Sign-up

VARIoT news about IoT security

Notes on ThroughTek Kalay Vulnerabilities and Their Impact on the IoT Ecosystem

Trust: 4.5

Fetched: Dec. 17, 2024, 9:19 a.m., Published: Dec. 3, 2024, midnight
 Vulnerabilities: command execution, code execution, buffer overflow
Affected productsExternal IDs
vendor: roku model: roku
db: NVD ids: CVE-2023-6324, CVE-2023-6322, CVE-2023-6321, CVE-2023-6323

Open Sesame Attack: Ruijie Networks Devices Vulnerable to Remote Takeover

Trust: 3.75

Fetched: Dec. 17, 2024, 9:19 a.m., Published: Dec. 16, 2024, 2:23 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2024-52324, CVE-2024-47146

2024-12-10: Improved naming convention for vulnerabilities using Device Agent

Trust: 3.25

Fetched: Dec. 15, 2024, 10:05 a.m., Published: Dec. 10, 2024, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs

Internet of Risks: Cybersecurity Risk in the Internet of Things | UpGuard

Trust: 3.25

Fetched: Dec. 15, 2024, 10:04 a.m., Published: Dec. 15, 2025, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: google home
vendor: google model: home
vendor: google model: wifi

Critical Zero-Click Shortcuts Vulnerability Uncovered in Apple Devices - Advisories

Trust: 3.75

Fetched: Dec. 15, 2024, 10:03 a.m., Published: April 9, 2024, 4:59 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: macos
vendor: apple model: watchos
db: NVD ids: CVE-2024-23204

Acunetix Web Vulnerability Scanner (free version) download for PC

Trust: 3.0

Fetched: Dec. 15, 2024, 10:03 a.m., Published: Nov. 27, 2024, 10:34 a.m.
 Vulnerabilities: cross-site scripting, sql injection
Affected productsExternal IDs

9 essential IoT security trends: safeguarding the future of connected devices - IoT Business News

Trust: 3.25

Fetched: Dec. 15, 2024, 9:59 a.m., Published: Dec. 13, 2024, 10:13 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: home
vendor: sonos model: sonos
vendor: axis model: axis
vendor: axis model: communications
vendor: tesla model: model

Weekly Cybersecurity Bulletin: Data Leaks, Vulnerabilities & Cybersecurity News

Trust: 3.5

Fetched: Dec. 15, 2024, 9:58 a.m., Published: Dec. 8, 2024, 3:46 p.m.
 Vulnerabilities: privilege escalation, cross-site scripting, code execution
Affected productsExternal IDs
vendor: google model: google chrome
vendor: google model: chrome
vendor: google model: home
vendor: google model: android
vendor: apple model: safari
vendor: cisco model: security manager
vendor: cisco model: routers
vendor: essential model: phone
vendor: tp-link model: routers

US Sanctions Chinese Firm at Center of Global Firewall Hack - Infosecurity Magazine

Trust: 3.25

Fetched: Dec. 15, 2024, 9:57 a.m., Published: Dec. 11, 2024, 11:15 a.m.
 Vulnerabilities: privilege escalation, command injection
Affected productsExternal IDs
vendor: trend model: security
vendor: sophos model: firewall

Can a VPN Be Hacked? Yes. Here’s How You Stay Safe in 2025

Trust: 3.5

Fetched: Dec. 15, 2024, 9:50 a.m., Published: Nov. 30, 2024, 4:40 p.m.
 Vulnerabilities: session hijacking
Affected productsExternal IDs
vendor: pulse secure model: pulse connect secure
vendor: pulse secure model: connect secure

Cisco NX-OS Software Image Verification Bypass Vulnerability - Cisco

Trust: 3.0

Fetched: Dec. 15, 2024, 9:49 a.m., Published: Dec. 12, 2024, 7:06 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco model: series
vendor: cisco model: nx-os
vendor: cisco model: series switches
vendor: cisco model: cisco nexus 9000 series
vendor: cisco model: cisco ucs manager
vendor: cisco model: nexus 9000
vendor: cisco model: nexus
vendor: cisco model: cisco nx-os
vendor: cisco model: nx-os software
vendor: cisco model: nexus 9000 series
vendor: cisco model: ucs manager

Discover how the TCC iOS vulnerability exposes iCloud data to hackers. Learn what it means, how to protect yourself, and why updating your device is crucial!

