Sources

ECHO Network

• Slackware: 2022-141-01: mariadb Security Update> 46 perc 2 másodperc
• SUSE: 2022:1783-1 important: the Linux Kernel (Live Patch 27 for SLE 12 SP5)> 46 perc 2 másodperc
• openSUSE: 2022:0142-1 moderate: libxls> 46 perc 2 másodperc
• Still crying? WannaCry five years on | #malware | #ransomware | #cybersecurity | #infosecurity | #hacker 1 óra 6 perc
• Windows 11 hacked three more times on last day of Pwn2Own contest 6 óra 29 perc
• North Korean IT Workers Are Infiltrating Tech Companies 8 óra 33 perc
• Unpatched Bug in RainLoop Webmail Could Give Hackers Access to all Emails 9 óra 25 perc
• Cisco fixes an IOS XR flaw actively exploited in the wild 9 óra 26 perc
• Conti: Russian-backed rulers of Costa Rican hacktocracy? 10 óra 20 perc
• Mageia 2022-0192: opencontainers-runc security update> 11 óra 24 perc

NVD: all CVE

• CVE-2022-31267 1 óra 14 perc
• CVE-2022-31268 1 óra 14 perc
• CVE-2022-31264 1 óra 14 perc
• CVE-2022-31259 3 óra 14 perc
• CVE-2022-1752 19 óra 14 perc
• CVE-2022-29222 22 óra 14 perc
• CVE-2022-29188 22 óra 14 perc
• CVE-2022-29189 22 óra 14 perc
• CVE-2022-29190 22 óra 14 perc
• CVE-2022-29209 22 óra 14 perc

Linux security Advisories

• openSUSE: 2022:0142-1 moderate: libxls> 5 óra 13 perc
• SUSE: 2022:1783-1 important: the Linux Kernel (Live Patch 27 for SLE 12 SP5)> 5 óra 14 perc
• Slackware: 2022-141-01: mariadb Security Update> 6 óra 54 perc
• Mageia 2022-0195: kernel-linus security update> 15 óra 38 perc
• Mageia 2022-0194: kernel security update> 15 óra 38 perc
• Mageia 2022-0193: microcode security update> 15 óra 38 perc
• Mageia 2022-0192: opencontainers-runc security update> 15 óra 38 perc
• SUSE: 2022:1119-1 bci/dotnet-aspnet Security Update> 17 óra 14 perc
• Slackware: 2022-140-02: mozilla-thunderbird Security Update> 1 nap 47 perc
• Slackware: 2022-140-01: mozilla-firefox Security Update> 1 nap 47 perc

Cisco Security Advisories

• Cisco IOS XR Software Health Check Open Port Vulnerability 1 nap 6 óra
• Cisco Common Services Platform Collector Cross-Site Scripting Vulnerabilities 3 nap 6 óra
• Cisco Enterprise Chat and Email Stored Cross-Site Scripting Vulnerability 3 nap 6 óra
• Cisco Expressway Series and Cisco TelePresence Video Communication Server Vulnerabilities 3 nap 6 óra
• Cisco Secure Network Analytics Remote Code Execution Vulnerability 3 nap 6 óra
• Cisco UCS Director JavaScript Cross-Site Scripting Vulnerability 3 nap 6 óra
• Multiple Cisco Products Snort Application Detection Engine Policy Bypass Vulnerability 5 nap 3 óra
• Cisco TelePresence Collaboration Endpoint and RoomOS Software Vulnerabilities 2 hét 3 nap
• ClamAV TIFF File Parsing Denial of Service Vulnerability Affecting Cisco Products: April 2022 2 hét 3 nap
• ClamAV CHM File Parsing Denial of Service Vulnerability Affecting Cisco Products: April 2022 2 hét 3 nap

