Sources
ECHO Network
- Mass Exploitation of Exchange Server Zero-Day CVEs: What You Need to Know 47 perc 28 másodperc
- Five high-severity vulnerabilities identified in Linux kernel: Patch them now 53 perc 28 másodperc
- SciLinux: SLSA-2021-0699-1 Important: grub2 on SL7.x x86_64> 56 perc 28 másodperc
- CVE-2021-22884 1 óra 1 perc
- CVE-2021-1387 (nx-os, unified_computing_system) 1 óra 12 perc
- CVE-2021-1229 (nx-os) 1 óra 12 perc
- Microsoft Exchange Server Exploits 1 óra 13 perc
- Gab's CTO Introduced a Critical Vulnerability to the Site 1 óra 21 perc
- Malicious Code Bombs Target Amazon, Lyft, Slack, Zillow 1 óra 30 perc
- Home-Office Photos: A Ripe Cyberattack Vector 1 óra 30 perc
US CERT: Current Activity
- CISA Issues Emergency Directive and Alert on Microsoft Exchange Vulnerabilities 1 óra 10 perc
- Google Releases Security Updates for Chrome 4 óra 14 perc
- Microsoft Releases Out-of-Band Security Updates for Exchange Server 22 óra 43 perc
- Apache Releases Security Advisory for Tomcat 1 nap 5 óra
- NSA Releases Guidance on Zero Trust Security Model 5 nap 7 óra
- Cisco Releases Security Updates 6 nap 9 óra
- Mozilla Releases Security Updates for Thunderbird, Firefox ESR, and Firefox 1 hét 5 óra
- VMware Releases Multiple Security Updates 1 hét 5 óra
- CISA Releases Joint Cybersecurity Advisory on Exploitation of Accellion File Transfer Appliance 1 hét 7 óra
- SonicWall Releases Additional Patches 1 hét 1 nap
NVD: all CVE
- CVE-2021-21978 3 óra 9 perc
- CVE-2021-22182 3 óra 9 perc
- CVE-2021-22188 3 óra 9 perc
- CVE-2021-22681 3 óra 9 perc
- CVE-2021-22877 3 óra 9 perc
- CVE-2021-22878 3 óra 9 perc
- CVE-2021-22883 3 óra 9 perc
- CVE-2021-22884 3 óra 9 perc
- CVE-2020-13558 3 óra 9 perc
- CVE-2020-28591 3 óra 9 perc
Microsoft Sercurity Response Center
- A new experience for reporting copyright or trademark infringement on Microsoft Services 3 óra 9 perc
- Multiple Security Updates Released for Exchange Server 1 nap 16 perc
- Microsoft Internal Solorigate Investigation – Final Update 1 hét 6 nap
- MSRC Security Researcher Recognition: 2021 3 hét 3 óra
- Multiple Security Updates Affecting TCP/IP: CVE-2021-24074, CVE-2021-24094, and CVE-2021-24086 3 hét 1 nap
- Continuing to Listen: Good News about the Security Update Guide API! 3 hét 1 nap
- New and Improved Report Abuse Portal and API! 1 hónap 3 óra
- Netlogon Domain Controller Enforcement Mode is enabled by default beginning with the February 9, 2021 Security Update, related to CVE-2020-1472 1 hónap 2 hét
- Top MSRC 2020 Q4 Security Researchers – Congratulations! 1 hónap 2 hét
- Security Update Guide Supports CVEs Assigned by Industry Partners 1 hónap 2 hét
US CERT: Technical Security Alerts
- AA21-062A: Mitigate Microsoft Exchange Server Vulnerabilities 3 óra 11 perc
- AA21-055A: Exploitation of Accellion File Transfer Appliance 1 hét 7 óra
- AA21-048A: AppleJeus: Analysis of North Korea’s Cryptocurrency Malware 2 hét 5 óra
- AA21-042A: Compromise of U.S. Water Treatment Facility 2 hét 6 nap
- AA21-008A: Detecting Post-Compromise Threat Activity in Microsoft Cloud Environments 1 hónap 3 hét
- AA20-352A: Advanced Persistent Threat Compromise of Government Agencies, Critical Infrastructure, and Private Sector Organizations 2 hónap 2 hét
- AA20-345A: Cyber Actors Target K-12 Distance Learning Education to Cause Disruptions and Steal Data 2 hónap 3 hét
- AA20-336A: Advanced Persistent Threat Actors Targeting U.S. Think Tanks 3 hónap 2 nap
