Author Topic: SECURITY WARNINGS & Notices - Please post them here  (Read 1829950 times)

0 Members and 22 Guests are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 31947
  • malware fighter
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5730 on: August 17, 2018, 01:47:42 PM »
23 security extensions removed from firefox: https://blocked.cdn.mozilla.net/96b2e7d5-d4e4-425e-b275-086dc7ccd6ad.html

Extensions were Web Security and also from the same group of developers Browser Security, Browser Privacy and Browser Safety, also YouTube MP3 Converter, Dirty Little Helpers & Video Downloader.

Extensions were blocked because they could send certain browser user data to remote servers, also remote code could be executed inside the browser.

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 31947
  • malware fighter
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5731 on: August 17, 2018, 02:18:10 PM »
Impact of the so-called foreshadowing flaw inside Intel processors.

What was not discussed is the impact of the foreshadowing bug for future developments for cryptocurrency:
https://www.coindesk.com/what-intels-foreshadow-flaw-means-for-the-future-of-cryptocurrency/

Moxie Marlinspike's MobilCoin project with SGX in a prominent role, now should be postponed for the time being.
That is a bad thing for an initiative that tries to create a more eco-friendly alternative to gigantic energy-consuming "mining".  SGX as  a new a new way of saving private keys now is put on hold for a while.

It is a good thing a fix for that particular flaw was ready by Intel a few months before the flaw was openly disclosed, but as the mitigation and patches are slow to be implemented overall, we still will be confronted with a vulnerable infrastructure for quite some time.

"Trusted hardware". We have to wait a while when we can talk about real "trusted hardware" again.
Root causes for such problems are big commerce with almost murderous processor competition.

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 31947
  • malware fighter
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5732 on: August 22, 2018, 11:54:24 AM »
Gaping Ghostscript hole let attackers perform commands remotely!
Re: http://openwall.com/lists/oss-security/2018/08/21/2
Read: https://www.kb.cert.org/vuls/id/332928

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Pondus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 36300
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5733 on: August 22, 2018, 11:59:44 AM »
Explorer (IE) vulnerability > CVE-2018-8373
https://blog.trendmicro.com/trendlabs-security-intelligence/use-after-free-uaf-vulnerability-cve-2018-8373-in-vbscript-engine-affects-internet-explorer-to-run-shellcode/


" Internet Explorer 11 is not vulnerable since VBScript in Windows 10 Redstone 3 (RS3) has been effectively disabled by default."



“Ah beer. The cause of and the solution to all of life’s problems.”

"Operator! Give me the number for 911!"

Offline mchain

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 5408
  • Spartan Warrior
Windows 10 Home 64-bit 1809 Avast Premier Security version 19.8.2393 (build 19.8.4793.541) UI version 1.0.415.  Current version is back to Avast Internet Security.

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 31947
  • malware fighter
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5735 on: August 24, 2018, 06:03:39 PM »
Mirai-malware now also came to Android systems thanks to Aboriginal Linux:
https://www.symantec.com/blogs/threat-intelligence/mirai-cross-platform-infection.

The ease of a cross-platform broad compilation software malware.
Not only comfort for developers, also for the sneaky cyber-malcreant.

All can be tested under QUEMU, so also a real testbed for the cyber-criminal.

Project: https://github.com/landley/aboriginal

Easy peasy mirai everywhere.

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 31947
  • malware fighter
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5736 on: August 25, 2018, 02:55:01 PM »
On JavaScript projects with a 1 in 2 vulnerablity score:
https://www.theregister.co.uk/2018/08/22/npm_vulnerability_scanner/

Probably known from all I report via volunteer website security scanning and detected retirable jQuery code (also via SNYK)
and the JavaScript unpacker error reports I file there quite regularly.

JavaScript, it never became really secure since it came out first time in the previous century.

Block it using a combination of uMatrix and uBlock Origin or any other 3rd party script blocker (NoScrip[t) etc.

