Sign-up

VARIoT news about IoT security

Zyxel security advisory for multiple vulnerabilities in NAS products - Zyxel Community

Trust: 5.5

Fetched: July 12, 2024, 9:33 a.m., Published: June 4, 2024, midnight
 Vulnerabilities: command injection, code execution, privilege management vulnerability
Affected productsExternal IDs
vendor: zyxel model: nas542
vendor: zyxel model: nas326
db: NVD ids: CVE-2024-29975, CVE-2024-29973, CVE-2024-29974, CVE-2024-29976, CVE-2024-29972

Cybersecurity Vulnerabilities in Implantable Medical Devices - Solondais

Trust: 4.75

Fetched: July 12, 2024, 9:32 a.m., Published: -
 Vulnerabilities: session hijacking
Affected productsExternal IDs
vendor: trend model: security
db: NVD ids: CVE-2023-31222

Understanding the QNAP QTS Zero-Day Vulnerability - Cyber and Fraud Centre - Scotland

Trust: 5.5

Fetched: July 12, 2024, 9:32 a.m., Published: May 21, 2024, 12:55 p.m.
 Vulnerabilities: buffer overflow, code execution
Affected productsExternal IDs
vendor: qnap model: qnap qts
db: NVD ids: CVE-2024-27130

Vulnerabilities in employee management system could lead to remote code execution, login credential theft

Trust: 5.5

Fetched: July 12, 2024, 9:31 a.m., Published: May 1, 2024, 4 p.m.
 Vulnerabilities: memory corruption, information disclosure, buffer overflow...
Affected productsExternal IDs
vendor: snort model: snort
vendor: snort.org model: snort
db: NVD ids: CVE-2024-22373, CVE-2024-25648, CVE-2023-43491, CVE-2023-51391, CVE-2024-22391, CVE-2023-45744, CVE-2023-39367, CVE-2023-45209, CVE-2024-28130, CVE-2024-25569, CVE-2024-25575, CVE-2024-25938, CVE-2023-40146

ICS hardware vulnerabilities found in TELSAT, SDG Technologies, Yokogawa, Johnson Controls equipment - Industrial Cyber

Trust: 5.5

Fetched: July 12, 2024, 9:29 a.m., Published: June 28, 2024, 5:53 p.m.
 Vulnerabilities: improper access control, authorization vulnerability, cross-site scripting...
Affected productsExternal IDs
vendor: yokogawa model: fast/tools
db: NVD ids: CVE-2024-32756, CVE-2024-32755, CVE-2024-4105, CVE-2024-32932, CVE-2024-32757, CVE-2024-4106, CVE-2024-2882

Palo Alto Networks API Exploit Causing Critical Infrastructure and Enterprise Epidemics - API Security

Trust: 5.5

Fetched: July 12, 2024, 9:28 a.m., Published: April 13, 2024, 9:57 p.m.
 Vulnerabilities: path traversal, command injection, code execution
Affected productsExternal IDs
vendor: palo alto networks model: networks
vendor: palo alto networks model: firewall
vendor: palo alto networks model: pan-os
vendor: paloaltonetworks model: networks
vendor: paloaltonetworks model: firewall
vendor: paloaltonetworks model: pan-os
vendor: palo model: networks
vendor: palo model: firewall
vendor: palo model: pan-os
db: NVD ids: CVE-2024-3400

CVE-2023-45866: A Critical Bluetooth Security Flaw - EXPLOIT | by Hacker's Dump | Medium

Trust: 4.75

Fetched: July 12, 2024, 9:27 a.m., Published: May 3, 2024, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: google model: chromecast
vendor: google model: android
vendor: apple model: iphone
vendor: oneplus model: 3
vendor: raspberry pi model: 3
db: NVD ids: CVE-2023-45866

State-Sponsored Espionage Campaign Exploits Cisco Vulnerabilities - Infosecurity Magazine

