VARIoT latest news about IoT security

Apple fixes two new actively exploited zero-days Related entries in the VARIoT vulnerabilities database: VAR-202302-1097 Trust: 3.75 Fetched: July 25, 2023, 9:13 a.m., Published: July 25, 2023, 8:48 a.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	apple	model:	safari
vendor:	apple	model:	watchos
vendor:	apple	model:	iphone
vendor:	apple	model:	macos
vendor:	apple	model:	ipad air
vendor:	apple	model:	ipod touch
vendor:	apple	model:	ipad
vendor:	apple	model:	tvos
vendor:	apple	model:	webkit

db:

NVD

ids:

CVE-2023-32434, CVE-2023-28206, CVE-2023-28204, CVE-2023-28205, CVE-2023-32435, CVE-2023-32439, CVE-2023-23529, CVE-2023-32373, CVE-2023-32409, CVE-2023-37450, CVE-2023-38606

Ivanti patches MobileIron zero-day bug exploited in attacks Trust: 3.75 Fetched: July 25, 2023, 9:12 a.m., Published: -	Vulnerabilities: authentication bypass

Affected products

External IDs

db:

NVD

ids:

CVE-2023-35078

CISA: You've got two weeks to patch Citrix NetScaler vulnerability CVE-2023-3519 Trust: 5.5 Fetched: July 23, 2023, 9:34 a.m., Published: July 21, 2023, 12:47 p.m.	Vulnerabilities: code injection, code execution

Affected products

External IDs

vendor:	citrix	model:	gateway
vendor:	citrix	model:	netscaler gateway
vendor:	citrix	model:	netscaler adc
vendor:	citrix	model:	netscaler

db:

NVD

ids:

CVE-2023-3519

IoC scan scope in the registry Trust: 3.25 Fetched: July 23, 2023, 9:24 a.m., Published: -	Vulnerabilities: file execution

Affected products	External IDs

Zyxel users still getting hacked by DDoS botnet emerge as public nuisance No. 1 \| Ars Technica Related entries in the VARIoT vulnerabilities database: VAR-202304-2073 Trust: 3.75 Fetched: July 23, 2023, 9:08 a.m., Published: July 1, 2023, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

zyxel

model:

zywall

db:

NVD

ids:

CVE-2023-28771

Google fixes "Bad.Build" Cloud Build flaw, researchers say it's not enough Trust: 3.75 Fetched: July 21, 2023, 10:41 a.m., Published: July 20, 2023, 10:10 a.m.	Vulnerabilities: privilege escalation

Affected products	External IDs

23-030 (July 11, 2023) - Threat Encyclopedia Trust: 4.5 Fetched: July 21, 2023, 10:41 a.m., Published: July 11, 2023, midnight	Vulnerabilities: code execution, directory traversal, information disclosure...

Affected products

External IDs

vendor:	solarwinds	model:	network performance monitor
vendor:	trend micro	model:	security
vendor:	trend	model:	security

db:

NVD

ids:

CVE-2023-27372, CVE-2023-24954, CVE-2023-34225, CVE-2023-33157, CVE-2022-32742, CVE-2022-47504, CVE-2023-32532, CVE-2023-32529, CVE-2023-0241, CVE-2021-26411, CVE-2023-29154, CVE-2022-43939, CVE-2022-43769

DDoS Botnets Target Zyxel Vulnerability CVE-2023-28771 \| FortiGuard Labs Related entries in the VARIoT vulnerabilities database: VAR-202304-2073 Trust: 5.5 Fetched: July 21, 2023, 10:40 a.m., Published: July 19, 2023, 10:17 p.m.	Vulnerabilities: code execution, command injection

Affected products

External IDs

vendor:

zyxel

model:

zywall

db:

NVD

ids:

CVE-2023-28771

Part 2: An In-Depth Look at the Latest Vulnerability Threat Landscape (Attackers’ Edition) \| Qualys Security Blog Related entries in the VARIoT vulnerabilities database: VAR-202112-0566, VAR-201206-0059, VAR-202008-0248 Trust: 5.25 Fetched: July 21, 2023, 10:39 a.m., Published: July 18, 2023, 1:38 p.m.	Vulnerabilities: code execution, privilege escalation, memory corruption

Affected products

External IDs

vendor:	citrix	model:	netscaler
vendor:	citrix	model:	application delivery controller
vendor:	pulse secure	model:	pulse connect secure
vendor:	pulse secure	model:	connect secure

db:

NVD

ids:

