Sign-up

VARIoT news about IoT security

Microsoft confirms new ransomware family deployed via Log4j vulnerability | VentureBeat

Trust: 3.75

Fetched: Dec. 27, 2021, 1:07 p.m., Published: Dec. 16, 2021, 4:46 a.m.
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
vendor: check point model: check point

Criminal groups continue to exploit Apache Log4j vulnerability with ransomware and malware - SiliconANGLE

Related entries in the VARIoT vulnerabilities database: VAR-202112-0562, VAR-202112-0566

Trust: 3.5

Fetched: Dec. 27, 2021, 1:07 p.m., Published: Dec. 15, 2021, 1:21 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: check point model: check point
vendor: check point software technologies model: check point
db: NVD ids: CVE-2021-45046, CVE-2021-44228

Patch Now Apache Log4j Vulnerability Called Log4Shell Actively Exploited

Related entries in the VARIoT vulnerabilities database: VAR-202112-1782, VAR-202112-2011, VAR-202112-0562, VAR-202112-0566

Trust: 3.0

Fetched: Dec. 27, 2021, 1:07 p.m., Published: Dec. 13, 2021, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs
db: NVD ids: CVE-2021-45105, CVE-2021-44832, CVE-2021-45046, CVE-2021-44228

Log4j: List of vulnerable products and vendor advisories

Related entries in the VARIoT vulnerabilities database: VAR-202112-0566

Trust: 4.75

Fetched: Dec. 23, 2021, 11:55 a.m., Published: -
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: sophos model: cloud optix
vendor: sophos model: endpoint protection
vendor: sophos model: mobile
vendor: cisco model: firepower
vendor: cisco model: cisco webex meetings server
vendor: cisco model: cisco webex
vendor: cisco model: identity services engine
vendor: cisco model: sd-wan vmanage
vendor: cisco model: meetings server
vendor: cisco model: cisco sd-wan
vendor: cisco model: series
vendor: cisco model: data center network manager
vendor: cisco model: webex meetings
vendor: cisco model: firepower threat defense
vendor: cisco model: webex meetings server
vendor: cisco model: sd-wan
vendor: cisco model: webex
vendor: cisco model: cisco webex meetings
vendor: tippingpoint model: tippingpoint
vendor: ubiquiti model: unifi
vendor: symantec model: endpoint protection
vendor: symantec model: web security
vendor: symantec model: symantec endpoint protection
vendor: cpanel model: cpanel
vendor: dovecot model: dovecot
vendor: trend model: security
vendor: trendmicro model: security
vendor: sonicwall model: email security
vendor: sonicwall model: analyzer
vendor: citrix model: gateway
vendor: broadcom model: api gateway
vendor: broadcom model: linux
vendor: broadcom model: broadcom
vendor: couchbase model: server
vendor: trend micro model: security
db: NVD ids: CVE-2021-44228

Log4j Vulnerability (CVE-2021-44228) - Does it Affect My Device? - 5Gstore Blog

Related entries in the VARIoT vulnerabilities database: VAR-202112-0566

Trust: 3.0

Fetched: Dec. 23, 2021, 11:55 a.m., Published: Dec. 17, 2021, 5:33 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2021-44228

Vulnerability in recent MediaTek chips could allow apps to eavesdrop on you, but it's been fixed

Trust: 4.75

Fetched: Dec. 23, 2021, 9:32 a.m., Published: Nov. 24, 2021, 11 a.m.
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
vendor: huawei model: huawei
vendor: nokia model: nokia
vendor: nokia model: series
vendor: check point model: check point
vendor: google model: android
vendor: xiaomi model: redmi

Vulnerabilities Identified in Hillrom Medical Device Management Products

Trust: 4.0

Fetched: Dec. 16, 2021, 8:11 p.m., Published: June 4, 2021, 10 a.m.
 Vulnerabilities: memory corruption, code execution, information leakage
Affected productsExternal IDs
db: NVD ids: CVE-2021-27410, CVE-2021-27408

Security Advisory: Apache Log4j Vulnerability - Product Announcements and Alerts - AppDynamics Documentation

Related entries in the VARIoT vulnerabilities database: VAR-202112-1782, VAR-202112-2011, VAR-202112-0566, VAR-202112-0562

Trust: 4.5

Fetched: Dec. 16, 2021, 8:11 p.m., Published: Jan. 14, 2022, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: node.js model: node.js
vendor: cisco model: meeting
db: NVD ids: CVE-2021-45105, CVE-2021-44832, CVE-2021-44228, CVE-2021-45046

