Sources

NVD: all CVE

• CVE-2019-20934 7 óra 23 perc
• CVE-2020-29368 7 óra 23 perc
• CVE-2020-29369 7 óra 23 perc
• CVE-2020-29370 7 óra 23 perc
• CVE-2020-29371 7 óra 23 perc
• CVE-2020-29372 7 óra 23 perc
• CVE-2020-29373 7 óra 23 perc
• CVE-2020-29374 7 óra 23 perc
• CVE-2020-27218 13 óra 23 perc
• CVE-2020-29367 18 óra 23 perc

SANS

• Threat Hunting with JARM, (Fri, Nov 27th) 16 óra 5 perc
• Live Patching Windows API Calls Using PowerShell, (Wed, Nov 25th) 3 nap 6 óra
• ISC Stormcast For Wednesday, November 25th 2020 https://isc.sans.edu/podcastdetail.html?id=7268, (Wed, Nov 25th) 3 nap 12 óra
• The special case of TCP RST, (Tue, Nov 24th) 3 nap 21 óra
• ISC Stormcast For Tuesday, November 24th 2020 https://isc.sans.edu/podcastdetail.html?id=7266, (Tue, Nov 24th) 4 nap 12 óra
• Quick Tip: Cobalt Strike Beacon Analysis, (Mon, Nov 23rd) 5 nap 6 óra
• ISC Stormcast For Monday, November 23rd 2020 https://isc.sans.edu/podcastdetail.html?id=7264, (Mon, Nov 23rd) 5 nap 12 óra
• Quick Tip: Extracting all VBA Code from a Maldoc - JSON Format, (Sun, Nov 22nd) 5 nap 16 óra
• VMware privilege escalation vulnerabilities (CVE-2020-4004, CVE-2020-4005) - https://www.vmware.com/security/advisories/VMSA-2020-0026.html, (Sat, Nov 21st) 1 hét 3 óra
• Malicious Python Code and LittleSnitch Detection, (Fri, Nov 20th) 1 hét 1 nap

Linux security Advisories

• Fedora 32: moodle 2020-db73e37548> 17 óra 27 perc
• Fedora 33: pam 2020-22532a1a81> 17 óra 33 perc
• Fedora 33: asterisk 2020-6b277646c7> 17 óra 33 perc
• Fedora 33: moodle 2020-304aa2c365> 17 óra 34 perc
• Fedora 33: c-ares 2020-7473744de1> 17 óra 34 perc
• Mageia 2020-0441: webkit2 security update> 22 óra 22 perc
• Mageia 2020-0440: jruby security update> 22 óra 22 perc
• SUSE: 2020:3552-1 moderate: binutils> 22 óra 22 perc
• SUSE: 2020:3551-1 moderate: libssh2_org> 1 nap 1 óra
• SUSE: 2020:3549-1 important: nodejs12> 1 nap 1 óra

US CERT: Current Activity

• Fortinet FortiOS System File Leak 22 óra 40 perc
• Drupal Releases Security Updates 22 óra 45 perc
• Online Holiday Shopping Scams 4 nap 2 óra
• VMware Releases Workarounds for CVE-2020-4006 4 nap 19 óra
• VMware Releases Security Updates for VMware SD-WAN Orchestrator 1 hét 1 nap
• Mozilla Releases Security Updates for Firefox, Firefox ESR, and Thunderbird 1 hét 1 nap
• Google Releases Security Updates for Chrome 1 hét 1 nap
• Drupal Releases Security Updates 1 hét 1 nap
• Cisco Releases Security Updates for Multiple Products 1 hét 1 nap
• Cisco Releases Security Updates for Security Manager 1 hét 3 nap

Ubuntu Secutity Notices

• USN-4382-2: FreeRDP vulnerabilities 1 nap 19 óra
• USN-4646-2: poppler regression 1 nap 20 óra
• USN-4649-1: xdg-utils vulnerability 2 nap 41 perc
• USN-4648-1: WebKitGTK vulnerabilities 2 nap 1 óra
• USN-4647-1: Thunderbird vulnerabilities 2 nap 16 óra
• USN-4646-1: poppler vulnerabilities 2 nap 20 óra
• USN-4645-1: Mutt vulnerability 2 nap 23 óra
• USN-4644-1: igraph vulnerability 3 nap 18 óra
• USN-4643-1: atftp vulnerabilities 4 nap 23 perc
• USN-4642-1: PDFResurrect vulnerability 4 nap 14 óra