Cisco Security Advisories
- Cisco IP Phones Buffer Overflow and Denial of Service Vulnerabilities 3 óra 19 perc
- Cisco Network Services Orchestrator Path Traversal Vulnerability 3 óra 19 perc
- Cisco SD-WAN vManage SQL Injection Vulnerability 3 óra 19 perc
- Cisco SD-WAN vManage Software Privilege Escalation Vulnerability 3 óra 19 perc
- Cisco SD-WAN Software Signature Verification Bypass Vulnerability 3 óra 19 perc
- Cisco SD-WAN vDaemon Buffer Overflow Vulnerability 3 óra 19 perc
- Cisco SD-WAN vManage Information Disclosure Vulnerability 3 óra 19 perc
- Multiple Cisco Products Snort Ethernet Frame Decoder Denial of Service Vulnerability 3 óra 19 perc
- Cisco ASR 5000 Series Software (StarOS) ipsecmgr Process Denial of Service Vulnerability 3 óra 19 perc
- Cisco SD-WAN vManage Authorization Bypass Vulnerability 3 óra 19 perc
Drupal contrib security advisories
- Webform - Moderately critical - Access bypass - SA-CONTRIB-2021-004 4 óra 34 perc
- Subgroup - Less critical - Access bypass - SA-CONTRIB-2021-003 1 hónap 5 nap
- Open Social - Moderately critical - Access bypass - SA-CONTRIB-2021-002 1 hónap 5 nap
- Open Social - Moderately critical - Access bypass - SA-CONTRIB-2021-001 1 hónap 5 nap
- SAML SP 2.0 Single Sign On (SSO) - SAML Service Provider - Critical - Access bypass - SA-CONTRIB-2020-038 3 hónap 2 hét
- Ink Filepicker - Critical - Unsupported - SA-CONTRIB-2020-037 3 hónap 2 hét
- Media: oEmbed - Critical - Remote Code Execution - SA-CONTRIB-2020-036 3 hónap 2 hét
- Examples for Developers - Critical - Remote Code Execution - SA-CONTRIB-2020-035 3 hónap 2 hét
Linux security Advisories
- SciLinux: SLSA-2021-0699-1 Important: grub2 on SL7.x x86_64> 6 óra 38 perc
- openSUSE: 2021:0377-1 moderate: ImageMagick> 11 óra 5 perc
- openSUSE: 2021:0376-1 important: webkit2gtk3> 11 óra 6 perc
- openSUSE: 2021:0375-1 important: bind> 11 óra 7 perc
- RedHat: RHSA-2021-0711:01 Important: virt:rhel and virt-devel:rhel security> 13 óra 20 perc
- RedHat: RHSA-2021-0637:01 Important: OpenShift Container Platform 3.11.394> 13 óra 53 perc
- RedHat: RHSA-2021-0710:01 Important: container-tools:2.0 security update> 15 óra 53 perc
- openSUSE: 2021:0374-1 moderate: java-1_8_0-openjdk> 20 óra 5 perc
- openSUSE: 2021:0372-1 important: nodejs10> 20 óra 6 perc
- openSUSE: 2021:0373-1 important: MozillaFirefox> 20 óra 7 perc
Ubuntu Secutity Notices
- USN-4757-1: wpa_supplicant and hostapd vulnerability 9 óra 39 perc
- USN-4754-4: Python 2.7 vulnerability 9 óra 46 perc
- USN-4737-2: Bind vulnerability 2 nap 3 óra
- USN-4756-1: Firefox vulnerabilities 5 nap 3 óra
- USN-4754-2: Python regression 6 nap 2 óra
- USN-4755-1: LibTIFF vulnerabilities 6 nap 4 óra
- USN-4754-1: Python vulnerabilities 6 nap 9 óra
- USN-4749-1: Linux kernel vulnerabilities 6 nap 14 óra
- USN-4753-1: Linux kernel (OEM) vulnerability 6 nap 14 óra
- USN-4752-1: Linux kernel (OEM) vulnerabilities 6 nap 14 óra
AusCERT - Security Bulletins
- ESB-2021.0760 - [SUSE] MozillaThunderbird: Multiple vulnerabilities 19 óra 24 perc
- ESB-2021.0759 - [SUSE] MozillaFirefox: Multiple vulnerabilities 19 óra 24 perc
- ESB-2021.0758 - [SUSE] python-cryptography: Denial of service - Remote/unauthenticated 19 óra 24 perc
- ESB-2021.0757 - [SUSE] java-1_8_0-ibm and java-1_8_0-openjdk: Multiple vulnerabilities 19 óra 24 perc
- ESB-2021.0756 - [SUSE] nodejs10: Multiple vulnerabilities 19 óra 24 perc
