0 Fetched: Nov. 3, 2024, 9:50 a.m., Published: Oct. 31, 2024, midnight	Vulnerabilities: -

Affected products

External IDs

db:

NVD

ids:

CVE-2024-47575

Trend Micro ZDI Hosts Hacking Contest for Vulnerabilities in AI-Enabled Devices \| Trend Micro (NZ) Trust: 3.75 Fetched: Nov. 3, 2024, 9:49 a.m., Published: -	Vulnerabilities: -

Affected products

External IDs

vendor:	trend micro	model:	security
vendor:	trend	model:	security

Inside a Firewall Vendor's 5-Year War With the Chinese Hackers Hijacking Its Devices - Slashdot Trust: 3.0 Fetched: Nov. 3, 2024, 9:43 a.m., Published: Nov. 5, 2024, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

sophos

model:

firewall

HardPwn 2024: a Researcher's Passion for Hacking IoT Devices Trust: 4.75 Fetched: Nov. 3, 2024, 9:43 a.m., Published: Nov. 3, 2024, midnight	Vulnerabilities: command injection

Affected products

External IDs

vendor:

google

model:

home

IoT Device Security: Risks & Mitigation Strategies \| Part 1 of 3: Theory \| SRX Trust: 3.0 Fetched: Nov. 3, 2024, 9:43 a.m., Published: Jan. 3, 2024, midnight	Vulnerabilities: -

Affected products	External IDs

10 Tips to Secure Your IoT Devices from Hackers Trust: 4.5 Fetched: Nov. 3, 2024, 9:41 a.m., Published: Nov. 1, 2024, 2 p.m.	Vulnerabilities: denial of service

Affected products

External IDs

vendor:	wireshark	model:	wireshark
vendor:	cisco	model:	routers
vendor:	cisco	model:	router

Patch now! New Chrome update for two critical vulnerabilities \| Malwarebytes Trust: 5.75 Fetched: Nov. 3, 2024, 9:41 a.m., Published: Oct. 30, 2024, 2:55 p.m.	Vulnerabilities: code execution

Affected products

External IDs

vendor:

google

model:

chrome

db:

NVD

ids:

CVE-2024-10488, CVE-2024-10487

QNAP patches worrying NAS security flaw, so update now \| TechRadar Trust: 4.5 Fetched: Nov. 3, 2024, 9:40 a.m., Published: Oct. 30, 2024, 3:10 p.m.	Vulnerabilities: os command injection, command injection

Affected products

External IDs

db:

NVD

ids:

CVE-2024-50388

Trend Micro ZDI Hosts Hacking Contest for Vulnerabilities in AI-Enabled Devices \| Trend Micro (AU) Trust: 3.75 Fetched: Nov. 3, 2024, 9:40 a.m., Published: -	Vulnerabilities: -

Affected products

External IDs

vendor:	trend micro	model:	security
vendor:	trend	model:	security

Millions of Samsung phones at risk of hacking - update these devices right now \| Tom's Guide Trust: 3.75 Fetched: Nov. 3, 2024, 9:40 a.m., Published: Oct. 30, 2024, 12:37 p.m.	Vulnerabilities: privilege escalation

Affected products

External IDs

vendor:	google	model:	android
vendor:	samsung	model:	galaxy
vendor:	samsung	model:	galaxy note
vendor:	samsung	model:	exynos
vendor:	samsung	model:	samsung
vendor:	samsung	model:	note
vendor:	samsung	model:	galaxy s10
vendor:	samsung	model:	note 10

20K Ubiquiti IoT Cameras & Routers Are Sitting Ducks for Hackers Trust: 4.0 Fetched: Nov. 3, 2024, 9:38 a.m., Published: Nov. 5, 2024, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

check point

model:

check point

db:

NVD

ids:

CVE-2017-0938

Critical Authentication Vulnerabilities Threaten Smart Factory Equipment - VULNERA Related entries in the VARIoT vulnerabilities database: VAR-202410-2617, VAR-202410-3402 Trust: 5.5 Fetched: Nov. 3, 2024, 9:38 a.m., Published: Nov. 1, 2024, 5:15 p.m.	Vulnerabilities: weak password, authentication bypass, code execution

