SECURITY WARNINGS & Notices - Please post them here

[polonus]

@Asyn,

New link where the list resides: https://github.com/gwillem/ecommerce-malware-collection/tree/master/js
Check these with a Magento security scanner like: https://www.magereport.com/scan/?s=
and other scans in your toolchest.

enjoy, my good friends,

pol

P.S.
Nota Bene.
Mind you. This is a commercial list to sort of "lure" infested or (potentially) insecure webshop owners
to Byte.BV's security support services.
This as the creator, Willem de Groot, of the forementioned list, is also owner of this firm/hosting service,
Byte B.V. in the Netherlands. So his intentions with the list and all may differ from our intentions with it.

Just wanted to remind you of this situation, as it only seems fair to do so.
Notice polonus is a 100% purely unbiased & independant avast support forum volunteer website security specialist.
and I have no interest in this list as only for research purposes. 
Seems only 176 webshops are really malicious as such.

Damian

[Asyn]

@Asyn,
New link where the list resides: https://github.com/gwillem/ecommerce-malware-collection/tree/master/js

Hi pal, new (updated) list here: https://gitlab.com/gwillem/public-snippets/snippets/28813

Cheers,
Asyn

[polonus]

Thanks for that one, Asyn. Bookmarked. We're even now. 

Would be great to go over that list with some  specific scans: http://www.domxssscanner.com/  &
san at: https://observatory.mozilla.org/
and then put the suspicious code through an unpacker for errors (bugs and insecurity).

Fact is that loads and loads of websites, especially the smaller ones, but not necessarily so,
have sloppy IT managment (update/patch management etc.),
and are therefore insecure and open to abuse/infection.

A lot of those on the Willem de G. list also comes blocked with firehol: https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/firehol_webserver.netset

Have a nice day, ye all,

polonus (volunteer website security analyst and website error-hunter)

[polonus]

WordPress sites hacked via new Marketplace plug-in zero-day:
http://labs.sucuri.net/?note=2016-10-17
Obfuscated backdoor code detected....

polonus

[Pondus]

Report: the anatomy of tech support scams
https://blog.malwarebytes.com/cybercrime/social-engineering-cybercrime/2016/10/report-the-anatomy-of-tech-support-scams/

pdf report
https://www.malwarebytes.com/pdf/white-papers/AnatomyTechSupportScams.pdf?utm_source=blog&utm_medium=social

[polonus]

Cybercriminal skimmers find creative solution: creditcard data hidden inside image:
https://blog.sucuri.net/2016/10/magento-credit-card-swiper-exports-image.html

Scan your webshop that has Magento here to be alerted to insecurity: magereport.com/scan/?s=

We see that the so-called Willem de G. list made some researchers look a bit sharper for e-commerce site's insecurity.
All reported to Google Safe Browsing that cooperates firmly with Sucuri's.

polonus (volunteer website security analyst and website error-hunter)

[Asyn]

Tens of millions of websites at risk in latest mega breach
https://www.leakedsource.com/blog/weebly/

[Staticguy]

Tens of millions of websites at risk in latest mega breach
https://www.leakedsource.com/blog/weebly/

WTF  !!! For one of my uni papers at my institute uses weebly as a source for giving us (students) lecture notes, notices, timetable, and etc etc. I will pass this info to my uni IT support and let them know. Thanks Asyn for posting this

[DavidR]

Tens of millions of websites at risk in latest mega breach
https://www.leakedsource.com/blog/weebly/

Interesting when WOT doesn't trust/like leakedsource.com.

One thing for sure when I come across sites like this there is absolutely no way I would check user name and passwords. As soon as you do that you have pretty much compromised your information and can't/shouldn't use that data again.

Who would trust that the data wouldn't be harvested, certainly not me and I'm a trusting sort NOT.

I won't even use sites to check the strength of my passwords, for the very same reasons.

[polonus]

Hi DavidR,

Striking again that a Russian source seems to come with a bad web reputation,
lots of that demonizing going on lately.

The leakedsource dot com organization is into data harvesting, so it sits on big pile of cloud data.

At the moment for whatever reason there is a concerted action going on to make Russia look like the evil empire of cyberwarfare?

In this case:  JSC DBA RU-CENTER, privacy protection service.
Comodo Certification - PositiveSSL Multi-Domain,Domain Control Validate seems OK.

What is CloudFlare's role in all this.
The bad side of it all is that CloudFlare seems indifferent to what they have in that cloud traffic they are facilitating.
The good, the bad and the ugly as long as it brings them big profits.
Big data cloud security is bad.
For the majority of big enterprise do not have protection as it should be implemented.

This will not be the last of such big data-breaches, where and when we may find them.


polonus

[Asyn]

Tens of millions of websites at risk in latest mega breach
https://www.leakedsource.com/blog/weebly/

WTF  !!! For one of my uni papers at my institute uses weebly as a source for giving us (students) lecture notes, notices, timetable, and etc etc. I will pass this info to my uni IT support and let them know. Thanks Asyn for posting this

You're welcome.

[Pondus]

Unprotected IoT devices killed the US Internet for hours
http://www.bitdefender.com/box/mirai-IOT-security-alert.html

[Be Secure]

Locky Adds Support for a New "S**T" Extension
Security researcher MalwareHunterTeam tells Softpedia that the infamous Locky ransomware has returned today with a new spam campaign that's spreading a new version of the ransomware.
http://news.softpedia.com/news/locky-adds-support-for-a-new-s-t-extension-509588.shtml

[polonus]

There are being warnings given out about a new spam botnet.
Important is the advice that shortened urls in an e-mail should always be frowned upon as suspicious.
Do not click such links.

Here is the information link given on a Dutch news forum, use Google translate to be able to read on this new spam botnet:
https://www.security.nl/posting/490176/Nieuw+spam+botnet%3F

Be aware of the obfuscated  146&........ look out for patters  like e.g. 146&AGTfVq or 146&cc4by etc. in the URL address link.
This could create a handle for blocking this smut-spam
with domain names found to be like:
-hookupclub4[.]com
-flirthookup5[.]com
-flirthookup6[.]com
-flirthookup4[.]com
-claimyourprize2[.]com
-claimyourprize1[.]com

-Info credits here go to : SecGuru_OTX & NSG

polonus

[Staticguy]

Tens of millions of websites at risk in latest mega breach
https://www.leakedsource.com/blog/weebly/

WTF  !!! For one of my uni papers at my institute uses weebly as a source for giving us (students) lecture notes, notices, timetable, and etc etc. I will pass this info to my uni IT support and let them know. Thanks Asyn for posting this

You're welcome.

@Asyn: It's all good. The IT department at my uni, they knew about this problem and had already taken precautions. Thanks again