Author Topic: SECURITY WARNINGS & Notices - Please post them here  (Read 1257084 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 29979
  • malware fighter
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5535 on: November 26, 2017, 02:26:37 PM »
Word Press websites attacked through holes in two popular plug-ins:
https://blog.sucuri.net/2017/11/formidable-forms-shortcodes-ultimate-exploits-in-the-wild.html

Check the security of a Word Press website domain here: https://hackertarget.com/wordpress-security-scan/
Also check for retirable jQuery code: retire.insecurity.today/#
and check here: https://aw-snap.info/file-viewer/

Keep your website CMS up to date and fully patched also to keep others more secure!

polonus (volunteer website security analyst and website error-hunter)
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Evanna456

  • Jr. Member
  • **
  • Posts: 41
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5536 on: November 27, 2017, 07:56:00 AM »
https://blog.imgur.com/2017/11/24/notice-of-data-breach/

imgur, a popular image hosting site has been hacked.

"On the morning of November 24th, we began notifying impacted users via their registered email address. We are immediately requiring that these users update their password." imgur
just a noob

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 29979
  • malware fighter
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5537 on: November 27, 2017, 02:14:46 PM »
Hidden trackers in popular Android-apps: Read: https://privacylab.yale.edu/press

A solution outside of the Google webshop (because it is not allowed there,
because it interferes with the Google business model of data-slurping,
profiling and tracking all of your data
= blokada - Blokada is a free, open source, compact,
fast ad blocker for Android that works for all apps and does not require root.

-> https://github.com/blokadaorg/blokada

Best browser on android i.m.o. = Brave together with Disconnect me.

polonus (volunteer website security analyst and website error-hunter)
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 29979
  • malware fighter
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5538 on: November 29, 2017, 04:12:03 PM »
Considerable increase in amount of SQL attacks of web applications found:
https://www.akamai.com/us/en/multimedia/documents/state-of-the-internet/q3-2017-state-of-the-internet-security-report.pdf

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 36362
  • 57 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5539 on: November 29, 2017, 05:32:35 PM »
If you have a Mac, you have a Security problem.
Here's how to fix it untill Apple comes up with a patch.
https://www.howtogeek.com/334611/huge-macos-bug-allows-root-login-without-a-password.-heres-the-fix/
Free avast! Security Seminar: http://www.authorstream.com/Presentation/bob3160-1425909-protecting-yourself/    -  Important: http://www.organdonor.gov/ -- My Blog: http://bob3160.blogspot.com/ - Win 10 Pro v1703 64bit, 8 Gig Ram, AvastFree 17.6.2307, WinPatrol, Unchecky How to Successfully Install Avast http://goo.gl/VLXde

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 29979
  • malware fighter
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5540 on: November 30, 2017, 01:57:50 PM »
Cryptominer goes on mining after you closed the browser window through a pop-under:
https://blog.malwarebytes.com/cybercrime/2017/11/persistent-drive-by-cryptomining-coming-to-a-browser-near-you/

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 36362
  • 57 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Free avast! Security Seminar: http://www.authorstream.com/Presentation/bob3160-1425909-protecting-yourself/    -  Important: http://www.organdonor.gov/ -- My Blog: http://bob3160.blogspot.com/ - Win 10 Pro v1703 64bit, 8 Gig Ram, AvastFree 17.6.2307, WinPatrol, Unchecky How to Successfully Install Avast http://goo.gl/VLXde

Offline Be Secure

  • Long Time Avast User(7years.....) Security Enthusiast.
  • Super Poster
  • ***
  • Posts: 1450
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5542 on: December 02, 2017, 06:37:34 AM »
New Shadow BTCware Ransomware Variant Released
A new variant of the BTCWare ransomware was discovered by Michael Gillespie, that appends the .[email]-id-id.shadow extension to encrypted files. The BTCWare family of ransomware infections targets its victims by hacking into poorly protected remote desktop services and manually installing the ransomware.
PC- Windows10 PRO 64Bit,Laptop-Windows10 Home (64Bit)  Avast IS 17.8.2318,uBlock Origin,GoogleChrome(64bit),CCleaner,Unchecky,HitmanPro,Shadow Defender,Avast! Mobile Security & Antivirus.
Security Enthusiast

