Author Topic: SECURITY WARNINGS & Notices - Please post them here  (Read 1834941 times)

0 Members and 4 Guests are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 31970
  • malware fighter
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5760 on: October 17, 2018, 06:58:01 PM »
Popular CMS will still accept older PHP versions. T0-day Drupal will run with PHP 5.5.9. Joomla demands at least PHP 5.3 and WordPress still will accept PHP 5.2.4.

Always be aware for PHP vulnerabities like this authentication bypass - http://yaisb.blogspot.com/2006/08/authentication-bypass_07.html * could reapear encrypted
Quote
Code: [Select]
<script> <!-- document.write(unescape("%3C%3F%0A%0Aif%28%21isset%28%24_SESSION%5B%27session%27%5D%5B%22privLvl%22%5D%29%29%20%7B%20%0A%20header%28%22Location%3A%20login.php%22%29%3B%0A%20exit%28%29%3B%0A%7D%0A%0Aecho%20%22BIG%20SECRET%21%22%3B%0A%0A%3F%3E")); //--> </script>
translating to
Code: [Select]
  //document.write (s)  <?  if(!isset($_SESSION['session']["privLvl"])) {   header("Location: login.php");  exit(); }  echo "BIG SECRET!";  ?>
code source credits go to: RYAN *

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Be Secure

  • Long Time Avast User(9years.....) Security Enthusiast.
  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1893
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5761 on: October 22, 2018, 10:47:43 AM »
PC- Windows10 EDU 64Bit,Avast Free V.19.8.2393,uBlock Origin,NVT_OSA,GoogleChrome(64bit),CCleaner,Unchecky,ZAM Free,Shadow Defender.
Security Enthusiast

Offline Be Secure

  • Long Time Avast User(9years.....) Security Enthusiast.
  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1893
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5762 on: October 22, 2018, 10:49:20 AM »
PC- Windows10 EDU 64Bit,Avast Free V.19.8.2393,uBlock Origin,NVT_OSA,GoogleChrome(64bit),CCleaner,Unchecky,ZAM Free,Shadow Defender.
Security Enthusiast

Offline Ev Jon

  • Newbie
  • *
  • Posts: 1
Avast stie apparently hacked
« Reply #5763 on: October 25, 2018, 04:06:32 PM »
Every time I create a web account I create a new email address which is forwarded to my real email address.  I never use that email address for anything else.  That way, if I get emails to that address that I should not, I know site is marketing my address or that they have been hacked.   

I just received an email from a hacker warning of dire consequences if I don't pay big time.  (I know it is not true but just a scam.)  However the scam email was sent to an email address which has never been used for anything except to logon to this site.  I have not used it for several years (until the scammer used it today.)  My domain is one they would not likely try (it's something like ky7620z.com.)  It is not very comforting that an antimalware site has been hacked like that.)

I have deleted the forwarder so the email address no longer exists.  Avast needs to be more careful to protect its customers.

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 41984
  • 59 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: Avast stie apparently hacked
« Reply #5764 on: October 25, 2018, 04:14:39 PM »
Every time I create a web account I create a new email address which is forwarded to my real email address.  I never use that email address for anything else.  That way, if I get emails to that address that I should not, I know site is marketing my address or that they have been hacked.   

I just received an email from a hacker warning of dire consequences if I don't pay big time.  (I know it is not true but just a scam.)  However the scam email was sent to an email address which has never been used for anything except to logon to this site.  I have not used it for several years (until the scammer used it today.)  My domain is one they would not likely try (it's something like ky7620z.com.)  It is not very comforting that an antimalware site has been hacked like that.)

I have deleted the forwarder so the email address no longer exists.  Avast needs to be more careful to protect its customers.
Avast wasn't hacked. This forum was some years back - https://www.grahamcluley.com/avast-forum-hacked/
Free avast! Security Seminar: https://goo.gl/kh3cqR  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 10 Pro v1903 64bit, 8 Gig Ram, AvastFree 19.6.xxxx, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq

Online CraigB

  • Avast Überevangelist
  • Serious Graphoman
  • *****
  • Posts: 10930
  • No support PM's thanks
Re: Avast stie apparently hacked
« Reply #5765 on: October 25, 2018, 05:11:54 PM »
Every time I create a web account I create a new email address which is forwarded to my real email address.  I never use that email address for anything else.  That way, if I get emails to that address that I should not, I know site is marketing my address or that they have been hacked.   

