Sources

ECHO Network

• ChatGPT’s history bug may have also exposed payment info, says OpenAI 6 óra 41 perc
• Slackware: 2023-083-01: tar Security Update 7 óra 2 perc
• NA - CVE-2023-21028 - In parse_printerAttributes of ipphelper.c,... 7 óra 20 perc
• NA - CVE-2023-21027 - In serializePasspointConfiguration of... 7 óra 20 perc
• NA - CVE-2023-21026 - In updateInputChannel of... 7 óra 20 perc
• NA - CVE-2023-21025 - In ufdt_local_fixup_prop of ufdt_overlay.c,... 7 óra 20 perc
• NA - CVE-2023-21024 - In maybeFinish of FallbackHome.java, there is a... 7 óra 20 perc
• NA - CVE-2023-21022 - In BufferBlock of Suballocation.cpp, there is a... 7 óra 20 perc
• NA - CVE-2023-21021 - In isTargetSdkLessThanQOrPrivileged of... 7 óra 20 perc
• NA - CVE-2023-21020 - In registerSignalHandlers of main.c, there is a... 7 óra 20 perc

Linux security Advisories

• Fedora 38: gmailctl 2023-8c02aee138 7 óra 46 perc
• Slackware: 2023-083-01: tar Security Update 12 óra 23 perc
• SciLinux: SLSA-2023-1401-1 Important: thunderbird on SL7.x x86_64 14 óra 42 perc
• Debian LTS: DLA-3367-1: libdatetime-timezone-perl security update 19 óra 45 perc
• Debian LTS: DLA-3366-1: tzdata new timezone database 19 óra 48 perc
• Mageia 2023-0116: thunderbird security update 1 nap 2 óra
• Mageia 2023-0115: flatpak security update 1 nap 2 óra
• Mageia 2023-0114: libmicrohttpd security update 1 nap 2 óra
• Mageia 2023-0113: libtiff security update 1 nap 2 óra
• Mageia 2023-0112: python-owslib security update 1 nap 2 óra

NVD: all CVE

• CVE-2023-25676 7 óra 53 perc
• CVE-2023-25801 7 óra 53 perc
• CVE-2023-27579 7 óra 53 perc
• CVE-2023-28437 7 óra 53 perc
• CVE-2023-25658 7 óra 53 perc
• CVE-2023-25659 7 óra 53 perc
• CVE-2023-25660 7 óra 53 perc
• CVE-2023-25662 7 óra 53 perc
• CVE-2023-25663 7 óra 53 perc
• CVE-2023-25664 7 óra 53 perc

seclist.org

• Defense in depth -- the Microsoft way (part 84): (no) fun with %COMSPEC% 18 óra 51 perc
• Invitation to the World Cryptologic Competition 2023 3 nap 2 óra
• Insecure python cgi documentation and tutorials are vulnerable to XSS. 3 nap 2 óra
• Re: Microsoft PlayReady security research 3 nap 2 óra
• Re: Defense in depth -- the Microsoft way (part 83): instead to fix even their most stupid mistaskes, they spill barrels of snakeoil to cover them (or just leave them as-is) 3 nap 2 óra
• Re: Microsoft PlayReady security research 3 nap 21 óra
• Defense in depth -- the Microsoft way (part 83): instead to fix even their most stupid mistaskes, they spill barrels of snakeoil to cover them (or just leave them as-is) 1 hét 1 nap
• [CFP] Security BSides Ljubljana 0x7E7 | June 16, 2023 1 hét 1 nap
• Full Disclosure - Fastly 1 hét 6 nap
• Full Disclosure - Shopify Application 1 hét 6 nap

HUP - titkosítás, biztonság

• Pwn2Own 2. nap, eddig elesett: Oracle VirtualBox, Microsoft Teams, Tesla Infotainment System, Ubuntu Desktop ... 23 óra 29 perc
• Pwn2Own 1 nap, eddig elesett: Adobe Reader, SharePoint, Tesla Gateway, Ubuntu desktop, macOS, Windows 11 ... 1 nap 20 óra
• Ransomware támadás a Ferrari-nál 3 nap 20 óra
• Elhagyott pendrive-ot találsz a parkban és a következőt teszed ... 1 hét 3 nap
• Needle (CVE-2023-0179) exploit 3 hét 2 nap
• A LastPass szerint az egyik DevOps mérnökük ottoni számítógépén keresztül fértek hozzá a rendszerükhöz 3 hét 4 nap
• „Etikus hacker” is volt a zsarolóvírus-gyanúsítottak között, akiket a hollandok lekapcsoltak 3 hét 5 nap
• Csak a Twitter Blue előfizetőknek marad meg az SMS mint második faktor 1 hónap 3 nap
• Zsarolóvírus támadás engem/minket ... 1 hónap 2 hét
• Ma van az adatvédelem nemzetközi napja 1 hónap 3 hét

