Sources

SANS

• ISC Stormcast For Thursday, May 28th 2020 https://isc.sans.edu/podcastdetail.html?id=7014, (Thu, May 28th) 2 óra 41 perc
• Frankenstein's phishing using Google Cloud Storage, (Wed, May 27th) 20 óra 2 perc
• ISC Stormcast For Wednesday, May 27th 2020 https://isc.sans.edu/podcastdetail.html?id=7012, (Wed, May 27th) 1 nap 2 óra
• Seriously, SHA3 where art thou?, (Tue, May 26th) 1 nap 9 óra
• ISC Stormcast For Tuesday, May 26th 2020 https://isc.sans.edu/podcastdetail.html?id=7010, (Tue, May 26th) 1 nap 18 óra
• Zloader Maldoc Analysis With xlm-deobfuscator, (Sun, May 24th) 2 nap 21 óra
• Wireshark 3.2.4 Released, (Sun, May 24th) 3 nap 10 óra
• AgentTesla Delivered via a Malicious PowerPoint Add-In, (Sat, May 23rd) 4 nap 22 óra
• Some Strings to Remember, (Fri, May 22nd) 5 nap 14 óra
• ISC Stormcast For Friday, May 22nd 2020 https://isc.sans.edu/podcastdetail.html?id=7008, (Fri, May 22nd) 6 nap 2 óra

NVD: all CVE

• CVE-2020-8603 5 óra 26 perc
• CVE-2020-8604 5 óra 26 perc
• CVE-2020-8605 5 óra 26 perc
• CVE-2020-8606 5 óra 26 perc
• CVE-2020-11075 6 óra 26 perc
• CVE-2020-11059 7 óra 26 perc
• CVE-2020-10936 10 óra 26 perc
• CVE-2020-6774 11 óra 26 perc
• CVE-2020-13633 12 óra 26 perc
• CVE-2020-10945 12 óra 26 perc

Linux security Advisories

• Fedora 31: unbound FEDORA-2020-8e9b62948e> 6 óra 40 perc
• Fedora 31: dovecot FEDORA-2020-b60344c987> 6 óra 40 perc
• SUSE: 2020:1493-1 libmspack> 8 óra 21 perc
• Mageia 2020-0238: libexif security update> 11 óra 34 perc
• Mageia 2020-0237: ant security update> 12 óra 23 perc
• Mageia 2020-0236: php security update> 12 óra 23 perc
• Ubuntu 4375-1: PHP vulnerability> 12 óra 51 perc
• SUSE: 2020:1486-1 important: the Linux Kernel (Live Patch 34 for SLE 12 SP2)> 14 óra 28 perc
• Ubuntu 4374-1: Unbound vulnerabilities> 16 óra 26 perc
• Mageia 2020-0235: transmission security update> 20 óra 47 perc

Ubuntu Secutity Notices

• USN-4375-1: PHP vulnerability 10 óra 41 perc
• USN-4374-1: Unbound vulnerabilities 13 óra 22 perc
• USN-4373-1: Thunderbird vulnerabilities 1 nap 14 óra
• USN-4370-2: ClamAV vulnerabilities 6 nap 9 óra
• USN-4372-1: QEMU vulnerabilities 6 nap 11 óra
• USN-4371-1: libvirt vulnerabilities 6 nap 11 óra
• USN-4370-1: ClamAV vulnerabilities 6 nap 11 óra
• USN-4369-1: Linux kernel vulnerabilities 1 hét 2 óra
• USN-4365-2: Bind vulnerabilities 1 hét 10 óra
• LSN-0067-1: Kernel Live Patch Security Notice 1 hét 20 óra

NVD: fully analised CVE

• CVE-2020-13633 (fork_cms) 12 óra 26 perc
• CVE-2020-13632 (sqlite) 13 óra 26 perc
• CVE-2020-13630 (sqlite) 13 óra 26 perc
• CVE-2020-13631 (sqlite) 13 óra 26 perc
• CVE-2020-4349 (spectrum_scale) 14 óra 26 perc
• CVE-2020-4358 (spectrum_scale) 14 óra 26 perc
• CVE-2020-4350 (spectrum_scale) 14 óra 26 perc
• CVE-2020-4357 (spectrum_scale) 14 óra 26 perc
• CVE-2020-4378 (spectrum_scale) 14 óra 26 perc
• CVE-2020-4379 (spectrum_scale) 14 óra 26 perc

