Sources

ECHO Network

• NA - CVE-2022-4234 - A vulnerability was found in SourceCodester... 2 óra 57 perc
• NA - CVE-2022-46149 - Cap'n Proto is a data interchange format... 2 óra 57 perc
• NA - CVE-2022-1911 - Error in parser function in M-Files Server... 2 óra 57 perc
• New Windows malware scans victims’ mobile phones for data to steal 3 óra 3 perc
• Google discovers Windows exploit framework used to deploy spyware 3 óra 3 perc
• CVE-2022-45868 (h2) 3 óra 5 perc
• CVE-2022-44749 (knime_analytics_platform) 3 óra 5 perc
• CVE-2022-44748 (knime_server) 3 óra 5 perc
• CVE-2022-2513 (gms600_firmware, pcm600_firmware, pwc600_firmware, relion_650_firmware, relion_670_firmware, relion_sam600-io_firmware) 3 óra 5 perc
• Google TAG Warns on Emerging Heliconia Exploit Framework for RCE 3 óra 16 perc

NVD: all CVE

• CVE-2022-23746 5 óra 16 perc
• CVE-2022-44296 6 óra 16 perc
• CVE-2022-44294 6 óra 16 perc
• CVE-2022-44295 6 óra 16 perc
• CVE-2022-4234 7 óra 16 perc
• CVE-2022-44151 7 óra 16 perc
• CVE-2022-46149 7 óra 16 perc
• CVE-2021-31740 9 óra 16 perc
• CVE-2022-1606 9 óra 16 perc
• CVE-2022-1911 9 óra 16 perc

Linux security Advisories

• SUSE: 2022:3942-2 moderate: glibc 8 óra 10 perc
• SUSE: 2022:1758-2 glib2 8 óra 12 perc
• openSUSE: 2022:10222-1 important: rxvt-unicode 17 óra 11 perc
• SUSE: 2022:3265-1 trento/trento-web Security Update 17 óra 30 perc
• SUSE: 2022:3264-1 trento/trento-runner Security Update 17 óra 31 perc
• Fedora 35: galera 2022-333df1c4aa 1 nap 3 óra
• Fedora 35: mariadb 2022-333df1c4aa 1 nap 3 óra
• Fedora 37: mingw-python3 2022-3e859b6bc6 1 nap 3 óra
• Fedora 37: mariadb 2022-e0e9a43546 1 nap 3 óra
• Ubuntu 5749-1: libsamplerate vulnerability 1 nap 7 óra

Drupal contrib security advisories

• Open Social - Moderately critical - Access bypass - SA-CONTRIB-2022-062 8 óra 57 perc
• Open Social - Moderately critical - Access bypass - SA-CONTRIB-2022-061 9 óra 2 perc
• Social Base - Moderately critical - Access bypass - SA-CONTRIB-2022-060 9 óra 11 perc
• Search API - Moderately critical - Information Disclosure - SA-CONTRIB-2022-059 1 hónap 1 hét
• Twig Field Value - Moderately critical - Access bypass - SA-CONTRIB-2022-058 1 hónap 2 hét
• S3 File System - Moderately critical - Access bypass - SA-CONTRIB-2022-057 2 hónap 3 nap
• Permissions by Term - Moderately critical - Access bypass - SA-CONTRIB-2022-056 2 hónap 3 hét
• Permissions by Term - Moderately critical - Access bypass - SA-CONTRIB-2022-055 2 hónap 3 hét
• Next.js - Moderately critical - Access bypass - SA-CONTRIB-2022-054 2 hónap 3 hét
• Commerce Elavon - Moderately critical - Access bypass - SA-CONTRIB-2022-053 3 hónap 1 hét

