Sign-up

VARIoT news about IoT security

DDoS Unveiled: The Silent Menace in Cyber Warfare | Science Times

Trust: 4.75

Fetched: Dec. 31, 2023, 9:42 a.m., Published: Dec. 18, 2023, 1:24 a.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: trend model: security

This Month in Cybersecurity - December 2023 - In the news - Passbolt community forum

Trust: 3.75

Fetched: Dec. 31, 2023, 9:40 a.m., Published: Dec. 29, 2023, 3:30 p.m.
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
vendor: mesh model: mesh
vendor: google model: android
vendor: palo alto networks model: networks
vendor: palo model: networks

Apple iOS Vulnerability Exposed by Kaspersky Points to iPhone Weakness - WinBuzzer

Trust: 4.0

Fetched: Dec. 31, 2023, 9:39 a.m., Published: Dec. 29, 2023, 10:59 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: iphone
db: NVD ids: CVE-2023-38606

About the security content of iOS 15.7.8 and iPadOS 15.7.8 - Apple Support

Trust: 4.25

Fetched: Dec. 31, 2023, 9:38 a.m., Published: July 15, 2008, midnight
 Vulnerabilities: buffer overflow, code execution, integer overflow
Affected productsExternal IDs
vendor: apple model: ipad
vendor: apple model: webkit
vendor: apple model: ipod touch
vendor: apple model: ipad air
vendor: apple model: iphone
db: NVD ids: CVE-2023-34425, CVE-2023-38598, CVE-2023-38599, CVE-2023-35993, CVE-2023-37450, CVE-2023-41990, CVE-2023-38603, CVE-2023-40442, CVE-2023-32416, CVE-2023-23540, CVE-2023-38593, CVE-2023-38604, CVE-2023-38565, CVE-2023-32441, CVE-2023-38590, CVE-2023-37285, CVE-2023-40392, CVE-2023-32409, CVE-2023-38133, CVE-2023-36495, CVE-2023-38606, CVE-2023-38594, CVE-2023-38597, CVE-2023-42831, CVE-2023-38605, CVE-2023-38572, CVE-2023-32445, CVE-2023-32433

Kyocera Issues Vulnerability Solution Update - Industry Analysts, Inc.

Trust: 4.75

Fetched: Dec. 31, 2023, 9:36 a.m., Published: Dec. 29, 2023, 3:29 p.m.
 Vulnerabilities: information leakage, path traversal, traversal attack
Affected productsExternal IDs
db: NVD ids: CVE-2023-50196, CVE-2023-50916

About the security content of iOS 16.7 and iPadOS 16.7 - Apple Support

Trust: 5.25

Fetched: Dec. 31, 2023, 9:35 a.m., Published: Dec. 16, 2023, midnight
 Vulnerabilities: authorization issue, certificate validation issue, code execution
Affected productsExternal IDs
vendor: apple model: webkit
vendor: apple model: ipad
vendor: apple model: safari
vendor: apple model: ipad air
vendor: apple model: iphone
db: NVD ids: CVE-2023-41991, CVE-2023-41984, CVE-2023-40420, CVE-2023-41063, CVE-2023-35990, CVE-2023-41981, CVE-2023-40401, CVE-2023-40403, CVE-2023-41993, CVE-2023-41992, CVE-2023-40454, CVE-2023-41232, CVE-2023-41070, CVE-2023-40395, CVE-2023-40438, CVE-2023-40448, CVE-2023-41073, CVE-2023-38612, CVE-2023-41068

Update: Barracuda Gateways hit by another vulnerability - Techzine Europe

Trust: 3.5

Fetched: Dec. 31, 2023, 9:34 a.m., Published: Dec. 28, 2023, 4:25 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: barracuda networks model: barracuda
vendor: barracuda model: barracuda
db: NVD ids: CVE-2023-7102, CVE-2023-7101

CVE-2023-35629 - Security Update Guide - Microsoft - Microsoft USBHUB 3.0 Device Driver Remote Code Execution Vulnerability

Trust: 3.25

Fetched: Dec. 31, 2023, 9:34 a.m., Published: -
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2023-35629

2023 Threat Landscape Year in Review: If Everything Is Critical, Nothing Is | Qualys Security Blog

Related entries in the VARIoT vulnerabilities database: VAR-202303-2580

Trust: 5.25

Fetched: Dec. 31, 2023, 9:32 a.m., Published: Dec. 19, 2023, 3 p.m.
 Vulnerabilities: code execution, security feature bypass, command injection...
Affected productsExternal IDs
vendor: google model: google chrome
vendor: google model: chrome
vendor: trend model: security
db: NVD ids: CVE-2023-27350, CVE-2023-22952, CVE-2023-24880, CVE-2023-20887, CVE-2023-23397, CVE-2023-29059, CVE-2023-0699, CVE-2023-2868, CVE-2023-34362, CVE-2023-28252, CVE-2023-0669, CVE-2023-290593, CVE-2023-35036

Cisco Adaptive Security Appliance and Firepower Threat Defense Software VPN Packet Validation Vulnerability

Trust: 3.0

Fetched: Dec. 31, 2023, 9:23 a.m., Published: Dec. 5, 2023, 3:50 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco model: adaptive security appliance
vendor: cisco model: firepower threat defense
vendor: cisco model: firepower threat defense software
vendor: cisco model: asa software
vendor: cisco model: cisco firepower management center
vendor: cisco model: firepower
vendor: cisco model: cisco adaptive security appliance
vendor: cisco model: firepower management center

