Author Topic: SECURITY WARNINGS & Notices - Please post them here  (Read 2851984 times)

0 Members and 10 Guests are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33885
  • malware fighter
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #6075 on: March 10, 2020, 02:21:51 PM »
Many an adblock- and vpn-app is a hidden data grabbing tool:
Read: https://www.buzzfeednews.com/article/craigsilverman/vpn-and-ad-blocking-apps-sensor-tower

Mentioned here are Free and Unlimited VPN, Luna VPN, Mobile Data, & Adblock Focus found in the Google Play Store.

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76037
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #6076 on: March 11, 2020, 01:40:15 PM »
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33885
  • malware fighter
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #6077 on: March 14, 2020, 04:28:12 PM »
Just to stress the importance of JavaScript security in the Tor browser:
https://www.zdnet.com/article/tor-team-warns-of-tor-browser-bug-that-runs-javascript-on-sites-it-shouldnt/

Mind tor settings: about:config: extensions.torbutton.noscript_inited = true

Good to be aware of the implications of JavaScript insecurity.

JavaScript can be used to unmask the users of a particular browser and their real IP address they send over the wire,
JavaScript flaws has been used against Tor users in the past as a firefox zero-day.

FBI also used it to be able to unmask Tor browser users in the past in the Freedom Hosting hijack...
http://www.independent.ie/irish-news/courts/child-porn-accused-trying-to-move-to-russia-fbi-29574802.html

polonus

Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76037
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #6078 on: March 17, 2020, 06:33:14 AM »
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline poundeinigo

  • Newbie
  • *
  • Posts: 1
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #6079 on: March 17, 2020, 12:18:32 PM »
Used to be a big fan of Avast and saw this today. Should not be surprised. But a warning to anyone using Avast or AVG.

https://www.pcworld.com/article/3516502/report-avast-and-avg-collect-and-sell-your-personal-info-via-their-free-antivirus-programs.html

where to read the official position?

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76037
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33885
  • malware fighter
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #6081 on: March 17, 2020, 12:36:50 PM »
Malicious corona-virus-tracker app locks your phone.
Re: https://twitter.com/LukasStefanko/status/1239826056103825408
Re: https://www.domaintools.com/resources/blog/covidlock-update-coronavirus-ransomware

The universal key to unlock = "4865083501".

Malcreants with too much time on their hands, because of corona-virus-measures, use this to think of ways to abuse.
The one uses his free time to protect and aid others, the others to abuse and ruin for money.

Stay vigilant and do not fall for the PHISH, scam and spam.
Look before you leap, uh I mean install an app.

polonus

Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76037
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #6082 on: March 24, 2020, 09:32:52 AM »
ADV200006 | Type 1 Font Parsing Remote Code Execution Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/adv200006
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33885
  • malware fighter
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #6083 on: March 25, 2020, 10:08:08 PM »
Magento-webshops kept failed log-on data in plain txt.
Better and more secure ways already exist:  https://en.wikipedia.org/wiki/Digest_access_authentication
 
Read: https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update

Apply the hotfix: https://magento.com/security/hot-fix-available-cve-2019-8118

Scan at: https://www.magereport.com/

A better way however is to make use of digital signatures (SSH authenticatiion,
TLS client certificates, WebAuthn) because a server only keeps public data as information.

polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76037
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #6084 on: March 27, 2020, 08:45:14 AM »
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76037
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 48512
  • 64 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #6086 on: March 31, 2020, 02:36:54 PM »
Free Security Seminar: https://bit.ly/bobg2023  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v22H2 64bit, 16 Gig Ram, 1TB SSD, Avast Free 23.5.6066, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://bit.ly/BobGInternet

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76037
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #6087 on: April 01, 2020, 08:34:25 AM »
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33885
  • malware fighter
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #6088 on: April 01, 2020, 05:48:25 PM »
Ongoing scans for port 5555 by all kind of systems?

Two views on this and such scans:
 https://www.experts-exchange.com/questions/22726184/Port-5555-is-open.html

Scanning is for an Android Device Debug Poort:
https://www.bleepingcomputer.com/news/security/tens-of-thousands-of-android-devices-are-exposing-their-debug-port/
Consider: https://www.shodan.io/search?query=Android+Debug+Bridge+port%3A5555&language=en

With all these thousands of Google Propriety Android devices and IoT-crap around, not astounding, also on 8.8.8.8.

-> https://www.shodan.io/host/8.8.8.8/raw
Cybercriminals wanna contact open ADB ports to be able to get "root".
Wahy - to silently install a Miner worm and the likes.

How to disable this port 5555 ADD service:
http://www.hacktabs.com/enable-disable-adb-wifi-rooted-non-rooted-android/

Stay vigilant users, (info credits go to luntrus)

polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)
« Last Edit: April 01, 2020, 05:50:47 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33885
  • malware fighter
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #6089 on: April 02, 2020, 02:13:53 PM »
Here we can see what the issue is: https://viz.greynoise.io/query/?gnql=port%3A5555
Stop this firewalling see:
https://www.openbsd.org/faq/pf/filter.html#defdeny &
http://linux-training.be/networking/ch14.html#idp69772096 (or for your language).

So conclusion as for now some malicious e.g. Mirai & Telnet Scanning

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!