Sources

Ubuntu Secutity Notices

• USN-4533-1: LTSP Display Manager vulnerabilities 7 óra 23 perc
• USN-4532-1: Netty vulnerabilities 11 óra 11 perc
• USN-4530-1: Debian-LAN vulnerabilities 11 óra 26 perc
• USN-4531-1: BusyBox vulnerability 13 óra 28 perc
• USN-4529-1: FreeImage vulnerabilities 14 óra 43 perc
• USN-4528-1: Ceph vulnerabilities 16 óra 8 perc
• USN-4526-1: Linux kernel vulnerabilities 1 nap 23 perc
• USN-4527-1: Linux kernel vulnerabilities 1 nap 40 perc
• USN-4525-1: Linux kernel vulnerabilities 1 nap 3 óra
• USN-4524-1: TNEF vulnerabilities 1 nap 4 óra

US CERT: Current Activity

• Mozilla Releases Security Updates for Firefox and Firefox ESR 7 óra 34 perc
• Mozilla Releases Security Updates for Firefox and Firefox ESR 7 óra 50 perc
• Google Releases Security Updates for Chrome 13 óra 38 perc
• Samba Releases Security Update for CVE-2020-1472 1 nap 8 óra
• CISA Releases Emergency Directive on Microsoft Windows Netlogon Remote Protocol 4 nap 1 óra
• CERT/CC Releases Information on Critical Vulnerability in Microsoft Windows Netlogon Remote Protocol 5 nap 13 óra
• Drupal Releases Security Updates 5 nap 13 óra
• Apple Releases Security Updates 5 nap 13 óra
• Adobe Releases Security Update for Media Encoder 6 nap 11 óra
• Iran-Based Threat Actor Exploits VPN Vulnerabilities 1 hét 13 óra

NVD: all CVE

• CVE-2020-25514 9 óra 10 perc
• CVE-2020-25515 9 óra 10 perc
• CVE-2020-14022 9 óra 10 perc
• CVE-2020-14023 9 óra 10 perc
• CVE-2020-14024 9 óra 10 perc
• CVE-2020-14025 9 óra 10 perc
• CVE-2020-14026 9 óra 10 perc
• CVE-2020-14027 9 óra 10 perc
• CVE-2020-14028 9 óra 10 perc
• CVE-2020-14031 9 óra 10 perc

seclist.org

• Google's osconfig agent - local privilege escalation 9 óra 33 perc
• [CVE-2020-25203] Frame Preview "com.framer.viewer.FramerViewActivity" Arbitrary URL Loading 9 óra 41 perc
• Visitor Management System in PHP 1.0 - Unauthenticated Stored XSS 9 óra 48 perc
• Visitor Management System in PHP 1.0 - Authenticated SQL Injection 9 óra 48 perc
• Seat Reservation System 1.0 Unauthenticated SQL Injection (CVE-2020-25762) 9 óra 48 perc
• Seat Reservation System 1.0 Unauthenticated Remote Code Execution (CVE-2020-25763) 9 óra 48 perc
• APPLE-SA-2020-09-16-5 Xcode 12.0 4 nap 10 óra
• APPLE-SA-2020-09-16-4 watchOS 7.0 4 nap 10 óra
• APPLE-SA-2020-09-16-3 Safari 14.0 4 nap 10 óra
• APPLE-SA-2020-09-16-2 tvOS 14.0 4 nap 10 óra

Linux security Advisories

• SUSE: 2020:2713-1 moderate: ovmf> 9 óra 55 perc
• openSUSE: 2020:1506-1: moderate: lilypond> 9 óra 56 perc
• openSUSE: 2020:1505-1: moderate: libetpan> 9 óra 58 perc
• openSUSE: 2020:1502-1: important: perl-DBI> 9 óra 59 perc
• SUSE: 2020:2712-1 moderate: openldap2> 10 óra 2 perc
• SUSE: 2020:2710-1 important: rubygem-actionpack-5_1> 10 óra 4 perc
• openSUSE: 2020:1501-1: moderate: libqt4> 13 óra 4 perc
• openSUSE: 2020:1499-1: important: chromium> 16 óra 10 perc
• openSUSE: 2020:1500-1: moderate: libqt4> 16 óra 11 perc
• RedHat: RHSA-2020-3810:01 Moderate: kernel-rt security and bug fix update> 16 óra 31 perc