Drupal contrib security advisories

• Password Reset Landing Page (PRLP) - Highly critical - Access bypass - SA-CONTRIB-2020-021 12 óra 54 perc
• Drupal Commerce - Moderately critical - Access bypass - SA-CONTRIB-2020-020 13 óra 8 perc
• reCAPTCHA v3 - Critical - Access bypass - SA-CONTRIB-2020-019 2 hét 11 óra
• Webform - Critical - Access bypass - SA-CONTRIB-2020-018 2 hét 12 óra
• Webform - Moderately critical - Access bypass - SA-CONTRIB-2020-017 3 hét 11 óra
• Webform - Critical - Access bypass - SA-CONTRIB-2020-016 3 hét 11 óra
• Webform - Moderately critical - Cross site scripting - SA-CONTRIB-2020-015 3 hét 11 óra
• Webform - Moderately critical - Cross site scripting - SA-CONTRIB-2020-014 3 hét 11 óra
• Webform - Moderately critical - Cross site scripting - SA-CONTRIB-2020-013 3 hét 11 óra
• Webform - Moderately critical - Access bypass - SA-CONTRIB-2020-012 3 hét 11 óra

US CERT: Current Activity

• Apple Releases Security Updates 14 óra 4 perc
• Microsoft Releases Security Update for Edge 5 nap 15 óra
• Cisco Releases Security Updates 5 nap 15 óra
• ACSC Releases Cyber Criminal and APT Tradecraft Trends for 2019-2020 5 nap 15 óra
• CISA, DOE, and UK’s NCSC Issue Guidance on Protecting Industrial Control Systems 5 nap 16 óra
• Drupal Releases Security Updates 6 nap 15 óra
• Apple Releases Security Update for Xcode 6 nap 15 óra
• CISA, IRS, USSS, and Treasury Release Joint Alert on Scams Related to Coronavirus Economic Impact Payments 6 nap 15 óra
• ISC Releases Security Advisory for BIND 1 hét 14 óra
• Adobe Releases Security Updates 1 hét 14 óra

Huawei Security Bulletin

• Security Advisory - Improper Authentication Vulnerability in Several Smartphones 1 nap 6 óra
• Security Advisory - Improper Authorization Vulnerability in Several Smartphones 1 nap 6 óra
• Security Advisory - Improper Authorization Vulnerability in Several Smartphones 1 nap 6 óra
• Security Advisory - Information Disclosure Vulnerability in Several Smartphones 1 nap 6 óra
• Security Advisory - Stack Buffer Overflow Vulnerability in Several Products 1 nap 6 óra
• Security Advisory - Kr00k Vulnerability in Broadcom Wi-Fi chips 1 nap 6 óra
• Security Advisory - Denial of Service Vulnerability in Some Huawei Products 1 nap 6 óra
• Security Advisory - Privilege Escalation Vulnerability in Some Huawei Products 1 nap 6 óra
• Security Advisory - Improper Authentication Vulnerability in Several Smartphones 1 nap 6 óra
• Security Advisory - Use After Free Vulnerability in Several Products 1 hét 1 nap

Sophos virus alerts

• Troj/Inject-GAJ 1 nap 6 óra
• Troj/Fareit-KPY 1 nap 6 óra
• Troj/DocDl-YZR 1 nap 6 óra
• VBS/DwnLdr-AAAH 1 nap 6 óra
• Troj/Zbot-OZY 1 nap 6 óra
• Troj/Zbot-OZX 1 nap 6 óra
• Troj/Zbot-OZW 1 nap 6 óra
• Troj/Zbot-OZV 1 nap 6 óra
• Troj/Steale-YU 1 nap 6 óra
• Troj/Steale-YT 1 nap 6 óra