I just received an email from a hacker warning of dire consequences if I don't pay big time.  (I know it is not true but just a scam.)  However the scam email was sent to an email address which has never been used for anything except to logon to this site.  I have not used it for several years (until the scammer used it today.)  My domain is one they would not likely try (it's something like ky7620z.com.)  It is not very comforting that an antimalware site has been hacked like that.)

I have deleted the forwarder so the email address no longer exists.  Avast needs to be more careful to protect its customers.
The email scam you're describing sounds like the one that did the rounds not long ago, some guy reckons he's recorded you watching porn and has collected all your contacts and if you don't pay the ransom he'll forward the video to all your friends yada yada yada ::) I also got the same scam email which was an old email used for this forum 4 years ago, Avast did change their registration process after that hack to further prevent it happening again.

Unfortunately these forum hacks are happening more and more often, Malwarebytes was struck somewhere back around the same time as Avast, Adguard was hit only a few weeks ago also and just about all emails were pawned.

It's crazy how many Government offices and other businesses have been hit recently, sadly it's only going to get worse :(

Offline Para-Noid

  • Avast Evangelist
  • Starting Graphoman
  • ***
  • Posts: 6713
  • Trust only what you test yourself!
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5766 on: October 25, 2018, 05:21:01 PM »
Check your email here https://haveibeenpwned.com
Dell Inspiron, Win10x64--HP Envy Win10x64--Both systems Avast Free v17.9.2322, Comodo Firewall v8.2 w/D+, MalwareBytes v3.0, OpenDNS, Super Anti-Spyware, Spyware Blaster, MCShield, Unchecky, Vivaldi Browser and, various browser security tools.

"Look before you leap!" Use online scanners before you click on any link.

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 61913
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5767 on: October 27, 2018, 06:09:45 AM »
W8.1 [x64] - Avast PremSec 19.9.2394.B#1 - CC 5.63 - EEK - Firefox ESR 68.3 [NS/AOS/uBO/PB] - Thunderbird 68.3 [EM] - ACP/ASL.BC
Deutschsprachiger Bereich -> Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline Be Secure

  • Long Time Avast User(9years.....) Security Enthusiast.
  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1893
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5768 on: November 06, 2018, 04:32:45 AM »
Flaws in self-encrypting SSDs let attackers bypass disk encryption
https://www.zdnet.com/article/flaws-in-self-encrypting-ssds-let-attackers-bypass-disk-encryption/
PC- Windows10 EDU 64Bit,Avast Free V.19.8.2393,uBlock Origin,NVT_OSA,GoogleChrome(64bit),CCleaner,Unchecky,ZAM Free,Shadow Defender.
Security Enthusiast

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 41984
  • 59 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5769 on: November 06, 2018, 03:35:23 PM »
Free avast! Security Seminar: https://goo.gl/kh3cqR  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 10 Pro v1903 64bit, 8 Gig Ram, AvastFree 19.6.xxxx, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 61913
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5770 on: November 08, 2018, 07:43:20 AM »
Data storage devices from Samsung and others leave customers at risk
https://blog.avast.com/security-flaws-found-in-widely-used-data-storage-devices-avast
W8.1 [x64] - Avast PremSec 19.9.2394.B#1 - CC 5.63 - EEK - Firefox ESR 68.3 [NS/AOS/uBO/PB] - Thunderbird 68.3 [EM] - ACP/ASL.BC
Deutschsprachiger Bereich -> Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 61913
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5771 on: November 08, 2018, 07:48:11 AM »
W8.1 [x64] - Avast PremSec 19.9.2394.B#1 - CC 5.63 - EEK - Firefox ESR 68.3 [NS/AOS/uBO/PB] - Thunderbird 68.3 [EM] - ACP/ASL.BC
Deutschsprachiger Bereich -> Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 31970
  • malware fighter
« Last Edit: November 10, 2018, 05:50:43 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 31970
  • malware fighter
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 41984
  • 59 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5774 on: November 13, 2018, 04:23:58 PM »
This is disturbing.
Google Services Disrupted as Internet Traffic Diverts to China
Another reason why your VPN should always be in use.

« Last Edit: November 13, 2018, 04:25:50 PM by bob3160 »
Free avast! Security Seminar: https://goo.gl/kh3cqR  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 10 Pro v1903 64bit, 8 Gig Ram, AvastFree 19.6.xxxx, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq