ITSEC News @itsecbot@schleuss.online

#introductions This bot is posting ITSEC related news from all over the web - usually refreshes every few minutes with new stories. If you would like to see more sites included, write to the maintainer @emanuel - you might also be interested in @vulnbot

CB-K18/1163 Update 13 - Firefox ist ein Open Source Web Browser. ESR ist die Variante mit verlängertem Support.
Ein entfer... more: https://www.bsi.bund.de/SharedDocs/Warnmeldungen/DE/CB/2019/04/warnmeldung_cb-k18-1163_update_13.html

CB-K19/0273 Update 1 - Libvirt ist eine Bibliothek, die Schnittstellen zu den Virtualisierungsfunktionen von Linux anbiet... more: https://www.bsi.bund.de/SharedDocs/Warnmeldungen/DE/CB/2019/04/warnmeldung_cb-k19-0273_update_1.html

CB-K19/0174 Update 2 - Die GNU libc ist die Basis C Bibliothek unter Linux sowie anderen Unix-Betriebssystemen, welche di... more: https://www.bsi.bund.de/SharedDocs/Warnmeldungen/DE/CB/2019/04/warnmeldung_cb-k19-0174_update_2.html

CB-K19/0251 Update 3 - Libvirt ist eine Bibliothek, die Schnittstellen zu den Virtualisierungsfunktionen von Linux anbiet... more: https://www.bsi.bund.de/SharedDocs/Warnmeldungen/DE/CB/2019/04/warnmeldung_cb-k19-0251_update_3.html

Security is Simple as 1, 2, 3 - Keeping an organization’s IT assets secure in this day and age is a challenge.  The sands of the in... more: https://feeds.feedblitz.com/~/600885568/0/alienvault-blogs~Security-is-Simple-as

Adblock Plus filters can be abused to execute malicious code in browsing sessions - The vendor was not aware of the problem until public disclosure. more: https://www.zdnet.com/article/adblock-plus-filters-can-be-abused-by-hackers-to-execute-malware/#ftag=RSSbaffb68

Google’s location history data shared routinely with police - Law enforcement officials in the US have been routinely mining Google’s location history data for ... more: https://nakedsecurity.sophos.com/2019/04/16/police-cast-wide-search-net-with-googles-sensorvault-location-data/ #locationhistorydata #locationhistory #sensorvault #law&order #uspolice #privacy #google #police

US feds’ names, home and email addresses hacked and posted online - A group of hackers that doxxed thousands of federal law enforcement employees last week has struck... more: https://nakedsecurity.sophos.com/2019/04/16/fbi-national-academy-associates-hackers-strike-twice-more/ #fbinationalacademyassociates #fbinationalacademy #nationstatehacking #securitythreats #law&order #malware #botnets #botnet #hacker #fbi

Watch out! Don’t fall for the Instagram ‘Nasty List’ phishing attack - Instagram users have been receiving odd messages from followers expressing shock that their accoun... more: https://nakedsecurity.sophos.com/2019/04/16/watch-out-dont-fall-for-the-instagram-nasty-list-phishing-attack/ #credentialstuffing #securitythreats #socialnetworks #phishingattack #accounthijack #instagram #nastylist #2fa

Kaspersky Discovers Windows Zero-Day That Gives Hackers Full Control of Your PC - One of the security vulnerabilities that Microsoft resolved on April 9 as part of this month’s Patch... more: https://news.softpedia.com/news/kaspersky-discovers-windows-zero-day-that-gives-hackers-full-control-of-your-pc-525685.shtml #security

Security weakness in popular VPN clients - Numerous enterprise VPN clients could be vulnerable to a potentially serious security weakness tha... more: https://nakedsecurity.sophos.com/2019/04/16/security-weakness-in-popular-vpn-clients/ #securitythreats #vulnerability #f5networks #paloalto #privacy #cert/cc #us-cert #cisco #cert #vpn

Police Wanted to (But Couldn’t) Break into User’s Password Manager - Backdoors bundled into software and hardware products sold in the United States have always been a c... more: https://news.softpedia.com/news/police-wanted-to-but-couldn-t-break-into-user-s-password-manager-525684.shtml #security

Adobe Flash security tool Flashmingo debuts in open source community - Flashmingo can be used to automatically search for Flash vulnerabilities and weaknesses. more: https://www.zdnet.com/article/security-tool-for-flash-flashmingo-released-to-open-source-community/#ftag=RSSbaffb68

Scranos rootkit expands operations from China to the rest of the world - Rise of new multi-functional rootkit-backdoor-infostealer-adware strain worries researchers. more: https://www.zdnet.com/article/scranos-rootkit-expands-operations-from-china-to-the-rest-of-the-world/#ftag=RSSbaffb68

Command & Control: Ares - In this article, we will learn how to use Ares tool. This tool performs the Command and Control ov... more: https://www.hackingarticles.in/command-control-ares/ #redteaming

Mozilla wants Apple to change users' iPhone advertiser ID every month - Change will make it harder for advertisers to build exhaustive profiles on iOS users. more: https://www.zdnet.com/article/mozilla-wants-apple-to-change-users-iphone-advertiser-id-every-month/#ftag=RSSbaffb68

Experts: Breach at IT Outsourcing Giant Wipro - Indian information technology (IT) outsourcing and consulting giant Wipro Ltd. [NYSE:WIT] is investi... more: https://krebsonsecurity.com/2019/04/experts-breach-at-it-outsourcing-giant-wipro/ #wiprodatabreach #databreaches

5 Steps for Reducing Risk From Leaked Credentials - Leaked credential dumps make the news every month. Each credential leak seems to be larger than the ... more: https://www.recordedfuture.com/leaked-credentials-risk/ #cyberthreatintelligence

TicTocTrack Smartwatch Flaws Can Be Abused to Track Kids - A popular Australian smartwatch's tracking capabilities expose its user's locations, personal data... more: https://threatpost.com/tictoctrack-smartwatch-flaws-track-kids/143791/ #childrensmartwatch #ticktocktrack #vulnerability #dataexposure #websecurity #iotsecurity #smartwatch #privacy #gator #patch #iot

Fake Instagram Apps on Google Play Harvest User Logins - The apps, which claim to help users rack up followers, are well-rated and have been downloaded ten... more: https://threatpost.com/fake-instagram-apps-google-play/143786/ #credentialharvesting #instagramfollowers #fakeinstagramapps #mobilesecurity #maliciousapps #googleplay