New JavaScript malware targets 50K bank users worldwide

Trust: 5.5

Fetched: Dec. 31, 2023, 9:22 a.m., Published: Dec. 3, 2023, midnight
 Vulnerabilities: buffer overflow, code execution
Affected productsExternal IDs
vendor: google model: chrome
vendor: apple model: watch
vendor: apple model: safari
vendor: apple model: macos
db: NVD ids: CVE-2023-35384, CVE-2023-23397, CVE-2023-36710, CVE-2023-7024

BLEEDINGBIT | Armis

Related entries in the VARIoT vulnerabilities database: VAR-201811-0299, VAR-201812-0630

Trust: 4.5

Fetched: Dec. 31, 2023, 9:22 a.m., Published: Aug. 22, 2023, 1:46 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: aruba model: ap-3xx
vendor: aruba model: iap-3xx
vendor: aruba model: ap-203r
vendor: aruba model: arubaos
vendor: aruba model: 203rp
vendor: aruba model: 203r
vendor: aruba model: ap-203rp
vendor: cisco model: access points
vendor: cisco model: aironet series
vendor: cisco model: meraki mr30h
vendor: cisco model: series
vendor: cisco model: technical support
vendor: cisco model: meraki mr33
vendor: cisco model: meraki mr74
vendor: cisco model: aironet
vendor: cisco model: aironet access points
db: NVD ids: CVE-2018-16986, CVE-2018-7080

UPnP-enabled Home Devices and Vulnerabilities

Related entries in the VARIoT vulnerabilities database: VAR-201301-0243, VAR-201505-0274, VAR-201803-1048

Trust: 5.5

Fetched: Dec. 31, 2023, 9:11 a.m., Published: March 6, 2019, midnight
 Vulnerabilities: denial of service, command execution, memory corruption...
Affected productsExternal IDs
vendor: realtek model: realtek sdk
vendor: trend micro model: home network security
vendor: trend micro model: housecall
vendor: trend micro model: micro home network security
vendor: trend micro model: trend micro housecall
vendor: trend micro model: micro housecall
vendor: trend micro model: security
vendor: google model: google home
vendor: google model: chromecast
vendor: google model: home
vendor: google model: android
vendor: huawei model: huawei
vendor: huawei model: huawei home gateway
vendor: trend model: home network security
vendor: trend model: housecall
vendor: trend model: micro home network security
vendor: trend model: trend micro housecall
vendor: trend model: micro housecall
vendor: trend model: security
db: NVD ids: CVE-2017-1000494, CVE-2013-0230, CVE-2007-1204, CVE-2014-8361, CVE-2012-5958, CVE-2013-0229, CVE-2017-17215

'Devil's Ivy' Vulnerability Could Afflict Millions of Internet-Connected Cameras and Card Readers | WIRED

Trust: 3.75

Fetched: Dec. 31, 2023, 9:11 a.m., Published: July 18, 2017, 2 p.m.
 Vulnerabilities: buffer overflow
Affected productsExternal IDs
vendor: huawei model: huawei
vendor: huawei model: honor
vendor: sony model: camera
vendor: axis communications model: communications
vendor: axis model: communications

When it Comes to OT, if You’re Standing Still, You’re Falling Behind | Fortinet Blog

Trust: 3.5

Fetched: Dec. 31, 2023, 9:07 a.m., Published: Dec. 18, 2023, 2 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: fortiguard model: fortiextender
vendor: fortigate model: fortios

Open Source Vulnerability Assessment Tools & Scanners | LinuxSecuri...

Trust: 3.5

Fetched: Dec. 31, 2023, 9:06 a.m., Published: Sept. 18, 2023, midnight
 Vulnerabilities: file inclusion, code execution, injection attack...
Affected productsExternal IDs
vendor: wireshark model: wireshark

Samsung devices get seven critical fixes with December 2023 security update - SamMobile

Trust: 3.75

Fetched: Dec. 29, 2023, 9:27 a.m., Published: Dec. 5, 2023, 7:34 a.m.
 Vulnerabilities: integer overflow
Affected productsExternal IDs
vendor: samsung model: knox
vendor: samsung model: exynos

iOS 17.1.2 and macOS Sonoma 14.1.2 patch 2 actively exploited vulnerabilities - 9to5Mac

Trust: 5.5

Fetched: Dec. 29, 2023, 9:27 a.m., Published: Nov. 30, 2023, 6:58 p.m.
 Vulnerabilities: code execution, memory corruption
Affected productsExternal IDs
vendor: apple model: webkit
vendor: apple model: ipad
vendor: apple model: ipad air
vendor: apple model: iphone
vendor: apple model: macos
db: NVD ids: CVE-2023-42917, CVE-2023-42916

Most Sophisticated iPhone Hack Ever Exploited Apple's Hidden Hardware Feature

Trust: 5.25

Fetched: Dec. 29, 2023, 9:26 a.m., Published: Dec. 28, 2023, 11:19 a.m.
 Vulnerabilities: integer overflow, code execution, memory corruption
Affected productsExternal IDs
vendor: apple model: webkit
vendor: apple model: iphone
db: NVD ids: CVE-2023-41064, CVE-2023-32434, CVE-2023-41990, CVE-2023-32435, CVE-2023-41061, CVE-2023-38606

Urgent: New Chrome Zero-Day Vulnerability Exploited in the Wild - Update ASAP

Trust: 5.5

Fetched: Dec. 29, 2023, 9:19 a.m., Published: Dec. 21, 2023, 3:41 a.m.
 Vulnerabilities: code execution, privilege escalation, feature bypass...
Affected productsExternal IDs
vendor: apple model: safari
vendor: apple model: macos
vendor: google model: chrome
db: NVD ids: CVE-2023-7024