CERT-SEI

• VU#127371: iOS contains an unspecified kernel vulnerability 1 nap 13 óra
• VU#647177: Bluetooth devices supporting BR/EDR are vulnerable to impersonation attacks 1 hét 2 nap
• VU#534195: Bluetooth devices supporting LE and specific BR/EDR implementations are vulnerable to method confusion attacks 1 hét 2 nap
• VU#366027: Samsung Qmage codec for Android Skia library does not properly validate image files 1 hét 6 nap
• VU#660597: Periscope BuySpeed is vulnerable to stored cross-site scripting 1 hónap 3 hét
• VU#962085: Versiant LYNX Customer Service Portal is vulnerable to stored cross-site scripting 1 hónap 4 hét
• VU#944837: Vertiv Avocent UMG-4000 vulnerable to command injection and cross-site scripting vulnerabilities 1 hónap 4 hét
• VU#354840: Microsoft Windows Type 1 font parsing remote code execution vulnerabilities 2 hónap 5 nap
• VU#425163: Machine learning classifiers trained via gradient descent are vulnerable to arbitrary misclassification attack 2 hónap 1 hét
• VU#872016: Microsoft SMBv3 compression remote code execution vulnerability 2 hónap 2 hét

Kaspersky

• Spam and phishing in Q1 2020 1 nap 18 óra
• Aggressive in-app advertising in Android 2 nap 18 óra
• IT threat evolution Q1 2020 1 hét 18 óra
• IT threat evolution Q1 2020. Statistics 1 hét 18 óra
• Verizon’s 2020 DBIR 1 hét 1 nap
• Cyberthreats on lockdown 1 hét 6 nap
• COMpfun authors spoof visa application with HTTP status-based Trojan 1 hét 6 nap
• Naikon’s Aria 2 hét 5 nap
• DDoS attacks in Q1 2020 3 hét 18 óra
• APT trends report Q1 2020 3 hét 6 nap

US CERT: Security Bulletins

• Vulnerability Summary for the Week of May 18, 2020 2 nap 18 óra
• Vulnerability Summary for the Week of May 11, 2020 1 hét 2 nap
• Vulnerability Summary for the Week of May 4, 2020 2 hét 2 nap
• Vulnerability Summary for the Week of April 27, 2020 3 hét 2 nap
• Vulnerability Summary for the Week of April 20, 2020 1 hónap 18 óra
• Vulnerability Summary for the Week of April 13, 2020 1 hónap 1 hét
• Vulnerability Summary for the Week of April 6, 2020 1 hónap 2 hét
• Vulnerability Summary for the Week of March 30, 2020 1 hónap 3 hét
• Vulnerability Summary for the Week of March 23, 2020 1 hónap 4 hét
• Vulnerability Summary for the Week of March 16, 2020 2 hónap 5 nap

seclist.org

• Konica Minolta FTP Utility v1.0 - 'NLST' Denial of Service (PoC) 5 nap 12 óra
• Konica Minolta FTP Utility v1.0 - 'LIST' Denial of Service (PoC) 5 nap 12 óra
• Filetto v1.0 - 'FEAT' Denial of Service (PoC) 5 nap 12 óra
• [IAIK JCE] Timing Attack Side Channel in DSA Implementation 5 nap 12 óra
• Remote Code Execution in qmail (CVE-2005-1513) 5 nap 12 óra
• APPLE-SA-2020-05-20-1 Xcode 11.5 5 nap 12 óra
• Short notes on qmail security guarantee 5 nap 12 óra
• Composr CMS 10.0.30 - (Authenticated) Cross-Site Scripting 5 nap 12 óra
• [SYSS-2019-039] Smartbear ReadyAPI/SoapUI Pro/jProductivity Licensing Unsafe Deserialization 1 hét 1 nap
• Multiple vulnerabilities in Dovecot IMAP server 1 hét 1 nap

Talos Group- Cisco blog

• Vulnerability Spotlight: Memory Corruption Vulnerability in GNU Glibc Leaves Smart Vehicles Open to Attack 6 nap 13 óra
• The Wolf Is Back… 1 hét 1 nap
• Threat Roundup for May 8 to May 15 1 hét 5 nap
• Threat Spotlight: Astaroth – Maze of Obfuscation and Evasion Reveals Dark Stealer 2 hét 2 nap
• Threat Roundup for May 1 to May 8 2 hét 5 nap
• Threat Roundup for April 24 to May 1 3 hét 5 nap
• Upgraded Aggah malspam campaign delivers multiple RATs 4 hét 12 óra
• Threat Roundup for April 17 to April 24 1 hónap 3 nap
• Threat Spotlight: MedusaLocker 1 hónap 4 nap
• Vulnerability Spotlight: Zoom Communications User Enumeration 1 hónap 6 nap

