Sources

SANS

• VirusTotal Email Submissions, (Sun, Dec 15th) 1 óra 17 perc
• (Lazy) Sunday Maldoc Analysis: A Bit More ..., (Sat, Dec 14th) 17 óra 23 perc
• Internet banking sites and their use of TLS... and SSLv3... and SSLv2?!, (Fri, Dec 13th) 2 nap 6 óra
• ISC Stormcast For Friday, December 13th 2019 https://isc.sans.edu/podcastdetail.html?id=6788, (Fri, Dec 13th) 2 nap 10 óra
• Critical VMware Vulnerability (OpenSLP): https://www.vmware.com/security/advisories/VMSA-2019-0022.html, (Thu, Dec 12th) 2 nap 16 óra
• Code & Data Reuse in the Malware Ecosystem, (Thu, Dec 12th) 3 nap 5 óra
• ISC Stormcast For Thursday, December 12th 2019 https://isc.sans.edu/podcastdetail.html?id=6786, (Thu, Dec 12th) 3 nap 10 óra
• ISC Stormcast For Wednesday, December 11th 2019 https://isc.sans.edu/podcastdetail.html?id=6784, (Wed, Dec 11th) 4 nap 10 óra
• German language malspam pushes yet another wave of Trickbot, (Wed, Dec 11th) 4 nap 11 óra
• Microsoft December 2019 Patch Tuesday, (Tue, Dec 10th) 4 nap 15 óra

Linux security Advisories

• Debian: DSA-4584-1: spamassassin security update> 1 nap 3 óra
• Debian LTS: DLA-2034-1: davical security update> 1 nap 12 óra
• Debian LTS: DLA-2033-1: php-horde security update> 1 nap 14 óra
• Mageia 2019-0388: kernel security update> 1 nap 16 óra
• Mageia 2019-0387: ncurses security update> 1 nap 16 óra
• Mageia 2019-0386: signing-party security update> 1 nap 16 óra
• SUSE: 2019:3294-1 important: the Linux Kernel> 1 nap 18 óra
• SUSE: 2019:3296-1 important: xen> 1 nap 18 óra
• SUSE: 2019:3293-1 important: libssh> 1 nap 18 óra
• SUSE: 2019:3297-1 important: xen> 1 nap 18 óra

NVD: all CVE

• CVE-2019-5252 1 nap 13 óra
• CVE-2019-5235 1 nap 13 óra
• CVE-2019-5264 1 nap 14 óra
• CVE-2019-5277 1 nap 14 óra
• CVE-2019-5254 1 nap 14 óra
• CVE-2019-5255 1 nap 14 óra
• CVE-2019-5256 1 nap 14 óra
• CVE-2019-5257 1 nap 14 óra
• CVE-2019-5258 1 nap 14 óra
• CVE-2019-19794 1 nap 15 óra

Sophos virus alerts

• Troj/Mimikatz-M 1 nap 14 óra
• Troj/Mimikatz-K 1 nap 14 óra
• Troj/Mimikatz-I 1 nap 14 óra
• Troj/Mimikatz-G 1 nap 14 óra
• Troj/Mimikatz-F 1 nap 14 óra
• Troj/Agent-BDFH 1 nap 14 óra
• Troj/Delf-HFT 1 nap 14 óra
• Troj/DocDl-WSI 1 nap 14 óra
• Troj/Mimikatz-H 1 nap 14 óra
• Troj/Fareit-JJO 1 nap 14 óra

seclist.org

• Squiz Matrix CMS <= 5.5.3.2 - Multiple Issues may lead to Remote Code Execution 1 nap 19 óra
• CSV injection vulnerability in SolarWinds Serv-U FTP Server 1 nap 19 óra
• Stored Cross-Site Scripting in Serv-U FTP Server 1 nap 19 óra
• Local Privilege Escalation in OpenBSD's dynamic loader (CVE-2019-19726) 1 nap 19 óra
• APPLE-SA-2019-12-10-8 watchOS 6.1.1 1 nap 19 óra
• APPLE-SA-2019-12-10-7 Xcode 11.3 1 nap 19 óra
• APPLE-SA-2019-12-10-6 Safari 13.0.4 1 nap 19 óra
• APPLE-SA-2019-12-10-5 tvOS 13.3 1 nap 19 óra
• APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra 1 nap 19 óra
• APPLE-SA-2019-12-10-4 watchOS 5.3.4 1 nap 19 óra

