Sources

SecurityFocus

• Vuln: Yokogawa Vnet/IP Open Communication Driver CVE-2018-16196 Denial of Service Vulnerability 0 másodperc
• Vuln: Foreman CVE-2018-14664 Multiple HTML Injection Vulnerabilities 0 másodperc
• Vuln: OpenAFS CVE-2018-16949 Multiple Denial of Service Vulnerabilities 0 másodperc
• Vuln: Node.js Multiple Denial of Service Vulnerabilities 0 másodperc
• Vuln: Microsoft Windows Win32k CVE-2019-0859 Local Privilege Escalation Vulnerability 20 óra 56 perc
• Vuln: Spring Security and Spring Framework CVE-2018-1258 Authorization Bypass Vulnerability 20 óra 56 perc
• Vuln: FreeType 2 CVE-2017-8105 Out of Bounds Write Heap Buffer Overflow Vulnerability 20 óra 56 perc
• Vuln: FreeType 2 CVE-2017-8287 Out of Bounds Write Heap Buffer Overflow Vulnerability 20 óra 56 perc
• Vuln: Apache Tika CVE-2018-11761 XML External Entity Denial of Service Vulnerability 20 óra 56 perc
• Vuln: Apache Log4j CVE-2017-5645 Remote Code Execution Vulnerability 20 óra 56 perc

SANS

• Malware Sample Delivered Through UDF Image, (Wed, Apr 17th) 12 óra 42 perc
• ISC Stormcast For Thursday, April 18th 2019 https://isc.sans.edu/podcastdetail.html?id=6460, (Thu, Apr 18th) 15 óra 51 perc
• ISC Stormcast For Wednesday, April 17th 2019 https://isc.sans.edu/podcastdetail.html?id=6458, (Wed, Apr 17th) 1 nap 15 óra
• A few Ghidra tips for IDA users, part 2 - strings and parameters, (Wed, Apr 17th) 1 nap 18 óra
• ISC Stormcast For Tuesday, April 16th 2019 https://isc.sans.edu/podcastdetail.html?id=6456, (Tue, Apr 16th) 2 nap 14 óra
• Odd DNS Requests that are Normal, (Tue, Apr 16th) 2 nap 14 óra
• ISC Stormcast For Monday, April 15th 2019 https://isc.sans.edu/podcastdetail.html?id=6454, (Mon, Apr 15th) 3 nap 14 óra
• Configuring MTA-STS and TLS Reporting For Your Domain, (Sat, Apr 13th) 5 nap 44 perc
• When Windows 10 Comes to Live: The First Few Minutes in the Live of a Windows 10 System, (Fri, Apr 12th) 6 nap 1 óra
• ISC Stormcast For Friday, April 12th 2019 https://isc.sans.edu/podcastdetail.html?id=6452, (Fri, Apr 12th) 6 nap 18 óra

NVD: all CVE

• CVE-2019-1840 16 óra 27 perc
• CVE-2019-1841 16 óra 27 perc
• CVE-2019-1826 16 óra 27 perc
• CVE-2019-1829 16 óra 27 perc
• CVE-2019-1830 16 óra 27 perc
• CVE-2019-1831 16 óra 27 perc
• CVE-2019-1834 16 óra 27 perc
• CVE-2019-1835 16 óra 27 perc
• CVE-2019-1837 16 óra 27 perc
• CVE-2019-1722 17 óra 27 perc

Cisco Security Advisories

• SNMP Remote Code Execution Vulnerabilities in Cisco IOS and IOS XE Software 16 óra 56 perc
• Cisco IOS and IOS XE Software Cluster Management Protocol Remote Code Execution Vulnerability 17 óra 8 perc
• Cisco Aironet Series Access Points Command Injection Vulnerability 19 óra 56 perc
• Cisco Aironet Series Access Points Denial of Service Vulnerability 19 óra 56 perc
• Cisco Aironet Series Access Points Directory Traversal Vulnerability 19 óra 56 perc
• Cisco Aironet Series Access Points Development Shell Access Vulnerability 19 óra 56 perc
• Cisco IOS XR 64-Bit Software for Cisco ASR 9000 Series Aggregation Services Routers Network Isolation Vulnerability 19 óra 56 perc
• Cisco Directory Connector Search Order Hijacking Vulnerability 19 óra 56 perc
• Cisco Expressway Series and Cisco TelePresence Video Communication Server Denial of Service Vulnerability 19 óra 56 perc
• Cisco Firepower Management Center Persistent Cross-Site Scripting Vulnerability 19 óra 56 perc

