Author Topic: SECURITY WARNINGS & Notices - Please post them here  (Read 1828029 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 31938
  • malware fighter
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5910 on: May 14, 2019, 09:29:18 AM »
All 3rd parties involved and why a transaction was not realized: https://www.mupload.nl/img/fqxx4rszg0.jpg
Is src=//assets.pcrl.co/js/jstracker.min.js to denote the webshop javascript could be compromised?
See: -https://github.com/LinusHenze/WebKit-RegEx-Exploit

PHP based CMS with manipulated JavaScript is lively dangerous,

Example: https://www.virustotal.com/#/file/48eb8b500ae6a38617b5738d2b3faec481922a7782246e31d2755c034a45cd5d/community
re: https://aw-snap.info/file-viewer/?protocol=secure&ref_sel=GSP2&ua_sel=ff&chk-cache=&fs=1&tgt=XiNuLmd7fH1wfHR9XWwuXl1t~enc

polonus
« Last Edit: May 14, 2019, 03:13:29 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Be Secure

  • Long Time Avast User(9years.....) Security Enthusiast.
  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1893
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5911 on: May 16, 2019, 05:46:24 AM »
PC- Windows10 EDU 64Bit,Avast Free V.19.8.2393,uBlock Origin,NVT_OSA,GoogleChrome(64bit),CCleaner,Unchecky,ZAM Free,Shadow Defender.
Security Enthusiast

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 31938
  • malware fighter
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5912 on: May 18, 2019, 10:24:38 PM »
The latest cybercriminal trend next to ransomeware is third party (obfuscated) javascript injection by malcreants to get to victim data,
so-called form jacking:

Read: https://news.netcraft.com/archives/2019/05/14/french-jewellery-chain-cleor-falls-victim-to-skimming-attack.html

The attackers operate from a type-squatted domain and extract user data from signing out pay pages,
which are being send to a server under their control. 
SRI & CSP and other security header installs can greatly protect against such attacks.

One should also scan and validate: https://github.com/gwillem/magento-malware-scanner
But other scanning should also be brought in next to regular expression rule scanning like
snippet
Code: [Select]
rule obfuscated eval {
strmp: $ = /\\x65\5*\\x76\s* \\x61\5*\S* \\x6c/condition any of them (see https://pastebin.com/aUuN7v7S)
end snippet
source willemg 88 lines in all.

See what a good php scanner script should be up against: https://pastebin.com/aUuN7v7S
and what you need beside this to deobfuscate, e.g. :
http://ddecode.com/hexdecoder/?results=82d5a427fa502e3a5652e15a9602da48

So protection can be had, when security is not a last resort thing and a sort of low level robot.txt like  :o

polonus (volunteer 3rd party cold reconnaissance website analyst and website error hunter)
« Last Edit: May 18, 2019, 10:38:14 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 31938
  • malware fighter
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5913 on: May 19, 2019, 09:36:12 PM »
L.S.

And why CSP has not been correctly installed all over the cloud at Cloudflare's,
now that form-jacking gains more and more momentum?

Re: https://observatory.mozilla.org/analyze/cdnjs.cloudflare.com

A minimal D-status is a shame really.
Content Security Policy (CSP) implemented unsafely.

This includes 'unsafe-inline' or data: inside script-src, overly broad sources such as
"https: inside object-src or script-src, or not restricting the sources for object-src or script-src".

And here Cloudflare cannot do better as comin' up with a meagre C grade,
See: https://tls.imirhil.fr/https/cdnjs.cloudflare.com

They won't go that extrt security mile for their end-users, just implementing,
what they can get away with I presume?