Offline Asyn

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 49541
  • Merry Christmas..!!
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5543 on: December 02, 2017, 09:36:07 AM »
Win 8.1 [x64] - Avast Premier 17.9.2321.Beta#3 - CC 5.38 [OD] - MCS [OD] - EEK [OD] - FF ESR 52.5.2 [NS5/uBO] - Thunderbird 52.5 [EM]
Deutschsprachiger Bereich -> Avast Wissenswertes (Downloads, Anleitungen und Infos): https://forum.avast.com/index.php?topic=60523.0

Offline Pondus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33771
Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 29979
  • malware fighter
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5545 on: December 03, 2017, 12:36:22 AM »
forum dot avast dot com site's nameservers configuration security issue:
Quote
Stealth name servers   Failed   Found name servers which are listed by the authoritative servers, but not by the parent ones:
ns6.avast.com at ns2.avast.com
sns.avast.com at ns2.avast.com
sns.avast.com at pns.avast.com
ns6.avast.com at pns.avast.com
 
Another issue
Quote
Google Apps settings   Warning   The top priority mail server is ASPMX.L.GOOGLE.com, but TTL is not equal to the recommended value (86400).
On cert:
Quote
Supported cipher suites   Warning   Your server supports suboptimal cipher suites:
DES-CBC3-SHA
Quotes above taken from a public scan at Threat Intelligence Platform for -https://forum.avast.com

polonus (volunteer website security analyst and website error-hunter)

Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 29979
  • malware fighter
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5546 on: December 07, 2017, 01:15:21 PM »
Keylogger activity on thousands of hacked WordPress sites:

https://blog.sucuri.net/2017/12/cloudflare-solutions-keylogger-on-thousands-of-infected-wordpress-sites.html

polonus (volunteer website security analyst and website error-hunter)

P.S. Instruction to find the  malscript in given Sucuri blog post link
Quote
: The injected part of this malware didn’t change at all, using the theme’s function.php to enqueue the following scripts to WordPress pages.

Read on the problem of bitcoin mining scripts and how avast will keep us secure:
https://blog.avast.com/avast-blocked-more-than-34-million-monero-cryptomining-attacks
 (blog post credits: avast's Denis Konopisky)

D
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 29979
  • malware fighter
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5547 on: December 07, 2017, 05:31:21 PM »
Just to give an idea what script was being abused to inject reconnecting-websocket.js -> https://www.reverse.it/sample/23118b9873d0ba566f606dcaa27f5c078b2c2f6259e8470ffa71875119897b5d?environmentId=100

Also the way Brute Force is being used here via Bluto abuse: https://gr.pinterest.com/pin/328410997819076735/

pol
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 29979
  • malware fighter
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5548 on: December 09, 2017, 03:04:34 PM »
Spyware inside printer software (weakly protected as usual)
is the royal way into your firm network for spies and sp**ks:


Re: https://zwclose.github.io/HP-keylogger/ 

When they are in your printer they are inside your network.

With all the spyware added lately to all kind of hardware,
it seems consumer rights are being violated on a grand scale everywhere,
and nobody seems to take your consumer rights seriously.

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 29979
  • malware fighter
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5549 on: December 10, 2017, 12:40:27 PM »
Do not get it wrong. 25% of PHISHING websites now offer secure connections.
These certifiied websites (Comodo or Let's Encrypt certification) have a green padlock,
so Mr. and Mrs. Average End-user will think such websites are safe. They are not!
They only have a secure connection to.... unsafety!

Read: https://info.phishlabs.com/blog/quarter-phishing-attacks-hosted-https-domains

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!