Sources
ECHO Network
- Slackware: 2022-141-01: mariadb Security Update> 46 perc 2 másodperc
- SUSE: 2022:1783-1 important: the Linux Kernel (Live Patch 27 for SLE 12 SP5)> 46 perc 2 másodperc
- openSUSE: 2022:0142-1 moderate: libxls> 46 perc 2 másodperc
- Still crying? WannaCry five years on | #malware | #ransomware | #cybersecurity | #infosecurity | #hacker 1 óra 6 perc
- Windows 11 hacked three more times on last day of Pwn2Own contest 6 óra 29 perc
- North Korean IT Workers Are Infiltrating Tech Companies 8 óra 33 perc
- Unpatched Bug in RainLoop Webmail Could Give Hackers Access to all Emails 9 óra 25 perc
- Cisco fixes an IOS XR flaw actively exploited in the wild 9 óra 26 perc
- Conti: Russian-backed rulers of Costa Rican hacktocracy? 10 óra 20 perc
- Mageia 2022-0192: opencontainers-runc security update> 11 óra 24 perc
NVD: all CVE
- CVE-2022-31267 1 óra 14 perc
- CVE-2022-31268 1 óra 14 perc
- CVE-2022-31264 1 óra 14 perc
- CVE-2022-31259 3 óra 14 perc
- CVE-2022-1752 19 óra 14 perc
- CVE-2022-29222 22 óra 14 perc
- CVE-2022-29188 22 óra 14 perc
- CVE-2022-29189 22 óra 14 perc
- CVE-2022-29190 22 óra 14 perc
- CVE-2022-29209 22 óra 14 perc
Linux security Advisories
- openSUSE: 2022:0142-1 moderate: libxls> 5 óra 13 perc
- SUSE: 2022:1783-1 important: the Linux Kernel (Live Patch 27 for SLE 12 SP5)> 5 óra 14 perc
- Slackware: 2022-141-01: mariadb Security Update> 6 óra 54 perc
- Mageia 2022-0195: kernel-linus security update> 15 óra 38 perc
- Mageia 2022-0194: kernel security update> 15 óra 38 perc
- Mageia 2022-0193: microcode security update> 15 óra 38 perc
- Mageia 2022-0192: opencontainers-runc security update> 15 óra 38 perc
- SUSE: 2022:1119-1 bci/dotnet-aspnet Security Update> 17 óra 14 perc
- Slackware: 2022-140-02: mozilla-thunderbird Security Update> 1 nap 47 perc
- Slackware: 2022-140-01: mozilla-firefox Security Update> 1 nap 47 perc
Cisco Security Advisories
- Cisco IOS XR Software Health Check Open Port Vulnerability 1 nap 6 óra
- Cisco Common Services Platform Collector Cross-Site Scripting Vulnerabilities 3 nap 6 óra
- Cisco Enterprise Chat and Email Stored Cross-Site Scripting Vulnerability 3 nap 6 óra
- Cisco Expressway Series and Cisco TelePresence Video Communication Server Vulnerabilities 3 nap 6 óra
- Cisco Secure Network Analytics Remote Code Execution Vulnerability 3 nap 6 óra
- Cisco UCS Director JavaScript Cross-Site Scripting Vulnerability 3 nap 6 óra
- Multiple Cisco Products Snort Application Detection Engine Policy Bypass Vulnerability 5 nap 3 óra
- Cisco TelePresence Collaboration Endpoint and RoomOS Software Vulnerabilities 2 hét 3 nap
- ClamAV TIFF File Parsing Denial of Service Vulnerability Affecting Cisco Products: April 2022 2 hét 3 nap
- ClamAV CHM File Parsing Denial of Service Vulnerability Affecting Cisco Products: April 2022 2 hét 3 nap
HUP - titkosítás, biztonság