Ubuntu Secutity Notices

• USN-5718-2: pixman vulnerability 13 óra 23 perc
• USN-5750-1: GnuTLS vulnerability 18 óra 24 perc
• USN-5749-1: libsamplerate vulnerability 1 nap 3 óra
• USN-5728-3: Linux kernel (GCP) vulnerabilities 1 nap 5 óra
• USN-5745-2: shadow regression 1 nap 7 óra
• USN-5748-1: Sysstat vulnerability 1 nap 9 óra
• USN-5747-1: Bind vulnerabilities 1 nap 12 óra
• USN-5746-1: HarfBuzz vulnerability 2 nap 2 óra
• USN-5689-2: Perl vulnerability 2 nap 7 óra
• USN-5745-1: shadow vulnerability 2 nap 10 óra

SANS

• ISC Stormcast For Wednesday, November 30th, 2022 https://isc.sans.edu/podcastdetail.html?id=8270, (Wed, Nov 30th) 21 óra 56 perc
• Packet Tuesday Episode 3: TCP Urgent Flag. https://packettuesday.com , (Tue, Nov 29th) 1 nap 8 óra
• Identifying Groups of "Bot" Accounts on LinkedIn, (Tue, Nov 29th) 1 nap 8 óra
• ISC Stormcast For Tuesday, November 29th, 2022 https://isc.sans.edu/podcastdetail.html?id=8268, (Tue, Nov 29th) 1 nap 22 óra
• Ukraine Themed Twitter Spam Pushing iOS Scareware, (Mon, Nov 28th) 2 nap 11 óra
• ISC Stormcast For Monday, November 28th, 2022 https://isc.sans.edu/podcastdetail.html?id=8266, (Mon, Nov 28th) 2 nap 22 óra
• Happy 22nd Birthday DShield.org!, (Fri, Nov 25th) 5 nap 5 óra
• Attackers Keep Phishing Victims Under Stress, (Thu, Nov 24th) 6 nap 16 óra
• Packet Tuesday: Episode 2 - Extended DNS Option Type 0 , (Tue, Nov 22nd) 1 hét 1 nap
• Log4Shell campaigns are using Nashorn to get reverse shell on victim's machines, (Mon, Nov 21st) 1 hét 2 nap

AusCERT - Security Bulletins

• ESB-2022.6242 - [Ubuntu] libsamplerate: CVSS (Max): 5.5 22 óra 31 perc
• ESB-2022.6241 - [Win] VMware Tools for Windows: CVSS (Max): 3.3 22 óra 31 perc
• ESB-2022.6240 - [Appliance] Mitsubishi Electric FA Engineering Software: CVSS (Max): 9.1 22 óra 31 perc
• ESB-2022.6239 - [SUSE] python: CVSS (Max): 6.5 22 óra 31 perc
• ESB-2022.6238 - [SUSE] sudo: CVSS (Max): 7.1 22 óra 31 perc
• ESB-2022.6237 - [SUSE] supportutils: CVSS (Max): None 22 óra 31 perc
• ESB-2022.6236 - [SUSE] Linux Kernel: CVSS (Max): 7.8 22 óra 31 perc
• ESB-2022.6235 - [SUSE] nginx: CVSS (Max): 7.4 22 óra 31 perc
• ESB-2022.6234 - [SUSE] exiv2: CVSS (Max): 5.3 22 óra 31 perc
• ESB-2022.6233 - [SUSE] tiff: CVSS (Max): 7.8 22 óra 31 perc

Huawei Security Bulletin

• Security Advisory - Improper Authorization Vulnerability in a Huawei Children's Watch 1 nap 1 óra
• Security Advisory - Insufficient Authentication Vulnerability in some Huawei Band Products 1 hét 1 nap
• Security Advisory - Improper Input Validation Vulnerability in a Huawei Children's Watch 1 hét 1 nap
• Security Advisory - Path Traversal Vulnerability in a Huawei Children's Watch 4 hét 1 nap
• Security Advisory - Out-of-bounds Read and Write Vulnerability in Some Huawei Headset Products 3 hónap 1 nap
• Security Advisory - Traffic Hijacking Vulnerability in Huawei Routers 3 hónap 2 nap
• Security Advisory - Permission Bypass Vulnerability in Huawei Products 3 hónap 2 hét