HUP - titkosítás, biztonság

• Pwn2Own 2022 második nap, elesett: Tesla 3, Ubuntu desktop, Windows 11 1 nap 16 óra
• Zajlik a Pwn2Own 2022, eddig elesett: Ubuntu desktop, Microsoft Teams, VirtualBox, Firefox, Windows 11, Safari 2 nap 16 óra
• Evil never sleeps - Amikor a wireless malware azután is működik, miután az iPhone-t kikapcsolták 4 nap 12 óra
• "Egy uniós biztos szerint a Pegasus-ügy kivizsgálása nem az Európai Bizottság hatásköre" 2 hét 2 nap
• BSidesBUD 2022 – nemzetközi kiberbiztonsági konferencia hatodszor Budapesten! 2 hét 2 nap
• Tails 5.0 2 hét 3 nap
• EU-tisztségviselők iPhone-jai is célpontjai voltak a Pegasus kémszoftvernek 1 hónap 1 hét
• Tesla töltőport nyitó 1 hónap 1 hét
• Soron kívül frissítette a Google a Chrome böngészőt, 0day biztonsági hibát javított 1 hónap 3 hét
• Állást foglalt a Mikrotik az örök flame-ben: engedjünk-e mindenhonnan kapcsolódást SSH portra 2 hónap 1 nap

SANS

• A 'Zip Bomb' to Bypass Security Controls & Sandboxes, (Fri, May 20th) 1 nap 17 óra
• Bumblebee Malware from TransferXL URLs, (Thu, May 19th) 1 nap 17 óra
• ISC Stormcast For Friday, May 20th, 2022 https://isc.sans.edu/podcastdetail.html?id=8016, (Fri, May 20th) 1 nap 20 óra
• ISC Stormcast For Thursday, May 19th, 2022 https://isc.sans.edu/podcastdetail.html?id=8014, (Thu, May 19th) 2 nap 20 óra
• Do you want 30 BTC? Nothing is easier (or cheaper) in this phishing campaign..., (Wed, May 18th) 3 nap 16 óra
• ISC Stormcast For Wednesday, May 18th, 2022 https://isc.sans.edu/podcastdetail.html?id=8012, (Wed, May 18th) 3 nap 20 óra
• Use Your Browser Internal Password Vault... or Not?, (Tue, May 17th) 4 nap 13 óra
• ISC Stormcast For Tuesday, May 17th, 2022 https://isc.sans.edu/podcastdetail.html?id=8010, (Tue, May 17th) 4 nap 20 óra
• Apple Patches Everything, (Mon, May 16th) 5 nap 2 óra
• Why is my Honeypot a Russian Certificate Authority?, (Mon, May 16th) 5 nap 8 óra

AusCERT - Security Bulletins

• ESB-2022.2495 - [Appliance] Mitsubishi Electric MELSEC iQ-F Series: CVSS (Max): 8.6 1 nap 20 óra
• ESB-2022.2494 - [Win][Linux][IBM i][HP-UX][Solaris][AIX] IBM WebSphere Application Server: CVSS (Max): 5.6 1 nap 20 óra
• ESB-2022.2493 - [Debian] thunderbird: CVSS (Max): 7.5 1 nap 20 óra
• ESB-2022.2492 - [Debian] openldap: CVSS (Max): 9.8 1 nap 20 óra
• ESB-2022.2491 - [Debian] elog: CVSS (Max): 7.5 1 nap 20 óra
• ESB-2022.2490 - [Appliance] F5 Products: CVSS (Max): 7.5 1 nap 20 óra
• ESB-2022.2489 - [Appliance] F5 Products: CVSS (Max): 8.2 1 nap 20 óra
• ESB-2022.2488 - [SUSE] ucode-intel: CVSS (Max): 5.3 1 nap 20 óra
• ESB-2022.2487 - [SUSE] libyajl: CVSS (Max): 5.9 1 nap 20 óra
• ESB-2022.2486 - [SUSE] ucode-intel: CVSS (Max): 5.3 1 nap 20 óra