- Pwn2Own 2022 második nap, elesett: Tesla 3, Ubuntu desktop, Windows 11 1 nap 16 óra
- Zajlik a Pwn2Own 2022, eddig elesett: Ubuntu desktop, Microsoft Teams, VirtualBox, Firefox, Windows 11, Safari 2 nap 16 óra
- Evil never sleeps - Amikor a wireless malware azután is működik, miután az iPhone-t kikapcsolták 4 nap 12 óra
- "Egy uniós biztos szerint a Pegasus-ügy kivizsgálása nem az Európai Bizottság hatásköre" 2 hét 2 nap
- BSidesBUD 2022 – nemzetközi kiberbiztonsági konferencia hatodszor Budapesten! 2 hét 2 nap
- Tails 5.0 2 hét 3 nap
- EU-tisztségviselők iPhone-jai is célpontjai voltak a Pegasus kémszoftvernek 1 hónap 1 hét
- Tesla töltőport nyitó 1 hónap 1 hét
- Soron kívül frissítette a Google a Chrome böngészőt, 0day biztonsági hibát javított 1 hónap 3 hét
- Állást foglalt a Mikrotik az örök flame-ben: engedjünk-e mindenhonnan kapcsolódást SSH portra 2 hónap 1 nap
SANS
- A 'Zip Bomb' to Bypass Security Controls & Sandboxes, (Fri, May 20th) 1 nap 17 óra
- Bumblebee Malware from TransferXL URLs, (Thu, May 19th) 1 nap 17 óra
- ISC Stormcast For Friday, May 20th, 2022 https://isc.sans.edu/podcastdetail.html?id=8016, (Fri, May 20th) 1 nap 20 óra
- ISC Stormcast For Thursday, May 19th, 2022 https://isc.sans.edu/podcastdetail.html?id=8014, (Thu, May 19th) 2 nap 20 óra
- Do you want 30 BTC? Nothing is easier (or cheaper) in this phishing campaign..., (Wed, May 18th) 3 nap 16 óra
- ISC Stormcast For Wednesday, May 18th, 2022 https://isc.sans.edu/podcastdetail.html?id=8012, (Wed, May 18th) 3 nap 20 óra
- Use Your Browser Internal Password Vault... or Not?, (Tue, May 17th) 4 nap 13 óra
- ISC Stormcast For Tuesday, May 17th, 2022 https://isc.sans.edu/podcastdetail.html?id=8010, (Tue, May 17th) 4 nap 20 óra
- Apple Patches Everything, (Mon, May 16th) 5 nap 2 óra
- Why is my Honeypot a Russian Certificate Authority?, (Mon, May 16th) 5 nap 8 óra
AusCERT - Security Bulletins
- ESB-2022.2495 - [Appliance] Mitsubishi Electric MELSEC iQ-F Series: CVSS (Max): 8.6 1 nap 20 óra
- ESB-2022.2494 - [Win][Linux][IBM i][HP-UX][Solaris][AIX] IBM WebSphere Application Server: CVSS (Max): 5.6 1 nap 20 óra
- ESB-2022.2493 - [Debian] thunderbird: CVSS (Max): 7.5 1 nap 20 óra
- ESB-2022.2492 - [Debian] openldap: CVSS (Max): 9.8 1 nap 20 óra
- ESB-2022.2491 - [Debian] elog: CVSS (Max): 7.5 1 nap 20 óra
- ESB-2022.2490 - [Appliance] F5 Products: CVSS (Max): 7.5 1 nap 20 óra
- ESB-2022.2489 - [Appliance] F5 Products: CVSS (Max): 8.2 1 nap 20 óra
- ESB-2022.2488 - [SUSE] ucode-intel: CVSS (Max): 5.3 1 nap 20 óra
- ESB-2022.2487 - [SUSE] libyajl: CVSS (Max): 5.9 1 nap 20 óra
- ESB-2022.2486 - [SUSE] ucode-intel: CVSS (Max): 5.3 1 nap 20 óra
US CERT: Current Activity
- ISC Releases Security Advisory for BIND 2 nap 7 óra
- CISA Releases Analysis of FY21 Risk and Vulnerability Assessments 2 nap 8 óra
- CISA Issues Emergency Directive and Releases Advisory Related to VMware Vulnerabilities 3 nap 5 óra
