SECURITY WARNINGS & Notices - Please post them here

[polonus]

Hi DavidR,

Still hope Avast will sign AOS add-on (as they said they would with fx version 41) as signing software is always generally speaking a good practice. DrWeb's also signed their extension for that matter.

Damian

[polonus]

Too many things goeing wrong at FireEye's lately  : http://www.theregister.co.uk/2015/09/08/fireeye_0day/
Re: https://www.insinuator.net/2015/09/sending-mixed-signals-what-can-happen-in-the-course-of-vulnerability-disclosure/
FireEye reacted that propriety software secrets were revealed by these German info security researchers.

Question of money or a lack of knowledgable expertise, e.g. surplus of generically educated IT staff,
but a lack of technical IT specialists, and that is obvious through recent major security  incidents
(data breaches, compromittal, insecure practices, general incompetence)?

polonus

[polonus]

Big threat still: https://www.theprivacyblog.com/uncategorized/unauthorized-ssl-certificates-put-everyone-at-risk/
and read: http://arstechnica.com/security/2015/03/bogus-ssl-certificate-for-windows-live-could-allow-man-in-the-middle-hacks/

polonus

[polonus]

You certainly want a datingsite to be encrypted, but often it is not: https://www.eff.org/deeplinks/2012/02/six-heartbreaking-truths-about-online-dating-privacy

polonus

[Para-Noid]

“YellowSend, send your large files for free?”

https://blog.malwarebytes.org/security-threat/2015/09/yellowsend-send-your-large-files-for-free/?utm_source=Gplus&utm_medium=social

Beware of Sites Claiming to House “Gifts for My Subs”…

https://blog.malwarebytes.org/fraud-scam/2015/09/beware-of-sites-claiming-to-house-gifts-for-my-subs/?utm_source=Gplus&utm_medium=social

[polonus]

Mal-ad campaign goes on almost unnoticed for weeksand weeks with Angler exploit redirects, 139 million monthly British eBay visitors were at risk  .
Read: https://blog.malwarebytes.org/malvertising-2/2015/09/large-malvertising-campaign-goes-almost-undetected/
So, my dear Avast friends, polonus will I keep his adblocker with special subscription lists up and running.

polonus

[Para-Noid]

Avoid This HMRC Tax Refund Phish

https://blog.malwarebytes.org/fraud-scam/2015/09/avoid-this-hmrc-tax-refund-phish/?utm_source=Gplus&utm_medium=social

[DavidR]

Avoid This HMRC Tax Refund Phish

https://blog.malwarebytes.org/fraud-scam/2015/09/avoid-this-hmrc-tax-refund-phish/?utm_source=Gplus&utm_medium=social

This (and others) have been doing the rounds for some considerable time now.

[polonus]

Corrupted Firmware on hacked Cisco-Routers detected: https://www.fireeye.com/blog/threat-research/2015/09/synful_knock_-_acis.html
The routers were backdoored to be able compromise several modules.
Link article authors: FireEye Threat Research's By Bill Hau and  Tony Lee.

polonus

[Para-Noid]

Large Malvertising Campaign Goes (Almost) Undetected

https://blog.malwarebytes.org/malvertising-2/2015/09/large-malvertising-campaign-goes-almost-undetected/?utm_source=Gplus&utm_medium=social

Don’t Get Stuck on WhatsApp Stickers…

https://blog.malwarebytes.org/fraud-scam/2015/09/dont-get-stuck-on-whatsapp-stickers/?utm_source=Gplus&utm_medium=social

What's the difference between antivirus and anti-malware?

https://www.malwarebytes.org/articles/antivirus-vs-antimalware/?utm_source=Gplus&utm_medium=social

Fake Amazon UK Mail Asks You to Verify Your Account After “Breach”

https://blog.malwarebytes.org/fraud-scam/2015/09/fake-amazon-uk-mail-asks-you-to-verify-your-account-after-breach/?utm_source=Gplus&utm_medium=social

[bob3160]

Phishing Attempt - Caution!