- ESB-2021.0755 - [SUSE] gnome-autoar: Reduced security - Existing account 19 óra 24 perc
- ESB-2021.0754 - [SUSE] nodejs8: Execute arbitrary code/commands - Remote with user interaction 19 óra 24 perc
- ESB-2021.0753 - [SUSE] grub2: Multiple vulnerabilities 19 óra 24 perc
- ASB-2021.0048 - ALERT [Win] Microsoft Exchange Server: Execute arbitrary code/commands - Remote/unauthenticated 19 óra 24 perc
- ESB-2021.0752 - [UNIX/Linux][Debian] wpa: Multiple vulnerabilities 21 óra 22 perc
SANS
- Qakbot infection with Cobalt Strike, (Wed, Mar 3rd) 21 óra 23 perc
- Patch Now: HAFNIUM targeting Exchange Servers with 0day exploits https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/, (Tue, Mar 2nd) 21 óra 34 perc
- Security Detection & Response Alert Output Usability Survey: https://www.surveymonkey.com/r/TAOvsVAO, (Tue, Mar 2nd) 1 nap 13 óra
- Adversary Simulation with Sim, (Tue, Mar 2nd) 1 nap 13 óra
- ISC Stormcast For Tuesday, March 2nd, 2021 https://isc.sans.edu/podcastdetail.html?id=7394, (Tue, Mar 2nd) 1 nap 19 óra
- Fun with DNS over TLS (DoT), (Mon, Mar 1st) 2 nap 7 óra
- ISC Stormcast For Monday, March 1st, 2021 https://isc.sans.edu/podcastdetail.html?id=7392, (Mon, Mar 1st) 2 nap 19 óra
- Maldocs: Protection Passwords, (Sun, Feb 28th) 2 nap 21 óra
- Pretending to be an Outlook Version Update, (Fri, Feb 26th) 4 nap 20 óra
- ISC Stormcast For Friday, February 26th, 2021 https://isc.sans.edu/podcastdetail.html?id=7390, (Fri, Feb 26th) 5 nap 19 óra
seclist.org
- Trojan-Spy.Win32.Stealer.osh / Insecure Permissions 1 nap 4 óra
- Backdoor.Win32.RemoteManipulator.fdo / Insecure Permissions 1 nap 4 óra
- Multiple Vulnerabilities in jpeg-xl (CVE-2021-27804) 1 nap 4 óra
- SEC Consult SA-20210301-0 :: Authentication bypass vulnerability in Genua GenuGate High Resistance Firewall 2 nap 7 óra
- SEC Consult SA-20210301-0 :: Authentication bypass vulnerability in Genua GenuGate High Resistance Firewall 2 nap 7 óra
- Trojan-Proxy.Win32.Delf.ai / Remote SEH Buffer Overflow 5 nap 12 óra
- Trojan.Win32.Hotkeychick.am / Insecure Permissions 5 nap 12 óra
- Backdoor.Win32.Azbreg.amw / Insecure Permissions 5 nap 12 óra
- Trojan-Spy.Win32.SpyEyes.elr / Insecure Permissions 5 nap 12 óra
- Trojan-Dropper.Win32.Daws.etlm / Remote Unauthenticated System Reboot 5 nap 12 óra
Kaspersky
- Mobile malware evolution 2020 2 nap 7 óra
- The state of stalkerware in 2020 5 nap 13 óra
- Lazarus targets defense industry with ThreatNeedle 6 nap 11 óra
- DDoS attacks in Q4 2020 2 hét 1 nap
- Spam and phishing in 2020 2 hét 2 nap
- How kids coped with COVID-hit winter holidays 3 hét 6 nap
- Privacy predictions for 2021 1 hónap 4 nap
- Sunburst backdoor – code overlaps with Kazuar 1 hónap 3 hét
- Digital Footprint Intelligence Report 2 hónap 4 nap
- How we protect our users against the Sunburst backdoor 2 hónap 1 hét
US CERT: Security Bulletins
- Vulnerability Summary for the Week of February 22, 2021 2 nap 8 óra
- Vulnerability Summary for the Week of February 15, 2021 1 hét 2 nap
- Vulnerability Summary for the Week of February 8, 2021 2 hét 2 nap
- Vulnerability Summary for the Week of February 1, 2021 3 hét 2 nap
- Vulnerability Summary for the Week of January 25, 2021 1 hónap 8 óra
- Vulnerability Summary for the Week of January 18, 2021 1 hónap 1 hét
- Vulnerability Summary for the Week of January 11, 2021 1 hónap 2 hét
- Vulnerability Summary for the Week of January 4, 2021 1 hónap 3 hét
