Author Topic: SECURITY WARNINGS & Notices - Please post them here  (Read 1771381 times)

0 Members and 15 Guests are viewing this topic.

Offline mchain

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 5382
  • Spartan Warrior
Windows 10 Home 64-bit 1809 Avast Premier Security version 19.7.2388 (build 19.7.4674.524) UI version 1.0.402.  Formerly called Avast Internet Security

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 60681
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5746 on: September 12, 2018, 05:51:08 AM »
Win 8.1 [x64] - Avast PremSec 19.8.2393.B#5 - CC 5.61 - EEK - Firefox ESR 60.9 [NS/AOS/uBO] - TB 68.1 [EM] - ABS/ACP/ASB/ASL.BC
Deutschsprachiger Bereich -> Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 60681
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5747 on: September 13, 2018, 06:03:29 AM »
Theft of Customer Data at British Airways
http://www.iairgroup.com/phoenix.zhtml?c=240949&p=irol-newsArticle_Print&ID=2366426
https://www.britishairways.com/en-gb/information/incident/data-theft/latest-information
A lot in the papers and the news in the UK about this today.  They are already talking about financial penalties, something like a few million or 4% of turnover, whichever is higher and that could be as much as a few £billion. 

Now would be the question where does this financial penalty go ?
I rather doubt it would go towards and fraudulent use of those customers card information, etc.  They may well be able to try and get recovery from the banks for fraudulent use, but why should the banks be held liable or responsible.
380K British Airways transactions compromised in data breach
https://blog.avast.com/british-airways-hack-similar-to-ticketmaster-breach
Win 8.1 [x64] - Avast PremSec 19.8.2393.B#5 - CC 5.61 - EEK - Firefox ESR 60.9 [NS/AOS/uBO] - TB 68.1 [EM] - ABS/ACP/ASB/ASL.BC
Deutschsprachiger Bereich -> Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 81911
  • No support PMs thanks
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5748 on: September 13, 2018, 10:11:09 AM »
Theft of Customer Data at British Airways
http://www.iairgroup.com/phoenix.zhtml?c=240949&p=irol-newsArticle_Print&ID=2366426
https://www.britishairways.com/en-gb/information/incident/data-theft/latest-information
A lot in the papers and the news in the UK about this today.  They are already talking about financial penalties, something like a few million or 4% of turnover, whichever is higher and that could be as much as a few £billion. 

Now would be the question where does this financial penalty go ?
I rather doubt it would go towards and fraudulent use of those customers card information, etc.  They may well be able to try and get recovery from the banks for fraudulent use, but why should the banks be held liable or responsible.
380K British Airways transactions compromised in data breach
https://blog.avast.com/british-airways-hack-similar-to-ticketmaster-breach

Very interesting and scary article.
WinXP ProSP3/ Core2Duo E8300/ 4GB Ram/ avast! free 18.5.2342/ Firefox ESR, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 19.7.2388 (build: 19.7.4674.526)/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ WinPatrol+/

Offline Pondus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 36051
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5749 on: September 15, 2018, 10:54:11 PM »
Security flaw in ‘nearly all’ modern PCs and Macs exposes encrypted data
https://techcrunch.com/2018/09/12/security-flaw-in-nearly-all-modern-pcs-and-macs-leaks-encrypted-data/?guccounter=1


The Chilling Reality of Cold Boot Attacks  >>  https://blog.f-secure.com/cold-boot-attacks/




« Last Edit: September 16, 2018, 01:10:55 PM by Pondus »
Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline Pondus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 36051
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5750 on: September 16, 2018, 12:49:32 PM »
Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 31663
  • malware fighter
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5751 on: September 16, 2018, 02:19:48 PM »
L.S.

Content injection vulnerability via install.php in outdated Duplicator Word-Press plug-in:
Read https://blog.sucuri.net/2018/09/outdated-duplicator-plugin-rce-abused.html
Weakness: https://github.com/vichan-devel/vichan/issues/284
Word Press vuln. https://secure.wphackedhelp.com/blog/wordpress-vulnerabilities-how-to-fix-guide-tools/
The wp-config.php-file should be checked or reinstalled when overwritten through this plug-in hole.