Drupal core security advisories

• Drupal core - Critical - Arbitrary PHP code execution - SA-CORE-2020-013 2 nap 14 óra
• Drupal core - Critical - Remote code execution - SA-CORE-2020-012 1 hét 2 nap
• Drupal core - Moderately critical - Information disclosure - SA-CORE-2020-011 2 hónap 1 hét
• Drupal core - Moderately critical - Access bypass - SA-CORE-2020-008 2 hónap 1 hét
• Drupal core - Moderately critical - Cross-site scripting - SA-CORE-2020-010 2 hónap 1 hét
• Drupal core - Critical - Cross-site scripting - SA-CORE-2020-009 2 hónap 1 hét
• Drupal core - Moderately critical - Cross-site scripting - SA-CORE-2020-007 2 hónap 1 hét

NVD: fully analised CVE

• CVE-2020-29070 (oscommerce) 2 nap 18 óra
• CVE-2020-29059 (72408a_firmware, 9008a_firmware, 9016a_firmware, 92408a_firmware, 92416a_firmware, 9288_firmware, 97016_firmware, 97024p_firmware, 97028p_firmware, 97042p_firmware, 97084p_firmware, 97168p_firmware, fd1002s_firmware, fd1104_firmware,... 3 nap 17 óra
• CVE-2020-29060 (72408a_firmware, 9008a_firmware, 9016a_firmware, 92408a_firmware, 92416a_firmware, 9288_firmware, 97016_firmware, 97024p_firmware, 97028p_firmware, 97042p_firmware, 97084p_firmware, 97168p_firmware, fd1002s_firmware, fd1104_firmware,... 3 nap 17 óra
• CVE-2020-29061 (72408a_firmware, 9008a_firmware, 9016a_firmware, 92408a_firmware, 92416a_firmware, 9288_firmware, 97016_firmware, 97024p_firmware, 97028p_firmware, 97042p_firmware, 97084p_firmware, 97168p_firmware, fd1002s_firmware, fd1104_firmware,... 3 nap 17 óra
• CVE-2020-29062 (72408a_firmware, 9008a_firmware, 9016a_firmware, 92408a_firmware, 92416a_firmware, 9288_firmware, 97016_firmware, 97024p_firmware, 97028p_firmware, 97042p_firmware, 97084p_firmware, 97168p_firmware, fd1002s_firmware, fd1104_firmware,... 3 nap 17 óra
• CVE-2020-29063 (72408a_firmware, 9008a_firmware, 9016a_firmware, 92408a_firmware, 92416a_firmware, 9288_firmware, 97016_firmware, 97024p_firmware, 97028p_firmware, 97042p_firmware, 97084p_firmware, 97168p_firmware, fd1002s_firmware, fd1104_firmware,... 3 nap 17 óra
• CVE-2020-29054 (72408a_firmware, 9008a_firmware, 9016a_firmware, 92408a_firmware, 92416a_firmware, 9288_firmware, 97016_firmware, 97024p_firmware, 97028p_firmware, 97042p_firmware, 97084p_firmware, 97168p_firmware, fd1002s_firmware, fd1104_firmware,... 3 nap 17 óra
• CVE-2020-29055 (72408a_firmware, 9008a_firmware, 9016a_firmware, 92408a_firmware, 92416a_firmware, 9288_firmware, 97016_firmware, 97024p_firmware, 97028p_firmware, 97042p_firmware, 97084p_firmware, 97168p_firmware, fd1002s_firmware, fd1104_firmware,... 3 nap 17 óra
• CVE-2020-29056 (72408a_firmware, 9008a_firmware, 9016a_firmware, 92408a_firmware, 92416a_firmware, 9288_firmware, 97016_firmware, 97024p_firmware, 97028p_firmware, 97042p_firmware, 97084p_firmware, 97168p_firmware, fd1002s_firmware, fd1104_firmware,... 3 nap 17 óra
• CVE-2020-29057 (72408a_firmware, 9008a_firmware, 9016a_firmware, 92408a_firmware, 92416a_firmware, 9288_firmware, 97016_firmware, 97024p_firmware, 97028p_firmware, 97042p_firmware, 97084p_firmware, 97168p_firmware, fd1002s_firmware, fd1104_firmware,... 3 nap 17 óra