US CERT: Technical Security Alerts

• AA20-266A: LokiBot Malware 12 óra 26 perc
• AA20-259A: Iran-Based Threat Actor Exploits VPN Vulnerabilities 1 hét 11 óra
• AA20-258A: Chinese Ministry of State Security-Affiliated Cyber Threat Actor Activity 1 hét 1 nap
• AA20-245A: Technical Approaches to Uncovering and Remediating Malicious Activity 3 hét 14 óra
• AA20-239A: FASTCash 2.0: North Korea's BeagleBoyz Robbing Banks 3 hét 6 nap
• AA20-227A: Phishing Emails Used to Deploy KONNI Malware 1 hónap 1 hét
• AA20-225A: Malicious Cyber Actor Spoofing COVID-19 Loan Relief Webpage via Phishing Emails 1 hónap 1 hét
• AA20-209A: Potential Legacy Risk from Malware Targeting QNAP NAS Devices 1 hónap 3 hét
• AA20-206A: Threat Actor Exploitation of F5 BIG-IP CVE-2020-5902 2 hónap 16 óra
• AA20-205A: NSA and CISA Recommend Immediate Actions to Reduce Exposure Across Operational Technologies and Control Systems 2 hónap 1 nap

NVD: fully analised CVE

• CVE-2020-4619 (data_risk_manager) 13 óra 11 perc
• CVE-2020-4620 (data_risk_manager) 13 óra 11 perc
• CVE-2020-4621 (data_risk_manager) 13 óra 11 perc
• CVE-2020-4622 (data_risk_manager) 13 óra 11 perc
• CVE-2020-4611 (data_risk_manager) 13 óra 11 perc
• CVE-2020-4612 (data_risk_manager) 13 óra 11 perc
• CVE-2020-4613 (data_risk_manager) 13 óra 11 perc
• CVE-2020-4614 (data_risk_manager) 13 óra 11 perc
• CVE-2020-4615 (data_risk_manager) 13 óra 11 perc
• CVE-2020-4616 (data_risk_manager) 13 óra 11 perc

SANS

• ISC Stormcast For Tuesday, September 22nd 2020 https://isc.sans.edu/podcastdetail.html?id=7176, (Tue, Sep 22nd) 1 nap 1 óra
• Slightly broken overlay phishing, (Mon, Sep 21st) 1 nap 16 óra
• ISC Stormcast For Monday, September 21st 2020 https://isc.sans.edu/podcastdetail.html?id=7174, (Mon, Sep 21st) 2 nap 1 óra
• Analysis of a Salesforce Phishing Emails, (Sun, Sep 20th) 2 nap 7 óra
• A Mix of Python & VBA in a Malicious Word Document, (Fri, Sep 18th) 4 nap 21 óra
• ISC Stormcast For Friday, September 18th 2020 https://isc.sans.edu/podcastdetail.html?id=7172, (Fri, Sep 18th) 5 nap 1 óra
• Suspicious Endpoint Containment with OSSEC, (Thu, Sep 17th) 5 nap 21 óra
• ISC Stormcast For Thursday, September 17th 2020 https://isc.sans.edu/podcastdetail.html?id=7170, (Thu, Sep 17th) 6 nap 56 perc
• Do Vulnerabilities Ever Get Old? Recent "Mirai" Variant Scanning for 20 Year Old Amanda Version?, (Wed, Sep 16th) 6 nap 12 óra
• ISC Stormcast For Wednesday, September 16th 2020 https://isc.sans.edu/podcastdetail.html?id=7168, (Wed, Sep 16th) 1 hét 1 óra

