Author Topic: SECURITY WARNINGS & Notices - Please post them here  (Read 2084162 times)

0 Members and 2 Guests are viewing this topic.

Online bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 45155
  • 61 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5280 on: May 17, 2017, 03:22:31 PM »

Steps for Window 10 system to set Port and prevent WannaCrypt attacking
https://goo.gl/u54N15
#

Thanks for that Bob.
Technically, it's the upd port that's the problem. If you see any programs not starting properly, you may want to bypass the tcp rule. :)
( I currently disabled the tcp rule on my system for that reasdon. )
« Last Edit: May 17, 2017, 03:25:21 PM by bob3160 »
Free avast! Security Seminar: http://bit.ly/2N1eaR2  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 10 Pro v20H2 64bit, 24 Gig Ram, 1TB SSD, AvastOmni 20.7.xxx, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 84785
  • No support PMs thanks
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5281 on: May 17, 2017, 06:40:48 PM »

Steps for Window 10 system to set Port and prevent WannaCrypt attacking
https://goo.gl/u54N15
#

Thanks for that Bob.
Technically, it's the upd port that's the problem. If you see any programs not starting properly, you may want to bypass the tcp rule. :)
( I currently disabled the tcp rule on my system for that reason. )

Wise as TCP is more commonly used and I think I recall port 445 being used by other legit functions. So some would say that port was already being exploited, so it is difficult to say what action to take.

This port has been used by other malware in the past, see https://www.speedguide.net/port.php?port=445 for more information on this.
Windows 10 Home 2004 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.3.2459 (build 21.3.6164.561) UI 1.0.609/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33064
  • malware fighter
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5282 on: May 17, 2017, 10:16:20 PM »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Be Secure

  • Long Time Avast User(10years.....) Security Enthusiast.
  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1910
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5283 on: May 18, 2017, 04:59:46 AM »
WannaCry Ransomware Campaign: Threat Details and Risk Management
https://www.fireeye.com/blog/products-and-services/2017/05/wannacry-ransomware-campaign.html
PC- Windows10 EDU 64Bit,avast! free 21.1.2449,uBlock Origin,NVT_OSA,GoogleChrome(64bit),CCleaner,Unchecky,ZAM Free,Shadow Defender.
Security Enthusiast

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 36993
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5284 on: May 18, 2017, 11:09:03 PM »
Windows 10 credential theft: Google is working on fix for Chrome flaw
http://www.zdnet.com/article/windows-10-credential-theft-google-is-working-on-fix-for-chrome-flaw/


Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33064
  • malware fighter
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5285 on: May 18, 2017, 11:14:21 PM »
Again Word Press: https://wordpress.org/news/2017/05/wordpress-4-7-5/

This CMS will always be a disaster in the hands of those that do not know what to do and how to configure Word Press properly.
Many sites are very easily being compromised that way or can be infested any minute.

Look what could be wrong with a Word Press website here: https://hackertarget.com/wordpress-security-scan/

Eddy here and little old me also often meet: old software versions, old plug-in and vulnerable themes, outdated plug-ins or left code even. User Enumeration & Directory Listing enabled, iFrame issues, cloaking, not sticking to the so-called same origin rule, none or not the right security headers generated, no sri-hashes being generated and lots of other insecurity.

So there are a lot of websites with bad CMS with vulnerable jQuery libraries. One could scan here: https://aw-snap.info/file-viewer/
Redleg alerts for many issues. I have been posting about these issues so many times now, and gave at these forums  so many scanner examples in the "virus and worms", but I fear again it will be pearls for the swines and not much improvement will be seen and website admins and many hosters will never come to pick up "best practices". The main Internet Infrastructure is a very dangerous place, folks.

polonus
« Last Edit: May 18, 2017, 11:16:03 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33064
  • malware fighter
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5286 on: May 19, 2017, 02:50:14 PM »
LetsEncrypt OSCP Fail: https://letsencrypt.status.io/

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31311
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5287 on: May 20, 2017, 01:45:51 PM »

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33064
  • malware fighter
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5288 on: May 20, 2017, 01:55:05 PM »
Yep, Eddy, you are right and as can be expected there will be loads of victims still out on Win7.