Trust: 3.5

Fetched: Dec. 15, 2024, 9:48 a.m., Published: Dec. 15, 2035, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: macos
vendor: apple model: icloud
db: NVD ids: CVE-2024-44131

A Potential Exploit With The Ext Filesystem | Hackaday

Trust: 3.0

Fetched: Dec. 15, 2024, 9:46 a.m., Published: Dec. 10, 2024, 10:21 p.m.
 Vulnerabilities: kernel panic
Affected productsExternal IDs

Cleo urges customers to patch actively exploited vulnerability. Iran-linked threat actor deploys new ICS malware.

Trust: 4.25

Fetched: Dec. 15, 2024, 9:43 a.m., Published: Dec. 1, 2024, midnight
 Vulnerabilities: information disclosure, sql injection, code execution...
Affected productsExternal IDs
vendor: hikvision model: hikvision
vendor: hikvision model: ip cameras
vendor: sophos model: firewall
vendor: d-link model: router
db: NVD ids: CVE-2024-47133, CVE-2024-45841, CVE-2024-49138, CVE-2024-50623

Android Security Bulletin December 2024 | Android Open Source Project

Trust: 4.25

Fetched: Dec. 15, 2024, 9:37 a.m., Published: Dec. 15, 2024, midnight
 Vulnerabilities: information disclosure, code execution, denial of service
Affected productsExternal IDs
vendor: huawei model: huawei
vendor: google model: android
vendor: google model: pixel
vendor: samsung model: notes
vendor: samsung model: samsung
vendor: samsung model: mobile
vendor: motorola model: motorola
vendor: motorola model: android
db: NVD ids: CVE-2024-43769, CVE-2024-43052, CVE-2024-43764, CVE-2024-33056, CVE-2024-43048, CVE-2024-20125, CVE-2024-43767, CVE-2024-43097, CVE-2024-43768, CVE-2024-43077, CVE-2024-43701, CVE-2024-33063, CVE-2024-33044, CVE-2024-43762

Critical Security Alert: Nearly 1 Million Devices at Risk

Trust: 4.25

Fetched: Dec. 15, 2024, 9:34 a.m., Published: Dec. 1, 2024, midnight
 Vulnerabilities: improper access control, access control vulnerability, code execution...
Affected productsExternal IDs
vendor: sonicwall model: sonicos
vendor: fortigate model: fortios
db: NVD ids: CVE-2024-23113, CVE-2024-40766, CVE-2024-47575

ZeroLogon Vulnerability Identified Quickly by Darktrace | Darktrace Blog

Trust: 5.25

Fetched: Dec. 15, 2024, 9:32 a.m., Published: Dec. 16, 2020, midnight
 Vulnerabilities: privilege escalation, authentication bypass, command execution
Affected productsExternal IDs
vendor: trend model: security
vendor: palo alto networks model: networks
vendor: palo alto networks model: pan-os
vendor: palo alto networks model: firewall
vendor: paloaltonetworks model: networks
vendor: paloaltonetworks model: pan-os
vendor: paloaltonetworks model: firewall
vendor: palo model: networks
vendor: palo model: pan-os
vendor: palo model: firewall
db: NVD ids: CVE-2024-9474, CVE-2024-0012

What Is Hardware Security? Definition, Threats, and Best Practices - Spiceworks

Trust: 4.5

Fetched: Dec. 15, 2024, 9:30 a.m., Published: Jan. 4, 2022, 2:07 p.m.
 Vulnerabilities: default password
Affected productsExternal IDs
vendor: dram model: dram

Protecting SmartPLC Devices from Critical Hardcoded Credential Vulnerability CVE-2024-28747

Trust: 4.75

Fetched: Dec. 15, 2024, 9:28 a.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs
vendor: sonicwall model: remote access
db: NVD ids: CVE-2024-28747

iTWire - The Insecure IoT Cloud Strikes Again RCE on Ruijie Cloud-Connected Devices

Trust: 6.5

Fetched: Dec. 15, 2024, 9:27 a.m., Published: Dec. 13, 2024, 10:03 a.m.
 Vulnerabilities: code execution, denial of service
Affected productsExternal IDs
vendor: wireshark model: wireshark
db: NVD ids: CVE-2024-45722, CVE-2024-47146, CVE-2024-52324