US CERT: Current Activity

• ISC Releases Security Advisory for BIND 2 nap 7 óra
• CISA Releases Analysis of FY21 Risk and Vulnerability Assessments 2 nap 8 óra
• CISA Issues Emergency Directive and Releases Advisory Related to VMware Vulnerabilities 3 nap 5 óra
• Threat Actors Exploiting F5 BIG IP CVE-2022-1388 3 nap 9 óra
• Apple Releases Security Updates for Multiple Products 4 nap 6 óra
• Weak Security Controls and Practices Routinely Exploited for Initial Access 4 nap 9 óra
• CISA Adds Two Known Exploited Vulnerabilities to Catalog 5 nap 1 óra
• Apache Releases Security Advisory for Tomcat 5 nap 7 óra
• CISA Temporarily Removes CVE-2022-26925 from Known Exploited Vulnerability Catalog 1 hét 22 óra
• Adobe Releases Security Updates for Multiple Products 1 hét 2 nap

Ubuntu Secutity Notices

• USN-5424-2: OpenLDAP vulnerability 2 nap 7 óra
• USN-5430-1: GNOME Settings vulnerability 3 nap 7 óra
• USN-5429-1: Bind vulnerability 3 nap 7 óra
• USN-5428-1: libXrandr vulnerabilities 3 nap 9 óra
• USN-5427-1: Apport vulnerabilities 4 nap 5 óra
• USN-5426-1: needrestart vulnerability 4 nap 6 óra
• USN-5423-2: ClamAV vulnerabilities 4 nap 6 óra
• USN-5425-1: PCRE vulnerabilities 4 nap 6 óra
• USN-5424-1: OpenLDAP vulnerability 4 nap 10 óra
• USN-5423-1: ClamAV vulnerabilities 4 nap 10 óra

Microsoft Sercurity Response Center

• Researcher Spotlight: Hector Peralta’s Evolution from Popcorn Server to the MSRC Leaderboards 2 nap 7 óra
• Anatomy of a Security Update 1 hét 1 nap
• Vulnerability mitigated in the third-party Data Connector used in Azure Synapse pipelines and Azure Data Factory (CVE-2022-29972) 1 hét 5 nap
• Azure Database for PostgreSQL Flexible Server Privilege Escalation and Remote Code Execution 3 hét 2 nap
• Congratulations and New Swag Awards for the Top MSRC 2022 Q1 Security Researchers! 1 hónap 6 óra
• Expanding High Impact Scenario Awards for Microsoft Bug Bounty Programs 1 hónap 1 hét
• Microsoft’s Response to CVE-2022-22965 Spring Framework 1 hónap 2 hét
• Randomizing the KUSER_SHARED_DATA Structure on Windows 1 hónap 2 hét
• On-Premises Servers Products are Here! Introducing the Applications and On-Premises Servers Bug Bounty Program 1 hónap 2 hét
• Increasing Representation of Women in Security Research 1 hónap 2 hét

seclist.org

• SEC Consult SA-20220518-0 :: Multiple Critical Vulnerabilities in SAP® Application Server, ABAP and ABAP® Platform (Different Software Components) 3 nap 1 óra
• PHPIPAM 1.4.4 - CVE-2021-46426 3 nap 1 óra
• LiquidFiles - 3.4.15 - Stored XSS - CVE-2021-30140 3 nap 1 óra
• Watch multiple LockBit Ransom get DESTROYED Mass PWNAGE at scale! 3 nap 1 óra
• github.com/malvuln/RansomDLLs / Catalog of current DLLs affecting vulnerable Ransomware strains. 3 nap 1 óra
• APPLE-SA-2022-05-16-2 macOS Monterey 12.4 4 nap 17 óra
• APPLE-SA-2022-05-16-6 tvOS 15.5 4 nap 17 óra
• APPLE-SA-2022-05-16-5 watchOS 8.6 4 nap 17 óra
• APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6 4 nap 17 óra
• APPLE-SA-2022-05-16-1 iOS 15.5 and iPadOS 15.5 4 nap 17 óra