Remember cybercrime has just recently been given an enormous boost from NSA's irresponsible zero-day policy,
sitting on such "feature holes" and not sharing it with those in the security community,
that may protect against abuse through other parties than these guv spooks (ordinairy cybercriminals).

Why put all of the Interwebs at risk? We are gonna be in for some not so nice surprise attacks in the coming future,
and also AV is better advised to protect against 'guv malcode 'if they have knowledge thereof and haven't protected us against it yet.

polonus (volunteer website security analyst and website error-hunter)
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!


Offline Para-Noid

  • Avast Evangelist
  • Starting Graphoman
  • ***
  • Posts: 6711
  • Trust only what you test yourself!
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5290 on: May 20, 2017, 10:06:56 PM »
Spreading more rapidly than WannaCry.

https://www.wired.com/2017/05/another-ransomware-nightmare-brewing-ukraine/

After reading that article I am so glad I have a solid backup plan. 
Dell Inspiron, Win10x64--HP Envy Win10x64--Both systems Avast Free v17.9.2322, Comodo Firewall v8.2 w/D+, MalwareBytes v3.0, OpenDNS, Super Anti-Spyware, Spyware Blaster, MCShield, Unchecky, Vivaldi Browser and, various browser security tools.

"Look before you leap!" Use online scanners before you click on any link.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33064
  • malware fighter
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5291 on: May 21, 2017, 06:32:39 PM »
Hi Para-Noid

Solid back-up plan is a must, but also a solid patch plan when patches are being served up.
All that had been patched systems were secure. All on non-exploitable OS were secure.
If it has hit you, you can feel sorry for yourself.
In Ukraine loads of folks out on not- always genuine Win7 and XP even.

There weren't that many victims in the USA where the threat was created...
only there those that did not pay attention fell victims to it.

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33064
  • malware fighter
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5292 on: May 22, 2017, 12:53:42 PM »

Each and everyone seems after your data, the sniffers and spooks cannot be hold back from sniffing around your devices.
OK, you agreed to their software eula's, so you have nothing to say in the matter, but isn't this all not going a wee bit over the top?

Remotely collecting analytical user data from Netgear routers: https://community.netgear.com/t5/Nighthawk-WiFi-Routers/R7000-quot-Router-Analytics-Data-Collection-quot-Options-Grayed/td-p/1287480

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Be Secure

  • Long Time Avast User(10years.....) Security Enthusiast.
  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1910
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5293 on: May 24, 2017, 04:57:53 AM »
Jaff Ransomware Switches to the WLU Extension and Gets a New Design
https://www.bleepingcomputer.com/news/security/jaff-ransomware-switches-to-the-wlu-extension-and-gets-a-new-design/

The following is the sample of Jaff ransomware I saw on Tuesday 2017-05-23:

SHA256 hash:  557306dc8005f9f6891939b5ceceb35a82efbe11bd1dede755d513fe6b5ac835
File size:  241,664 bytes
File location:  C:\Users\[username]\AppData\Local\Temp\levinsky8.exe

It is not possible to decrypt the Jaff Ransomware WLU Variant
Unfortunately, it is not possible to decrypt .wlu files encrypted by the Jaff Ransomware for free.
« Last Edit: May 24, 2017, 05:04:45 AM by Be Secure »
PC- Windows10 EDU 64Bit,avast! free 21.1.2449,uBlock Origin,NVT_OSA,GoogleChrome(64bit),CCleaner,Unchecky,ZAM Free,Shadow Defender.
Security Enthusiast

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31311
  • Watching (over?) you
    • Malware removal, Biljart and other things.
« Last Edit: May 24, 2017, 03:16:44 PM by Eddy »