Author Topic: SECURITY WARNINGS & Notices - Please post them here  (Read 1969956 times)

0 Members and 2 Guests are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32620
  • malware fighter
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5910 on: May 14, 2019, 09:29:18 AM »
All 3rd parties involved and why a transaction was not realized: https://www.mupload.nl/img/fqxx4rszg0.jpg
Is src=//assets.pcrl.co/js/jstracker.min.js to denote the webshop javascript could be compromised?
See: -https://github.com/LinusHenze/WebKit-RegEx-Exploit

PHP based CMS with manipulated JavaScript is lively dangerous,

Example: https://www.virustotal.com/#/file/48eb8b500ae6a38617b5738d2b3faec481922a7782246e31d2755c034a45cd5d/community
re: https://aw-snap.info/file-viewer/?protocol=secure&ref_sel=GSP2&ua_sel=ff&chk-cache=&fs=1&tgt=XiNuLmd7fH1wfHR9XWwuXl1t~enc

polonus
« Last Edit: May 14, 2019, 03:13:29 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Be Secure

  • Long Time Avast User(9years.....) Security Enthusiast.
  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1907
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5911 on: May 16, 2019, 05:46:24 AM »
PC- Windows10 EDU 64Bit,avast! free 20.4.2410,uBlock Origin,NVT_OSA,GoogleChrome(64bit),CCleaner,Unchecky,ZAM Free,Shadow Defender.
Security Enthusiast

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32620
  • malware fighter
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5912 on: May 18, 2019, 10:24:38 PM »
The latest cybercriminal trend next to ransomeware is third party (obfuscated) javascript injection by malcreants to get to victim data,
so-called form jacking:

Read: https://news.netcraft.com/archives/2019/05/14/french-jewellery-chain-cleor-falls-victim-to-skimming-attack.html

The attackers operate from a type-squatted domain and extract user data from signing out pay pages,
which are being send to a server under their control. 
SRI & CSP and other security header installs can greatly protect against such attacks.

One should also scan and validate: https://github.com/gwillem/magento-malware-scanner
But other scanning should also be brought in next to regular expression rule scanning like
snippet
Code: [Select]
rule obfuscated eval {
strmp: $ = /\\x65\5*\\x76\s* \\x61\5*\S* \\x6c/condition any of them (see https://pastebin.com/aUuN7v7S)
end snippet
source willemg 88 lines in all.

See what a good php scanner script should be up against: https://pastebin.com/aUuN7v7S
and what you need beside this to deobfuscate, e.g. :
http://ddecode.com/hexdecoder/?results=82d5a427fa502e3a5652e15a9602da48

So protection can be had, when security is not a last resort thing and a sort of low level robot.txt like  :o

polonus (volunteer 3rd party cold reconnaissance website analyst and website error hunter)
« Last Edit: May 18, 2019, 10:38:14 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32620
  • malware fighter
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5913 on: May 19, 2019, 09:36:12 PM »
L.S.

And why CSP has not been correctly installed all over the cloud at Cloudflare's,
now that form-jacking gains more and more momentum?

Re: https://observatory.mozilla.org/analyze/cdnjs.cloudflare.com

A minimal D-status is a shame really.
Content Security Policy (CSP) implemented unsafely.

This includes 'unsafe-inline' or data: inside script-src, overly broad sources such as
"https: inside object-src or script-src, or not restricting the sources for object-src or script-src".

And here Cloudflare cannot do better as comin' up with a meagre C grade,
See: https://tls.imirhil.fr/https/cdnjs.cloudflare.com

They won't go that extrt security mile for their end-users, just implementing,
what they can get away with I presume?