This will mean, that we won't see that last webshop being hacked by form-hacking attackers there soon,
that's for sure. A shame really, isn't it?

polonus (volunteer 3rd party cold reconnaissance website security analyst ans error-hunter)

Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 31938
  • malware fighter
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5914 on: May 19, 2019, 09:49:46 PM »
Needed now Lets Encrypt transparency log?
-> read https://www.theregister.co.uk/2019/05/15/lets_encrypt_ct_log/

Will it make a big difference with malcreants?

pol
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline schmidthouse

  • VIRUS FREE A Long Time
  • Avast Evangelist
  • Starting Graphoman
  • ***
  • Posts: 6196
  • When you think you know, Think Again
***HP ENVY 15K LT W10 Pro 1903 64Bit/750GB HD/16GB Ram/Avast Premier 19.8.2393 /VS 5.02(WC)/ASB/Mbam 4/Secureline b. 5.5/SANDBOXIE/Prey Project
**HP Compaq 8510p LT W10 Pro 1903 64Bit/1TB HD/8GB Ram/Avast Premier BETA 19.9.2394 /VS 5.02(WC)/ASB beta/Secureline b 5.5/SANDBOXIE/Prey Project 
     
*Dell Inspiron XPsp4 PRO 32Bit/Avast(since 2002)18.8.2356/OSA/WP/Comodo FW 3.14/Secureline/Comodo IceDragon v.40
<LAYERED SECURITY SOFTWARE PROTECTION ALL>

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 61804
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Win 8.1 [x64] - Avast PremSec 19.9.2394.B#1 - CC 5.63 - EEK - Firefox ESR 68.3 [NS/AOS/uBO] - Thunderbird 68.3 [EM] - ACP/ASL.BC
Deutschsprachiger Bereich -> Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline Be Secure

  • Long Time Avast User(9years.....) Security Enthusiast.
  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1893
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5917 on: May 26, 2019, 04:17:36 AM »
PC- Windows10 EDU 64Bit,Avast Free V.19.8.2393,uBlock Origin,NVT_OSA,GoogleChrome(64bit),CCleaner,Unchecky,ZAM Free,Shadow Defender.
Security Enthusiast

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 61804
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Win 8.1 [x64] - Avast PremSec 19.9.2394.B#1 - CC 5.63 - EEK - Firefox ESR 68.3 [NS/AOS/uBO] - Thunderbird 68.3 [EM] - ACP/ASL.BC
Deutschsprachiger Bereich -> Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 61804
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5919 on: May 30, 2019, 08:31:16 AM »
Win 8.1 [x64] - Avast PremSec 19.9.2394.B#1 - CC 5.63 - EEK - Firefox ESR 68.3 [NS/AOS/uBO] - Thunderbird 68.3 [EM] - ACP/ASL.BC
Deutschsprachiger Bereich -> Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 41959
  • 59 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5920 on: May 30, 2019, 02:32:13 PM »
YouTube Cryptocurrency Videos Pushing Info-Stealing Trojan
https://www.bleepingcomputer.com/news/security/youtube-cryptocurrency-videos-pushing-info-stealing-trojan/
This scam is the same as most and promises something for nothing. (Bitcoins)
It usually works on those that are greedy and doesn't work on us rational and cautious types. :)
Free avast! Security Seminar: https://goo.gl/kh3cqR  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 10 Pro v1903 64bit, 8 Gig Ram, AvastFree 19.6.xxxx, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq

Offline Pondus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 36294
« Last Edit: May 31, 2019, 06:07:53 PM by Pondus »
“Ah beer. The cause of and the solution to all of life’s problems.”

"Operator! Give me the number for 911!"

Offline Be Secure

  • Long Time Avast User(9years.....) Security Enthusiast.
  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1893
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5922 on: June 01, 2019, 05:36:22 AM »
PC- Windows10 EDU 64Bit,Avast Free V.19.8.2393,uBlock Origin,NVT_OSA,GoogleChrome(64bit),CCleaner,Unchecky,ZAM Free,Shadow Defender.
Security Enthusiast

Offline Be Secure

  • Long Time Avast User(9years.....) Security Enthusiast.
  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1893
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5923 on: June 02, 2019, 03:40:21 AM »
PC- Windows10 EDU 64Bit,Avast Free V.19.8.2393,uBlock Origin,NVT_OSA,GoogleChrome(64bit),CCleaner,Unchecky,ZAM Free,Shadow Defender.
Security Enthusiast

Offline Be Secure

  • Long Time Avast User(9years.....) Security Enthusiast.
  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1893
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5924 on: June 04, 2019, 04:34:07 AM »
PC- Windows10 EDU 64Bit,Avast Free V.19.8.2393,uBlock Origin,NVT_OSA,GoogleChrome(64bit),CCleaner,Unchecky,ZAM Free,Shadow Defender.
Security Enthusiast