Sign-up

VARIoT news about IoT security

Rooting malware discovered on Google Play, Samsung Galaxy Store - Help Net Security

Related entries in the VARIoT vulnerabilities database: VAR-202003-0573, VAR-201910-0902

Trust: 3.75

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Nov. 3, 2021, 6:45 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: samsung model: galaxy
vendor: samsung model: samsung galaxy
vendor: samsung model: samsung
vendor: samsung model: mobile
vendor: google model: android
db: NVD ids: CVE-2020-0041, CVE-2020-0069, CVE-2019-2215

Microsoft Announces New Endpoint Security Solution for SMBs | SecurityWeek.Com

Trust: 3.0

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Jan. 16, 2022, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: rising model: antivirus

Multiple Vulnerabilities in Mozilla Firefox Could Allow for Arbitrary Code Execution

Trust: 4.0

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Jan. 7, 2022, 7:33 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2021-38505, CVE-2021-38506, CVE-2021-38504, CVE-2021-38508, CVE-2021-38503, CVE-2021-38510, CVE-2021-38509, CVE-2021-38507

Microsoft warns of nasty new macOS vulnerability with an excellent name | TechRadar

Related entries in the VARIoT vulnerabilities database: VAR-202108-2056

Trust: 4.0

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Oct. 29, 2021, 1:44 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: macos
db: NVD ids: CVE-2021-30892

Google warns Android users of zero-day vulnerability being actively attacked

Trust: 3.0

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Jan. 10, 2022, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: android

Supply Chain Vulnerability in Cloud Connectivity Platform Threatens 83 Million IoT Devices - CPO Magazine

Trust: 3.75

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Aug. 22, 2021, 3:07 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs

Apple patches an NSO zero-day flaw affecting all devices - TechCrunch

Related entries in the VARIoT vulnerabilities database: VAR-202108-1057

Trust: 3.5

Fetched: Nov. 4, 2021, 1:02 p.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: ipad
vendor: apple model: macos
vendor: apple model: iphone
vendor: apple model: watch
db: NVD ids: CVE-2021-30860

Many Hikvision Cameras Exposed to Attacks Due to Critical Vulnerability | SecurityWeek.Com

Trust: 5.75

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Jan. 16, 2022, midnight
 Vulnerabilities: command injection
Affected productsExternal IDs
vendor: hikvision model: hikvision
vendor: hikvision model: camera
vendor: hikvision model: hikvision camera
db: NVD ids: CVE-2021-36260

Your Android device may be vulnerable to this newly discovered Bluetooth hack | Wirefly

Trust: 3.0

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Sept. 7, 2021, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: dell model: optiplex

New Bluetooth security vulnerability BrakTooth affects 1 billion devices worldwide • InfoTech News

Trust: 4.0

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Sept. 7, 2021, 11:15 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs

China's Hackers Crack Devices at Tianfu Cup for $1.5M in Prizes

Trust: 3.75

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Oct. 15, 2021, 10:26 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: lenovo model: system
vendor: lenovo model: desktop
vendor: apple model: macbook pro
vendor: apple model: macbook
vendor: apple model: safari
vendor: apple model: iphone
vendor: asus model: asus
vendor: asus model: router
vendor: google model: chrome
vendor: parallels model: parallels desktop
vendor: parallels model: desktop

Multiple Software Vulnerabilities Found in TOTOLINK Device

Related entries in the VARIoT vulnerabilities database: VAR-202108-1782

Trust: 4.75

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Aug. 23, 2021, 3:47 p.m.
 Vulnerabilities: cross-site scripting
Affected productsExternal IDs
vendor: totolink model: a3002r 1.1.1-b20200824
vendor: totolink model: a3002r
db: NVD ids: CVE-2021-34228

SteelSeries bug gives Windows 10 admin rights by plugging in a device

Trust: 3.75

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Jan. 10, 2022, midnight
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
vendor: serve model: serve

Multiple Vulnerabilities in Apple Products Could Allow for Arbitrary Code Execution.

Trust: 3.5

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Jan. 7, 2022, 7:33 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs

BrakTooth Vulnerabilities Affect Billions of Devices (CVE-2021-28139)

Trust: 6.75

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Sept. 6, 2021, 11:09 a.m.
 Vulnerabilities: denial of service, code execution
Affected productsExternal IDs
vendor: mesh model: mesh
db: NVD ids: CVE-2021-28139

Apple issues emergency updates to fix major 'zero-click vulnerability' in all of its operating systems | TechSpot

Related entries in the VARIoT vulnerabilities database: VAR-202108-1057

Trust: 3.75

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Jan. 11, 2022, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: watchos
vendor: apple model: macos
vendor: apple model: iphone
db: NVD ids: CVE-2021-30860

Interesting Privilege Escalation Vulnerability - Schneier on Security

Trust: 4.25

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Jan. 10, 2022, midnight
 Vulnerabilities: privilege escalation
Affected productsExternal IDs

Latest Malware Attacks You Need to Know

Trust: 3.75

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Oct. 6, 2021, 11:52 a.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: google model: android

The real dangers of vulnerable IoT devices - duckduck WHO ?

Trust: 3.0

Fetched: Nov. 4, 2021, 1:02 p.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2021-31251

Full Disclosure: SEC Consult SA-20210901-0 :: Multiple vulnerabilities in MOXA devices

Related entries in the VARIoT vulnerabilities database: VAR-201602-0004, VAR-202109-1172, VAR-202109-1171, VAR-201501-0737

Trust: 4.25

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Sept. 1, 2021, midnight
 Vulnerabilities: buffer overflow, command injection, cross-site scripting
Affected productsExternal IDs
vendor: moxa model: moxa
vendor: moxa model: oncell g3470a-lte-eu
vendor: moxa model: wac-1001
vendor: moxa model: wac-2004
vendor: moxa model: oncell g3470a-lte-eu-t
db: NVD ids: CVE-2013-1914, CVE-2016-1234, CVE-2015-7547, CVE-2021-39279, CVE-2013-7423, CVE-2021-39278, CVE-2015-0235