- Vulnerability Summary for the Week of December 28, 2020 1 hónap 4 hét
- Vulnerability Summary for the Week of December 21, 2020 2 hónap 5 nap
NVD: fully analised CVE
- CVE-2021-0366 (android) 5 nap 9 perc
- CVE-2021-0367 (android) 5 nap 9 perc
- CVE-2021-0401 (android) 5 nap 9 perc
- CVE-2021-0402 (android) 5 nap 9 perc
- CVE-2021-0403 (android) 5 nap 9 perc
- CVE-2021-0404 (android) 5 nap 9 perc
- CVE-2021-0405 (android) 5 nap 9 perc
- CVE-2019-18945 (solutions_business_manager) 5 nap 17 óra
- CVE-2019-18946 (solutions_business_manager) 5 nap 17 óra
- CVE-2019-18942 (solutions_business_manager) 5 nap 17 óra
Talos Group- Cisco blog
- Threat Roundup for February 19 to February 26 5 nap 1 óra
- Threat Roundup for February 12 to February 19 1 hét 4 nap
- Threat Roundup for February 5 to February 12 2 hét 5 nap
- Threat Roundup for January 22 to January 29 1 hónap 3 nap
- Threat Roundup for January 15 to January 22 1 hónap 1 hét
- Threat Roundup for January 8 to January 15 1 hónap 2 hét
- A Deep Dive into Lokibot Infection Chain 1 hónap 3 hét
- Talos Vulnerability Discovery Year in Review — 2020 2 hónap 1 hét
- Threat Roundup for December 11 to December 18 2 hónap 2 hét
- Talos Tools of the Trade 2 hónap 2 hét
CERT/CC
- VU#240785: Atlassian Bitbucket on Windows is vulnerable to privilege escalation due to weak ACLs 1 hét 6 nap
- VU#466044: Siemens Totally Integrated Automation Portal vulnerable to privilege escalation due to Node.js paths 3 hét 1 nap
- VU#589825: Devices supporting Bluetooth BR/EDR and LE using CTKD are vulnerable to key overwrite 3 hét 5 nap
- VU#794544: Heap-Based Buffer Overflow in Sudo 3 hét 6 nap
- VU#125331: Adobe ColdFusion is vulnerable to privilege escalation due to weak ACLs 1 hónap 33 perc
- VU#434904: Dnsmasq is vulnerable to memory corruption and cache poisoning 1 hónap 1 hét
- VU#843464: SolarWinds Orion API authentication bypass allows remote comand execution 2 hónap 1 hét
- VU#429301: Veritas Backup Exec is vulnerable to privilege escalation due to OPENSSLDIR location 2 hónap 1 hét
- VU#815128: Embedded TCP/IP stacks have memory corruption vulnerabilities 2 hónap 3 hét
- VU#724367: VMware Workspace ONE Access and related components are vulnerable to command injection 3 hónap 1 hét
Huawei Security Bulletin
- Security Advisory - Local Privilege Escalation Vulnerability in Some Huawei Products 1 hét 6 nap
- Security Advisory - Remote Code Execution vulnerability in Apache Struts2 3 hét 22 óra
- Security Advisory - Denial of Service Vulnerability in Huawei Product 3 hét 22 óra
- Security Advisory - Use After Free Vulnerability in Huawei Product 3 hét 22 óra
- Security Notice – Statement About the Linux Sudo Privilege Escalation Vulnerability (CVE-2021-3156) 3 hét 22 óra
- Security Advisory - Memory Leak Vulnerability in Some Huawei Products 3 hét 22 óra
- Security Advisory - Denial of Service Vulnerability in Some Products 3 hét 22 óra
- Security Advisory - Information Leakage Vulnerability in Some Huawei Products 4 hét 22 óra
- Security Advisory - Improper Permission Assignment Vulnerability in Huawei ManageOne Product 4 hét 22 óra
- Security Advisory - Improper Information Processing Vulnerability in Huawei Products 4 hét 22 óra
Drupal core security advisories
- Drupal core - Critical - Third-party libraries - SA-CORE-2021-001 1 hónap 1 hét
- Drupal core - Critical - Arbitrary PHP code execution - SA-CORE-2020-013 3 hónap 1 hét