Affected products

External IDs

vendor:	mitsubishi	model:	melsec iq-r
vendor:	mitsubishi	model:	melsec iq-r series
vendor:	mitsubishi electric	model:	melsec iq-r
vendor:	mitsubishi electric	model:	melsec iq-r series
vendor:	rockwell	model:	automation factorytalk
vendor:	rockwell	model:	factorytalk
vendor:	rockwell automation	model:	automation factorytalk
vendor:	rockwell automation	model:	factorytalk

db:

NVD

ids:

CVE-2024-10387, CVE-2023-6943, CVE-2023-6942, CVE-2023-2060, CVE-2024-10386

Unveiling Mobile App Vulnerabilities: How Popular Apps Leak Sensitive Data \| Symantec Enterprise Blogs Trust: 3.0 Fetched: Nov. 3, 2024, 9:36 a.m., Published: Nov. 1, 2024, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

google

model:

android

RISK:STATION Trust: 6.25 Fetched: Nov. 3, 2024, 9:36 a.m., Published: Nov. 3, 2024, midnight	Vulnerabilities: code execution

Affected products

External IDs

vendor:

synology

model:

diskstation

db:

NVD

ids:

CVE-2024-10443

1 Million Vulnerable Fortinet, SonicWall Devices Exposed Trust: 5.5 Fetched: Nov. 3, 2024, 9:35 a.m., Published: Nov. 1, 2024, 4:14 p.m.	Vulnerabilities: improper access control, integer overflow, access control vulnerability

Affected products

External IDs

vendor:	sonicwall	model:	sonicos
vendor:	sonicwall	model:	ssl vpn
vendor:	sonicwall	model:	remote access
vendor:	litespeed	model:	litespeed web server

db:

NVD

ids:

CVE-2024-51568, CVE-2024-47575, CVE-2024-46483, CVE-2024-40766, CVE-2024-51567, CVE-2024-23113, CVE-2024-9264

CISA Warns of Critical Software Vulnerabilities in Industrial Devices - Infosecurity Magazine Related entries in the VARIoT vulnerabilities database: VAR-202410-3402, VAR-202410-2617 Trust: 4.5 Fetched: Nov. 3, 2024, 9:35 a.m., Published: Nov. 1, 2024, 11:45 a.m.	Vulnerabilities: weak password, authentication bypass

Affected products

External IDs

vendor:	mitsubishi	model:	melsec iq-r
vendor:	mitsubishi	model:	melsec iq-r series
vendor:	mitsubishi electric	model:	melsec iq-r
vendor:	mitsubishi electric	model:	melsec iq-r series
vendor:	rockwell	model:	factorytalk
vendor:	rockwell	model:	automation factorytalk
vendor:	rockwell automation	model:	factorytalk
vendor:	rockwell automation	model:	automation factorytalk

db:

NVD

ids:

CVE-2023-2060, CVE-2024-10386, CVE-2024-10387, CVE-2023-6943

A Deeper Look at FortiJump (FortiManager CVE-2024-47575) \| Bishop Fox Trust: 4.75 Fetched: Nov. 3, 2024, 9:34 a.m., Published: Nov. 1, 2024, midnight	Vulnerabilities: command injection

Affected products

External IDs

vendor:

fortigate

model:

fortios

db:

NVD

ids:

CVE-2024-47575, CVE-2024-23113

Millions of Devices Are Vulnerable to the Most Exploited Vulnerability - Cyber Warriors Middle East Trust: 3.75 Fetched: Nov. 3, 2024, 9:34 a.m., Published: Oct. 18, 2024, 11:51 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	trend	model:	security
vendor:	treck	model:	tcp/ip stack

db:

NVD

ids:

CVE-2020-11899

Understanding CVE-2024-33892 and Mitigating Insecure Permissions in Cosy+ Devices Trust: 3.0 Fetched: Nov. 3, 2024, 9:33 a.m., Published: Nov. 21, 2024, midnight	Vulnerabilities: information leakage

Affected products

External IDs

db:

NVD

ids:

CVE-2024-33892

A Comprehensive Review and Assessment of Cybersecurity Vulnerability Detection Methodologies Trust: 3.75 Fetched: Nov. 3, 2024, 9:32 a.m., Published: Oct. 7, 2024, midnight	Vulnerabilities: denial of service

Affected products	External IDs

VARIoT news about IoT security