Cisco Security Advisories

• Cisco AMP for Endpoints Mac Connector Software File Scan Denial of Service Vulnerability 1 hét 10 óra
• Cisco Prime Network Registrar DHCP Denial of Service Vulnerability 1 hét 10 óra
• Cisco Prime Collaboration Provisioning Software SQL Injection Vulnerability 1 hét 10 óra
• Cisco Unified Contact Center Express Remote Code Execution Vulnerability 1 hét 10 óra
• Cisco AMP for Endpoints Linux Connector and AMP for Endpoints Mac Connector Software Memory Buffer Vulnerability 1 hét 10 óra
• Cisco Firepower Detection Engine Secure Sockets Layer Denial of Service Vulnerability 1 hét 2 nap
• Cisco Aironet Series Access Points Denial of Service Vulnerability 2 hét 2 nap
• Cisco Wireless LAN Controller HTTP Parsing Engine Denial of Service Vulnerability 2 hét 2 nap
• Cisco Firepower Management Center Arbitrary Log File Write Vulnerability 3 hét 10 óra
• Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software IKEv1 Denial of Service Vulnerability 3 hét 10 óra

Drupal core security advisories

• Drupal core - Moderately critical - Open Redirect - SA-CORE-2020-003 1 hét 13 óra
• Drupal core - Moderately critical - Cross Site Scripting - SA-CORE-2020-002 1 hét 13 óra
• Drupal core - Moderately critical - Third-party library - SA-CORE-2020-001 2 hónap 1 hét

Arista Security Advisories

• Security Advisory 0048 2 hét 5 óra
• April 29 2020 Automation and Visibility Simplified with CloudVision 2020.1 4 hét 8 óra
• April 15 2020 NetDevOps Webinar Series 2: Business/Operations Continuity Remote Management and Administration 1 hónap 1 hét
• Security Advisory 0047 1 hónap 1 hét
• April 8 2020 Ansible and CloudVision webinar recording 1 hónap 1 hét
• April 9 2020 EVPN Webinar Series 4: Active/Active ESI Dual-Homing in EVPN VxLAN Deployments 1 hónap 2 hét
• April 2 2020 NetDevOps Webinar Series 1: Baselining and Maturing your Network Operating Model 1 hónap 3 hét
• March 25 2020 Network Segmentation with EVPN, VXLAN and MPLS transport webinar 1 hónap 4 hét
• Security Advisory 0046 2 hónap 5 nap
• March 11 2020 Building Network Observability Fabrics Webinar 2 hónap 2 hét

US CERT: Technical Security Alerts

• AA20-133A: Top 10 Routinely Exploited Vulnerabilities 2 hét 1 nap
• AA20-126A: APT Groups Target Healthcare and Essential Services 3 hét 1 nap
• AA20-120A: Microsoft Office 365 Security Recommendations 4 hét 14 óra
• AA20-107A: Continued Threat Actor Exploitation Post Pulse Secure VPN Patching 1 hónap 1 hét
• AA20-106A: Guidance on the North Korean Cyber Threat 1 hónap 1 hét
• AA20-099A: COVID-19 Exploited by Malicious Cyber Actors 1 hónap 2 hét
• AA20-073A: Enterprise VPN Security 2 hónap 2 hét
• AA20-049A: Ransomware Impacting Pipeline Operations 3 hónap 1 hét