Apache Log4j Vulnerability | Fortinet Blog

Related entries in the VARIoT vulnerabilities database: VAR-202112-1782, VAR-202112-0562, VAR-202112-0566

Trust: 5.0

Fetched: Dec. 16, 2021, 8:11 p.m., Published: Dec. 12, 2021, 8 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: fortigate model: fortios
db: NVD ids: CVE-2021-45105, CVE-2021-45046, CVE-2021-4428, CVE-2021-45104, CVE-2021-44228

Kryptowire Collaborates With Orange and Finds Vulnerabilities in Mobile Devices

Related entries in the VARIoT vulnerabilities database: VAR-202112-0566

Trust: 3.75

Fetched: Dec. 16, 2021, 8:11 p.m., Published: Dec. 15, 2021, 2 p.m.
 Vulnerabilities: command execution
Affected productsExternal IDs
db: NVD ids: CVE-2021-44228, cve-2021-44228

'Moobot' Botnet Targets Hikvision Devices via Recent Vulnerability | SecurityWeek.Com

Trust: 3.5

Fetched: Dec. 16, 2021, 8:11 p.m., Published: Jan. 16, 2022, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: hikvision model: hikvision
vendor: hikvision model: camera
vendor: hikvision model: hikvision camera
db: NVD ids: CVE-2021-36260

Security Vulnerability: Update to the latest version of Zoom on your devices | IT Matters

Trust: 3.0

Fetched: Dec. 16, 2021, 8:11 p.m., Published: Nov. 28, 2021, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: zoom model: zoom
vendor: zoom model: zoom client
vendor: zoom model: client

Apache Log4j Vulnerability Guidance | CISA

Related entries in the VARIoT vulnerabilities database: VAR-202112-0566

Trust: 5.0

Fetched: Dec. 16, 2021, 8:11 p.m., Published: Jan. 2, 2022, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2021-44228

Researchers trigger new exploit by renaming an iPhone and a Tesla - The Verge

Trust: 3.75

Fetched: Dec. 16, 2021, 8:11 p.m., Published: Dec. 13, 2021, 8:29 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: iphone
db: NVD ids: cve-2021-44228

Apache Log4j RCE vulnerability & Bosch IoT Suite - Developer Bosch IoT Suite

Related entries in the VARIoT vulnerabilities database: VAR-202112-0566

Trust: 3.25

Fetched: Dec. 16, 2021, 8:11 p.m., Published: Dec. 14, 2021, 11:04 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2021-44228

‘Extremely bad’ vulnerability found in widely used logging system - The Verge

Trust: 3.75

Fetched: Dec. 16, 2021, 8:11 p.m., Published: Dec. 10, 2021, 8:52 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: apple model: icloud

Update: Notice on potential impact of Apache Log4j vulnerability towards Ricoh products and services | Global | Ricoh

Related entries in the VARIoT vulnerabilities database: VAR-202112-0566

Trust: 3.0

Fetched: Dec. 16, 2021, 8:11 p.m., Published: Dec. 15, 2021, midnight
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2021-44228

After Log4j, December's Patch Tuesday has snuck up on us | Malwarebytes Labs

Trust: 5.5

Fetched: Dec. 16, 2021, 8:11 p.m., Published: Dec. 16, 2021, 10:47 a.m.
 Vulnerabilities: buffer overflow, memory corruption, code execution
Affected productsExternal IDs
vendor: google model: chrome
vendor: apple model: webkit
vendor: apple model: safari
db: NVD ids: CVE-2021-43217, CVE-2021-43890, CVE-2021-43883, CVE-2021-41333, CVE-2021-43215, CVE-2021-42310, CVE-2021-43899, CVE-2021-43905

Microsoft Defender for Endpoint - Mobile Threat Defense | Microsoft Docs

Trust: 3.0

Fetched: Dec. 16, 2021, 8:11 p.m., Published: Jan. 4, 2022, 4:10 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: android

Apache Log4j 2 Vulnerability (CVE-2021-44228) Information | Zebra

Related entries in the VARIoT vulnerabilities database: VAR-202112-0566, VAR-202112-0562

Trust: 4.0

Fetched: Dec. 16, 2021, 8:11 p.m., Published: Jan. 2, 2022, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs
db: NVD ids: CVE-2021-44228, CVE-2021-45046