US CERT: Current Activity

• Drupal Releases Security Updates 18 óra 5 perc
• Cisco Releases Security Update for Cisco IOS XR 1 nap 34 perc
• ICSJWG Spring Meeting April 23–25 1 nap 37 perc
• Multiple Vulnerabilities in Broadcom WiFi Chipset Drivers 1 nap 3 óra
• Oracle Releases April 2019 Security Bulletin 1 nap 20 óra
• Apache Releases Security Updates for Apache Tomcat 3 nap 23 óra
• Multiple Vulnerabilities in WPA3 Protocol 5 nap 22 óra
• VMware Releases Security Updates 6 nap 4 óra
• Vulnerability in Multiple VPN Applications 6 nap 6 óra
• Juniper Networks Releases Multiple Security Updates 1 hét 23 óra

Symantec - threat

• Infostealer.Scranos 18 óra 56 perc
• SONAR.SuspLaunch!g64 18 óra 56 perc
• SONAR.SuspLaunch!g72 18 óra 56 perc
• Trojan.Danabot!gen2 2 nap 18 óra
• Trojan.Nancrat!g1 2 nap 18 óra
• SONAR.SuspLoad!g13 2 nap 18 óra
• VBS.Rosekernel!g1 1 hét 18 óra
• Trojan.Bemstour 1 hét 1 nap
• Exp.CVE-2019-0803 1 hét 1 nap
• Exp.CVE-2019-0859 1 hét 1 nap

Drupal core security advisories

• Drupal core - Moderately critical - Cross Site Scripting - SA-CORE-2019-006 22 óra 25 perc
• Drupal core - Moderately critical - Multiple Vulnerabilities - SA-CORE-2019-005 22 óra 27 perc
• Drupal core - Moderately critical - Cross Site Scripting - SA-CORE-2019-004 4 hét 1 nap
• Drupal core - Highly critical - Remote Code Execution - SA-CORE-2019-003 1 hónap 3 hét
• Drupal core - Critical - Arbitrary PHP code execution - SA-CORE-2019-002 3 hónap 2 nap
• Drupal core - Critical - Third Party Libraries - SA-CORE-2019-001 3 hónap 2 nap

NVD: fully analised CVE

• CVE-2018-20028 (contao_cms) 23 óra 27 perc
• CVE-2019-10642 (contao_cms) 23 óra 27 perc
• CVE-2018-18094 (media_sdk) 1 nap 27 perc
• CVE-2019-0158 (graphics_performance_analyzer) 1 nap 27 perc
• CVE-2019-0162 (-) 1 nap 27 perc
• CVE-2019-9217 (gitlab) 1 nap 1 óra
• CVE-2019-9222 (gitlab) 1 nap 1 óra
• CVE-2019-9756 (gitlab) 1 nap 1 óra
• CVE-2019-9219 (gitlab) 1 nap 1 óra
• CVE-2019-9220 (gitlab) 1 nap 1 óra

Drupal contrib security advisories

• TableField - Critical - Remote Code Execution - SA-CONTRIB-2019-045 1 nap 35 perc
• Stage File Proxy - Less critical - Denial of Service - SA-CONTRIB-2019-044 1 nap 3 óra
• Services - Less critical - Access bypass - SA-CONTRIB-2019-043 2 hét 1 nap
• Module Filter - Moderately critical - Cross site scripting - SA-CONTRIB-2019-042 3 hét 1 nap
• RESTful - Critical - Remote code execution - SA-CONTRIB-2019-041 4 hét 1 nap
• Back To Top - Moderately critical - Cross Site Scripting - SA-CONTRIB-2019-040 4 hét 1 nap
• AddToAny Share Buttons - Moderately critical - Cross Site Scripting - SA-CONTRIB-2019-039 4 hét 1 nap
• Simple hierarchical select - Moderately critical - Cross site request forgery - SA-CONTRIB-2019-038 1 hónap 6 nap
• Video - Critical - Remote Code Execution - SA-CONTRIB-2019-037 1 hónap 6 nap
• Views - Less critical - Cross site scripting - SA-CONTRIB-2019-036 1 hónap 6 nap