- Threat Actors Exploiting F5 BIG IP CVE-2022-1388 3 nap 9 óra
- Apple Releases Security Updates for Multiple Products 4 nap 6 óra
- Weak Security Controls and Practices Routinely Exploited for Initial Access 4 nap 9 óra
- CISA Adds Two Known Exploited Vulnerabilities to Catalog 5 nap 1 óra
- Apache Releases Security Advisory for Tomcat 5 nap 7 óra
- CISA Temporarily Removes CVE-2022-26925 from Known Exploited Vulnerability Catalog 1 hét 22 óra
- Adobe Releases Security Updates for Multiple Products 1 hét 2 nap
Ubuntu Secutity Notices
- USN-5424-2: OpenLDAP vulnerability 2 nap 7 óra
- USN-5430-1: GNOME Settings vulnerability 3 nap 7 óra
- USN-5429-1: Bind vulnerability 3 nap 7 óra
- USN-5428-1: libXrandr vulnerabilities 3 nap 9 óra
- USN-5427-1: Apport vulnerabilities 4 nap 5 óra
- USN-5426-1: needrestart vulnerability 4 nap 6 óra
- USN-5423-2: ClamAV vulnerabilities 4 nap 6 óra
- USN-5425-1: PCRE vulnerabilities 4 nap 6 óra
- USN-5424-1: OpenLDAP vulnerability 4 nap 10 óra
- USN-5423-1: ClamAV vulnerabilities 4 nap 10 óra
Microsoft Sercurity Response Center
- Researcher Spotlight: Hector Peralta’s Evolution from Popcorn Server to the MSRC Leaderboards 2 nap 7 óra
- Anatomy of a Security Update 1 hét 1 nap
- Vulnerability mitigated in the third-party Data Connector used in Azure Synapse pipelines and Azure Data Factory (CVE-2022-29972) 1 hét 5 nap
- Azure Database for PostgreSQL Flexible Server Privilege Escalation and Remote Code Execution 3 hét 2 nap
- Congratulations and New Swag Awards for the Top MSRC 2022 Q1 Security Researchers! 1 hónap 6 óra
- Expanding High Impact Scenario Awards for Microsoft Bug Bounty Programs 1 hónap 1 hét
- Microsoft’s Response to CVE-2022-22965 Spring Framework 1 hónap 2 hét
- Randomizing the KUSER_SHARED_DATA Structure on Windows 1 hónap 2 hét
- On-Premises Servers Products are Here! Introducing the Applications and On-Premises Servers Bug Bounty Program 1 hónap 2 hét
- Increasing Representation of Women in Security Research 1 hónap 2 hét
seclist.org
- SEC Consult SA-20220518-0 :: Multiple Critical Vulnerabilities in SAP® Application Server, ABAP and ABAP® Platform (Different Software Components) 3 nap 1 óra
- PHPIPAM 1.4.4 - CVE-2021-46426 3 nap 1 óra
- LiquidFiles - 3.4.15 - Stored XSS - CVE-2021-30140 3 nap 1 óra
- Watch multiple LockBit Ransom get DESTROYED Mass PWNAGE at scale! 3 nap 1 óra
- github.com/malvuln/RansomDLLs / Catalog of current DLLs affecting vulnerable Ransomware strains. 3 nap 1 óra
- APPLE-SA-2022-05-16-2 macOS Monterey 12.4 4 nap 17 óra
- APPLE-SA-2022-05-16-6 tvOS 15.5 4 nap 17 óra
- APPLE-SA-2022-05-16-5 watchOS 8.6 4 nap 17 óra
- APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6 4 nap 17 óra
- APPLE-SA-2022-05-16-1 iOS 15.5 and iPadOS 15.5 4 nap 17 óra
Drupal contrib security advisories
- Wingsuit - Storybook for UI Patterns - Critical - Access bypass - SA-CONTRIB-2022-040 3 nap 5 óra
