Author Topic: SECURITY WARNINGS & Notices - Please post them here  (Read 1717197 times)

0 Members and 3 Guests are viewing this topic.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 81653
  • No support PMs thanks
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5835 on: February 18, 2019, 08:28:17 PM »
Looking at those topic titles, they don't make sense to me

What it the difference between 'Protection Accuracy' and 'Legitimate Accuracy'

And then there is this 'Total Accuracy' were there is some sort of fudge factor to come up with 'Total Accuracy' ?

Surely we should only be concerned with Protection Accuracy, whatever that means.

It also seems strange with different results for AVG.
WinXP ProSP3/ Core2Duo E8300/ 4GB Ram/ avast! free 18.5.2342/ Firefox ESR, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 19.6.2383 (build: 19.6.4546.508)/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ WinPatrol+/

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 31550
  • malware fighter
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5836 on: February 19, 2019, 04:44:43 PM »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 31550
  • malware fighter
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5837 on: February 19, 2019, 05:19:08 PM »
New free decryptiontool for GrandCrab malware to be downloaded here:
https://www.nomoreransom.org/

New GrandCrab uri: https://urlhaus.abuse.ch/url/139738/
10 to detect: https://www.virustotal.com/#/url/988d3f525646c4e72d171cee3a8ba5da1595fc2edb14df0602c2d0f0032ff033/detection

polonus (volunteer website security analyst and website error-hunter)
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 31550
  • malware fighter
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5838 on: February 20, 2019, 09:58:24 PM »
Another unpatched hole in Word Press CMS and via vulnerable plug-ins:
https://blog.ripstech.com/2019/wordpress-image-remote-code-execution/

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 59932
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5839 on: February 21, 2019, 07:28:51 AM »
Windows 8.1 [x64] - Avast Premier 19.7.2384.B1 - CC 5.60 - EEK - Firefox ESR 60.8 [NS/AOS/uBO] - TB 60.8 [EM] - ACP/ASB/ASL.BC
Deutschsprachiger Bereich -> Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 59932
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5840 on: February 22, 2019, 11:09:14 AM »
Security Updates available for Adobe Acrobat and Reader | APSB19-13
https://helpx.adobe.com/security/products/acrobat/apsb19-13.html
Windows 8.1 [x64] - Avast Premier 19.7.2384.B1 - CC 5.60 - EEK - Firefox ESR 60.8 [NS/AOS/uBO] - TB 60.8 [EM] - ACP/ASB/ASL.BC
Deutschsprachiger Bereich -> Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523

Offline Be Secure

  • Long Time Avast User(9years.....) Security Enthusiast.
  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1871
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5841 on: February 26, 2019, 06:50:42 AM »
New browser attack lets hackers run bad code even after users leave a web page
https://www.zdnet.com/article/new-browser-attack-lets-hackers-run-bad-code-even-after-users-leave-a-web-page/
PC- Windows10 EDU 64Bit,Avast Free V.19.6.2383,uBlock Origin,NVT_OSA,GoogleChrome(64bit),CCleaner,Unchecky,ZAM Free,Shadow Defender.
Security Enthusiast

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 31550
  • malware fighter
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5842 on: February 27, 2019, 12:01:32 AM »
PDF signature-spoofing
Read: https://www.pdf-insecurity.org/

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 41032
  • 59 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5843 on: March 05, 2019, 02:55:29 AM »
Fake mobile CCleaner app sneaked into the China Baidu app store.
https://blog.avast.com/fake-mobile-ccleaner-app-tricking-users
Free avast! Security Seminar: https://goo.gl/kh3cqR  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 10 Pro v1903 64bit, 8 Gig Ram, AvastFree 19.5.2378, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq

Offline Be Secure

  • Long Time Avast User(9years.....) Security Enthusiast.
  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1871
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5844 on: March 07, 2019, 06:57:50 AM »
PC- Windows10 EDU 64Bit,Avast Free V.19.6.2383,uBlock Origin,NVT_OSA,GoogleChrome(64bit),CCleaner,Unchecky,ZAM Free,Shadow Defender.
Security Enthusiast

Offline Be Secure

  • Long Time Avast User(9years.....) Security Enthusiast.
  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1871
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5845 on: March 09, 2019, 12:02:03 PM »
PC- Windows10 EDU 64Bit,Avast Free V.19.6.2383,uBlock Origin,NVT_OSA,GoogleChrome(64bit),CCleaner,Unchecky,ZAM Free,Shadow Defender.
Security Enthusiast

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 31550
  • malware fighter
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5846 on: March 12, 2019, 12:04:56 PM »
PHP-based CMS, it may be a continuous can of worms...

WordPress webshops attacked through another plug-in security hole :
Read: https://wordpress.org/plugins/woocommerce-abandoned-cart/
and https://www.wordfence.com/blog/2019/03/xss-flaw-in-abandoned-cart-plugin-leads-to-wordpress-site-takeovers/

Also worth while to scan with: https://hackertarget.com/wordpress-security-scan/
and https://webhint.io/scanner/
but first things first - update, update and patch always,

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 31550
  • malware fighter
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5847 on: March 13, 2019, 12:31:24 AM »
For security specialists only, using reverse engineering for ethical pentesting purposes.

Javascript being sort of my kettle of fish, is what brought me to dive into some of the minor issues below.

So I have to give out some form of warning to be careful with the use of unsupported bootstrap.js open modals
in combination with exploitable Kafka Manager for instance or Hadoop, without considering such weaknesses.

Read: https://snyk.io/vuln/npm:bootstrap  (mainly unpatched).

Undefined serialization issues on particular reverse engineer tools, like the just released Ghidra tool.

Re: https://www.virustotal.com/#/url/f30aa74b8135eb48a06a0a86dda19853fc9f3d6d9c7ce871af21c25781ebaa56/detection

So researchers that decide to use such a tool that recently has become available should be aware of possible issues 
with for instance "unsupported-bootstrap-f18e970de8731748.js" and several DNS pre-fetches involved.

Also consider for bootstrap.js: https://github.com/twbs/bootstrap/pull/28236

polonus (volunteer website security analyst and website error-hunter)
« Last Edit: March 13, 2019, 12:52:07 AM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 59932
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5848 on: March 13, 2019, 06:29:49 AM »
Windows 8.1 [x64] - Avast Premier 19.7.2384.B1 - CC 5.60 - EEK - Firefox ESR 60.8 [NS/AOS/uBO] - TB 60.8 [EM] - ACP/ASB/ASL.BC
Deutschsprachiger Bereich -> Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523

Offline Pondus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 35860
Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.