Kaspersky

• Understanding metrics to measure SOC effectiveness 1 nap 8 perc
• Developing an incident response playbook 2 nap 8 perc
• Bad magic: new APT found in the area of Russo-Ukrainian conflict 4 nap 8 perc
• Business on the dark web: deals and regulatory mechanisms 1 hét 2 nap
• Malvertising through search engines 2 hét 1 nap
• The state of stalkerware in 2022 2 hét 2 nap
• Threat landscape for industrial automation systems for H2 2022 2 hét 4 nap
• The mobile malware threat landscape in 2022 3 hét 4 nap
• Spam and phishing in 2022 1 hónap 1 hét
• IoC detection experiments with ChatGPT 1 hónap 1 hét

Ubuntu Secutity Notices

• USN-5971-1: Graphviz vulnerabilities 1 nap 5 óra
• USN-5970-1: Linux kernel vulnerabilities 1 nap 8 óra
• USN-5969-1: gif2apng vulnerabilities 1 nap 9 óra
• USN-5966-2: amanda regression 1 nap 17 óra
• USN-5966-1: amanda vulnerabilities 2 nap 1 óra
• USN-5942-2: Apache HTTP Server vulnerability 2 nap 14 óra
• USN-5968-1: GitPython vulnerability 2 nap 17 óra
• USN-5967-1: object-path vulnerabilities 3 nap 8 óra
• USN-5965-1: TigerVNC vulnerability 4 nap 6 óra
• USN-5904-2: SoX regression 4 nap 14 óra

SANS

• ISC Stormcast For Friday, March 24th, 2023 https://isc.sans.edu/podcastdetail.html?id=8424, (Fri, Mar 24th) 1 nap 6 óra
• Cropping and Redacting Images Safely, (Thu, Mar 23rd) 1 nap 15 óra
• ISC Stormcast For Thursday, March 23rd, 2023 https://isc.sans.edu/podcastdetail.html?id=8422, (Thu, Mar 23rd) 2 nap 6 óra
• Windows 11 Snipping Tool Privacy Bug: Inspecting PNG Files, (Wed, Mar 22nd) 2 nap 14 óra
• ISC Stormcast For Wednesday, March 22nd, 2023 https://isc.sans.edu/podcastdetail.html?id=8420, (Wed, Mar 22nd) 3 nap 6 óra
• String Obfuscation: Character Pair Reversal, (Tue, Mar 21st) 3 nap 15 óra
• ISC Stormcast For Tuesday, March 21st, 2023 https://isc.sans.edu/podcastdetail.html?id=8418, (Tue, Mar 21st) 4 nap 6 óra
• From Phishing Kit To Telegram... or Not!, (Mon, Mar 20th) 4 nap 12 óra
• ISC Stormcast For Monday, March 20th, 2023 https://isc.sans.edu/podcastdetail.html?id=8416, (Mon, Mar 20th) 5 nap 6 óra
• Old Backdoor, New Obfuscation, (Sat, Mar 18th) 6 nap 23 óra

AusCERT - Security Bulletins

• ESB-2023.1794 - [Appliance] ProPump and Controls Osprey Pump Controller: CVSS (Max): 9.8 1 nap 6 óra
• ESB-2023.1793 - [Appliance] ABB Pulsar Plus Controller: CVSS (Max): 6.3 1 nap 6 óra
• ESB-2023.1792 - [Appliance] Schneider Electric IGSS: CVSS (Max): 8.8 1 nap 6 óra
• ESB-2023.1791 - [Appliance] EY-modulo 5 Building Automation Stations: CVSS (Max): 8.8 1 nap 6 óra
• ESB-2023.1790 - [Ubuntu] Graphviz: CVSS (Max): 8.8 1 nap 6 óra
• ESB-2023.1789 - [Win][UNIX/Linux] Apache Tomcat: CVSS (Max): None 1 nap 6 óra
• ESB-2023.1788 - [Win][Linux] IBM Integration Bus: CVSS (Max): 7.5 1 nap 6 óra
• ESB-2023.1787 - [Appliance] RoboDK: CVSS (Max): 7.9 1 nap 6 óra
• ESB-2023.1786 - [Win][UNIX/Linux] Tenable.sc: CVSS (Max): 9.8 1 nap 6 óra
• ESB-2023.1785 - [Appliance] CP Plus KVMS Pro: CVSS (Max): 7.8 1 nap 6 óra