If you look at the detailed senders address carefully, you should see this didn't really come from Wells Fargo.


The spelling and grammar has gotten much better and more convincing.
However, if you hover your mouse over the included "signon" link you'll notice it doesn't go to Wells Fargo:

This is a sure sign of a Phishing attempt. Don't be the fool that falls for it. Stay vigilant and be suspicious any time
you receive something like this from your bank or other type of financial institution.
Never click on included link. If you aren't sure, take the initiative and, contact your financial institution on your own.

[polonus]

Thousands and thousands of hacked WordPress sites are spreading malware, read here: https://blog.sucuri.net/2015/09/wordpress-malware-active-visitortracker-campaign.html  article author is Sucuri's Daniel Cid.
Attackers seems to use leaks in WP plug-ins. WP websites often haven't updated to the latests CMS software versions,
plug-ins can be outdated and themes can have vulnerable code. To check your security with a quick and dirty cold reconnaissance scan go here: https://hackertarget.com/wordpress-security-scan/
I strongly advise WP website owners, website admins, pro-active hosters and other IT staff to do so.

One thing that will make you vulnerable is outdated, unpatched or even worse: left code. Do not leave your visitors at risk, update, patch and secure. Also we find a lot of server misconfiguration and security headers missing. It is not only website code, it is also hosters that do not take security of the domains they service at heart. Excessive server header proliferation (to the world and attackers) is wide-spread. Outdated and vulnerable server code is found. Do not be an ignorant and have yourself informed by doing the necessary scans.

polonus (volunteer website security analyst and website eror-hunter)

P.S. Just an example where we find the code Daniel Cid is refering to: -http://www.brainvalue.com/en/newsroom-en/feed/rss/newsroom/newsroom-2?format=feed
Consider: -http://www.domxssscanner.com/scan?url=http%3A%2F%2Fbrainvalue.com%2Fcomponents%2Fcom_contact%2Fcommon_configs%2Fvisitor.php%3Fmob%3D1
& read: http://wordpress.stackexchange.com/questions/188763/cookiechoices-js-keeps-reappearing-without-caching-plugin

Damian

[bob3160]

[polonus]

Hi bob3160,

? because there is a brand new WP update out - 4.3.1

Even a better scan here: https://sitecheck.sucuri.net/results/bob3160.wordpress.com
Analysing on https://s2.wp.com/wp-content I found this plug-in questionable: ie-sitemode
You may not have it, but I see no update address for that code, has it been left?
This has some sources and sinks, but I see no immediate threat: -http://www.domxssscanner.com/scan?url=http%3A%2F%2F0.gravatar.com%2Fjs%2Fgprofiles.js%3Fver%3D201538y
Nothing here: -http://www.domxssscanner.com/scan?url=https%3A%2F%2Fs2.wp.com%2Fwp-content%2Fmu-plugins%2Fgravatar-hovercards%2Fwpgroho.js%3Fm%3D1380573781g
Some sources and sinks:- -http://www.domxssscanner.com/scan?url=-https%3A%2F%2Fplatform.twitter.com%2Fwidgets.js%3Fver%3D20111117
and all touching on:  -http://d.rmgserving.com/rmgdsc/newcafv2.js?1.1
as goes for this: -http://www.domxssscanner.com/scan?url=https%3A%2F%2Fs.skimresources.com%2Fjs%2F725X1342.skimlinks.js
and finally this-http://www.domxssscanner.com/scan?url=http%3A%2F%2Fstats.wp.com%2Fw.js%3F48
which most adblockers block for us: uMatrix has prevented the following page from loading:
-http://stats.wp.com/w.js?48

You can be assured that website is secure as far as I could establish. And Sucuri agrees with me.

See the website risk status that Netcraft gives: http://toolbar.netcraft.com/site_report?url=https://bob3160.wordpress.com
but that could have to do with the fact Netcraft sees this site for the first time, that is why the 7 red out of 10 risk score.

All's well, bob3160,

Damian

[bob3160]

ie-sitemode is there because I use Windows Live Writer?