seclist.org

• CyberDanube Security Research 20221124-0 | Authenticated Command Injection Hirschmann BAT-C2 1 nap 5 óra
• Exploiting an N-day vBulletin PHP Object Injection Vulnerability 1 nap 5 óra
• Win32.Ransom.Conti / Crypto Logic Flaw 1 nap 5 óra
• Ransomware Deception Tactics Part 1 1 nap 5 óra
• Trojan.Win32.DarkNeuron.gen / Named Pipe Null DACL 1 nap 5 óra
• Backdoor.Win32.Autocrat.b / Weak Hardcoded Credentials 1 nap 5 óra
• Backdoor.Win32.Serman.a / Unauthenticated Open Proxy 1 nap 5 óra
• Open-Xchange Security Advisory 2022-11-24 1 nap 5 óra
• [CVE-2022-33942] Intel Data Center Manager Console <= 4.1.1.45749 ”UserMgmtHandler" Authentication Logic Error Leading to Authentication Bypass 1 nap 5 óra
• crashing potplayer again 1 nap 5 óra

Microsoft Sercurity Response Center

• A Ride on the Wild Side with Hacking Heavyweight Sick Codes 1 nap 6 óra
• Announcing the Microsoft Machine Learning Membership Inference Competition (MICO) 2 hét 5 óra
• Awareness and guidance related to OpenSSL 3.0 – 3.0.6 risk (CVE-2022-3786 and CVE-2202-3602) 3 hét 6 nap
• Microsoft Mitigates Vulnerability in Jupyter Notebooks for Azure Cosmos DB 4 hét 1 nap
• Reflecting on Cybersecurity Awareness Month: At its Core, Cybersecurity is all about People 1 hónap 7 óra
• Congratulations to the Top MSRC 2022 Q3 Security Researchers! 1 hónap 1 hét
• Investigation Regarding Misconfigured Microsoft Storage Location 1 hónap 1 hét
• Awareness and guidance related to potential Service Fabric Explorer (SFX) v1 web client risk 1 hónap 1 hét
• Hunting for Cobalt Strike: Mining and plotting for fun and profit 1 hónap 2 hét
• BlueHat 2023 Call for Papers is Now Open! 1 hónap 2 hét

US CERT: Current Activity

• CISA Releases Seven Industrial Control Systems Advisories 1 nap 7 óra
• CISA Adds Two Known Exploited Vulnerabilities to Catalog 2 nap 7 óra
• CISA Releases Eight Industrial Control Systems Advisories 1 hét 1 nap
• CISA, NSA, and ODNI Release Guidance for Customers on Securing the Software Supply Chain  1 hét 6 nap
• #StopRansomware: Hive 1 hét 6 nap
• CISA Releases Two Industrial Control Systems Advisories 1 hét 6 nap
• Cisco Releases Security Updates for Identity Services Engine 2 hét 4 óra
• Samba Releases Security Updates 2 hét 9 óra
• Mozilla Releases Security Updates for Multiple Products 2 hét 9 óra
• CISA and FBI Release Advisory on Iranian Government-Sponsored APT Actors Compromising Federal Network 2 hét 9 óra

NVD: fully analised CVE

• CVE-2022-45329 (aerocms) 1 nap 19 óra
• CVE-2022-32966 (rtl8111fp-cg_firmware) 1 nap 20 óra
• CVE-2022-32967 (rtl8111ep-cg_firmware, rtl8111fp-cg_firmware) 1 nap 20 óra
• CVE-2022-36136 (churchcrm) 1 nap 20 óra
• CVE-2022-36137 (churchcrm) 1 nap 20 óra
• CVE-2022-42099 (klik) 1 nap 20 óra
• CVE-2022-42100 (klik) 1 nap 20 óra
• CVE-2022-42109 (online-shopping-system-advanced) 1 nap 20 óra
• CVE-2022-45224 (web-based_student_clearance_system) 2 nap 2 óra
• CVE-2022-45214 (sanitization_management_system) 2 nap 2 óra

