Author Topic: SECURITY WARNINGS & Notices - Please post them here  (Read 1624728 times)

0 Members and 1 Guest are viewing this topic.

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 58113
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5775 on: November 16, 2018, 03:32:07 PM »
Security risk on AMP for WP – Accelerated Mobile Pages Plugin
https://www.webarxsecurity.com/amp-plugin-vulnerability/
Win 8.1 [x64] - Avast Premier 19.4.2370.B#1 - CC 5.55 - MCS - EEK - FF ESR 60.6.1 [NS/AOS/uBO] - TB 60.5.3 [EM] - ACP/ASB/ASL.BC
Deutschsprachiger Bereich -> Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline Pondus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 35472
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5776 on: November 19, 2018, 04:04:33 PM »
Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 58113
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5777 on: November 21, 2018, 11:20:23 AM »
Security updates available for Flash Player | APSB18-44
https://helpx.adobe.com/security/products/flash-player/apsb18-44.html
Win 8.1 [x64] - Avast Premier 19.4.2370.B#1 - CC 5.55 - MCS - EEK - FF ESR 60.6.1 [NS/AOS/uBO] - TB 60.5.3 [EM] - ACP/ASB/ASL.BC
Deutschsprachiger Bereich -> Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 31188
  • malware fighter
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5778 on: November 30, 2018, 01:14:05 PM »
Tackle the ever/existing threat of the gaping UPnP-hole - disable that service!  ::)
1,7 million devices are at risk: https://blogs.akamai.com/sitr/2018/11/upnproxy-eternalsilence.html

Test: https://www.snbforums.com/threads/new-upnp-exploit-affecting-most-asus-routers-upnproxy-blackhat-proxies-via-nat-injections.46011/page-2#post-400981

Server header for a normal response could be "Microsoft-IIS/8.5",
while the header for a response during an attack would be "Microsoft-HTTPAPI/2.0.",
then pay attention whether (SSDP/UPnP) is present,

The ironical thing however is, that with newer versions of the UPnP protocol, we find minimal core security protection.
UPnP-attacks can be used to cause chaos, to create holes in firewalls, and other abuse.

UPnP deadly simple or simply deadly to leave it open on your machines, so disable it where you can.

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 58113
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5779 on: December 01, 2018, 05:48:49 AM »
Marriott Announces Starwood Guest Reservation Database Security Incident
http://news.marriott.com/2018/11/marriott-announces-starwood-guest-reservation-database-security-incident/
Win 8.1 [x64] - Avast Premier 19.4.2370.B#1 - CC 5.55 - MCS - EEK - FF ESR 60.6.1 [NS/AOS/uBO] - TB 60.5.3 [EM] - ACP/ASB/ASL.BC
Deutschsprachiger Bereich -> Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 58113
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5780 on: December 06, 2018, 05:45:57 AM »
Security updates available for Flash Player | APSB18-42
https://helpx.adobe.com/security/products/flash-player/apsb18-42.html
Win 8.1 [x64] - Avast Premier 19.4.2370.B#1 - CC 5.55 - MCS - EEK - FF ESR 60.6.1 [NS/AOS/uBO] - TB 60.5.3 [EM] - ACP/ASB/ASL.BC
Deutschsprachiger Bereich -> Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 58113
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5781 on: December 19, 2018, 11:48:30 AM »
Win 8.1 [x64] - Avast Premier 19.4.2370.B#1 - CC 5.55 - MCS - EEK - FF ESR 60.6.1 [NS/AOS/uBO] - TB 60.5.3 [EM] - ACP/ASB/ASL.BC
Deutschsprachiger Bereich -> Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 58113
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5782 on: December 21, 2018, 04:59:31 AM »
Win 8.1 [x64] - Avast Premier 19.4.2370.B#1 - CC 5.55 - MCS - EEK - FF ESR 60.6.1 [NS/AOS/uBO] - TB 60.5.3 [EM] - ACP/ASB/ASL.BC
Deutschsprachiger Bereich -> Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 58113
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5783 on: January 04, 2019, 01:01:48 PM »
Security Bulletin for Adobe Acrobat and Reader | APSB19-02
https://helpx.adobe.com/security/products/acrobat/apsb19-02.html
Win 8.1 [x64] - Avast Premier 19.4.2370.B#1 - CC 5.55 - MCS - EEK - FF ESR 60.6.1 [NS/AOS/uBO] - TB 60.5.3 [EM] - ACP/ASB/ASL.BC
Deutschsprachiger Bereich -> Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 31188
  • malware fighter
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5784 on: January 04, 2019, 04:22:07 PM »
Latest technology is not always rock-solidly safe and secure:
involving massive security breaches or thefts involving blockchains.
Read: https://magoo.github.io/Blockchain-Graveyard/

Security through obscurity demanding it's toll:
Massive security breaches or thefts involving blockchains. (info credits go to FTREPORTER).

