Author Topic: SECURITY WARNINGS & Notices - Please post them here  (Read 2082463 times)

0 Members and 3 Guests are viewing this topic.

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 45150
  • 61 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #6345 on: February 26, 2021, 04:27:00 PM »

Weekly Security News Roundup w/e 2-26-2021

https://youtu.be/J9VYa6e6dIo
Free avast! Security Seminar: http://bit.ly/2N1eaR2  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 10 Pro v20H2 64bit, 24 Gig Ram, 1TB SSD, AvastOmni 20.7.xxx, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 70008
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #6346 on: February 27, 2021, 10:31:46 AM »
Win 8.1 [x64] - Avast PremSec 21.3.2459.BUC [UI.612] - EEK - Firefox ESR 78.9 [NS/uBO/PB] - TB 78.9
Avast-Tools: Secure Browser 89.1 - Cleanup 21.1 - SecureLine 5.11 - Driver Updater 21.1 - CCleaner 5.78
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 45150
  • 61 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #6347 on: February 27, 2021, 01:42:23 PM »
T-Mobile discloses data breach after SIM swapping attacks
https://www.bleepingcomputer.com/news/security/t-mobile-discloses-data-breach-after-sim-swapping-attacks/
Update February 27, 02:44 EST: The attackers used an internal T-Mobile application to target up to 400 customers in SIM swap attack attempts, BleepingComputer has learned. No T-Mobile for Business customers were impacted during this incident.
Headlines can and quite often can be very deceiving.
« Last Edit: February 27, 2021, 01:44:50 PM by bob3160 »
Free avast! Security Seminar: http://bit.ly/2N1eaR2  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 10 Pro v20H2 64bit, 24 Gig Ram, 1TB SSD, AvastOmni 20.7.xxx, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 70008
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #6348 on: March 01, 2021, 08:21:46 AM »
Win 8.1 [x64] - Avast PremSec 21.3.2459.BUC [UI.612] - EEK - Firefox ESR 78.9 [NS/uBO/PB] - TB 78.9
Avast-Tools: Secure Browser 89.1 - Cleanup 21.1 - SecureLine 5.11 - Driver Updater 21.1 - CCleaner 5.78
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 70008
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #6349 on: March 01, 2021, 12:57:52 PM »
One of the biggest Android VPNs hacked? Data of 21 million users from 3 Android VPNs put for sale online
https://cybernews.com/security/one-of-the-biggest-android-vpns-hacked-data-of-21-million-users-from-3-android-vpns-put-for-sale-online/
Win 8.1 [x64] - Avast PremSec 21.3.2459.BUC [UI.612] - EEK - Firefox ESR 78.9 [NS/uBO/PB] - TB 78.9
Avast-Tools: Secure Browser 89.1 - Cleanup 21.1 - SecureLine 5.11 - Driver Updater 21.1 - CCleaner 5.78
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 70008
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #6350 on: March 03, 2021, 08:58:26 AM »
Win 8.1 [x64] - Avast PremSec 21.3.2459.BUC [UI.612] - EEK - Firefox ESR 78.9 [NS/uBO/PB] - TB 78.9
Avast-Tools: Secure Browser 89.1 - Cleanup 21.1 - SecureLine 5.11 - Driver Updater 21.1 - CCleaner 5.78
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 70008
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Win 8.1 [x64] - Avast PremSec 21.3.2459.BUC [UI.612] - EEK - Firefox ESR 78.9 [NS/uBO/PB] - TB 78.9
Avast-Tools: Secure Browser 89.1 - Cleanup 21.1 - SecureLine 5.11 - Driver Updater 21.1 - CCleaner 5.78
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33062
  • malware fighter
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #6352 on: March 10, 2021, 01:11:27 PM »
The latest Word Press plug-in zero-day was not detected by WordFence,
but as a result of reporting by Submitter: Ville Korhonen (Seravo), Antony Booker (WP Charged)
Submitter website: https://seravo.com/
Has been patched  with  4.1.7 vof mentioned Plus Addons for Elementor plug-in.

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 45150
  • 61 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #6353 on: March 14, 2021, 12:55:06 AM »
Security News Roundup for the Week ending 3/12/2021
https://youtu.be/Hw2um5Q3jbA
Free avast! Security Seminar: http://bit.ly/2N1eaR2  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 10 Pro v20H2 64bit, 24 Gig Ram, 1TB SSD, AvastOmni 20.7.xxx, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 70008
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #6354 on: March 14, 2021, 08:01:48 AM »
Win 8.1 [x64] - Avast PremSec 21.3.2459.BUC [UI.612] - EEK - Firefox ESR 78.9 [NS/uBO/PB] - TB 78.9
Avast-Tools: Secure Browser 89.1 - Cleanup 21.1 - SecureLine 5.11 - Driver Updater 21.1 - CCleaner 5.78
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33062
  • malware fighter
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #6355 on: March 15, 2021, 01:37:33 AM »
More information on the Google fix for a second actively exploited Chrome browser zero-day was not given,
as it comes marked as "RESERVED": https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-21193

We somehow know it is in their browser Webkit-engine, called Blink, specially positioned to harm Apple's webkit version's opposition.