Talos Group- Cisco blog

• The Path to Unified SASE with Cisco SD-WAN and Cisco+ Secure Connect 1 nap 13 óra
• Training the skilled workforce of the future 1 nap 15 óra
• One Seamless, United Platform 1 nap 17 óra
• Cisco Storage Networking is 20 Years Young 1 nap 18 óra
• Keeping Your Apps and Data Available With HyperFlex 2 nap 11 óra
• Catalyst Wireless Enterprise Agreements now support Cisco DNA Essentials! 2 nap 17 óra
• Balancing Growth and Budget in 2023 2 nap 17 óra
• Sharing career opportunities and advice with the women of Bennett College 2 nap 19 óra
• Predictive Analytics in Oil and Gas – 3 Types 3 nap 12 óra
• Cisco Business Architectures and the Role of the Partner 3 nap 17 óra

US CERT: Current Activity

• CISA Releases Six Industrial Control Systems Advisories 1 nap 20 óra
• JCDC Cultivates Pre-Ransomware Notification Capability 1 nap 20 óra
• Cisco Releases Security Advisories for Multiple Products 1 nap 20 óra
• Untitled Goose Tool Aids Hunt and Incident Response in Azure, Azure Active Directory, and Microsoft 365 Environments 1 nap 20 óra
• CISA Releases Updated Cybersecurity Performance Goals 3 nap 20 óra
• CISA Releases Eight Industrial Control Systems Advisories 3 nap 20 óra
• CISA and NSA Release Enduring Security Framework Guidance on Identity and Access Management 3 nap 20 óra
• Drupal Releases Security Advisory to Address Vulnerability in Drupal Core 1 hét 20 óra
• CISA Releases Eight Industrial Control Systems Advisories 1 hét 1 nap
• FBI, CISA, and MS-ISAC Release #StopRansomware: LockBit 3.0 1 hét 1 nap

NVD: fully analised CVE

• CVE-2023-26496 (exynos_1080_firmware, exynos_980_firmware, exynos_auto_t5123_firmware, exynos_modem_5123_firmware, exynos_modem_5300_firmware) 2 nap 5 óra
• CVE-2023-26498 (exynos_1080_firmware, exynos_980_firmware, exynos_auto_t5123_firmware, exynos_modem_5123_firmware, exynos_modem_5300_firmware) 2 nap 6 óra
• CVE-2023-25859 (illustrator) 2 nap 14 óra
• CVE-2023-25860 (illustrator) 2 nap 14 óra
• CVE-2023-25861 (illustrator) 2 nap 14 óra
• CVE-2023-25862 (illustrator) 2 nap 14 óra
• CVE-2023-26358 (creative_cloud) 2 nap 14 óra
• CVE-2023-26426 (illustrator) 2 nap 14 óra
• CVE-2023-22259 (experience_manager, experience_manager_cloud_service) 2 nap 14 óra
• CVE-2023-22260 (experience_manager, experience_manager_cloud_service) 2 nap 14 óra

Cisco Security Advisories

• Cisco Access Point Software Association Request Denial of Service Vulnerability 2 nap 17 óra
• Cisco Access Point Software Denial of Service Vulnerability 2 nap 17 óra
• Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Low-Entropy Keys Vulnerability 2 nap 17 óra
• Cisco Adaptive Security Appliance Software, Firepower Threat Defense Software, IOS Software, and IOS XE Software IPv6 DHCP (DHCPv6) Client Denial of Service Vulnerability 2 nap 17 óra
• Cisco IOS XE Software for Cisco Catalyst 9300 Series Switches Secure Boot Bypass Vulnerability 2 nap 17 óra
• Cisco IOS XE Software for Wireless LAN Controllers CAPWAP Join Denial of Service Vulnerability 2 nap 17 óra
• Cisco DNA Center Information Disclosure Vulnerability 2 nap 17 óra
• Cisco DNA Center Privilege Escalation Vulnerability 2 nap 17 óra
• Cisco IOS XE Software for Wireless LAN Controllers HTTP Client Profiling Denial of Service Vulnerability 2 nap 17 óra
• Cisco IOS and IOS XE Software IPv6 DHCP (DHCPv6) Relay and Server Denial of Service Vulnerability 2 nap 17 óra

Drupal contrib security advisories

• Responsive media Image Formatter - Critical - Unsupported - SA-CONTRIB-2023-011 1 hét 2 nap
• Media Responsive Thumbnail - Moderately critical - Information disclosure - SA-CONTRIB-2023-010 1 hét 2 nap
• Gutenberg - Less critical - Denial of Service - SA-CONTRIB-2023-009 2 hét 2 nap
• Group control for forums - Critical - Access bypass - SA-CONTRIB-2023-008 3 hét 2 nap
• Thunder - Moderately critical - Access bypass - SA-CONTRIB-2023-007 3 hét 2 nap
• Better Social Sharing Buttons - Less critical - Cross Site Scripting - SA-CONTRIB-2023-006 3 hét 2 nap
• Apigee Edge - Moderately critical - Access bypass - SA-CONTRIB-2023-005 1 hónap 3 hét
• Media Library Form API Element - Moderately critical - Information Disclosure - SA-CONTRIB-2023-004 2 hónap 5 nap
• Media Library Block - Moderately critical - Information Disclosure - SA-CONTRIB-2023-003 2 hónap 5 nap
• Entity Browser - Moderately critical - Information Disclosure - SA-CONTRIB-2023-002 2 hónap 5 nap