Huawei Security Bulletin

• Security Advisory - Out-of-bounds Read Vulnerability in Some Huawei Smartphones 3 nap 15 óra
• Security Advisory - Command Injection Vulnerability in ManageOne Product 3 nap 15 óra
• Security Advisory - Privilege Escalation Vulnerability in FusionCompute Product 1 hét 3 nap
• Security Advisory - Command Injection Vulnerability in Huawei FusionCompute Product 1 hét 3 nap
• Security Advisory - Improper Buffer Operation Restrictions Vulnerability on Huawei Smartphone 1 hét 3 nap
• Security Advisory - Improper Buffer Operation Restrictions Vulnerability on Huawei Smartphone 2 hét 3 nap
• Security Advisory - Denial of Service Vulnerability in Some Huawei Products 2 hét 3 nap
• Security Advisory - Denial of Service Vulnerability in Some Huawei Products 2 hét 3 nap
• Security Advisory - Command Injection Vulnerability in Some Huawei Products 2 hét 3 nap
• Security Advisory - Netlogon Elevation of Privilege Vulnerability 3 hét 2 nap

Kaspersky

• Lookalike domains and how to outfox them 4 nap 4 óra
• IT threat evolution Q3 2020. Non-mobile statistics 1 hét 1 nap
• IT threat evolution Q3 2020 Mobile statistics 1 hét 1 nap
• IT threat evolution Q3 2020 1 hét 1 nap
• Advanced Threat predictions for 2021 1 hét 2 nap
• Spam and phishing in Q3 2020 2 hét 2 nap
• Targeted ransomware: it’s not just about encrypting your data! 2 hét 3 nap
• Ghimob: a Tétrade threat actor moves to infect mobile devices 2 hét 5 nap
• RansomEXX Trojan attacks Linux systems 3 hét 23 óra
• Attacks on industrial enterprises using RMS and TeamViewer: new data 3 hét 2 nap

seclist.org

• SEC Consult SA-20201123-0 :: Multiple Vulnerabilities in ZTE WLAN router MF253V 4 nap 19 óra
• CA20201116-01: Security Notice for CA Unified Infrastructure Management 4 nap 19 óra
• KL-001-2020-009 : Barco wePresent Insecure Firmware Image 1 hét 17 óra
• KL-001-2020-008 : Barco wePresent Global Hardcoded Root SSH Password 1 hét 18 óra
• KL-001-2020-007 : Barco wePresent Undocumented SSH Interface Accessible Via Web UI 1 hét 18 óra
• KL-001-2020-006 : Barco wePresent Authentication Bypass 1 hét 18 óra
• KL-001-2020-005 : Barco wePresent Admin Credentials Exposed In Plain-text 1 hét 18 óra
• KL-001-2020-004 : Barco wePresent Hardcoded API Credentials 1 hét 18 óra
• VTiger v7.0 CRM - (To) Persistent Email Vulnerability 1 hét 1 nap
• TCMalloc viewer/dumper - TCMalloc Inspector Tool 1 hét 2 nap

CERT-SEI

• VU#724367: VMware Workspace ONE Access and related components are vulnerable to command injection 4 nap 19 óra
• VU#231329: Replay Protected Memory Block (RPMB) protocol does not adequately defend against replay attacks 2 hét 3 nap
• VU#760767: Macrium Reflect is vulnerable to privilege escalation due to OPENSSLDIR location 1 hónap 2 nap
• VU#208577: Chocolatey Boxstarter vulnerable to privilege escalation due to weak ACLs 1 hónap 6 nap
• VU#114757: Acronis backup software contains multiple privilege escalation vulnerabilities 1 hónap 2 hét
• VU#257161: Treck IP stacks contain multiple vulnerabilities 1 hónap 2 hét
• VU#636397: IP-in-IP protocol routes arbitrary traffic by default 1 hónap 4 hét
• VU#490028: Microsoft Windows Netlogon Remote Protocol (MS-NRPC) uses insecure AES-CFB8 initialization vector 2 hónap 1 hét
• VU#896979: IPTV encoder devices contain multiple vulnerabilities 2 hónap 1 hét
• VU#589825: Devices supporting Bluetooth BR/EDR and LE using CTKD are vulnerable to key overwrite 2 hónap 2 hét