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 61835
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Win 8.1 [x64] - Avast PremSec 19.9.2394.B#1 - CC 5.63 - EEK - Firefox ESR 68.3 [NS/AOS/uBO] - Thunderbird 68.3 [EM] - ACP/ASL.BC
Deutschsprachiger Bereich -> Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 61835
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5738 on: August 26, 2018, 03:22:56 PM »
Security updates available for Adobe Photoshop CC | APSB18-28
https://helpx.adobe.com/security/products/photoshop/apsb18-28.html
Win 8.1 [x64] - Avast PremSec 19.9.2394.B#1 - CC 5.63 - EEK - Firefox ESR 68.3 [NS/AOS/uBO] - Thunderbird 68.3 [EM] - ACP/ASL.BC
Deutschsprachiger Bereich -> Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 31947
  • malware fighter
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5739 on: August 28, 2018, 03:22:21 PM »
New gaping zero-day hole in Windows 10
Read: https://www.kb.cert.org/vuls/id/906424

Wait for the patch scheduled for the coming next patch round

Quote
Work around for the time being is: As the implementation is open source, so one can block this leak with:

icacls c:\windows\tasks /remove:g "Authenticated Users"
icacls c:\windows\tasks /deny system:(OI)(CI)(WD,WDAC)

Warning, this will block system rights to write unto your tasks and removes authenticated user rights in the tasks folder. This could possibly affect the functioning of planned tasks. In a short test everything worked still fine.
Info credits for this temp. fix go to Tweaker.net's Karsten88

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 31947
  • malware fighter
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5740 on: August 31, 2018, 04:13:50 PM »
PHP-based content management software is a continuous risk to use on websites like magento, WordPress etc.
Not everybody will fully patch, update, upgrade or configurate it properly, putting not only themselves but also others at risk.
"PEBKAC" mainly.

MagentoCore skimmer malware threats many Magento webshops:  
Approx. 7300 webshops hacked so far!
Read:
https://gwillem.gitlab.io/2018/08/30/magentocore.net_skimmer_most_aggressive_to_date/
Also here: https://twitter.com/gwillem/status/1035119660277096448

So scan your shop's CMS at https://www.magereport.com/

polonus (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 31947
  • malware fighter
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5741 on: September 06, 2018, 01:45:32 PM »
390.000 websites vulnerable world-wide according to the Vladimir Smitka scan:
https://lynt.cz/blog/global-scan-exposed-git

Hand your website code to a hacker and he/she can get at sensitive data all sorts
or what is secure code to-day may be vulnerable and hackable code to-morrow.

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Pondus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 36300
“Ah beer. The cause of and the solution to all of life’s problems.”

"Operator! Give me the number for 911!"

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 61835
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Win 8.1 [x64] - Avast PremSec 19.9.2394.B#1 - CC 5.63 - EEK - Firefox ESR 68.3 [NS/AOS/uBO] - Thunderbird 68.3 [EM] - ACP/ASL.BC
Deutschsprachiger Bereich -> Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 82283
  • No support PMs thanks
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5744 on: September 07, 2018, 06:47:20 PM »
Theft of Customer Data at British Airways
http://www.iairgroup.com/phoenix.zhtml?c=240949&p=irol-newsArticle_Print&ID=2366426
https://www.britishairways.com/en-gb/information/incident/data-theft/latest-information

A lot in the papers and the news in the UK about this today.  They are already talking about financial penalties, something like a few million or 4% of turnover, whichever is higher and that could be as much as a few £billion. 

Now would be the question where does this financial penalty go ?
I rather doubt it would go towards and fraudulent use of those customers card information, etc.  They may well be able to try and get recovery from the banks for fraudulent use, but why should the banks be held liable or responsible.
WinXP ProSP3/ Core2Duo E8300/ 4GB Ram/ avast! free 18.5.2342/ Firefox ESR, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security
Windows 10 Home 1909 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 19.8.2393 (build 19.8.4793.544) UI-1.0.415/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ WinPatrol+/