- Duo Two-Factor Authentication - Critical - Unsupported - SA-CONTRIB-2022-039 2 hét 3 nap
- Quick Node Clone - Moderately critical - Access bypass - SA-CONTRIB-2022-038 2 hét 3 nap
- Image Field Caption - Moderately critical - Cross Site Scripting - SA-CONTRIB-2022-036 2 hét 3 nap
- Doubleclick for Publishers (DFP) - Moderately critical - Cross site scripting - SA-CONTRIB-2022-035 2 hét 3 nap
- Link - Moderately critical - Cross site scripting - SA-CONTRIB-2022-034 2 hét 3 nap
- Rename Admin Paths - Moderately critical - Access bypass - SA-CONTRIB-2022-033 1 hónap 1 hét
- Anti Spam by CleanTalk - Moderately critical - SQL Injection - SA-CONTRIB-2022-032 1 hónap 3 hét
- Role Delegation - Moderately critical - Privilege escalation - SA-CONTRIB-2022-031 1 hónap 4 hét
- Colorbox Node - Critical - Unsupported - SA-CONTRIB-2022-030 1 hónap 4 hét
Kaspersky
- Evaluation of cyber activities and the threat landscape in Ukraine 4 nap 8 óra
- HTML attachments in phishing e-mails 5 nap 14 óra
- New ransomware trends in 2022 1 hét 3 nap
- Mobile subscription Trojans and their little tricks 2 hét 1 nap
- A new secret stash for “fileless” malware 2 hét 3 nap
- APT trends report Q1 2022 3 hét 3 nap
- DDoS attacks in Q1 2022 3 hét 5 nap
- How to recover files encrypted by Yanlouwang 1 hónap 3 nap
- Emotet modules and recent attacks 1 hónap 1 hét
- The State of Stalkerware in 2021 1 hónap 1 hét
NVD: fully analised CVE
- CVE-2021-33077 (optane_memory_h10_with_solid_state_storage_firmware, optane_memory_h20_with_solid_state_storage_firmware, optane_ssd_900p_firmware, optane_ssd_905p_firmware, optane_ssd_dc_p4800x_firmware, optane_ssd_dc_p4801x_firmware, optane_ssd... 1 hét 2 nap
- CVE-2021-33078 (optane_memory_h10_with_solid_state_storage_firmware, optane_memory_h20_with_solid_state_storage_firmware, optane_ssd_900p_firmware, optane_ssd_905p_firmware, optane_ssd_dc_p4800x_firmware, optane_ssd_dc_p4801x_firmware, optane_ssd... 1 hét 2 nap
- CVE-2021-0126 (manageability_commander) 1 hét 2 nap
- CVE-2021-0194 (in-band_manageability) 1 hét 2 nap
- CVE-2021-26258 (killer_control_center) 1 hét 2 nap
- CVE-2021-0154 (core_i5-7640x_firmware, core_i7-3820_firmware, core_i7-3920xm_firmware, core_i7-3930k_firmware, core_i7-3940xm_firmware, core_i7-3960x_firmware, core_i7-3970x_firmware, core_i7-4820k_firmware, core_i7-4930k_firmware, core_i7-4930mx... 1 hét 2 nap
- CVE-2021-0155 (core_i5-7640x_firmware, core_i7-3820_firmware, core_i7-3920xm_firmware, core_i7-3930k_firmware, core_i7-3940xm_firmware, core_i7-3960x_firmware, core_i7-3970x_firmware, core_i7-4820k_firmware, core_i7-4930k_firmware, core_i7-4930mx... 1 hét 2 nap
- CVE-2021-0159 (xeon_bronze_3204_firmware, xeon_bronze_3206r_firmware, xeon_gold_5215_firmware, xeon_gold_5215l_firmware, xeon_gold_5217_firmware, xeon_gold_5218_firmware, xeon_gold_5218b_firmware, xeon_gold_5218n_firmware, xeon_gold_5218r_firmware,... 1 hét 2 nap