NVD: fully analised CVE

• CVE-2019-19785 (atasm) 1 nap 21 óra
• CVE-2019-19786 (atasm) 1 nap 21 óra
• CVE-2019-19787 (atasm) 1 nap 21 óra
• CVE-2019-16246 (solismed) 2 nap 23 óra
• CVE-2019-17428 (solismed) 2 nap 23 óra
• CVE-2019-17358 (cacti, debian_linux, leap) 2 nap 23 óra
• CVE-2019-18345 (davical) 2 nap 23 óra
• CVE-2019-19198 (kalender) 2 nap 23 óra
• CVE-2019-19247 (origin) 2 nap 23 óra
• CVE-2019-19248 (origin) 2 nap 23 óra

US CERT: Current Activity

• WordPress Releases Security and Maintenance Updates 1 nap 21 óra
• Microsoft Releases December 2019 Security Updates 4 nap 14 óra
• Google Releases Security Updates for Chrome 4 nap 15 óra
• Apple Releases Multiple Security Updates 4 nap 15 óra
• Intel Releases Security Updates 4 nap 18 óra
• Adobe Releases Security Updates 4 nap 20 óra
• Samba Releases Security Updates 4 nap 20 óra
• VMware Releases Security Updates for ESXi and Horizon DaaS 1 hét 1 nap
• ACSC Releases Fundamentals of Cross Domain Solutions 1 hét 2 nap
• Microsoft Releases Security Advisory for Windows Hello for Business 1 hét 2 nap

Ubuntu Secutity Notices

• USN-4216-2: Firefox vulnerabilities 2 nap 23 perc
• USN-4214-2: RabbitMQ vulnerability 3 nap 20 óra
• USN-4217-2: Samba vulnerabilities 3 nap 22 óra
• USN-4221-1: libpcap vulnerability 4 nap 13 óra
• USN-4202-2: Thunderbird regression 4 nap 16 óra
• USN-4220-1: Git vulnerabilities 4 nap 18 óra
• USN-4219-1: libssh vulnerability 4 nap 19 óra
• USN-4218-1: GNU C vulnerability 4 nap 23 óra
• USN-4217-1: Samba vulnerabilities 5 nap 37 perc
• USN-4216-1: Firefox vulnerabilities 5 nap 14 óra

HUP - titkosítás, biztonság

• SockPuppet: egy iOS 12.4 kernel exploit kivesézése 2 nap 5 óra
• ProtonCalendar - naptárfunkcióval bővít a ProtonMail szolgáltatója 1 hét 2 nap
• Új Intel CPU-hibák: Zombieload TAA, iITLB Multihit NX, JCC Errata 1 hónap 1 nap
• Az ISP-k ellenzése dacára az összes jelentős internetes böngészőben megjelenik a DNS-over-HTTPS támogatás 1 hónap 3 nap
• Tails 4.0 1 hónap 3 hét
• Tails 4.0 1 hónap 3 hét
• Banki alkalmazások vonták vissza egyelőre ujjlenyomat támogatásukat a Samsung Galaxy S10 ujjlenyomat olvasási bugja miatt 1 hónap 3 hét
• Banki alkalmazások vonták vissza egyelőre ujjlenyomat támogatásukat a Samsung Galaxy S10 ujjlenyomat olvasási bugja miatt 1 hónap 3 hét
• Súlyos (root) sudo sebezhetőség 2 hónap 1 nap
• Súlyos (root) sudo sebezhetőség 2 hónap 1 nap

Kaspersky

• Kaspersky Security Bulletin 2019. Statistics 3 nap 1 óra
• Story of the year 2019: Cities under ransomware siege 4 nap 3 óra
• Windows 0-day exploit CVE-2019-1458 used in Operation WizardOpium 4 nap 17 óra
• APT review: what the world’s threat actors got up to in 2019 1 hét 4 nap
• Corporate security prediction 2020 1 hét 5 nap
• Cybersecurity of connected healthcare 2020: Overview and predictions 1 hét 5 nap
• Cyberthreats to financial institutions 2020: Overview and predictions 1 hét 5 nap
• 5G technology predictions 2020 1 hét 5 nap
• Biometric data processing and storage system threats 1 hét 5 nap
• IT threat evolution Q3 2019. Statistics 2 hét 2 nap