Trust: 3.5

Fetched: July 12, 2024, 9:27 a.m., Published: April 25, 2024, 2 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco model: asa software
vendor: cisco model: adaptive security appliance
vendor: cisco model: cisco adaptive security appliance
vendor: trend model: security
db: NVD ids: CVE-2024-20353, CVE-2024-20359

Cyber Spies Hit Cisco Firewalls in Zero-Day Exploits | MSSP Alert

Trust: 5.5

Fetched: July 12, 2024, 9:26 a.m., Published: April 29, 2024, midnight
 Vulnerabilities: denial of service, code execution
Affected productsExternal IDs
vendor: cisco model: firepower threat defense
vendor: cisco model: firepower
vendor: cisco model: adaptive security appliance
vendor: trend model: security
db: NVD ids: CVE-2024-20353, CVE-2024-20359

Thousands of internet-facing devices vulnerable to Check Point VPN zero-day

Trust: 3.75

Fetched: July 12, 2024, 9:25 a.m., Published: July 4, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: check point model: quantum security gateway
vendor: check point model: check point vpn
vendor: check point model: check point
vendor: check point model: security gateway
db: NVD ids: CVE-2024-24919

Journal of Medical Internet Research - Vulnerability to Cyberattacks and Sociotechnical Solutions for Health Care Systems: Systematic Review

Trust: 3.75

Fetched: July 12, 2024, 9:22 a.m., Published: July 12, 8493, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: trend model: security

.net - Mitigating vulnerability in runtime libraries - Stack Overflow

Trust: 3.0

Fetched: July 12, 2024, 9:21 a.m., Published: July 16, 2059, midnight
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2024-38095, CVE-2024-30105

Cybersecurity Vulnerabilities in Implantable Medical Devices

Trust: 4.5

Fetched: July 12, 2024, 9:20 a.m., Published: July 11, 2024, 3:39 p.m.
 Vulnerabilities: session hijacking, default credentials
Affected productsExternal IDs
vendor: trend model: security
db: NVD ids: CVE-2023-31222

Data breaches to Palo Alto GlobalProtect products - requires immediate action | NCSC-FI

Trust: 3.0

Fetched: July 12, 2024, 9:18 a.m., Published: Jan. 12, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2024-3400

The Looming Threat of Unsecured IoT Devices: A Deep Dive

Trust: 3.75

Fetched: July 12, 2024, 9:17 a.m., Published: -
 Vulnerabilities: code injection, denial of service
Affected productsExternal IDs

CVE - CVE-2009-2512

Trust: 3.25

Fetched: July 10, 2024, 10:07 a.m., Published: Aug. 24, 2030, midnight
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2009-2512

Only one critical issue disclosed as part of Microsoft Patch Tuesday

Trust: 5.25

Fetched: July 10, 2024, 10:07 a.m., Published: June 11, 2024, 5:46 p.m.
 Vulnerabilities: code execution, denial of service
Affected productsExternal IDs
vendor: snort.org model: snort
vendor: snort model: snort
db: NVD ids: CVE-2024-30090, CVE-2024-35250, CVE-2024-35254, CVE-2024-30078, CVE-2024-30063, CVE-2024-30087, CVE-2024-30088, CVE-2024-30089, CVE-2024-30084, CVE-2024-30082, CVE-2024-30080, CVE-2024-30068, CVE-2024-30091, CVE-2024-30099, CVE-2024-30077, CVE-2024-30103, CVE-2024-30064

Analyzing session token generation with Burp Suite - PortSwigger

Trust: 3.0

Fetched: July 10, 2024, 10:06 a.m., Published: July 1, 2024, midnight
 Vulnerabilities: session hijacking
Affected productsExternal IDs

Critical Vulnerability Found in Popular Python Library - Hackerdose

Trust: 4.0

Fetched: July 10, 2024, 10:05 a.m., Published: June 23, 2024, 9 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2024-28397

How Do Hackers Target IoT Devices?

Trust: 3.25

Fetched: July 10, 2024, 10 a.m., Published: June 23, 2024, 5:09 p.m.
 Vulnerabilities: default password, weak password
Affected productsExternal IDs