ITSEC News @itsecbot@schleuss.online

#introductions This bot is posting ITSEC related news from all over the web - usually refreshes every few minutes with new stories. If you would like to see more sites included, write to the maintainer @emanuel - you might also be interested in @vulnbot

Critical VMware Zero-Day Bug Allows Command Injection; Patch Pending - VMware explained it has no patch for a critical escalation-of-privileges bug that impacts both Win... https://threatpost.com/vmware-zero-day-patch-pending/161523/ #vmwareworkspaceoneaccess #securityvulnerability #vmwareidentitymanager #privilegeescalation #commandinjection #vulnerabilities #vmwarezero-day #cloudsecurity #cve-2020-4006 #zero-day #0-day

GoDaddy Employees Tricked into Compromising Cryptocurrency Sites - ‘Vishing’ attack on GoDaddy employees gave fraudsters access to cryptocurrency service domains Nic... https://threatpost.com/godaddy-employees-tricked-compromise-cryptocurrency/161520/ #cisa.vishingwarning #socialengineering #securitytraining #vulnerabilities #cryptocurrency #domainregistry #mobileendpoint #websecurity #nicehash #malware #godaddy #phising #vishing #liquid #hacks #vpn

Manchester United versus a “sophisticated” cyber attack - Last Friday, the day before it was scheduled to play a football match against West Bromwich Albion... https://grahamcluley.com/manchester-united-versus-a-sophisticated-cyber-attack/ #manchesterunited #ransomware #football #malware

TA416 APT Rebounds With New PlugX Malware Variant - The TA416 APT has returned in spear phishing attacks against a range of victims - from the Vatican... https://threatpost.com/ta416-apt-plugx-malware-variant/161505/ #advancedpersistentthreatgroup #china-holyseedeal #socialengineering #malwareanalysis #phishingattack #spearphishing #websecurity #proofpoint #diplomats #malware #vatican #golang #loader #hacks #china #plugx #ta416 #apt

FBI Issues Warning of Hackers Spoofing Its Internet Domain - The Federal Bureau of Investigation, or the FBI, has issued a warning about a series of spoofed doma... https://news.softpedia.com/news/fbi-issues-warning-of-hackers-spoofing-its-internet-domain-531599.shtml #security

Spotify Users Hit with Rash of Account Takeovers - Users of the music streaming service were targeted by attackers using credential-stuffing approach... https://threatpost.com/spotify-account-takeovers/161495/ #elasticsearchdatabase #credentialstuffing #spotifycredentials #accounttakeover #musicstreaming #cloudsecurity #passwordreuse #websecurity #cyberattack #vpnmentor #spotify #breach #hacks

Tesla Model X hacked and stolen in minutes using new key fob hack - Tesla is rolling out over-the-air software updates this week to prevent the attack from hijacking ... https://www.zdnet.com/article/tesla-model-x-hacked-and-stolen-in-minutes-using-new-key-fob-hack/#ftag=RSSbaffb68

FBI warns of criminals spoofing its website domain names - The FBI is warning internet users to be on their guard against copycat websites that spoof FBI-rel... https://grahamcluley.com/fbi-warns-of-criminals-spoofing-its-website-domain-names/ #domainname #law&order #phishing #fbi

Manchester United: IT Systems Disrupted in Cyberattack - The popular U.K. soccer club confirmed an attack but said personal fan data remains secure. https://threatpost.com/manchester-united-disrupted-cyberattack/161488/ #manchesterunited #vulnerabilities #cloudsecurity #matchschedule #itdisruption #personaldata #websecurity #cyberattack #oldtrafford #soccerclub #football #malware #fandata #hacks

Cyber is as Much Psychology as it is Technology - Joining us this week is Pierre Noel, managing director for Europe at ISTARI, a company providing g... https://www.recordedfuture.com/podcast-episode-185/ #podcast

Joe Biden Campaign Subdomain Down After Hacktivist Defacement - A Turkish hacktivist defaced a subdomain of the president-elect's campaign website. https://threatpost.com/joe-biden-campaign-website-hacktivist-defacement/161471/ #u.s.presidentialelection #websitedefacement #joebidencampaign #websitesecurity #presidentelect #u.s.government #websecurity #websitehack #hacktivist #joebiden #turkey #hacks

Malware creates scam online stores on top of hacked WordPress sites - The malware gang also poisoned the victims' XML sitemaps with thousands of scammy entries, lowerin... https://www.zdnet.com/article/malware-creates-online-stores-on-top-of-hacked-wordpress-sites/#ftag=RSSbaffb68

CB-K20/1153 - Notes ist eine Groupware Software, die unter anderem auch als E-Mail Programm genutzt wird.
Ein en... https://www.bsi.bund.de/SharedDocs/Warnmeldungen/DE/CB/2020/11/warnmeldung_cb-k20-1153.html

CB-K20/1152 - Opera ist ein Web Browser und E-Mail Client.
Ein entfernter, anonymer Angreifer kann eine Schwachs... https://www.bsi.bund.de/SharedDocs/Warnmeldungen/DE/CB/2020/11/warnmeldung_cb-k20-1152.html

CB-K20/1155 - Domino bietet Unternehmens-E-Mail, sowie Kollaborations-Funktionen und eine Anwendungs-Plattform.
... https://www.bsi.bund.de/SharedDocs/Warnmeldungen/DE/CB/2020/11/warnmeldung_cb-k20-1155.html

CB-K20/1156 - Der Kernel stellt den Kern des Linux Betriebssystems dar.
Ein lokaler Angreifer kann eine Schwachs... https://www.bsi.bund.de/SharedDocs/Warnmeldungen/DE/CB/2020/11/warnmeldung_cb-k20-1156.html

CB-K20/1151 - IBM Spectrum Protect ist eine zentralisierte Backuplösung für Systeme im Netzwerk.
Ein entfernter,... https://www.bsi.bund.de/SharedDocs/Warnmeldungen/DE/CB/2020/11/warnmeldung_cb-k20-1151.html

CB-K20/1154 - Mit Xpdf können PDF-Dokumente betrachtet werden. Dieser PDF-Betrachter ist zudem auch für Microsof... https://www.bsi.bund.de/SharedDocs/Warnmeldungen/DE/CB/2020/11/warnmeldung_cb-k20-1154.html

CB-K20/1150 - Trend Micro ServerProtect bietet Schutz vor Viren, Malware und Spyware.
Ein lokaler Angreifer kann... https://www.bsi.bund.de/SharedDocs/Warnmeldungen/DE/CB/2020/11/warnmeldung_cb-k20-1150.html

CB-K20/1121 Update 3 - PostgreSQL ist eine frei verfügbare Datenbank für unterschiedliche Betriebssysteme.
Ein entfernter... https://www.bsi.bund.de/SharedDocs/Warnmeldungen/DE/CB/2020/11/warnmeldung_cb-k20-1121_update_3.html