US CERT: Security Bulletins

• Vulnerability Summary for the Week of September 14, 2020 1 nap 16 óra
• Vulnerability Summary for the Week of September 7, 2020 1 hét 1 nap
• Vulnerability Summary for the Week of August 31, 2020 2 hét 1 nap
• Vulnerability Summary for the Week of August 24, 2020 3 hét 1 nap
• Vulnerability Summary for the Week of August 17, 2020 4 hét 1 nap
• Vulnerability Summary for the Week of August 10, 2020 1 hónap 6 nap
• Vulnerability Summary for the Week of August 3, 2020 1 hónap 1 hét
• Vulnerability Summary for the Week of July 27, 2020 1 hónap 2 hét
• Vulnerability Summary for the Week of July 20, 2020 1 hónap 3 hét
• Vulnerability Summary for the Week of July 13, 2020 2 hónap 4 nap

Talos Group- Cisco blog

• Threat Roundup for September 11 to September 18 4 nap 7 óra
• Threat Roundup for September 4 to September 11 1 hét 4 nap
• Threat Roundup for August 28 to September 4 2 hét 4 nap
• Salfram: Robbing the place without removing your name tag 2 hét 5 nap
• Threat Roundup for August 21 to August 27 3 hét 5 nap
• Threat Roundup for August 14 to August 21 1 hónap 2 nap
• Threat Roundup for August 7 to August 14 1 hónap 1 hét
• Attribution: A Puzzle 1 hónap 1 hét
• Barbervisor: Journey developing a snapshot fuzzer with Intel VT-x 1 hónap 1 hét
• Threat Roundup for July 31 to August 7 1 hónap 2 hét

Cisco Security Advisories

• Cisco Content Security Management Appliance and Cisco Email Security Appliance Information Disclosure Vulnerability 4 nap 9 óra
• Cisco Email Security Appliance, Cisco Content Security Management Appliance, and Cisco Web Security Appliance Information Disclosure Vulnerability 2 hét 6 nap
• Cisco Webex Meetings Client for Windows, Webex Meetings Desktop App, and Webex Teams Information Disclosure Vulnerability 2 hét 6 nap
• Cisco Webex Training Unauthorized Meeting Join Vulnerability 2 hét 6 nap
• Cisco Email Security Appliance Information Disclosure Vulnerability 2 hét 6 nap
• Cisco Email Security Appliance Denial of Service Vulnerability 2 hét 6 nap
• Cisco FXOS Software Buffer Overflow Vulnerability 2 hét 6 nap
• Cisco IOS XR Software Authenticated User Privilege Escalation Vulnerability 2 hét 6 nap
• Cisco IOS XR Authenticated User Privilege Escalation Vulnerability 2 hét 6 nap
• Cisco Jabber for Windows Universal Naming Convention Link Handling Vulnerability 2 hét 6 nap

Huawei Security Bulletin

• Security Notice – Statement on the Media Reports About the Suspected Security Issues in HiSilicon Video Surveillance Chips 6 nap 5 óra
• Security Advisory - Multiple Vulnerabilities in Some Huawei Products 1 hét 5 óra
• Security Advisory - Buffer Overflow Vulnerability in Some Huawei Products 1 hét 5 óra
• Security Advisory - Insufficient Input Validation Vulnerability in Some Huawei Products 1 hét 5 óra
• Security Advisory - Multiple Vulnerabilities in Some Huawei Products 1 hét 5 óra
• Security Advisory - Use-after-free Vulnerability in Some Huawei Smart Phone 1 hét 5 óra
• Security Advisory - MITM Vulnerability on Huawei Share 2 hét 5 óra
• Security Advisory - Privilege Escalation Vulnerability in Some Huawei Products 2 hét 5 óra
• Security Advisory - Improper Authentication Vulnerability in Smartphones 2 hét 5 óra
• Security Advisory - Information Leak Vulnerability in Huawei Smartphone 2 hét 5 óra