US CERT: Security Bulletins

• Vulnerability Summary for the Week of November 16, 2020 5 nap 2 óra
• Vulnerability Summary for the Week of November 9, 2020 1 hét 5 nap
• Vulnerability Summary for the Week of November 2, 2020 2 hét 5 nap
• Vulnerability Summary for the Week of October 26, 2020 3 hét 5 nap
• Vulnerability Summary for the Week of October 19, 2020 1 hónap 3 nap
• Vulnerability Summary for the Week of October 12, 2020 1 hónap 1 hét
• Vulnerability Summary for the Week of October 5, 2020 1 hónap 2 hét
• Vulnerability Summary for the Week of September 28, 2020 1 hónap 3 hét
• Vulnerability Summary for the Week of September 21, 2020 2 hónap 1 nap
• Vulnerability Summary for the Week of September 14, 2020 2 hónap 1 hét

Talos Group- Cisco blog

• Threat Roundup for November 13 to November 20 1 hét 16 óra
• Back from vacation: Analyzing Emotet’s activity in 2020 1 hét 2 nap
• Nibiru ransomware variant decryptor 1 hét 3 nap
• Threat Roundup for November 6 to November 13 2 hét 19 óra
• CRAT wants to plunder your endpoints 2 hét 2 nap
• Threat Roundup for October 30 to November 6 3 hét 19 óra
• Threat Roundup for October 23 to October 30 4 hét 16 óra
• Cisco Talos Advisory on Adversaries Targeting the Healthcare and Public Health Sector 4 hét 17 óra
• DoNot’s Firestarter abuses Google Firebase Cloud Messaging to spread 1 hónap 1 óra
• Threat Roundup for October 16 to October 23 1 hónap 5 nap

Cisco Security Advisories

• Cisco IoT Field Network Director Missing API Authentication Vulnerability 1 hét 2 nap
• Cisco IoT Field Network Director SOAP API Authorization Bypass Vulnerability 1 hét 2 nap
• Cisco IoT Field Network Director Unauthenticated REST API Vulnerability 1 hét 2 nap
• Cisco IoT Field Network Director Improper Access Control Vulnerability 1 hét 2 nap
• Cisco IoT Field Network Director File Overwrite Vulnerability 1 hét 2 nap
• Cisco IoT Field Network Director Unprotected Storage of Credentials Vulnerability 1 hét 2 nap
• Cisco IoT Field Network REST API Insufficient Input Validation Vulnerability 1 hét 2 nap
• Cisco IoT Field Network Director Information Disclosure Vulnerability 1 hét 2 nap
• Cisco IoT Field Network Director Improper Domain Access Control Vulnerability 1 hét 2 nap
• Cisco IoT Field Network Director Cross-Site Scripting Vulnerabilities 1 hét 2 nap

Drupal contrib security advisories

• SAML SP 2.0 Single Sign On (SSO) - SAML Service Provider - Critical - Access bypass - SA-CONTRIB-2020-038 1 hét 2 nap
• Ink Filepicker - Critical - Unsupported - SA-CONTRIB-2020-037 1 hét 2 nap
• Media: oEmbed - Critical - Remote Code Execution - SA-CONTRIB-2020-036 1 hét 2 nap
• Examples for Developers - Critical - Remote Code Execution - SA-CONTRIB-2020-035 1 hét 2 nap
• Drupal OAuth Server ( OAuth Provider) - Single Sign On ( SSO ) - Moderately critical - SQL Injection - SA-CONTRIB-2020-034 1 hónap 2 hét

