Sign-up

VARIoT news about IoT security

Using Wazuh for Windows vulnerability detection | Wazuh

Trust: 3.75

Fetched: April 23, 2024, 9:07 a.m., Published: May 7, 2020, 3:07 p.m.
 Vulnerabilities: configuration vulnerability
Affected productsExternal IDs
db: NVD ids: CVE-2016-7182

How to Fix the Top 10 Windows 10 Vulnerabilities [Infographic] | UpGuard

Trust: 4.0

Fetched: April 21, 2024, 9:33 a.m., Published: April 10, 2024, midnight
 Vulnerabilities: privilege escalation, code execution, feature bypass...
Affected productsExternal IDs
db: NVD ids: CVE-2015-0057, CVE-2015-1769, CVE-2015-5143

ESP32 IoT Devices Vulnerable to Forever-Hack - InfoQ

Trust: 3.75

Fetched: April 21, 2024, 9:31 a.m., Published: April 2, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco model: routers
vendor: cisco model: cisco routers
db: NVD ids: CVE-2019-17391

Pixel Update Bulletin-April 2024 | Android Open Source Project

Related entries in the VARIoT vulnerabilities database: VAR-202404-3101, VAR-202404-2956

Trust: 4.25

Fetched: April 21, 2024, 9:30 a.m., Published: April 21, 2024, midnight
 Vulnerabilities: information disclosure, code execution, denial of service
Affected productsExternal IDs
vendor: google model: pixel
vendor: google model: android
db: NVD ids: CVE-2024-29749, CVE-2024-29755, CVE-2024-29743, CVE-2024-29752, CVE-2024-29750, CVE-2024-29753, CVE-2024-29757, CVE-2023-43515, CVE-2024-29782, CVE-2024-29756, CVE-2024-29738, CVE-2024-29747, CVE-2024-29754, CVE-2024-27232, CVE-2024-29745, CVE-2024-29739, CVE-2024-29740, CVE-2024-29742, CVE-2024-27231, CVE-2024-29741, CVE-2024-29783, CVE-2024-29751, CVE-2024-29746, CVE-2024-29744, CVE-2024-29748

Low-Privileged User Can Execute Arbitrary Code Remotely on Device with High Privileges (CVE-2024-2162) | SecurityVulnerability.io - SecuirtyVulnerability.io

Trust: 3.0

Fetched: April 21, 2024, 9:30 a.m., Published: April 21, 2024, midnight
 Vulnerabilities: command injection, os command injection
Affected productsExternal IDs
db: NVD ids: CVE-2024-2162

CVE-2024-0027: Permanent device denial of service due to bypassing snoozed notifications limit number

Trust: 4.0

Fetched: April 21, 2024, 9:27 a.m., Published: Feb. 4, 2024, midnight
 Vulnerabilities: resource exhaustion, denial of service
Affected productsExternal IDs
db: NVD ids: CVE-2024-0027

Ransomware leak site reports rose by 49% in 2023, but there is good news | ZDNET

Trust: 5.5

Fetched: April 21, 2024, 9:26 a.m., Published: April 21, 2023, midnight
 Vulnerabilities: sql injection
Affected productsExternal IDs
vendor: palo alto networks model: networks
vendor: palo model: networks
db: NVD ids: CVE-2021-21974, CVE-2023-34362, CVE-2023-0669, CVE-2023-35708, CVE-2023-35036

Z-Wave End Devices Vulnerable to Stack Buffer Overflow (CVE-2023-51395) | SecurityVulnerability.io - SecuirtyVulnerability.io

Trust: 3.25

Fetched: April 21, 2024, 9:25 a.m., Published: April 21, 2024, midnight
 Vulnerabilities: buffer overflow
Affected productsExternal IDs
db: NVD ids: CVE-2023-51395

Robust IoT Security Service Scanning Features

Trust: 3.0

Fetched: April 21, 2024, 9:23 a.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs
vendor: check point model: check point

Apple Patches Critical Zero-Day - Spiceworks

Trust: 4.75

Fetched: April 21, 2024, 9:22 a.m., Published: -
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: trend model: security
vendor: apple model: webkit
vendor: apple model: tvos
vendor: apple model: macos
db: NVD ids: CVE-2024-23222