CERT-SEI

• VU#490028: Microsoft Windows Netlogon Remote Protocol (MS-NRPC) uses insecure AES-CFB8 initialization vector 6 nap 10 óra
• VU#896979: IPTV encoder devices contain multiple vulnerabilities 1 hét 9 óra
• VU#589825: Devices supporting Bluetooth BR/EDR and LE using CTKD are vulnerable to key overwrite 1 hét 6 nap
• VU#221785: Diebold Nixdorf ProCash 2100xe USB ATM does not adequately secure communications between CCDM and host 1 hónap 3 nap
• VU#815655: NCR SelfServ ATM BNA contains multiple vulnerabilities 1 hónap 3 nap
• VU#116713: NCR SelfServ ATM dispenser software contains multiple vulnerabilities 1 hónap 3 nap
• VU#174059: GRUB2 bootloader is vulnerable to buffer overflow 1 hónap 3 hét
• VU#127371: iOS, iPadOS, tvOS, watchOS, and macOS contain a double-free vulnerability in the XNU kernel lio_listio() function 2 hónap 2 hét
• VU#290915: F5 BIG-IP contains multiple vulnerabilities including unauthenticated remote command execution 2 hónap 2 hét
• VU#576779: Netgear httpd upgrade_check.cgi stack buffer overflow 2 hónap 4 hét

Drupal core security advisories

• Drupal core - Moderately critical - Information disclosure - SA-CORE-2020-011 6 nap 10 óra
• Drupal core - Moderately critical - Access bypass - SA-CORE-2020-008 6 nap 10 óra
• Drupal core - Moderately critical - Cross-site scripting - SA-CORE-2020-010 6 nap 10 óra
• Drupal core - Critical - Cross-site scripting - SA-CORE-2020-009 6 nap 11 óra
• Drupal core - Moderately critical - Cross-site scripting - SA-CORE-2020-007 6 nap 11 óra
• Drupal core - Less critical - Access bypass - SA-CORE-2020-006 3 hónap 1 hét
• Drupal core - Critical - Arbitrary PHP code execution - SA-CORE-2020-005 3 hónap 1 hét
• Drupal core - Critical - Cross Site Request Forgery - SA-CORE-2020-004 3 hónap 1 hét

Kaspersky

• An overview of targeted attacks and APTs on Linux 1 hét 5 nap
• Digital Education: The cyberrisks of the online classroom 2 hét 4 nap
• IT threat evolution Q2 2020. Mobile statistics 2 hét 5 nap
• IT threat evolution Q2 2020. PC statistics 2 hét 5 nap
• IT threat evolution Q2 2020 2 hét 5 nap
• Operation PowerFall: CVE-2020-0986 and variants 2 hét 6 nap
• Transparent Tribe: Evolution analysis,part 2 3 hét 6 nap
• Lifting the veil on DeathStalker, a mercenary triumvirate 4 hét 1 nap
• Transparent Tribe: Evolution analysis,part 1 1 hónap 3 nap
• CactusPete APT group’s updated Bisonal backdoor 1 hónap 1 hét

Arista Security Advisories

• Security Advisory 0051 1 hét 6 nap
• Security Advisory 0050 1 hét 6 nap
• Security Advisory 0049 3 hónap 3 hét

HUP - titkosítás, biztonság

• Tails 4.10 3 hét 6 nap
• 15 éves a ZDI Bug Bounty programja 1 hónap 3 nap
• A Rust és a Clang/LLVM mostantól támogatja a Windows Control Flow Guard-ot 1 hónap 6 nap
• Check Point Research: a Qualcomm Snapdragon chipjének több mint 400 sebezhetősége fenyegetés a mobiltelefonhasználatra világszerte 1 hónap 2 hét
• A The Linux Foundation bejelentette az Open Source Security Foundation létrejöttét; a Microsoft, GitHub alapító tagként csatlakozott hozzá 1 hónap 2 hét
• Laptopom webkameráját biztonsági/privacy okokból ... 1 hónap 2 hét
• P0: Egy bájt mind felett ... 1 hónap 3 hét
• A BadPower támadás nyomán a gyorstöltőd akár fel is gyújthatja az eszközödet 2 hónap 3 nap
• Meghackelték a Apple és számos ismert ember, vállalat Twitter fiókját, hogy kriptovaluta spam-et terjesszenek 2 hónap 1 hét
• Megérkezett az első exploit a SIGRed-hez? 2 hónap 1 hét