PHP weaknesses and bad word press configuration will facilitate such attacks.
Still loads of WP websites with user enumeration set on enabled and directory listing enabled.
PHP-based Word Press CMS is not for the ill-instructed or n00bs, learn to configure properly and securely.

polonus (volunteer website security analyst and website error-hunter)
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 60681
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Win 8.1 [x64] - Avast PremSec 19.8.2393.B#5 - CC 5.61 - EEK - Firefox ESR 60.9 [NS/AOS/uBO] - TB 68.1 [EM] - ABS/ACP/ASB/ASL.BC
Deutschsprachiger Bereich -> Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline CraigB

  • Avast Überevangelist
  • Serious Graphoman
  • *****
  • Posts: 10898
  • No support PM's thanks
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5753 on: September 21, 2018, 09:07:59 AM »

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 31663
  • malware fighter
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5754 on: September 21, 2018, 02:36:02 PM »
Word Press sites hacked to facilitate help desk fraud. :
https://blog.malwarebytes.com/threat-analysis/2018/09/mass-wordpress-compromises-tech-support-scams/

Scan: https://hackertarget.com/wordpress-security-scan/  and here: https://webhint.io/
PHP installs have an over 78% insecurity. WordPress, Drupal, Joomla and Magenta are PHP-based CMS.

Word Press is a CMS that comes without internal encryption, which makes it more insecure.

Read: https://developers.slashdot.org/story/14/12/31/002253/over-78-of-all-php-installs-are-insecure

Also: https://paragonie.com/blog/2017/12/2018-guide-building-secure-php-software
and https://paragonie.com/blog/2016/08/on-insecurity-popular-open-source-php-cms-platforms

polonus (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 60681
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5755 on: September 22, 2018, 06:50:50 AM »
Win 8.1 [x64] - Avast PremSec 19.8.2393.B#5 - CC 5.61 - EEK - Firefox ESR 60.9 [NS/AOS/uBO] - TB 68.1 [EM] - ABS/ACP/ASB/ASL.BC
Deutschsprachiger Bereich -> Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline mchain

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 5382
  • Spartan Warrior
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5756 on: September 28, 2018, 07:52:49 PM »
A Big Change in Chrome 69 can put you at risk
https://www.komando.com/happening-now/486524/a-big-change-in-chrome-69-can-put-you-at-risk
To view/read relevant information, see topic listed below:
Big change in Chrome's address bar
Follow instructions on how to disable Default settings for chrome://flags/#omnibox-ui-hide-steady-state-url-scheme-and-subdomains

Apparently Avast Secure Browser 69.0 is affected as well.

[EDIT:] ASB may or may not be affected.
« Last Edit: September 28, 2018, 08:02:40 PM by mchain »
Windows 10 Home 64-bit 1809 Avast Premier Security version 19.7.2388 (build 19.7.4674.524) UI version 1.0.402.  Formerly called Avast Internet Security

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 41489
  • 59 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5757 on: September 28, 2018, 11:08:41 PM »
A Big Change in Chrome 69 can put you at risk
https://www.komando.com/happening-now/486524/a-big-change-in-chrome-69-can-put-you-at-risk
To view/read relevant information, see topic listed below:
Big change in Chrome's address bar
Follow instructions on how to disable Default settings for chrome://flags/#omnibox-ui-hide-steady-state-url-scheme-and-subdomains

Apparently Avast Secure Browser 69.0 is affected as well.

[EDIT:] ASB may or may not be affected.
I personally have also applied that recommended change in the Avast Secure Browser.
Better safe than sorry. :)
Free avast! Security Seminar: https://goo.gl/kh3cqR  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 10 Pro v1903 64bit, 8 Gig Ram, AvastFree 19.6.xxxx, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 60681
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Win 8.1 [x64] - Avast PremSec 19.8.2393.B#5 - CC 5.61 - EEK - Firefox ESR 60.9 [NS/AOS/uBO] - TB 68.1 [EM] - ABS/ACP/ASB/ASL.BC
Deutschsprachiger Bereich -> Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 60681
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Win 8.1 [x64] - Avast PremSec 19.8.2393.B#5 - CC 5.61 - EEK - Firefox ESR 60.9 [NS/AOS/uBO] - TB 68.1 [EM] - ABS/ACP/ASB/ASL.BC
Deutschsprachiger Bereich -> Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0