- Drupal core - Critical - Remote code execution - SA-CORE-2020-012 3 hónap 2 hét
Arista Security Advisories
- Security Advisory 0061 1 hónap 1 hét
- Security Advisory 0060 2 hónap 1 hét
- Security Advisory 0059 2 hónap 2 hét
- Security Advisory 0058 2 hónap 2 hét
- Security Advisory 0057 2 hónap 2 hét
- Security Advisory 0056 2 hónap 2 hét
- Security Advisory 0055 2 hónap 2 hét
SecurityFocus
- Bugtraq: Re: [SECURITY] [DSA 4628-1] php7.0 security update 1 hónap 2 hét
- Bugtraq: Re: BugTraq Shutdown 1 hónap 2 hét
- Bugtraq: On Second Thought... 1 hónap 2 hét
- More rss feeds from SecurityFocus 1 hónap 2 hét
- Bugtraq: LPE and RCE in OpenSMTPD's default install (CVE-2020-8794) 1 hónap 2 hét
- Bugtraq: [SECURITY] [DSA 4633-1] curl security update 1 hónap 2 hét
- Bugtraq: Cisco Unified Contact Center Express Privilege Escalation Vulnerability (CVE-2019-1888) 1 hónap 2 hét
- Bugtraq: BugTraq Shutdown 1 hónap 2 hét
Juniper Security Advisories
- JSA11105 - 2021-01 Security Bulletin: Junos OS: EX Series, QFX Series, MX Series, SRX Branch Series: Memory leak in packet forwarding engine due to 802.1X authenticator port interface flaps (CVE-2021-0215) 1 hónap 2 hét
- JSA11097 - 2021-01 Security Bulletin: NFX250, NFX350, QFX5K Series, EX2300 Series, EX3400 Series, EX4300 Multigigabit, EX4600 Series: Certain genuine traffic received by the Junos OS device will be discarded instead of forwarded. (CVE-2021-0207) 1 hónap 2 hét
- JSA11096 - 2021-01 Security Bulletin: Junos OS: NFX Series, SRX Series: PFE may crash upon receipt of specific packet when SSL Proxy is configured. (CVE-2021-0206) 1 hónap 2 hét
- JSA11095 - 2021-01 Security Bulletin: Junos OS: MX Series: Dynamic filter fails to match IPv6 prefix (CVE-2021-0205) 1 hónap 2 hét
- JSA11094 - 2021-01 Security Bulletin: Junos OS: Upon receipt of certain protocol packets with invalid payloads a self-propagating Denial of Service may occur. (CVE-2021-0222) 1 hónap 2 hét
- JSA11093 - 2021-01 Security Bulletin: EX and QFX5K Series: Storm Control does not work as expected when Redundant Trunk Group is configured (CVE-2021-0203) 1 hónap 2 hét
- JSA11092 - 2021-01 Security Bulletin: Junos OS: MX Series, EX9200 Series: Trio-based MPC memory leak when Integrated Routing and Bridging (IRB) interface is mapped to a VPLS instance or a Bridge-Domain (CVE-2021-0202) 1 hónap 2 hét
- JSA11091 - 2021-01 Security Bulletin: Junos OS: SRX Series: A logic error in BIND can be used to trigger a Denial of Service (DoS) (CVE-2020-8617) 1 hónap 2 hét
- JSA11090 - 2021-01 Security Bulletin: Junos OS: SRX Series: ISC Security Advisory: BIND does not sufficiently limit the number of fetches performed when processing referrals (CVE-2020-8616) 1 hónap 2 hét
- JSA11088 - 2021-01 Security Bulletin: Junos OS: SRX Series: Integrated User Firewall OpenLDAP vulnerability resolved (CVE-2019-13565) 1 hónap 2 hét
HUP - titkosítás, biztonság
- "A Nukleáris Biztonsági Ügynökséget is érintheti az USA elleni hackertámadás"" 2 hónap 2 hét
- "Több mint ötven év után fejtették meg a brutális Zodiákus üzenetét" 2 hónap 3 hét
- Átgondolná aktívan kihasznált 0day hibák esetén alkalmazott 7 napos közlési embargóját a Google P0 csapata 3 hónap 2 hét
Adatbiztonság (Computerworld)
Cisco Security Alerts
Cisco Security Responses
ISC Knowledge Base
Juniper signatures
Microsoft Security Bulletin
Microsoft Security Response Center Blog Alerts
Origo - biztonság -szoftverek
Sophos virus alerts
Symantec - threat
