Author Topic: SECURITY WARNINGS & Notices - Please post them here  (Read 2861388 times)

0 Members and 3 Guests are viewing this topic.

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76037
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5775 on: November 16, 2018, 03:32:07 PM »
Security risk on AMP for WP – Accelerated Mobile Pages Plugin
https://www.webarxsecurity.com/amp-plugin-vulnerability/
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37509
  • Not a avast user
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5776 on: November 19, 2018, 04:04:33 PM »

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76037
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5777 on: November 21, 2018, 11:20:23 AM »
Security updates available for Flash Player | APSB18-44
https://helpx.adobe.com/security/products/flash-player/apsb18-44.html
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33892
  • malware fighter
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5778 on: November 30, 2018, 01:14:05 PM »
Tackle the ever/existing threat of the gaping UPnP-hole - disable that service!  ::)
1,7 million devices are at risk: https://blogs.akamai.com/sitr/2018/11/upnproxy-eternalsilence.html

Test: https://www.snbforums.com/threads/new-upnp-exploit-affecting-most-asus-routers-upnproxy-blackhat-proxies-via-nat-injections.46011/page-2#post-400981

Server header for a normal response could be "Microsoft-IIS/8.5",
while the header for a response during an attack would be "Microsoft-HTTPAPI/2.0.",
then pay attention whether (SSDP/UPnP) is present,

The ironical thing however is, that with newer versions of the UPnP protocol, we find minimal core security protection.
UPnP-attacks can be used to cause chaos, to create holes in firewalls, and other abuse.

UPnP deadly simple or simply deadly to leave it open on your machines, so disable it where you can.

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76037
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5779 on: December 01, 2018, 05:48:49 AM »
Marriott Announces Starwood Guest Reservation Database Security Incident
http://news.marriott.com/2018/11/marriott-announces-starwood-guest-reservation-database-security-incident/
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76037
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5780 on: December 06, 2018, 05:45:57 AM »
Security updates available for Flash Player | APSB18-42
https://helpx.adobe.com/security/products/flash-player/apsb18-42.html
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76037
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5781 on: December 19, 2018, 11:48:30 AM »
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76037
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5782 on: December 21, 2018, 04:59:31 AM »
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76037
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5783 on: January 04, 2019, 01:01:48 PM »
Security Bulletin for Adobe Acrobat and Reader | APSB19-02
https://helpx.adobe.com/security/products/acrobat/apsb19-02.html
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33892
  • malware fighter
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5784 on: January 04, 2019, 04:22:07 PM »
Latest technology is not always rock-solidly safe and secure:
involving massive security breaches or thefts involving blockchains.
Read: https://magoo.github.io/Blockchain-Graveyard/

Security through obscurity demanding it's toll:
Massive security breaches or thefts involving blockchains. (info credits go to FTREPORTER).

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline =Snake=

  • Still using Avast Free!
  • Maybe Bot
  • ***
  • Posts: 17412
Re: Security Warning Notices - Please post them here
« Reply #5785 on: January 05, 2019, 03:45:35 AM »
A lot of malware lurks in google searches, some even have the brass neck to pay for search placement on specific search words/terms or have sponsored links. Google really need to be more proactive in rooting out the possibly malicious/fraudulent sponsored links or search placement.
That's the reason (for me) for not using google search.
Desktops: AMD LE1620, W7 ult SP1 [x86] | IP-4, XP pro SP3[x86] | Intel Celeron, W7 ult SP1 [x86] | AMD-Athlon 1800+, XP pro SP3, [x86] in WL |
Laptops:   HP G72 , W10 Home [x64]  v22H2 (Build 19045.2728) | Acer Aspire ES1-131, W10 Home [x64] v1511 (Build 10586.1106)|
Firefox ESR [AOS,NS,uBO,uMatrix],Thunderbird,MCShield,CCleaner,Defraggler,MBAM Free,MBAE, Avast Free Antivirus|

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 48524
  • 64 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: Security Warning Notices - Please post them here
« Reply #5786 on: January 05, 2019, 03:51:02 AM »
A lot of malware lurks in google searches, some even have the brass neck to pay for search placement on specific search words/terms or have sponsored links. Google really need to be more proactive in rooting out the possibly malicious/fraudulent sponsored links or search placement.
That's the reason (for me) for not using google search.
That's one of the reason you should be using the Avast Online Security extension. :)
Free Security Seminar: https://bit.ly/bobg2023  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v22H2 64bit, 16 Gig Ram, 1TB SSD, Avast Free 23.5.6066, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://bit.ly/BobGInternet

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33892
  • malware fighter
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5787 on: January 05, 2019, 03:22:50 PM »
Bob3160 is a 100% right. Do use the pro-active blocking via Avast Secure Browsing,
to stop for instance abuse campaigns like from so-called freetrade scam platforms.

Also stops abuse scripts from here: -https://3v4l.org/ an online PHP editor,
that can also be used for nefarious purposes.
This for instance was blocked for me -https://3v4l.org/2CBnj.
The abusive script was blocked to run in it's tracks from the word go.

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33892
  • malware fighter
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5788 on: January 08, 2019, 03:10:21 PM »
Whenever you own or make use of a Magento 1 or 2 CMS driven webshop,
it is a good thing to check the retirability of your javascript libraries here:
https://retire.insecurity.today/ and your CMS vulnerabilities here: https://www.magereport.com/

Very advanced javascript XSS injection code, obfuscated and sometimes not longer than 75 or even 22 sophisticated lines long,
is being abused for credit card stealing and other data skimming purposes by members of the  cybercriminal Magecart
or Group 11 cyber-criminals.

If you do not pay attention they may rob your creditcard clean of all the money.
Re: https://gwillem.gitlab.io/2018/10/23/magecart-extension-0days/

Group 11 or Magecart malcreant developers loves to malcreate on the basis of hook.js & bootstrap.js for instance,

Re: https://www.hybrid-analysis.com/sample/c19270ebf25dd7442462159dd371a6830815d3202cdc896690885c2e46509d86?environmentId=100

This helped by the fact there are so many PHISHING sites around for their evil-doing and also server weaknesses like BEef, etc.

Background read: https://www.riskiq.com/blog/labs/magecart-vision-direct/

polonus (volunteer 3rd party website security analyst and website error-hunter)


Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Be Secure

  • Long Time Avast User(10years.....) Security Enthusiast.
  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1908
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5789 on: January 10, 2019, 11:38:38 AM »
PC- Windows10 EDU 64Bit,avast! free 21.1.2449,uBlock Origin,NVT_OSA,GoogleChrome(64bit),CCleaner,Unchecky,ZAM Free,Shadow Defender.
Security Enthusiast