CERT-SEI

• VU#166939: Broadcom WiFi chipset drivers contain multiple vulnerabilities 1 nap 5 óra
• VU#871675: Multiple vulnerabilities identified in WPA3 protocol design and implementations of hostapd and wpa_supplicant components 6 nap 1 óra
• VU#192371: Multiple VPN applications insecurely store session cookies 1 hét 5 óra
• VU#174715: MyCar Controls uses hard-coded credentials 1 hét 2 nap
• VU#730261: Marvell Avastar wireless SoCs have multiple vulnerabilities 2 hónap 1 hét
• VU#395981: Self-encrypting hard drives do not adequately protect data 2 hónap 1 hét
• VU#465632: Microsoft Exchange 2013 and newer are vulnerable to NTLM relay attacks 2 hónap 2 hét
• VU#756913: Pixar Tractor contains a stored cross-site scripting vulnerability 2 hónap 2 hét
• VU#741315: Dokan file system driver contains a stack-based buffer overflow 3 hónap 3 nap
• VU#317277: Texas Instruments CC2640 and CC2650 microcontrollers vulnerable to heap overflow and insecure update 3 hónap 1 hét

Huawei Security Bulletin

• Security Advisory - Information Disclosure Vulnerability on Smartphones 1 nap 20 óra
• Security Advisory - Improper Authentication Vulnerability in Some Huawei AP Products 3 hét 1 nap
• Security Advisory - Signature Verification Bypass Vulnerability in Some Huawei Mobile Phones 4 hét 1 nap
• Security Advisory - Digital Signature Verification Bypass Vulnerability in Some Huawei Routers 4 hét 1 nap
• Security Advisory - FRP Bypass Vulnerability on Some Huawei Smartphones 1 hónap 2 hét
• Security Advisory - CPU Vulnerabilities 'Meltdown' and 'Spectre' 1 hónap 2 hét
• Security Advisory - CPU Side Channel Vulnerability "L1TF" 1 hónap 2 hét
• Security Advisory - Side-Channel Vulnerability Variants 3a and 4 1 hónap 2 hét
• Security Advisory - FRP Bypass Vulnerability on Some Huawei Smartphones 1 hónap 2 hét
• Security Advisory - Out-of-bounds Read Vulnerability in Some Huawei Smartphones 1 hónap 3 hét

Arista Security Advisories

• Security Advisory 0040 2 nap 4 óra
• Security Advisory 0039 3 hónap 1 nap

seclist.org

• Redhat/CentOS root through network-scripts 2 nap 10 óra
• Re: Microsoft Internet Explorer v11 / XML External Entity Injection 0day 2 nap 10 óra
• CVE-2019-9955 Refelected XSS on Zyxel Login page 2 nap 10 óra
• [SE-2019-01] Gemalto SIM card applet loading vulnerability 3 nap 12 óra
• Microsoft Internet Explorer v11 / XML External Entity Injection 0day 4 nap 22 óra
• Nagios XI 5.5.10: XSS to root RCE (CVE-2019-9164, 9165, 9166, 9167, 9202, 9203, 9204) 4 nap 22 óra
• Security Analysis of the TP-Link Archer C50 Router 4 nap 22 óra
• HD Pan/Tilt Wi-Fi Camera NC450 Hard-Coded Credential Vulnerability 1 hét 2 nap
• DSA-2019-031: Dell EMC IsilonSD Management Server Cross-Site Scripting (XSS) Vulnerabilities 1 hét 2 nap
• CALL FOR PAPERS - Hackers 2 Hackers Conference 16th edition 1 hét 2 nap