Drupal core security advisories

• Drupal core - Moderately critical - Access bypass - SA-CORE-2023-004 1 hét 2 nap
• Drupal core - Moderately critical - Information Disclosure - SA-CORE-2023-003 1 hét 2 nap
• Drupal core - Moderately critical - Information Disclosure - SA-CORE-2023-002 1 hét 2 nap
• Drupal core - Moderately critical - Information Disclosure - SA-CORE-2023-001 2 hónap 5 nap

Arista Security Advisories

• Security Advisory 0083 3 hét 1 nap
• Security Advisory 0082 1 hónap 1 hét
• End of Sale / End of Life for Arista DMF Appliances: DCA-DM-SA, DCA-DM-SBL and DCA-DM-CB 1 hónap 1 hét
• End of Sale of the Arista DCS-7010T-48 Series 2 hónap 3 hét
• End of Sale of the Arista DCS-7280QR-C72 Series 2 hónap 3 hét
• End of Sale of Select Models of the Arista 7280CR Series 2 hónap 3 hét

Huawei Security Bulletin

• Security Advisory - Out-of-Bounds Write Vulnerability in a Huawei Sound Box Product 3 hét 3 nap
• Statement About the DoS Vulnerability in the E5573Cs-322 1 hónap 1 hét
• Security Advisory - Identity Authentication Bypass Vulnerability in The Huawei Children Smart Watch (Simba-AL00) 1 hónap 2 hét
• 安全通告 - 涉及华为全屋智能某软件的不正确的权限分配漏洞 1 hónap 3 hét
• 安全通告 - 涉及华为全屋智能某软件的不正确的权限分配漏洞 1 hónap 3 hét
• Security Advisory - Incorrect Privilege Assignment Vulnerability in Huawei Whole-Home Intelligence Software 1 hónap 3 hét
• Security Advisory - Incorrect Privilege Assignment Vulnerability in Huawei Whole-Home Intelligence Software 1 hónap 3 hét
• Security Advisory - Data Processing Error Vulnerability in a Huawei Band 2 hónap 6 nap
• Security Advisory - Misinterpretation of Input in a Huawei Printer Product 2 hónap 6 nap
• Security Advisory - System Command Injection Vulnerability in a Huawei Printer Product 2 hónap 6 nap

CERT/CC

• VU#782720: TCG TPM2.0 implementations vulnerable to memory corruption 3 hét 3 nap
• VU#572615: Vulnerabilities in TP-Link routers, WR710N-V1-151022 and Archer C5 V2 2 hónap 6 nap
• VU#986018: New Netcomm router models NF20MESH, NF20, and NL1902 vulnerabilities 2 hónap 6 nap

Microsoft Sercurity Response Center

• New MSRC Blog Site 1 hónap 2 hét
• BlueHat 2023: Connecting the security research community with Microsoft 1 hónap 2 hét
• Microsoft Investigation – Threat actor consent phishing campaign abusing the verified publisher process 1 hónap 3 hét
• Congratulations to the Top MSRC 2022 Q4 Security Researchers! 1 hónap 3 hét
• Microsoft resolves four SSRF vulnerabilities in Azure cloud services 2 hónap 6 nap
• Publishing CBL-Mariner CVEs on the Security Update Guide CVRF API 2 hónap 2 hét
• Security Update Guide Improvement – Representing Hotpatch Updates 2 hónap 3 hét
• [セキュリティ基本対策 5 か条] 第 2 条 アクション センターで PC のセキュリティやメンテナンス状況に問題がないかを確認する 4 év 6 hónap
• [セキュリティ基本対策 5 か条] 第 1 条 最新の状態で利用する 4 év 6 hónap
• セキュリティ更新プログラム リリース スケジュール (2018 年) 4 év 6 hónap

Adatbiztonság (Computerworld)

Cisco Security Alerts

Cisco Security Responses

ISC Knowledge Base

Juniper Security Advisories

Juniper signatures

Microsoft Security Bulletin

Microsoft Security Response Center Blog Alerts

Origo - biztonság -szoftverek

SecurityFocus

Sophos virus alerts

Symantec - threat

US CERT: Security Bulletins

US CERT: Technical Security Alerts