Sign-up

VARIoT news about IoT security

iOS vs Android Security: Which Is More Secure?

Trust: 3.25

Fetched: Dec. 13, 2024, 9:56 a.m., Published: May 28, 2024, 12:36 p.m.
 Vulnerabilities: session fixation, information leakage
Affected productsExternal IDs
vendor: google model: android
vendor: essential model: phone
vendor: apple model: iphone

About the security content of iOS 18.2 and iPadOS 18.2 - Apple Support

Trust: 5.25

Fetched: Dec. 13, 2024, 9:39 a.m., Published: Dec. 18, 2024, midnight
 Vulnerabilities: memory corruption, code execution, process crash...
Affected productsExternal IDs
vendor: apple model: ipad
vendor: apple model: iphone
vendor: apple model: safari
vendor: apple model: ipad air
vendor: trend micro model: security
vendor: trend model: security
db: NVD ids: CVE-2024-44225, CVE-2024-54500, CVE-2024-54527, CVE-2024-54485, CVE-2024-44246, CVE-2024-54510, CVE-2024-54492, CVE-2024-54526, CVE-2024-54494, CVE-2024-54514, CVE-2024-54508, CVE-2024-54505, CVE-2024-54513, CVE-2024-54501, CVE-2024-44245, CVE-2024-54479, CVE-2024-54534, CVE-2024-54486, CVE-2024-54503, CVE-2024-45490, CVE-2024-54502

How Hackers Could Exploit Stored XSS Vulnerability | CVE-2024-53999 [Hindi] - YouTube

Trust: 3.25

Fetched: Dec. 13, 2024, 9:39 a.m., Published: Dec. 12, 2024, 1:30 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2024-53999

Critical Ivanti CSA Auth Bypass (CVE-2024-11639) Patched Alongside Other High-Impact Flaws - SOCRadar® Cyber Intelligence Inc.

Trust: 4.75

Fetched: Dec. 13, 2024, 9:38 a.m., Published: Dec. 11, 2024, 1:48 p.m.
 Vulnerabilities: code execution, command injection, authentication bypass...
Affected productsExternal IDs
db: NVD ids: CVE-2024-11633, CVE-2024-11634, CVE-2024-11772, CVE-2024-8963, CVE-2024-11639, CVE-2024-11773, CVE-2024-8190

December 2024 Patch Tuesday: Updates and Analysis | CrowdStrike

Trust: 3.75

Fetched: Dec. 13, 2024, 9:36 a.m., Published: Dec. 11, 2024, 1:12 a.m.
 Vulnerabilities: code execution, privilege escalation
Affected productsExternal IDs
db: NVD ids: CVE-2024-49138, CVE-2024-49127, CVE-2024-49112, CVE-2024-49124, CVE-2024-49122, CVE-2024-49117, CVE-2024-49118, CVE-2024-49126

The evolution and abuse of proxy networks

Trust: 3.5

Fetched: Dec. 13, 2024, 9:36 a.m., Published: Dec. 12, 2024, 11 a.m.
 Vulnerabilities: default credentials
Affected productsExternal IDs
vendor: cisco model: soho
vendor: cisco model: router
vendor: cisco model: routers

Are Smart Home Devices Safe? A 2025 Guide to Security Risks

Trust: 3.25

Fetched: Dec. 13, 2024, 9:34 a.m., Published: Dec. 12, 2024, 4:29 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: apple tv
vendor: apple model: watch
vendor: apple model: ipad
vendor: home assistant model: home assistant
vendor: trend model: security
vendor: google model: home
vendor: google model: wi-fi router
vendor: samsung model: samsung

Everything you need to know about the Cleo file transfer vulnerability, including affected products, patches, and temporary mitigations | ITPro

Trust: 5.0

Fetched: Dec. 13, 2024, 9:34 a.m., Published: Dec. 12, 2024, 11:11 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: zoom model: client
db: NVD ids: CVE-2024-50623

