All CosmicBytez Labs articles tagged #IoT Security, across news, security advisories, how-to guides, and projects.
A critical authentication bypass in Apache IoTDB allows unauthenticated attackers to forge Thrift RPC session IDs and receive valid time-series query...
A critical path traversal vulnerability in Apache IoTDB's DataNode RPC interface allows unauthenticated attackers to write arbitrary files outside the...
A critical unauthenticated stack-based buffer overflow in thttpd on GeoVision GV-LPC2011 and GV-LPC2211 cameras allows remote attackers to execute...
A critical unauthenticated stack-based buffer overflow in the ssvr RTSP service of GeoVision GV-LPC2011 and GV-LPC2211 cameras allows remote attackers to...
A critical unauthenticated stack-based buffer overflow in GeoVision GV-LPC2011 and GV-LPC2211 cameras allows remote code execution by exploiting...
A critical unauthenticated stack-based buffer overflow in the vlsvr daemon of GeoVision GV-LPC2011 and GV-LPC2211 cameras allows remote code execution...
Canadian authorities arrested a 23-year-old Ottawa man suspected of building and operating Kimwolf, an IoT botnet that enslaved millions of devices for...
U.S. and Canadian authorities arrested and charged a Canadian man with operating the Kimwolf DDoS botnet, which infected nearly two million devices...
Claroty researchers have disclosed two vulnerabilities in the EnOcean SmartServer IQ building management controller that can be chained for security...
A critical OS command injection vulnerability in the Totolink A8000RU router allows remote attackers to execute arbitrary commands by manipulating the...
Threat actors are deploying the Nexcorium Mirai botnet variant by exploiting CVE-2024-3721 in TBK DVR devices and targeting end-of-life TP-Link Wi-Fi...
This week's ThreatsDay Bulletin from The Hacker News covers 20 active threats including a hybrid P2P DDoS botnet, a 13-year-old Apache ActiveMQ RCE flaw...
A critical unauthenticated information disclosure vulnerability in the Gardyn smart garden platform exposes all registered user account information via a...
A critical CVSS 9.3 stack-based buffer overflow in Grandstream GXP1600 series VoIP phones allows unauthenticated remote code execution, enabling attackers...