Drupal contrib security advisories

• Wingsuit - Storybook for UI Patterns - Critical - Access bypass - SA-CONTRIB-2022-040 3 nap 5 óra
• Duo Two-Factor Authentication - Critical - Unsupported - SA-CONTRIB-2022-039 2 hét 3 nap
• Quick Node Clone - Moderately critical - Access bypass - SA-CONTRIB-2022-038 2 hét 3 nap
• Image Field Caption - Moderately critical - Cross Site Scripting - SA-CONTRIB-2022-036 2 hét 3 nap
• Doubleclick for Publishers (DFP) - Moderately critical - Cross site scripting - SA-CONTRIB-2022-035 2 hét 3 nap
• Link - Moderately critical - Cross site scripting - SA-CONTRIB-2022-034 2 hét 3 nap
• Rename Admin Paths - Moderately critical - Access bypass - SA-CONTRIB-2022-033 1 hónap 1 hét
• Anti Spam by CleanTalk - Moderately critical - SQL Injection - SA-CONTRIB-2022-032 1 hónap 3 hét
• Role Delegation - Moderately critical - Privilege escalation - SA-CONTRIB-2022-031 1 hónap 4 hét
• Colorbox Node - Critical - Unsupported - SA-CONTRIB-2022-030 1 hónap 4 hét

Kaspersky

• Evaluation of cyber activities and the threat landscape in Ukraine 4 nap 8 óra
• HTML attachments in phishing e-mails 5 nap 14 óra
• New ransomware trends in 2022 1 hét 3 nap
• Mobile subscription Trojans and their little tricks 2 hét 1 nap
• A new secret stash for “fileless” malware 2 hét 3 nap
• APT trends report Q1 2022 3 hét 3 nap
• DDoS attacks in Q1 2022 3 hét 5 nap
• How to recover files encrypted by Yanlouwang 1 hónap 3 nap
• Emotet modules and recent attacks 1 hónap 1 hét
• The State of Stalkerware in 2021 1 hónap 1 hét

NVD: fully analised CVE

• CVE-2021-33077 (optane_memory_h10_with_solid_state_storage_firmware, optane_memory_h20_with_solid_state_storage_firmware, optane_ssd_900p_firmware, optane_ssd_905p_firmware, optane_ssd_dc_p4800x_firmware, optane_ssd_dc_p4801x_firmware, optane_ssd... 1 hét 2 nap
• CVE-2021-33078 (optane_memory_h10_with_solid_state_storage_firmware, optane_memory_h20_with_solid_state_storage_firmware, optane_ssd_900p_firmware, optane_ssd_905p_firmware, optane_ssd_dc_p4800x_firmware, optane_ssd_dc_p4801x_firmware, optane_ssd... 1 hét 2 nap
• CVE-2021-0126 (manageability_commander) 1 hét 2 nap
• CVE-2021-0194 (in-band_manageability) 1 hét 2 nap
• CVE-2021-26258 (killer_control_center) 1 hét 2 nap
• CVE-2021-0154 (core_i5-7640x_firmware, core_i7-3820_firmware, core_i7-3920xm_firmware, core_i7-3930k_firmware, core_i7-3940xm_firmware, core_i7-3960x_firmware, core_i7-3970x_firmware, core_i7-4820k_firmware, core_i7-4930k_firmware, core_i7-4930mx... 1 hét 2 nap
• CVE-2021-0155 (core_i5-7640x_firmware, core_i7-3820_firmware, core_i7-3920xm_firmware, core_i7-3930k_firmware, core_i7-3940xm_firmware, core_i7-3960x_firmware, core_i7-3970x_firmware, core_i7-4820k_firmware, core_i7-4930k_firmware, core_i7-4930mx... 1 hét 2 nap
• CVE-2021-0159 (xeon_bronze_3204_firmware, xeon_bronze_3206r_firmware, xeon_gold_5215_firmware, xeon_gold_5215l_firmware, xeon_gold_5217_firmware, xeon_gold_5218_firmware, xeon_gold_5218b_firmware, xeon_gold_5218n_firmware, xeon_gold_5218r_firmware,... 1 hét 2 nap
• CVE-2021-0188 (xeon_e3-1220_v5_firmware, xeon_e3-1220_v6_firmware, xeon_e3-1225_v5_firmware, xeon_e3-1225_v6_firmware, xeon_e3-1230_v5_firmware, xeon_e3-1230_v6_firmware, xeon_e3-1235l_v5_firmware, xeon_e3-1240_v5_firmware, xeon_e3-1240_v6_firmware,... 1 hét 2 nap
• CVE-2021-0189 (xeon_bronze_3204_firmware, xeon_bronze_3206r_firmware, xeon_e-2124_firmware, xeon_e-2124g_firmware, xeon_e-2126g_firmware, xeon_e-2134_firmware, xeon_e-2136_firmware, xeon_e-2144g_firmware, xeon_e-2146g_firmware, xeon_e-2174g_firmware,... 1 hét 2 nap