CVE-2017-0144, CVE-2012-0158, CVE-2021-31207, CVE-2020-0601, CVE-2021-27065, CVE-2021-26855, CVE-2019-11510, CVE-2021-34523, CVE-2017-0199, CVE-2017-11882, CVE-2021-44228, CVE-2019-19781, CVE-2018-0802, CVE-2012-0507, CVE-2012-1723, CVE-2017-8570, CVE-2019-0903, CVE-2017-0145, CVE-2020-1472, CVE-2021-34473

Barracuda Warns of Zero-Day Exploited to Breach Email Security Gateway Appliances Trust: 4.5 Fetched: July 21, 2023, 10:37 a.m., Published: May 26, 2023, 4:04 a.m.	Vulnerabilities: code injection, cross-site scripting

Affected products

External IDs

vendor:	sonicwall	model:	email security
vendor:	barracuda	model:	barracuda

db:

NVD

ids:

CVE-2023-2868

Configure Microsoft Defender for Endpoint on iOS features \| Microsoft Learn Trust: 3.0 Fetched: July 21, 2023, 10:36 a.m., Published: Dec. 18, 2020, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

apple

model:

ipad

Configuring updates of anti-malware databases on Android devices Trust: 3.0 Fetched: July 21, 2023, 10:34 a.m., Published: -	Vulnerabilities: -

Affected products

External IDs

vendor:

google

model:

android

12 Best Network Security Tools for 2023 (Paid & Free) Trust: 4.25 Fetched: July 21, 2023, 10:31 a.m., Published: Dec. 4, 2020, 3:15 p.m.	Vulnerabilities: cross-site request forgery, request forgery, sql injection...

Affected products

External IDs

vendor:	trend micro	model:	data loss prevention
vendor:	trend micro	model:	ossec
vendor:	trend micro	model:	security
vendor:	trendmicro	model:	data loss prevention
vendor:	trendmicro	model:	ossec
vendor:	trendmicro	model:	security
vendor:	trend	model:	data loss prevention
vendor:	trend	model:	ossec
vendor:	trend	model:	security
vendor:	google	model:	home

CVE.report on Twitter: "CVE-2023-20126 : A vulnerability in the web-based management interface of Cisco SPA112 2-Port Phone Adapters could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to... https://t.co/6jv06Fz7Ln" / Twitter Trust: 4.0 Fetched: July 21, 2023, 10:25 a.m., Published: July 21, 2023, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

cisco

model:

spa112

db:

NVD

ids:

CVE-2023-20126

Barracuda ESG zero-day attacks linked to suspected Chinese hackers Trust: 5.5 Fetched: July 21, 2023, 10:15 a.m., Published: -	Vulnerabilities: code execution, remote command injection, injection attack...

Affected products

External IDs

vendor:

barracuda

model:

barracuda

db:

NVD

ids:

CVE-2023-2868

5 Lessons Learned from Healthcare Industry Cyberattacks in 2022 Related entries in the VARIoT vulnerabilities database: VAR-202108-1773 Trust: 4.75 Fetched: July 21, 2023, 10:15 a.m., Published: May 16, 2023, 11:03 a.m.	Vulnerabilities: denial of service

Affected products

External IDs

db:

NVD

ids:

CVE-2021-33886

New Android updates fix kernel bug exploited in spyware attacks Trust: 5.75 Fetched: July 21, 2023, 10:13 a.m., Published: -	Vulnerabilities: privilege escalation

Affected products

External IDs

vendor:	google	model:	android
vendor:	google	model:	chrome
vendor:	google	model:	pixel
vendor:	samsung	model:	note

db:

NVD

ids:

CVE-2023-0266, CVE-2022-4262

SSA-731916 Related entries in the VARIoT vulnerabilities database: VAR-202306-0924, VAR-202306-0922, VAR-202306-0923 Trust: 5.25 Fetched: July 21, 2023, 10:05 a.m., Published: July 1, 2023, midnight	Vulnerabilities: command injection

Affected products

External IDs

db:

NVD

ids:

CVE-2023-33921, CVE-2023-33919, CVE-2023-33920

QRadar SIEM: Full Review & 2023 Alternatives (Paid & Free) Trust: 3.75 Fetched: July 21, 2023, 10:04 a.m., Published: Aug. 30, 2020, 5:39 a.m.	Vulnerabilities: -

Affected products

External IDs

vendor:

manageengine

model:

opmanager

[AiProtection] How does AiProtection protect my home network? \| Official Support \| ASUS Global Trust: 3.5 Fetched: July 21, 2023, 9:55 a.m., Published: July 21, 2023, 9:55 a.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	trend	model:	internet security
vendor:	trend	model:	security
vendor:	trend micro	model:	internet security
vendor:	trend micro	model:	security
vendor:	asus	model:	router
vendor:	asus	model:	routers
vendor:	asus	model:	asus

VARIoT news about IoT security