- CVE-2021-0188 (xeon_e3-1220_v5_firmware, xeon_e3-1220_v6_firmware, xeon_e3-1225_v5_firmware, xeon_e3-1225_v6_firmware, xeon_e3-1230_v5_firmware, xeon_e3-1230_v6_firmware, xeon_e3-1235l_v5_firmware, xeon_e3-1240_v5_firmware, xeon_e3-1240_v6_firmware,... 1 hét 2 nap
- CVE-2021-0189 (xeon_bronze_3204_firmware, xeon_bronze_3206r_firmware, xeon_e-2124_firmware, xeon_e-2124g_firmware, xeon_e-2126g_firmware, xeon_e-2134_firmware, xeon_e-2136_firmware, xeon_e-2144g_firmware, xeon_e-2146g_firmware, xeon_e-2174g_firmware,... 1 hét 2 nap
CERT/CC
- VU#473698: CVE-2022-30295 - uClibc, uClibc-ng Libraries Have Monotonically Increasing DNS Transaction ID 1 hét 5 nap
- VU#730007: Tychon is vulnerable to privilege escalation due to OPENSSLDIR location 3 hét 2 nap
- VU#411271: Qt allows for privilege escalation due to hard-coding of qt_prfxpath value 3 hét 2 nap
- VU#970766: Spring Framework insecurely handles PropertyDescriptor objects with data binding 1 hónap 3 hét
- VU#383864: Visual Voice Mail (VVM) services transmit unencrypted credentials via SMS 2 hónap 3 hét
- VU#229438: Mobile device monitoring services do not authenticate API requests 2 hónap 4 hét
- VU#796611: InsydeH2O UEFI software impacted by multiple vulnerabilities in SMM 3 hónap 2 hét
- VU#119678: Samba vfs_fruit module insecurely handles extended file attributes 3 hónap 2 hét
Huawei Security Bulletin
- Security Advisory - Buffer Overflow Vulnerabilities In Huawei Product 3 hét 4 nap
- Improper Authentication Management Vulnerability in some Huawei Products 1 hónap 2 hét
- Security Advisory - Privilege Escalation Vulnerability in Huawei Product 2 hónap 3 hét
- Security Advisory - Privilege Escalation Vulnerability in Huawei Product 3 hónap 5 nap
Arista Security Advisories
- Security Advisory 0076 3 hét 5 nap
- Security Advisory 0075 3 hét 5 nap
- Security Advisory 0074 1 hónap 2 hét
- Security Advisory 0073 1 hónap 3 hét
- Security Advisory 0072 3 hónap 2 hét
Drupal core security advisories
- Drupal core - Moderately critical - Access bypass - SA-CORE-2022-009 1 hónap 1 nap
- Drupal core - Moderately critical - Improper input validation - SA-CORE-2022-008 1 hónap 1 nap
- Drupal core - Moderately critical - Third-party libraries - SA-CORE-2022-006 2 hónap 1 nap
- Drupal core - Moderately critical - Third-party libraries - SA-CORE-2022-005 2 hónap 6 nap
- Drupal core - Moderately critical - Information disclosure - SA-CORE-2022-004 3 hónap 4 nap
- Drupal core - Moderately critical - Improper input validation - SA-CORE-2022-003 3 hónap 4 nap
Adatbiztonság (Computerworld)
Cisco Security Alerts
Cisco Security Responses
ISC Knowledge Base
Juniper Security Advisories
Juniper signatures
Microsoft Security Bulletin
Microsoft Security Response Center Blog Alerts
Origo - biztonság -szoftverek
SecurityFocus
Sophos virus alerts
Symantec - threat
Talos Group- Cisco blog
US CERT: Security Bulletins
US CERT: Technical Security Alerts