US CERT: Security Bulletins

• SB19-105: Vulnerability Summary for the Week of April 8, 2019 3 nap 8 óra
• SB19-098: Vulnerability Summary for the Week of April 1, 2019 1 hét 3 nap
• SB19-091: Vulnerability Summary for the Week of March 25, 2019 2 hét 3 nap
• SB19-084: Vulnerability Summary for the Week of March 18, 2019 3 hét 3 nap
• SB19-077: Vulnerability Summary for the Week of March 11, 2019 1 hónap 1 nap
• SB19-070: Vulnerability Summary for the Week of March 4, 2019 1 hónap 1 hét
• SB19-063: Vulnerability Summary for the Week of February 25, 2019 1 hónap 2 hét
• SB19-056: Vulnerability Summary for the Week of February 18, 2019 1 hónap 3 hét
• SB19-049: Vulnerability Summary for the Week of February 11, 2019 1 hónap 4 hét
• SB19-042: Vulnerability Summary for the Week of February 4, 2019 2 hónap 6 nap

Kaspersky

• New zero-day vulnerability CVE-2019-0859 in win32k.sys 3 nap 8 óra
• Large-scale SIM swap fraud 1 hét 8 óra
• Gaza Cybergang Group1, operation SneakyPastes 1 hét 1 nap
• Project TajMahal – a sophisticated new APT framework 1 hét 1 nap
• Digital Doppelgangers 1 hét 2 nap
• BasBanke: Trend-setting Brazilian banking Trojan 2 hét 7 óra
• Roaming Mantis, part IV 2 hét 1 nap
• Beware of stalkerware 2 hét 1 nap
• Game of Threats 2 hét 3 nap
• Bots and botnets in 2018 2 hét 6 nap

Sophos virus alerts

• Troj/Zbot-NFK 3 nap 20 óra
• Troj/VB-KEV 3 nap 20 óra
• Troj/MSILInj-YQ 3 nap 20 óra
• Troj/Phish-EYP 3 nap 20 óra
• VBS/DwnLdr-XVC 3 nap 20 óra
• VBS/DwnLdr-XVB 3 nap 20 óra
• VBS/DwnLdr-XVA 3 nap 20 óra
• VBS/DownLdr-AHV 3 nap 20 óra
• VBS/Agent-BBEE 3 nap 20 óra
• Troj/Zbot-NFJ 3 nap 20 óra

HUP - titkosítás, biztonság

• A gyanú szerint megtévesztő e-mailekkel csapott be nagyvállalatokat a most letartóztatott magyar bűnözői csoport 4 nap 5 óra
• Három hónapon keresztül fértek hozzá illetéktelenek Microsoft által kezelt e-mail fiókok adataihoz 4 nap 5 óra
• Sikerült átverni a Samsung Galaxy S10 ujjlenyomat-olvasóját 3D nyomtatott ujjlenyomattal 1 hét 2 nap
• Apache local root sebezhetőség, exploit később 2 hét 1 nap
• Tesztelhetők kerestetnek az OpenSSH 8.0-s kiadásához 2 hét 4 nap
• A leggyakrabban használt okostelefonodon mely biztonsági mechanizmus(oka)t használod az alábbiak közül? 3 hét 3 nap
• Pwn2Own Vancouver 2019 - Day 2 eredmények 3 hét 5 nap
• Felhasználói jelszavak millióit tárolta cleartext-ben a Facebook belső adattároló rendszerén 3 hét 6 nap
• Bemutatkozik a Microsoft Defender ATP for Mac 3 hét 6 nap
• Pwn2Own Vancouver 2019 - Day 1 eredmények 4 hét 10 óra