Apple Patches WebKit Zero Day, Adds Stolen Device Protection in iOS | Decipher

Trust: 4.75

Fetched: April 21, 2024, 9:22 a.m., Published: Jan. 23, 2024, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: apple model: webkit
vendor: apple model: safari
vendor: apple model: macos
vendor: apple model: iphone
db: NVD ids: CVE-2024-23222

5G Security Threat Landscape, AI and Blockchain | Wireless Personal Communications

Trust: 4.75

Fetched: April 21, 2024, 9:21 a.m., Published: Dec. 1, 2023, midnight
 Vulnerabilities: denial of service

OT and IoT Network Anomalies Raise Red Flags as Threats to Critical Infrastructure Becomes More Sophisticated

Trust: 4.5

Fetched: April 21, 2024, 9:20 a.m., Published: April 4, 2024, midnight
 Vulnerabilities: brute force attack, buffer overflow, code execution...
Affected productsExternal IDs
vendor: trend model: security

Zero-Day Exploitation of Unauthenticated Remote Code Execution Vulnerability in GlobalProtect (CVE-2024-3400) | Volexity

Trust: 4.25

Fetched: April 21, 2024, 9:17 a.m., Published: April 12, 2024, 5:02 p.m.
 Vulnerabilities: command injection, code execution, os command injection
Affected productsExternal IDs
vendor: palo model: palo alto networks globalprotect
vendor: palo model: pan-os
vendor: palo model: firewall
vendor: palo model: networks globalprotect
vendor: palo model: networks
vendor: palo alto networks model: palo alto networks globalprotect
vendor: palo alto networks model: pan-os
vendor: palo alto networks model: firewall
vendor: palo alto networks model: networks globalprotect
vendor: palo alto networks model: networks
vendor: google model: chrome
vendor: google model: google chrome
vendor: asus model: routers
vendor: asus model: asus
db: NVD ids: CVE-2024-3400

Exploring vulnerabilities and potential risk factors of the Trezor hardware wallet. - Trezor Hardware Wallet (Official)

Trust: 3.5

Fetched: April 21, 2024, 9:16 a.m., Published: Feb. 18, 2024, 12:43 a.m.
 Vulnerabilities: code execution, information leakage, buffer overflow...
Affected productsExternal IDs
vendor: essential model: phone

Cisco Integrated Management Controller CLI Command Injection Vulnerability

Trust: 4.0

Fetched: April 21, 2024, 9:15 a.m., Published: April 19, 2024, 4:06 p.m.
 Vulnerabilities: command injection
Affected productsExternal IDs
vendor: cisco model: integrated management controller
vendor: cisco model: series
vendor: cisco model: catalyst
vendor: cisco model: cisco integrated management controller

Guarding Against IoT Attacks: Strategies and Best Practices | Coursera

Trust: 4.5

Fetched: April 21, 2024, 9:07 a.m., Published: April 2, 2024, midnight
 Vulnerabilities: weak password
Affected productsExternal IDs
vendor: samsung model: mobile
vendor: lg electronics model: mobile
vendor: google model: google home
vendor: google model: home
vendor: google model: android

Top 6 Cloud Vulnerabilities - CrowdStrike

Trust: 3.5

Fetched: April 19, 2024, 9:09 a.m., Published: Feb. 2, 2024, 6:40 p.m.
 Vulnerabilities: sql injection, code injection, command injection
Affected productsExternal IDs

Cybersecurity: The need for data and patient safety with cardiac implantable electronic devices - PMC

Trust: 3.5

Fetched: April 19, 2024, 9:06 a.m., Published: March 19, 2021, midnight
 Vulnerabilities: resource depletion
Affected productsExternal IDs
vendor: google model: home
vendor: apple model: iphone
vendor: medtronic model: carelink programmer
vendor: medtronic model: carelink 2090

“Highly capable” hackers root corporate networks by exploiting firewall 0-day | Ars Technica

Trust: 3.5

Fetched: April 19, 2024, 9:05 a.m., Published: April 12, 2024, 8:48 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: citrix model: gateway
vendor: palo alto networks model: firewall
vendor: palo alto networks model: pan-os
vendor: palo alto networks model: networks
vendor: palo model: firewall
vendor: palo model: pan-os
vendor: palo model: networks
db: NVD ids: CVE-2024-3400