Juniper Security Advisories

• JSA11021 - 2020-04 Out of Cycle Security Advisory: Junos OS: Security vulnerability in J-Web and web based (HTTP/HTTPS) services 1 hónap 12 óra
• JSA11001 - 2020-04 Security Bulletin: Junos OS: EX and QFX Series: Console port authentication bypass vulnerability (CVE-2020-1618) 1 hónap 2 hét
• JSA10999 - 2020-04 Security Bulletin: JATP Series: JATP Is susceptible to slow brute force attacks on the SSH service. (CVE-2020-1616) 1 hónap 2 hét
• JSA10998 - 2020-04 Security Bulletin: Junos OS: vMX: Default credentials supplied in vMX configuration (CVE-2020-1615) 1 hónap 2 hét
• JSA10996 - 2020-04 Security Bulletin: Junos OS: BGP session termination upon receipt of specific BGP FlowSpec advertisement. (CVE-2020-1613) 1 hónap 2 hét
• JSA10994 - 2020-04 Security Bulletin: Junos OS: SRX Branch Series and vSRX Series: Multiple vulnerabilities in ISC BIND named. 1 hónap 2 hét
• JSA11014 - 2020-04 Security Bulletin: Junos OS: High-End SRX Series: Multicast traffic might cause all FPCs to reset. (CVE-2020-1634) 1 hónap 2 hét
• JSA11000 - 2020-04 Security Bulletin: Junos OS: non-AFT architectures: A specific genuine packet inspected by sFlow will cause a reboot. A second packet received and inspected by sFlow will cause a core and reboot. (CVE-2020-1617) 1 hónap 2 hét
• JSA10997 - 2020-04 Security Bulletin: NFX250 Series: Hardcoded credentials in the vSRX VNF instance. (CVE-2020-1614) 1 hónap 2 hét
• JSA11010 - 2020-04 Security Bulletin: Junos OS: Privilege escalation vulnerability in dual REs, VC or HA cluster may allow unauthorized configuration change. (CVE-2020-1630) 1 hónap 2 hét

HUP - titkosítás, biztonság

• Tails 4.5 1 hónap 2 hét
• ProtonMail - Bridge for Linux 1 hónap 2 hét
• A szlovák parlament jóváhagyta az állami hozzáférést a mobiltelefon-adatokhoz. Én egy ilyen intézkedést itthon .. 1 hónap 3 hét
• Újabb szög a TLS 1.0 és 1.1 koporsójába 1 hónap 3 hét
• Egy bug folytán az iOS 13.1.1 és későbbi verziók nem titkosítják az (összes) adatforgalmat VPN kapcsolat felépítése esetén sem 2 hónap 2 nap
• Aktívan kihasznált 0day Windows sebezhetőségre figyelmeztet a Microsoft 2 hónap 4 nap
• Megjelent a Parrot 4.8-as kiadása 2 hónap 4 nap
• Tails 4.4.1 2 hónap 4 nap
• CVE-2020-0796 - Javította a Microsoft a súlyos SMBv3 sebezhetőséget 2 hónap 2 hét
• A Huawei magyarázza, hogy mi az a backdoor 2 hónap 3 hét

SecurityFocus

• Bugtraq: Local information disclosure in OpenSMTPD (CVE-2020-8793) 3 hónap 2 nap
• Bugtraq: LPE and RCE in OpenSMTPD's default install (CVE-2020-8794) 3 hónap 2 nap
• Bugtraq: [SECURITY] [DSA 4633-1] curl security update 3 hónap 2 nap
• Bugtraq: Cisco Unified Contact Center Express Privilege Escalation Vulnerability (CVE-2019-1888) 3 hónap 2 nap
• Bugtraq: [TZO-22-2020] Qihoo360 | GDATA | Rising | Command Generic Malformed Archive Bypass 3 hónap 3 nap
• Bugtraq: [TZO-16-2020] - F-SECURE Generic Malformed Container bypass (GZIP) 3 hónap 3 nap
• Bugtraq: [slackware-security] proftpd (SSA:2020-051-01) 3 hónap 6 nap
• Bugtraq: [SECURITY] [DSA 4628-1] php7.0 security update 3 hónap 1 hét
• Bugtraq: [SECURITY] [DSA 4629-1] python-django security update 3 hónap 1 hét
• Bugtraq: [TZO-18-2020] - Bitdefender Malformed Archive bypass (GZIP) 3 hónap 1 hét

Adatbiztonság (Computerworld)

AusCERT - Security Bulletins

Cisco Security Alerts

Cisco Security Responses

ISC Knowledge Base

Juniper signatures

Microsoft Comprehensive Alerts

Microsoft Security Bulletin

Microsoft Security Response Center Blog Alerts

Origo - biztonság -szoftverek

Symantec - threat