Author Topic: SECURITY WARNINGS & Notices - Please post them here  (Read 1742247 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 31626
  • malware fighter
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5910 on: May 14, 2019, 09:29:18 AM »
All 3rd parties involved and why a transaction was not realized: https://www.mupload.nl/img/fqxx4rszg0.jpg
Is src=//assets.pcrl.co/js/jstracker.min.js to denote the webshop javascript could be compromised?
See: -https://github.com/LinusHenze/WebKit-RegEx-Exploit

PHP based CMS with manipulated JavaScript is lively dangerous,

Example: https://www.virustotal.com/#/file/48eb8b500ae6a38617b5738d2b3faec481922a7782246e31d2755c034a45cd5d/community
re: https://aw-snap.info/file-viewer/?protocol=secure&ref_sel=GSP2&ua_sel=ff&chk-cache=&fs=1&tgt=XiNuLmd7fH1wfHR9XWwuXl1t~enc

polonus
« Last Edit: May 14, 2019, 03:13:29 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Be Secure

  • Long Time Avast User(9years.....) Security Enthusiast.
  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1874
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5911 on: May 16, 2019, 05:46:24 AM »
PC- Windows10 EDU 64Bit,Avast Free V.19.6.2383,uBlock Origin,NVT_OSA,GoogleChrome(64bit),CCleaner,Unchecky,ZAM Free,Shadow Defender.
Security Enthusiast

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 31626
  • malware fighter
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5912 on: May 18, 2019, 10:24:38 PM »
The latest cybercriminal trend next to ransomeware is third party (obfuscated) javascript injection by malcreants to get to victim data,
so-called form jacking:

Read: https://news.netcraft.com/archives/2019/05/14/french-jewellery-chain-cleor-falls-victim-to-skimming-attack.html

The attackers operate from a type-squatted domain and extract user data from signing out pay pages,
which are being send to a server under their control. 
SRI & CSP and other security header installs can greatly protect against such attacks.

One should also scan and validate: https://github.com/gwillem/magento-malware-scanner
But other scanning should also be brought in next to regular expression rule scanning like
snippet
Code: [Select]
rule obfuscated eval {
strmp: $ = /\\x65\5*\\x76\s* \\x61\5*\S* \\x6c/condition any of them (see https://pastebin.com/aUuN7v7S)
end snippet
source willemg 88 lines in all.

See what a good php scanner script should be up against: https://pastebin.com/aUuN7v7S
and what you need beside this to deobfuscate, e.g. :
http://ddecode.com/hexdecoder/?results=82d5a427fa502e3a5652e15a9602da48

So protection can be had, when security is not a last resort thing and a sort of low level robot.txt like  :o

polonus (volunteer 3rd party cold reconnaissance website analyst and website error hunter)
« Last Edit: May 18, 2019, 10:38:14 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 31626
  • malware fighter
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5913 on: May 19, 2019, 09:36:12 PM »
L.S.

And why CSP has not been correctly installed all over the cloud at Cloudflare's,
now that form-jacking gains more and more momentum?

Re: https://observatory.mozilla.org/analyze/cdnjs.cloudflare.com

A minimal D-status is a shame really.
Content Security Policy (CSP) implemented unsafely.

This includes 'unsafe-inline' or data: inside script-src, overly broad sources such as
"https: inside object-src or script-src, or not restricting the sources for object-src or script-src".

And here Cloudflare cannot do better as comin' up with a meagre C grade,
See: https://tls.imirhil.fr/https/cdnjs.cloudflare.com

They won't go that extrt security mile for their end-users, just implementing,
what they can get away with I presume?