Drupal contrib security advisories

• Group - Moderately critical - Information disclosure - SA-CONTRIB-2020-033 1 hónap 2 hét
• Group - Moderately critical - Information disclosure - SA-CONTRIB-2020-032 1 hónap 2 hét
• Hostmaster (Aegir) - Moderately critical - Access bypass, Arbitrary code execution - SA-CONTRIB-2020-031 1 hónap 3 hét
• Group - Critical - Information Disclosure - SA-CONTRIB-2020-030 1 hónap 3 hét
• Modal Form - Critical - Access bypass - SA-CONTRIB-2020-029 2 hónap 2 nap
• Apigee Edge - Moderately critical - Access bypass - SA-CONTRIB-2020-028 2 hónap 2 nap
• Easy Breadcrumb - Moderately critical - Cross site scripting - SA-CONTRIB-2020-027 2 hónap 2 nap
• Renderkit - Less critical - Access bypass - SA-CONTRIB-2020-026 2 hónap 3 hét
• Internationalization - Moderately critical - Cross site scripting - SA-CONTRIB-2020-025 3 hónap 1 hét
• Open ReadSpeaker - Moderately critical - Cross site scripting - SA-CONTRIB-2020-024 3 hónap 2 hét

Sophos virus alerts

• Troj/Steal-AFM 1 hónap 4 hét
• Troj/TeslaAg-VD 1 hónap 4 hét
• Troj/TeslaAg-VE 1 hónap 4 hét
• Troj/TeslaAg-VF 1 hónap 4 hét
• Troj/TeslaAg-VG 1 hónap 4 hét
• Troj/TeslaAg-VI 1 hónap 4 hét
• Troj/Trikbot-GL 1 hónap 4 hét
• Troj/Zbot-PDC 1 hónap 4 hét
• VBS/DwnLdr-AAED 1 hónap 4 hét
• Troj/Steal-AFL 1 hónap 4 hét

Juniper Security Advisories

• JSA11040 - 2020-07 Security Bulletin: Junos OS: Kernel crash (vmcore) or FPC crash due to mbuf leak (CVE-2020-1653) 2 hónap 2 hét
• JSA11036 - 2020-07 Security Bulletin:Junos OS: MX Series: PFE crash on MPC7/8/9 upon receipt of small fragments requiring reassembly (CVE-2020-1649) 2 hónap 2 hét
• JSA11041 - 2020-07 Security Bulletin: Junos OS: MX Series: PFE crash on MPC7/8/9 upon receipt of large packets requiring fragmentation (CVE-2020-1655) 2 hónap 2 hét
• JSA11032 - 2020-07 Security Bulletin: Junos OS and Junos OS Evolved: RPD crash due to specific BGP UPDATE packets (CVE-2020-1644) 2 hónap 2 hét
• JSA11033 - 2020-07 Security Bulletin: Junos OS and Junos OS Evolved: RPD crash while processing a specific BGP update information. (CVE-2020-1646) 2 hónap 2 hét
• JSA11031 - 2020-07 Security Bulletin: Junos OS: SRX Series: processing a malformed HTTP message when ICAP redirect service is enabled may can lead to flowd process crash or remote code execution (CVE-2020-1654) 2 hónap 2 hét
• JSA11030 - 2020-07 Security Bulletin: Junos OS: RPD crash when executing specific "show ospf interface" commands from the CLI with OSPF authentication configured (CVE-2020-1643) 2 hónap 2 hét
• JSA11028 - 2020-07 Security Bulletin: Junos OS: MX Series: Services card might restart when DNS filtering is enabled (CVE-2020-1645) 2 hónap 2 hét
• JSA11026 - 2020-07 Security Bulletin: Junos OS: NFX150: Multiple vulnerabilities in BIOS firmware (INTEL-SA-00241) 2 hónap 2 hét
• JSA11027 - 2020-07 Security Bulletin: Junos OS: A race condition on receipt of crafted LLDP packets leads to a memory leak and an LLDP crash. (CVE-2020-1641) 2 hónap 2 hét

Adatbiztonság (Computerworld)

AusCERT - Security Bulletins

Cisco Security Alerts

Cisco Security Responses

ISC Knowledge Base

Juniper signatures

Microsoft Comprehensive Alerts

Microsoft Security Bulletin

Microsoft Security Response Center Blog Alerts

Origo - biztonság -szoftverek

SecurityFocus

Symantec - threat