Author Topic: SECURITY WARNINGS & Notices - Please post them here  (Read 1986778 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32691
  • malware fighter
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #6135 on: May 21, 2020, 05:31:33 PM »
FBI warns Magento-webshop for attacks via MAGMI Data Import Tool.
Considering: https://nvd.nist.gov/vuln/detail/CVE-2017-7391

What can be done to use Magmi Data Import Tool in a more secure way:
https://magentary.com/kb/securing-magmi-data-import-tool/

Before venturing out to a webshop or as a webshop site owner or admin just scan here for insecurity:
https://www.magereport.com

Still one-box-solution-vendors standing in the shadow luring to use their product, read:
https://firebearstudio.com/blog/magento-2-magmi-integration.html
They also support integration of outphased insecure magento-1.  :o
On that address@ firebearstudio dot com website they also use vulnerable PHP, headers - 7.2.18.
Not a real recommendation i.m.h.o.

polonus

Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 66825
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #6136 on: May 22, 2020, 10:20:21 AM »
Win 8.1 [x64] - Avast PremSec 20.8.2428.B#3 [UI.562] - CC 5.72 - EEK - FF ESR 78.3 [NS/AOS/uBO/PB] - TB 68.12 - SB/CP/SL/DU.BC
Deutschsprachiger Bereich -> Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 66825
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #6137 on: May 23, 2020, 11:01:22 AM »
Win 8.1 [x64] - Avast PremSec 20.8.2428.B#3 [UI.562] - CC 5.72 - EEK - FF ESR 78.3 [NS/AOS/uBO/PB] - TB 68.12 - SB/CP/SL/DU.BC
Deutschsprachiger Bereich -> Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 66825
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #6138 on: May 23, 2020, 01:03:12 PM »
Win 8.1 [x64] - Avast PremSec 20.8.2428.B#3 [UI.562] - CC 5.72 - EEK - FF ESR 78.3 [NS/AOS/uBO/PB] - TB 68.12 - SB/CP/SL/DU.BC
Deutschsprachiger Bereich -> Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 44120
  • 60 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #6139 on: May 23, 2020, 02:23:02 PM »
@Asyn,
I'm beginning to fee like I should be going to Bleeping Computers?
Free avast! Security Seminar: http://bit.ly/2N1eaR2  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 10 Pro v1909 64bit, 24 Gig Ram, 1TB SSD, AvastOmni 20.7.xxx, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 44120
  • 60 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Free avast! Security Seminar: http://bit.ly/2N1eaR2  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 10 Pro v1909 64bit, 24 Gig Ram, 1TB SSD, AvastOmni 20.7.xxx, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32691
  • malware fighter
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #6141 on: May 24, 2020, 11:36:18 AM »
Getting too little notice: Sarwent Malware Continues to Evolve:

Re: https://labs.sentinelone.com/sarwent-malware-updates-command-detonation/
Research by Jason Reaves (info credits go there),

Malware opens up RDP-firewall-port and has TrickBot like actions.