US CERT: Technical Security Alerts

• AA20-304A: Iranian Advanced Persistent Threat Actor Identified Obtaining Voter Registration Data 4 hét 20 óra
• AA20-302A: Ransomware Activity Targeting the Healthcare and Public Health Sector 1 hónap 15 óra
• AA20-301A: North Korean Advanced Persistent Threat Focus: Kimsuky 1 hónap 1 nap
• AA20-296B: Iranian Advanced Persistent Threat Actors Threaten Election-Related Systems 1 hónap 6 nap
• AA20-296A: Russian State-Sponsored Advanced Persistent Threat Actor Compromises U.S. Government Targets 1 hónap 1 hét
• AA20-283A: APT Actors Chaining Vulnerabilities Against SLTT, Critical Infrastructure, and Elections Organizations 1 hónap 2 hét
• AA20-280A: Emotet Malware 1 hónap 3 hét
• AA20-275A: Potential for China Cyber Response to Heightened U.S.–China Tensions 1 hónap 3 hét
• AA20-266A: LokiBot Malware 2 hónap 6 nap
• AA20-259A: Iran-Based Threat Actor Exploits VPN Vulnerabilities 2 hónap 1 hét

Juniper Security Advisories

• JSA11082 - 2020-10 Security Bulletin: Junos OS: EX4600, QFX5K Series: Stateless firewall filter matching 'user-vlan-id' will cause incomplete discard action (CVE-2020-1685) 1 hónap 2 hét
• JSA11081 - 2020-10 Security Bulletin: Junos OS: SRX Series: High CPU load due to processing for HTTP traffic when Application Identification is enabled. (CVE-2020-1684) 1 hónap 2 hét
• JSA11080 - 2020-10 Security Bulletin: Junos OS: Memory leak leads to kernel crash (vmcore) due to SNMP polling (CVE-2020-1683) 1 hónap 2 hét
• JSA11078 - 2020-10 Security Bulletin: Junos OS Evolved: Receipt of a specifically malformed NDP packet could lead to Denial of Service (CVE-2020-1681) 1 hónap 2 hét
• JSA11077 - 2020-10 Security Bulletin: Junos OS: MX Series: MS-MPC/MIC might crash when processing malformed IPv6 packet in NAT64 configuration. (CVE-2020-1680) 1 hónap 2 hét
• JSA11075 - 2020-10 Security Bulletin: Junos OS and Junos OS Evolved: RPD can crash due to a slow memory leak. (CVE-2020-1678) 1 hónap 2 hét
• JSA11074 - 2020-10 Security Bulletin: SBR Carrier: Multiple Vulnerabilities in third-party software 1 hónap 2 hét
• JSA11073 - 2020-10 Security Bulletin: JIMS: Multiple Vulnerabilities in zlib 1 hónap 2 hét
• JSA11057 - 2020-10 Security Bulletin: Junos OS: Arbitrary code execution vulnerability in Telnet server (CVE-2020-10188) 1 hónap 2 hét
• JSA11056 - 2020-10 Security Bulletin: Junos OS: jdhcpd process crash when forwarding a malformed DHCP packet. (CVE-2020-1661) 1 hónap 2 hét

Arista Security Advisories

• Security Advisory 0054 1 hónap 3 hét
• Security Advisory 0053 1 hónap 3 hét
• Security Advisory 0052 1 hónap 3 hét
• End of Sale of the Arista 7260CX-64 Series 100 Gigabit Ethernet Switches 1 hónap 3 hét
• End of Sale of the Arista 7160 Series 2 hónap 6 nap
• End of Sale of the Arista 7130-48E and 7130-96E 2 hónap 6 nap
• End of Sale of the Arista 7130-32EH 2 hónap 6 nap
• End of Sale of the Arista 7130 Series Protect Firewall 2 hónap 6 nap
• End of Sale of 7050SX-72Q 2 hónap 6 nap
• Security Advisory 0051 2 hónap 2 hét

HUP - titkosítás, biztonság

• Tails 4.10 3 hónap 4 nap
• 15 éves a ZDI Bug Bounty programja 3 hónap 1 hét
• A Rust és a Clang/LLVM mostantól támogatja a Windows Control Flow Guard-ot 3 hónap 1 hét
• Check Point Research: a Qualcomm Snapdragon chipjének több mint 400 sebezhetősége fenyegetés a mobiltelefonhasználatra világszerte 3 hónap 3 hét

Adatbiztonság (Computerworld)

AusCERT - Security Bulletins

Cisco Security Alerts

Cisco Security Responses

ISC Knowledge Base

Juniper signatures

Microsoft Comprehensive Alerts

Microsoft Security Bulletin

Microsoft Security Response Center Blog Alerts

Origo - biztonság -szoftverek

SecurityFocus

Sophos virus alerts

Symantec - threat