Kaspersky

• Privacy predictions 2023 2 nap 16 óra
• Consumer cyberthreats: predictions for 2023 2 nap 16 óra
• Who tracked internet users in 2021–2022 5 nap 16 óra
• Black Friday shoppers beware: online threats so far in 2022 1 hét 16 óra
• ICS cyberthreats in 2023 – what to expect 1 hét 1 nap
• Policy trends: where are we today on regulation in cyberspace? 1 hét 1 nap
• Crimeware and financial cyberthreats in 2023 1 hét 1 nap
• IT threat evolution in Q3 2022. Non-mobile statistics 1 hét 5 nap
• IT threat evolution in Q3 2022. Mobile statistics 1 hét 5 nap
• IT threat evolution Q3 2022 1 hét 5 nap

Cisco Security Advisories

• Cisco Identity Services Engine Vulnerabilities 2 hét 9 óra
• Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Interface Denial of Service Vulnerability 3 hét 9 óra
• Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software VPN Authorization Bypass Vulnerability 3 hét 9 óra
• Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software SNMP Denial of Service Vulnerability 3 hét 9 óra
• Cisco Firepower Management Center Software Command Injection Vulnerabilities 3 hét 9 óra
• Cisco Firepower Management Center and Firepower Threat Defense Software SSH Denial of Service Vulnerability 3 hét 9 óra
• Cisco Firepower Management Center Software Information Disclosure Vulnerability 3 hét 9 óra
• Cisco Firepower Management Center Software Cross-Site Scripting Vulnerabilities 3 hét 9 óra
• Cisco Firepower Management Center Software XML External Entity Injection Vulnerability 3 hét 9 óra
• Cisco FirePOWER Software for ASA FirePOWER Module, Firepower Management Center Software, and NGIPS Software SNMP Default Credential Vulnerability 3 hét 9 óra

CERT/CC

• VU#709991: Netatalk contains multiple error and memory management vulnerabilities 2 hét 11 óra
• VU#434994: Multiple race conditions due to TOCTOU flaws in various UEFI Implementations 3 hét 1 nap
• VU#794340: OpenSSL 3.0.0 to 3.0.6 decodes some punycode email addresses in X.509 certificates improperly 4 hét 1 nap
• VU#730793: Heimdal Kerbos vulnerable to remotely triggered NULL pointer dereference 1 hónap 3 hét
• VU#915563: Microsoft Exchange vulnerable to server-side request forgery and remote code execution. 1 hónap 4 hét
• VU#855201: L2 network security controls can be bypassed using VLAN 0 stacking and/or 802.3 headers 2 hónap 4 nap
• VU#309662: Signed third party UEFI bootloaders are vulnerable to Secure Boot bypass 3 hónap 3 hét

Arista Security Advisories

• Security Advisory 0081 4 hét 1 nap
• Cloud-Grade Routing Webinar Series - Session 1 1 hónap 2 hét
• Security Advisory 0080 2 hónap 4 nap

Drupal core security advisories

• Drupal core - Critical - Multiple vulnerabilities - SA-CORE-2022-016 2 hónap 3 nap

Adatbiztonság (Computerworld)

Cisco Security Alerts

Cisco Security Responses

HUP - titkosítás, biztonság

ISC Knowledge Base

Juniper Security Advisories

Juniper signatures

Microsoft Security Bulletin

Microsoft Security Response Center Blog Alerts

Origo - biztonság -szoftverek

SecurityFocus

Sophos virus alerts

Symantec - threat

Talos Group- Cisco blog

US CERT: Security Bulletins

US CERT: Technical Security Alerts