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline =Snake=

  • ..... minden elfelejtettem.
  • Massive Poster
  • ****
  • Posts: 2587
  • There's a kind of hope for me!
Re: Security Warning Notices - Please post them here
« Reply #5785 on: January 05, 2019, 03:45:35 AM »
A lot of malware lurks in google searches, some even have the brass neck to pay for search placement on specific search words/terms or have sponsored links. Google really need to be more proactive in rooting out the possibly malicious/fraudulent sponsored links or search placement.
That's the reason (for me) for not using google search.
Main: AMD LE1620, W7ult SP1 || MS-7091, P4, XP pro SP3 | AMD_Athlon 1800+ (W7ult SP1+XP pro SP3, FFesr 45.9, TB 45.8,
CC 5.11) |
Laptops: Acer Aspire V5-591G, W10 H[x64] | HPI_2020M, W8.1 pro[x64] | Amilo Xi2428, W8.1 pro | MD95400, W7ult SP1 | MD97400, XP pro SP3 |
| FFesr 60.6.1[NS,ABP,MBBE], TB 60.5.3, MCS, CC 5.55, MBAM, FW (W7+XP): CIS 3.14[FW,D+], AV (W8.1, W7+XP): Avast Free 2015.10.4.2233 |

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40127
  • 59 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: Security Warning Notices - Please post them here
« Reply #5786 on: January 05, 2019, 03:51:02 AM »
A lot of malware lurks in google searches, some even have the brass neck to pay for search placement on specific search words/terms or have sponsored links. Google really need to be more proactive in rooting out the possibly malicious/fraudulent sponsored links or search placement.
That's the reason (for me) for not using google search.
That's one of the reason you should be using the Avast Online Security extension. :)
Free avast! Security Seminar: https://goo.gl/kh3cqR  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 10 Pro v1809 64bit, 8 Gig Ram, AvastFree 19.2.2364, WinPatrol, Unchecky How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 31188
  • malware fighter
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5787 on: January 05, 2019, 03:22:50 PM »
Bob3160 is a 100% right. Do use the pro-active blocking via Avast Secure Browsing,
to stop for instance abuse campaigns like from so-called freetrade scam platforms.

Also stops abuse scripts from here: -https://3v4l.org/ an online PHP editor,
that can also be used for nefarious purposes.
This for instance was blocked for me -https://3v4l.org/2CBnj.
The abusive script was blocked to run in it's tracks from the word go.

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 31188
  • malware fighter
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5788 on: January 08, 2019, 03:10:21 PM »
Whenever you own or make use of a Magento 1 or 2 CMS driven webshop,
it is a good thing to check the retirability of your javascript libraries here:
https://retire.insecurity.today/ and your CMS vulnerabilities here: https://www.magereport.com/

Very advanced javascript XSS injection code, obfuscated and sometimes not longer than 75 or even 22 sophisticated lines long,
is being abused for credit card stealing and other data skimming purposes by members of the  cybercriminal Magecart
or Group 11 cyber-criminals.

If you do not pay attention they may rob your creditcard clean of all the money.
Re: https://gwillem.gitlab.io/2018/10/23/magecart-extension-0days/

Group 11 or Magecart malcreant developers loves to malcreate on the basis of hook.js & bootstrap.js for instance,

Re: https://www.hybrid-analysis.com/sample/c19270ebf25dd7442462159dd371a6830815d3202cdc896690885c2e46509d86?environmentId=100

This helped by the fact there are so many PHISHING sites around for their evil-doing and also server weaknesses like BEef, etc.

Background read: https://www.riskiq.com/blog/labs/magecart-vision-direct/

polonus (volunteer 3rd party website security analyst and website error-hunter)


Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Be Secure

  • Long Time Avast User(9years.....) Security Enthusiast.
  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1759
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5789 on: January 10, 2019, 11:38:38 AM »
PC- Windows10 PRO 64Bit,Avast Free V.19.2.2364,uBlock Origin,GoogleChrome(64bit),CCleaner,Unchecky,ZAM Free,Shadow Defender.
Security Enthusiast