Drupal contrib security advisories

• Webform - Critical - Multiple vulnerabilities - SA-CONTRIB-2019-096 3 nap 17 óra
• Permissions by Term - Moderately critical - Access bypass - SA-CONTRIB-2019-095 3 nap 18 óra
• Modal Page - Moderately critical - Access bypass - SA-CONTRIB-2019-094 3 nap 18 óra
• Taxonomy access fix - Moderately critical - Access bypass - SA-CONTRIB-2019-093 3 nap 18 óra
• Smart Trim - Moderately critical - Cross site scripting - SA-CONTRIB-2019-092 3 nap 19 óra
• Floating Button Menu - Critical - Unsupported - SA-CONTRIB-2019-091 1 hónap 1 nap
• Webform Multiple File Upload - Critical - Unsupported - SA-CONTRIB-2019-090 1 hónap 1 nap
• Commerce Ingenico - Critical - Unsupported - SA-CONTRIB-2019-089 1 hónap 1 nap
• SendinBlue - Critical - Unsupported - SA-CONTRIB-2019-088 1 hónap 1 nap
• Make Meeting Scheduler - Critical - Unsupported - SA-CONTRIB-2019-087 1 hónap 1 nap

Huawei Security Bulletin

• Security Advisory - Information Leakage Vulnerability on Some Huawei Products 4 nap 14 óra
• Security Advisory - Denial of Service Vulnerability on Some Huawei Smartphones 4 nap 14 óra
• Security Advisory - Multiple Vulnerabilities in Some Huawei Products 4 nap 14 óra
• Security Advisory - Information Leak Vulnerability in Huawei CloudUSM-EUA Product 4 nap 14 óra
• Security Advisory - SegmentSmack Vulnerability in Linux Kernel 4 nap 14 óra
• Security Advisory - Information Disclosure Vulnerability in Several Smartphones 4 nap 14 óra
• Security Advisory - Denial of Service Vulnerability in some Huawei Products 1 hét 4 nap
• Security Notice - Statement on Brute Forcing Encrypted Backup Data for Huawei Smartphones 1 hét 4 nap
• Security Advisory - Out-of-bounds Read Vulnerability in Advanced Packages of Gauss100 OLTP Database 1 hét 4 nap
• Security Advisory - Remote Code Execution Vulnerability in Fastjson 1 hét 4 nap

Microsoft Security Response Center Blog Alerts

• December 2019 security updates are available 4 nap 19 óra
• Customer Guidance for the Dopplepaymer Ransomware 3 hét 3 nap
• BlueHat Seattle videos are online! 1 hónap 1 nap
• November 2019 security updates are available! 1 hónap 2 nap
• Using Rust in Windows 1 hónap 1 hét
• Vulnerability hunting with Semmle QL: DOM XSS 1 hónap 1 hét
• Time for day 2 of briefings at BlueHat Seattle! 1 hónap 2 hét
• Welcome to the second stage of BlueHat! 1 hónap 3 hét
• Microsoft Identity Bounty Improvements 1 hónap 3 hét
• Introducing the ElectionGuard Bounty program 1 hónap 3 hét

Symantec - threat

• CL.Downloader!gen130 5 nap 13 óra
• Trojan.Zerocleare 1 hét 3 nap
• POL.B.PSTPowshOffice 1 hét 5 nap
• POL.B.RLPPsexesvc 1 hét 5 nap
• POL.B.PECPsexesvc 1 hét 5 nap
• POL.B.PECMsbuild 1 hét 5 nap
• POL.B.PSTCscriptPdfRd 1 hét 5 nap
• POL.B.PSTWscriptOffic 1 hét 5 nap
• POL.B.PSTMshtaPdfRd 1 hét 5 nap
• POL.B.PSTWscriptPdfRd 1 hét 5 nap

US CERT: Security Bulletins

• Vulnerability Summary for the Week of December 2, 2019 6 nap 2 óra
• Vulnerability Summary for the Week of November 25, 2019 1 hét 6 nap
• Vulnerability Summary for the Week of November 18, 2019 2 hét 6 nap
• Vulnerability Summary for the Week of November 11, 2019 3 hét 6 nap
• Vulnerability Summary for the Week of November 4, 2019 1 hónap 3 nap
• Vulnerability Summary for the Week of October 28, 2019 1 hónap 1 hét
• Vulnerability Summary for the Week of October 21, 2019 1 hónap 2 hét
• Vulnerability Summary for the Week of October 14, 2019 1 hónap 3 hét
• Vulnerability Summary for the Week of October 7, 2019 2 hónap 2 nap
• Vulnerability Summary for the Week of September 30, 2019 2 hónap 1 hét

US CERT: Technical Security Alerts

• AA19-339A: Dridex Malware 1 hét 2 nap
• AA19-290A: Microsoft Ending Support for Windows 7 and Windows Server 2008 R2 1 hónap 4 hét