What we can at least say, that it comes in the realm of the following category of bugs, a so-called "Use after Free" error-bug: https://cwe.mitre.org/data/definitions/416.html

More information is given as enough Google chrome users have been updating to the latest browser version,
and have been patched against this zero-day memory bug.

polonus (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33062
  • malware fighter
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #6356 on: March 15, 2021, 12:51:53 PM »
Lector saluti,

Microsoft how dare you do this to the security community?
It now becomes clear why Microsoft acquired Github.
Reason for the removal of exploit code: Working security through obscurity and defending their interests dictatorially,
by deleting all info that they do not like to be made public. In this case that particular POC info,
during times of their Exchange server security drama.

Sign of the times? Is not this against the rules for responsible disclosure to the security community and beyond?
Re: https://arstechnica.com/gadgets/2021/03/critics-fume-after-github-removes-exploit-code-for-exchange-vulnerabilities/

Might not even been Microsoft that removed the Proxy-Logon POC code, but Github itself.
The info iand not gone (e.g. at preatorian dot com with diff between the original and patched code),
and still available on archived repositories, only direct links have been removed.

Again the discussion.
Should we protect users too lazy and irresponsible to patch thousands and thousands of such Exchange servers soon?
Some would certainly speak out for that.

polonus (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)
« Last Edit: March 15, 2021, 01:05:12 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 45150
  • 61 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #6357 on: March 15, 2021, 01:08:35 PM »
Lector saluti,

Microsoft how dare you do this to the security community?
It now becomes clear why Microsoft acquired Github.
Reason for the removal of exploit code: Working security through obscurity and defending their interests dictatorially,
by deleting all info that they do not like to be made public. In this case that particular POC info,
during times of their Exchange server security drama.

Sign of the times? Is not this against the rules for responsible disclosure to the security community and beyond?
Re: https://arstechnica.com/gadgets/2021/03/critics-fume-after-github-removes-exploit-code-for-exchange-vulnerabilities/

Might not even been Microsoft that removed the Proxy-Logon POC code, but Github itself.
The info iand not gone (e.g. at preatorian dot com with diff between the original and patched code),
and still available on archived repositories, only direct links have been removed.

Again the discussion.
Should we protect users too lazy and irresponsible to patch thousands and thousands of such Exchange servers soon?
Some would certainly speak out for that.

polonus (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)
A dissenting view
Marcus Hutchins, a security researcher at Kryptos Logic, pushed back on those critics. He said Github has indeed removed PoCs for patched vulnerabilities affecting non-Microsoft software. He also made a case for Github removing the Exchange exploit.
“I’ve seen Github remove malicious code before, and not just code targeted at Microsoft products,” he told me in a direct message. “I highly doubt MS played any role in the removal and it just simply fell afoul of Github’s ‘Active malware or exploits’ policy in the [terms of service], due to the exploit being extremely recent and the large number of servers at imminent risk of ransomware.”
Responding to Kennedy on Twitter, Hutchins added, "'Has already been patched.' Dude, there’s more than 50,000 unpatched exchange servers out there. Releasing a full ready to go RCE chain is not security research, it’s recklessness and stupid.”

Free avast! Security Seminar: http://bit.ly/2N1eaR2  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 10 Pro v20H2 64bit, 24 Gig Ram, 1TB SSD, AvastOmni 20.7.xxx, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33062
  • malware fighter
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #6358 on: March 15, 2021, 03:03:11 PM »
Hi bob3160,

We are doing this to ourselves, by making use of "closed propriety source",
which cannot be gone over with scrutiny like with open source code.
Security through obscurity is the name of the game.

Mind you the Chinese now also sit on MAPP program exploits, and not only the services from the US of A.
Closed source, we have all confidence it it, and some prosper from it.

But alas as the POC info is already out on Interwebz, and once there, it won't go away,
A pity for monopolists. Re: https://www.praetorian.com/blog/reproducing-proxylogon-exploit/

Hope the POC-code will return there after all Exchange servers have been fully patched.
Certainly there should be room for "responsible disclosure" to check on what MS is up to.

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 70008
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Win 8.1 [x64] - Avast PremSec 21.3.2459.BUC [UI.612] - EEK - Firefox ESR 78.9 [NS/uBO/PB] - TB 78.9
Avast-Tools: Secure Browser 89.1 - Cleanup 21.1 - SecureLine 5.11 - Driver Updater 21.1 - CCleaner 5.78
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0