This will mean, that we won't see that last webshop being hacked by form-hacking attackers there soon,
that's for sure. A shame really, isn't it?

polonus (volunteer 3rd party cold reconnaissance website security analyst ans error-hunter)

Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 31626
  • malware fighter
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5914 on: May 19, 2019, 09:49:46 PM »
Needed now Lets Encrypt transparency log?
-> read https://www.theregister.co.uk/2019/05/15/lets_encrypt_ct_log/

Will it make a big difference with malcreants?

pol
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline schmidthouse

  • VIRUS FREE A Long Time
  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 5988
  • When you think you know, Think Again
***HP ENVY 15K LT W10 Pro 1903 64Bit/750GB HD/16GB Ram/Avast Premier 19.7.2388 /VS 5.01(WC)/ASB/Mbam/Secureline b. 5.4/SANDBOXIE/Prey Project
**HP Compaq 8510p LT W10 Pro 1903 64Bit/1TB HD/8GB Ram/Avast Premier BETA 19.7.2388 /VS 5.01(WC)/ASB beta/Secureline b 5.4/SANDBOXIE/Prey Project 
     
*Dell Inspiron XPsp4 PRO 32Bit/Avast(since 2000)18.8.2356/OSA/WP/Comodo FW 3.14/Secureline/Comodo IceDragon v.40
<LAYERED SECURITY SOFTWARE PROTECTION ALL OS's>

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 60304
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Windows 8.1 [x64] - Avast PremSec 19.7.2388.BC - CC 5.60 - EEK - Firefox ESR 60.8 [NS/AOS/uBO] - TB 60.8 [EM] - ACP/ASB/ASL.BC
Deutschsprachiger Bereich -> Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline Be Secure

  • Long Time Avast User(9years.....) Security Enthusiast.
  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1874
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5917 on: May 26, 2019, 04:17:36 AM »
PC- Windows10 EDU 64Bit,Avast Free V.19.6.2383,uBlock Origin,NVT_OSA,GoogleChrome(64bit),CCleaner,Unchecky,ZAM Free,Shadow Defender.
Security Enthusiast

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 60304
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Windows 8.1 [x64] - Avast PremSec 19.7.2388.BC - CC 5.60 - EEK - Firefox ESR 60.8 [NS/AOS/uBO] - TB 60.8 [EM] - ACP/ASB/ASL.BC
Deutschsprachiger Bereich -> Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 60304
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5919 on: May 30, 2019, 08:31:16 AM »
Windows 8.1 [x64] - Avast PremSec 19.7.2388.BC - CC 5.60 - EEK - Firefox ESR 60.8 [NS/AOS/uBO] - TB 60.8 [EM] - ACP/ASB/ASL.BC
Deutschsprachiger Bereich -> Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Online bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 41242
  • 59 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5920 on: May 30, 2019, 02:32:13 PM »
YouTube Cryptocurrency Videos Pushing Info-Stealing Trojan
https://www.bleepingcomputer.com/news/security/youtube-cryptocurrency-videos-pushing-info-stealing-trojan/
This scam is the same as most and promises something for nothing. (Bitcoins)
It usually works on those that are greedy and doesn't work on us rational and cautious types. :)
Free avast! Security Seminar: https://goo.gl/kh3cqR  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 10 Pro v1903 64bit, 8 Gig Ram, AvastFree 19.6.xxxx, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq

Offline Pondus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 35951
« Last Edit: May 31, 2019, 06:07:53 PM by Pondus »
Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline Be Secure

  • Long Time Avast User(9years.....) Security Enthusiast.
  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1874
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5922 on: June 01, 2019, 05:36:22 AM »
PC- Windows10 EDU 64Bit,Avast Free V.19.6.2383,uBlock Origin,NVT_OSA,GoogleChrome(64bit),CCleaner,Unchecky,ZAM Free,Shadow Defender.
Security Enthusiast

Offline Be Secure

  • Long Time Avast User(9years.....) Security Enthusiast.
  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1874
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5923 on: June 02, 2019, 03:40:21 AM »
PC- Windows10 EDU 64Bit,Avast Free V.19.6.2383,uBlock Origin,NVT_OSA,GoogleChrome(64bit),CCleaner,Unchecky,ZAM Free,Shadow Defender.
Security Enthusiast

Offline Be Secure

  • Long Time Avast User(9years.....) Security Enthusiast.
  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1874
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5924 on: June 04, 2019, 04:34:07 AM »
PC- Windows10 EDU 64Bit,Avast Free V.19.6.2383,uBlock Origin,NVT_OSA,GoogleChrome(64bit),CCleaner,Unchecky,ZAM Free,Shadow Defender.
Security Enthusiast