Arista Security Advisories

• Security Advisory 0045 1 hét 3 nap
• Security Advisory 0044 1 hét 3 nap
• Security Advisory 0043 1 hónap 1 hét
• Security Advisory 0042 2 hónap 6 nap

Cisco Security Advisories

• Cisco DNA Spaces: Connector Command Injection Vulnerability 3 hét 3 nap
• Cisco DNA Spaces: Connector Privilege Escalation Vulnerability 3 hét 3 nap
• Cisco DNA Spaces: Connector SQL Injection Vulnerability 3 hét 3 nap
• Cisco Email Security Appliance MP3 Content Filter Bypass Vulnerability 3 hét 3 nap
• Cisco Email Security Appliance URL Filtering Bypass Vulnerability 3 hét 3 nap
• Cisco IOS XR Software NETCONF Over Secure Shell ACL Bypass Vulnerability 3 hét 3 nap
• Cisco Small Business Routers RV016, RV042, RV042G, and RV082 Information Disclosure Vulnerability 3 hét 3 nap
• Cisco Stealthwatch Enterprise Cross-Site Scripting Vulnerability 3 hét 3 nap
• Cisco Unified Communications Domain Manager Persistent Cross-Site Scripting Vulnerability 3 hét 3 nap
• Cisco Unity Express Command Injection Vulnerability 3 hét 3 nap

CERT-SEI

• VU#125336: Microsoft Office for Mac cannot properly disable XLM macros 1 hónap 1 hét
• VU#766427: Multiple D-Link routers vulnerable to remote command execution 1 hónap 3 hét
• VU#927237: Multiple vulnerabilities in Pulse Secure VPN 1 hónap 4 hét
• VU#763073: iTerm2 with tmux integration is vulnerable to remote command execution 2 hónap 6 nap
• VU#719689: Multiple vulnerabilities found in the Cobham EXPLORER 710 satcom terminal 2 hónap 1 hét
• VU#672565: Exim fails to properly handle peer DN and SNI in TLS handshakes 3 hónap 1 hét

Juniper Security Advisories

• JSA10961 - 2019-10 Security Bulletin: Junos OS: Session fixation vulnerability in J-Web (CVE-2019-0062) 2 hónap 6 nap
• JSA10960 - 2019-10 Security Bulletin: Junos OS: Insecure management daemon (MGD) configuration may allow local privilege escalation (CVE-2019-0061) 2 hónap 6 nap
• JSA10959 - 2019-10 Security Bulletin: Junos OS: SRX Series: flowd process crash due to processing of specific transit IP packets (CVE-2019-0060) 2 hónap 6 nap
• JSA10958 - 2019-10 Security Bulletin: CTPView and CTP Series: Multiple vulnerabilities in CTPView and CTP Series 2 hónap 6 nap
• JSA10957 - 2019-10 Security Bulletin: Junos OS: The routing protocol process (rpd) may crash and generate core files upon receipt of specific valid BGP states from a peered host. (CVE-2019-0059) 2 hónap 6 nap
• JSA10956 - 2019-10 Security Bulletin: Junos OS: SRX Series: A weakness in the Veriexec subsystem may allow privilege escalation. (CVE-2019-0058) 2 hónap 6 nap
• JSA10954 - 2019-10 Security Bulletin: Junos OS: MX Series: An MPC10 Denial of Service (DoS) due to OSPF states transitioning to Down, causes traffic to stop forwarding through the device. (CVE-2019-0056) 2 hónap 6 nap
• JSA10955 - 2019-10 Security Bulletin: NFX Series: An attacker may be able to take control of the JDM application and subsequently the entire system. (CVE-2019-0057) 2 hónap 6 nap
• JSA10952 - 2019-10 Security Bulletin: Junos OS: SRX Series: An attacker may be able to perform Man-in-the-Middle (MitM) attacks during app-id signature updates. (CVE-2019-0054) 2 hónap 6 nap
• JSA10953 - 2019-10 Security Bulletin: Junos OS: SRX Series: An attacker may cause flowd to crash by sending certain valid SIP traffic to a device with SIP ALG enabled. (CVE-2019-0055) 2 hónap 6 nap

Adatbiztonság (Computerworld)

AusCERT - Security Bulletins

Cisco Security Alerts

Cisco Security Responses

Drupal core security advisories

ISC Knowledge Base

Juniper signatures

Microsoft Comprehensive Alerts

Microsoft Security Bulletin

Origo - biztonság -szoftverek

SecurityFocus

Talos Group- Cisco blog