CERT/CC

• VU#473698: CVE-2022-30295 - uClibc, uClibc-ng Libraries Have Monotonically Increasing DNS Transaction ID 1 hét 5 nap
• VU#730007: Tychon is vulnerable to privilege escalation due to OPENSSLDIR location 3 hét 2 nap
• VU#411271: Qt allows for privilege escalation due to hard-coding of qt_prfxpath value 3 hét 2 nap
• VU#970766: Spring Framework insecurely handles PropertyDescriptor objects with data binding 1 hónap 3 hét
• VU#383864: Visual Voice Mail (VVM) services transmit unencrypted credentials via SMS 2 hónap 3 hét
• VU#229438: Mobile device monitoring services do not authenticate API requests 2 hónap 4 hét
• VU#796611: InsydeH2O UEFI software impacted by multiple vulnerabilities in SMM 3 hónap 2 hét
• VU#119678: Samba vfs_fruit module insecurely handles extended file attributes 3 hónap 2 hét

Huawei Security Bulletin

• Security Advisory - Buffer Overflow Vulnerabilities In Huawei Product 3 hét 4 nap
• Improper Authentication Management Vulnerability in some Huawei Products 1 hónap 2 hét
• Security Advisory - Privilege Escalation Vulnerability in Huawei Product 2 hónap 3 hét
• Security Advisory - Privilege Escalation Vulnerability in Huawei Product 3 hónap 5 nap

Arista Security Advisories

• Security Advisory 0076 3 hét 5 nap
• Security Advisory 0075 3 hét 5 nap
• Security Advisory 0074 1 hónap 2 hét
• Security Advisory 0073 1 hónap 3 hét
• Security Advisory 0072 3 hónap 2 hét

Drupal core security advisories

• Drupal core - Moderately critical - Access bypass - SA-CORE-2022-009 1 hónap 1 nap
• Drupal core - Moderately critical - Improper input validation - SA-CORE-2022-008 1 hónap 1 nap
• Drupal core - Moderately critical - Third-party libraries - SA-CORE-2022-006 2 hónap 1 nap
• Drupal core - Moderately critical - Third-party libraries - SA-CORE-2022-005 2 hónap 6 nap
• Drupal core - Moderately critical - Information disclosure - SA-CORE-2022-004 3 hónap 4 nap
• Drupal core - Moderately critical - Improper input validation - SA-CORE-2022-003 3 hónap 4 nap

Adatbiztonság (Computerworld)

Cisco Security Alerts

Cisco Security Responses

ISC Knowledge Base

Juniper Security Advisories

Juniper signatures

Microsoft Security Bulletin

Microsoft Security Response Center Blog Alerts

Origo - biztonság -szoftverek

SecurityFocus

Sophos virus alerts

Symantec - threat

Talos Group- Cisco blog

US CERT: Security Bulletins

US CERT: Technical Security Alerts