Apple Just Patched These 20 Security Vulnerabilities With iOS 18.2 | Lifehacker

Trust: 5.5

Fetched: Dec. 13, 2024, 9:32 a.m., Published: Dec. 12, 2024, 1 p.m.
 Vulnerabilities: memory corruption, code execution, process crash...
Affected productsExternal IDs
vendor: apple model: macos
vendor: apple model: watchos
vendor: apple model: iphone
vendor: apple model: tvos
vendor: apple model: safari
vendor: apple model: webkit
db: NVD ids: CVE-2024-44225, CVE-2024-54500, CVE-2024-54527, CVE-2024-54485, CVE-2024-44246, CVE-2024-54510, CVE-2024-54492, CVE-2024-54526, CVE-2024-54494, CVE-2024-54514, CVE-2024-54508, CVE-2024-54505, CVE-2024-54513, CVE-2024-54501, CVE-2024-44245, CVE-2024-54479, CVE-2024-54534, CVE-2024-54486, CVE-2024-54503, CVE-2024-45490, CVE-2024-54502

China-based hacker accused of deploying malware to exploit global firewall devices - Times of Oman

Trust: 3.75

Fetched: Dec. 13, 2024, 9:32 a.m., Published: Dec. 13, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: sophos model: firewall
db: NVD ids: CVE-2020-12271

China-Based Hacker Charged for Conspiring to Develop and Deploy Malware That Exploited Tens of Thousands of Firewalls Worldwide | Flashpoint

Trust: 3.75

Fetched: Dec. 13, 2024, 9:31 a.m., Published: Dec. 11, 2024, 2:32 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: sophos model: firewall
db: NVD ids: CVE-2020-12271

China-based hacker accused of deploying malware to exploit global firewall devices, ET CISO

Trust: 3.75

Fetched: Dec. 13, 2024, 9:30 a.m., Published: Dec. 12, 2024, 6:07 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: sophos model: firewall
db: NVD ids: CVE-2020-12271

U.S. Indicts Chinese Hacker for Exploit Targeting 81,000 Devices

Trust: 3.75

Fetched: Dec. 13, 2024, 9:29 a.m., Published: Dec. 11, 2024, 12:56 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: sophos model: firewall
db: NVD ids: CVE-2020-12271

Siemens SENTRON Powercenter 1000 | CISA

Trust: 4.75

Fetched: Dec. 13, 2024, 9:28 a.m., Published: -
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: siemens model: modbus tcp
db: NVD ids: CVE-2024-6657

Ivanti patches high-severity vulnerabilities in CSA after exposure of critical flaws

Trust: 4.0

Fetched: Dec. 13, 2024, 9:27 a.m., Published: Dec. 11, 2024, 10:16 a.m.
 Vulnerabilities: authentication bypass, code execution, command injection...
Affected productsExternal IDs
db: NVD ids: CVE-2024-39710, CVE-2024-11772, CVE-2024-11005, CVE-2024-38655, CVE-2024-39712, CVE-2024-11007, CVE-2024-11639, CVE-2024-11773, CVE-2024-38656

Access Denied

Trust: 3.25

Fetched: Dec. 13, 2024, 9:26 a.m., Published: May 19, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: samsung model: samsung

Access Denied

Trust: 3.25

Fetched: Dec. 13, 2024, 9:26 a.m., Published: May 19, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: samsung model: samsung

Access Denied

Trust: 3.25

Fetched: Dec. 13, 2024, 9:25 a.m., Published: May 19, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: samsung model: samsung

Access Denied

Trust: 3.25

Fetched: Dec. 13, 2024, 9:24 a.m., Published: May 19, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: samsung model: samsung

The Insecure IoT Cloud Strikes Again: RCE on Ruijie Cloud-Connected Devices | Claroty

Trust: 5.5

Fetched: Dec. 13, 2024, 9:22 a.m., Published: Dec. 12, 2024, midnight
 Vulnerabilities: code execution, denial of service
Affected productsExternal IDs
vendor: wireshark model: wireshark
db: NVD ids: CVE-2024-52324, CVE-2024-45722