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 66825
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #6142 on: May 27, 2020, 10:22:50 AM »
Win 8.1 [x64] - Avast PremSec 20.8.2428.B#3 [UI.562] - CC 5.72 - EEK - FF ESR 78.3 [NS/AOS/uBO/PB] - TB 68.12 - SB/CP/SL/DU.BC
Deutschsprachiger Bereich -> Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 66825
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Win 8.1 [x64] - Avast PremSec 20.8.2428.B#3 [UI.562] - CC 5.72 - EEK - FF ESR 78.3 [NS/AOS/uBO/PB] - TB 68.12 - SB/CP/SL/DU.BC
Deutschsprachiger Bereich -> Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 44120
  • 60 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Free avast! Security Seminar: http://bit.ly/2N1eaR2  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 10 Pro v1909 64bit, 24 Gig Ram, 1TB SSD, AvastOmni 20.7.xxx, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 66825
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #6145 on: June 02, 2020, 11:43:43 AM »
SANDWORM ACTORS EXPLOITING VULNERABILITY IN EXIM MAIL TRANSFER AGENT
https://media.defense.gov/2020/May/28/2002306626/-1/-1/0/CSA%20Sandworm%20Actors%20Exploiting%20Vulnerability%20in%20Exim%20Transfer%20Agent%2020200528.pdf
Russian Actors Are Targeting Vulnerable Exim Mail Servers. Patching Is Up, but More Than 900k Remain Online
https://www.riskiq.com/blog/labs/vulnerable-exim-mail-servers/
Win 8.1 [x64] - Avast PremSec 20.8.2428.B#3 [UI.562] - CC 5.72 - EEK - FF ESR 78.3 [NS/AOS/uBO/PB] - TB 68.12 - SB/CP/SL/DU.BC
Deutschsprachiger Bereich -> Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32691
  • malware fighter
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #6146 on: June 03, 2020, 06:11:58 PM »
Attackers - Large scale attack campaign tragets database credentials - database password,
Re: https://www.wordfence.com/blog/2020/06/large-scale-attack-campaign-targets-database-credentials/

What they were after is wp-config.php file which may hold particular credentials:
https://www.shodan.io/search?query=wp-config.php

Example some http:// IP address -/wordpress/wp-admin/setup-config.php
Response headers PHP/7.2.29 on Apache/2.4.43 (Win64)
PHP headers vuln. - 5
CVE-2019-11048
In PHP versions 7.2.x below 7.2.31, 7.3.x below 7.3.18 and 7.4.x below 7.4.6, when HTTP file uploads are allowed, supplying overly long filenames or field names could lead PHP engine to try to allocate oversized memory storage, hit the memory limit and stop processing the request, without cleaning up temporary files created by upload request. This potentially could lead to accumulation of uncleaned temporary files exhausting the disk space on the target server.
5
CVE-2018-19935
ext/imap/php_imap.c in PHP 5.x and 7.x before 7.3.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty string in the message argument to the imap_mail function.
5
CVE-2020-7067
In PHP versions 7.2.x below 7.2.30, 7.3.x below 7.3.17 and 7.4.x below 7.4.5, if PHP is compiled with EBCDIC support (uncommon), urldecode() function can be made to access locations past the allocated memory, due to erroneously using signed numbers as array indexes.
5

One of such Mystery-groups involved from Perm: https://siterankdata.com/mystery-group.ru
One of the addresses - Network: https://www.shodan.io/host/31.131.251.113
see activities of May 31st last: https://www.abuseipdb.com/check/31.131.251.113
and from France IP-address involved: https://www.shodan.io/host/188.165.195.184
Address coming soon: - 188.165.195.184 - -otzyvysotrudnikov.xyz — Coming Soon
ending in xyz: https://www.abuseipdb.com/check/188.165.195.184
and https://www.projecthoneypot.org/ip_188.165.196.25 (malspider)

polonus (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)
« Last Edit: June 03, 2020, 06:31:58 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 66825
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Win 8.1 [x64] - Avast PremSec 20.8.2428.B#3 [UI.562] - CC 5.72 - EEK - FF ESR 78.3 [NS/AOS/uBO/PB] - TB 68.12 - SB/CP/SL/DU.BC
Deutschsprachiger Bereich -> Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 66825
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Win 8.1 [x64] - Avast PremSec 20.8.2428.B#3 [UI.562] - CC 5.72 - EEK - FF ESR 78.3 [NS/AOS/uBO/PB] - TB 68.12 - SB/CP/SL/DU.BC
Deutschsprachiger Bereich -> Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 66825
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #6149 on: June 12, 2020, 09:43:25 AM »
Increased Use of Mobile Banking Apps Could Lead to Exploitation
https://www.ic3.gov/media/2020/200610.aspx
Win 8.1 [x64] - Avast PremSec 20.8.2428.B#3 [UI.562] - CC 5.72 - EEK - FF ESR 78.3 [NS/AOS/uBO/PB] - TB 68.12 - SB/CP/SL/DU.BC
Deutschsprachiger Bereich -> Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0