This will mean, that we won't see that last webshop being hacked by form-hacking attackers there soon,
that's for sure. A shame really, isn't it?

polonus (volunteer 3rd party cold reconnaissance website security analyst ans error-hunter)

Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32620
  • malware fighter
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5914 on: May 19, 2019, 09:49:46 PM »
Needed now Lets Encrypt transparency log?
-> read https://www.theregister.co.uk/2019/05/15/lets_encrypt_ct_log/

Will it make a big difference with malcreants?

pol
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline schmidthouse

  • VIRUS FREE A Long Time
  • Avast Evangelist
  • Starting Graphoman
  • ***
  • Posts: 6461
  • When you think you know, Think Again
***HP ENVY 15K LT W10 Pro 2004 64Bit/750GB HD/16GB Ram/Avast Premium 20.7.2421b/Secureline v.5.6.4982/ADU v.20.1b/VS 5.77/ASB v.84b/SANDBOXIE/Prey Project
**HP Compaq 8510p LT W10 Pro 2004 64Bit/1TB HD/8GB Ram/Avast Premium 20.7.2421b/ADU v.20.1b/ASB v.84b/SANDBOXIE/Prey Project/HotSpot Shield vpn
     
*Dell Inspiron XPsp4 PRO 32Bit/Avast(since 2002)18.8.2356/WP/Comodo FW 3.14/Secureline/Comodo IceDragon v.40
LAYERED SECURITY SOFTWARE PROTECTION

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 66085
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Win 8.1 [x64] - Avast PremSec 20.7.2421.B#1 [UI.544] - CC 5.70 - EEK - FF ESR 68.11 [NS/AOS/uBO/PB] - TB 68.11 - SB/CP/SL/DU.BC
Deutschsprachiger Bereich -> Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline Be Secure

  • Long Time Avast User(9years.....) Security Enthusiast.
  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1907
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5917 on: May 26, 2019, 04:17:36 AM »
PC- Windows10 EDU 64Bit,avast! free 20.4.2410,uBlock Origin,NVT_OSA,GoogleChrome(64bit),CCleaner,Unchecky,ZAM Free,Shadow Defender.
Security Enthusiast

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 66085
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Win 8.1 [x64] - Avast PremSec 20.7.2421.B#1 [UI.544] - CC 5.70 - EEK - FF ESR 68.11 [NS/AOS/uBO/PB] - TB 68.11 - SB/CP/SL/DU.BC
Deutschsprachiger Bereich -> Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 66085
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5919 on: May 30, 2019, 08:31:16 AM »
Win 8.1 [x64] - Avast PremSec 20.7.2421.B#1 [UI.544] - CC 5.70 - EEK - FF ESR 68.11 [NS/AOS/uBO/PB] - TB 68.11 - SB/CP/SL/DU.BC
Deutschsprachiger Bereich -> Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Online bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 43900
  • 60 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5920 on: May 30, 2019, 02:32:13 PM »
YouTube Cryptocurrency Videos Pushing Info-Stealing Trojan
https://www.bleepingcomputer.com/news/security/youtube-cryptocurrency-videos-pushing-info-stealing-trojan/
This scam is the same as most and promises something for nothing. (Bitcoins)
It usually works on those that are greedy and doesn't work on us rational and cautious types. :)
Free avast! Security Seminar: http://bit.ly/2N1eaR2  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 10 Pro v1909 64bit, 24 Gig Ram, 1TB SSD, AvastOmni 20.3.xxx, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq


Offline Be Secure

  • Long Time Avast User(9years.....) Security Enthusiast.
  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1907
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5922 on: June 01, 2019, 05:36:22 AM »
PC- Windows10 EDU 64Bit,avast! free 20.4.2410,uBlock Origin,NVT_OSA,GoogleChrome(64bit),CCleaner,Unchecky,ZAM Free,Shadow Defender.
Security Enthusiast

Offline Be Secure

  • Long Time Avast User(9years.....) Security Enthusiast.
  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1907
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5923 on: June 02, 2019, 03:40:21 AM »
PC- Windows10 EDU 64Bit,avast! free 20.4.2410,uBlock Origin,NVT_OSA,GoogleChrome(64bit),CCleaner,Unchecky,ZAM Free,Shadow Defender.
Security Enthusiast

Offline Be Secure

  • Long Time Avast User(9years.....) Security Enthusiast.
  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1907
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5924 on: June 04, 2019, 04:34:07 AM »
PC- Windows10 EDU 64Bit,avast! free 20.4.2410,uBlock Origin,NVT_OSA,GoogleChrome(64bit),CCleaner,Unchecky,ZAM Free,Shadow Defender.
Security Enthusiast