Juniper Security Advisories

• JSA10937 - 2019-04 Security Bulletin: Junos OS: Multiple FreeBSD vulnerabilities fixed in Junos OS. 1 hét 1 nap
• JSA10930 - 2019-04 Security Bulletin: QFX5000 Series, EX4300, EX4600: A stack buffer overflow vulnerability in Packet Forwarding Engine manager (FXPC) process (CVE-2019-0008) 1 hét 1 nap
• JSA10929 - 2019-04 Security Bulletin: Junos OS: Specially crafted packets sent to port 111 on any interface triggers responses from the management interface (CVE-2019-0040) 1 hét 1 nap
• JSA10928 - 2019-04 Security Bulletin: Junos OS: Login credentials are vulnerable to brute force attacks through the REST API (CVE-2019-0039) 1 hét 1 nap
• JSA10927 - 2019-04 Security Bulletin: SRX Series: Crafted packets destined to fxp0 management interface on SRX340/SRX345 devices can lead to DoS (CVE-2019-0038) 1 hét 1 nap
• JSA10926 - 2019-04 Security Bulletin: Junos OS: jdhcpd crash upon receipt of crafted DHCPv6 solicit message (CVE-2019-0037) 1 hét 1 nap
• JSA10925 - 2019-04 Security Bulletin: Junos OS: Firewall filter terms named "internal-1" and "internal-2" being ignored (CVE-2019-0036) 1 hét 1 nap
• JSA10924 - 2019-04 Security Bulletin: Junos OS: 'set system ports console insecure' allows root password recovery on OAM volumes (CVE-2019-0035) 1 hét 1 nap
• JSA10923 - 2019-04 Security Bulletin: Junos OS: gRPC hardcoded credentials may allow unauthorized access to systems with Junos Network Agent installed (CVE-2019-0034) 1 hét 1 nap
• JSA10922 - 2019-04 Security Bulletin: SRX Series: A remote attacker may cause a high CPU Denial of Service to the device when proxy ARP is configured. (CVE-2019-0033) 1 hét 1 nap

Juniper signatures

• Signature Update #3160 1 hét 1 nap
• Cloud-Delivered Branch - Simplicity Now Surpasses SD-WAN 1 hét 3 nap
• Signature Update #3159 1 hét 6 nap
• Smart Ambulance Demo at MWC Showcases Critical 5G / SD-WAN Use Case 2 hét 2 óra
• Signature Update #3158 2 hét 1 nap
• Juniper Networks Completes Agreement to Acquire Mist Systems to Serve Enterprises End-to-End 2 hét 2 nap
• Signature Update #3157 2 hét 6 nap
• Signature Update #3156 3 hét 1 nap
• Move Fast and Be Open With SONiC 3 hét 3 nap
• Signature Update #3155 3 hét 6 nap

Linux security Advisories

• openSUSE: 2019:1126-1: critical: MozillaThunderbird 2 hét 1 nap
• openSUSE: 2019:1128-1: important: pdns 2 hét 1 nap
• Debian: DSA-4422-1: apache2 security update 2 hét 1 nap
• openSUSE: 2019:1125-1: moderate: ansible 2 hét 1 nap
• Fedora 29: edk2 Security Update 2 hét 1 nap
• Fedora 28: tomcat Security Update 2 hét 1 nap
• Fedora 30: pspp Security Update 2 hét 1 nap
• Ubuntu 3933-1: Linux kernel vulnerabilities 2 hét 2 nap
• Ubuntu 3932-2: Linux kernel (Xenial HWE) vulnerabilities 2 hét 2 nap
• Ubuntu 3933-2: Linux kernel (Trusty HWE) vulnerabilities 2 hét 2 nap

Talos Group- Cisco blog

• Threat Roundup for Jan. 25 to Feb. 1 2 hónap 2 hét
• Cisco Job Posting Targets Korean Candidates 2 hónap 2 hét
• Vulnerability Spotlight: Multiple vulnerabilities in ACD Systems Canvas Draw 5 2 hónap 2 hét
• Vulnerability Spotlight: Multiple WIBU SYSTEMS WubiKey vulnerabilities 2 hónap 2 hét
• Threat Roundup for Jan. 18 to Jan. 25 2 hónap 3 hét
• AMP tracks new campaign that delivers Ursnif 2 hónap 3 hét
• Threat Roundup for Jan. 11 to Jan. 18 2 hónap 4 hét
• What we learned by unpacking a recent wave of Imminent RAT infections using AMP 3 hónap 23 óra
• Emotet re-emerges after the holidays 3 hónap 2 nap
• Vulnerability Deep Dive: TP-Link TL-R600VPN remote code execution vulnerabilities 3 hónap 2 nap

US CERT: Technical Security Alerts

• AA19-024A: DNS Infrastructure Hijacking Campaign 2 hónap 3 hét

Adatbiztonság (Computerworld)

AusCERT - Security Bulletins

Cisco Security Alerts

Cisco Security Responses

ISC Knowledge Base

Microsoft Comprehensive Alerts

Microsoft Security Bulletin

Microsoft Security Response Center Blog Alerts

Origo - biztonság -szoftverek

Ubuntu Secutity Notices