Author Topic: SECURITY WARNINGS & Notices - Please post them here  (Read 1717323 times)

0 Members and 2 Guests are viewing this topic.

Offline Pondus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 35863
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5865 on: March 26, 2019, 06:37:28 PM »
There are two things in combination here

-the backdoored version of ASUS Live Update

-the network adapters targeted


https://motherboard.vice.com/en_us/article/pan9wn/hackers-hijacked-asus-software-updates-to-install-backdoors-on-thousands-of-computers


Quote
The researchers estimate half a million Windows machines received the malicious backdoor through the ASUS update server, although the attackers appear to have been targeting only about 600 of those systems. The malware searched for targeted systems through their unique MAC addresses. Once on a system, if it found one of these targeted addresses, the malware reached out to a command-and-control server the attackers operated, which then installed additional malware on those machines.




« Last Edit: March 26, 2019, 06:44:30 PM by Pondus »
Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 41036
  • 59 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5866 on: March 26, 2019, 10:06:38 PM »
There are two things in combination here

-the backdoored version of ASUS Live Update

-the network adapters targeted


https://motherboard.vice.com/en_us/article/pan9wn/hackers-hijacked-asus-software-updates-to-install-backdoors-on-thousands-of-computers


Quote
The researchers estimate half a million Windows machines received the malicious backdoor through the ASUS update server, although the attackers appear to have been targeting only about 600 of those systems. The malware searched for targeted systems through their unique MAC addresses. Once on a system, if it found one of these targeted addresses, the malware reached out to a command-and-control server the attackers operated, which then installed additional malware on those machines.
That malware, if a scan were to be run, would be detected by Avast. I may well be detected without running a scan.
Free avast! Security Seminar: https://goo.gl/kh3cqR  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 10 Pro v1903 64bit, 8 Gig Ram, AvastFree 19.5.2378, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq

Offline Pondus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 35863
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5867 on: March 27, 2019, 07:43:31 AM »
ASUS response to the recent media reports regarding ASUS Live Update tool attack by Advanced Persistent Threat (APT) groups

https://www.asus.com/News/hqfgVUyZ6uyAyJe1

https://www.bleepingcomputer.com/news/security/asus-admits-its-live-update-utility-was-backdoored-by-apt-group/


Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 59932
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5868 on: March 27, 2019, 08:08:30 AM »
Security Bulletin: NVIDIA GeForce Experience – March 2019
https://nvidia.custhelp.com/app/answers/detail/a_id/4784/kw/Security%20Bulletin
Windows 8.1 [x64] - Avast Premier 19.7.2384.B1 - CC 5.60 - EEK - Firefox ESR 60.8 [NS/AOS/uBO] - TB 60.8 [EM] - ACP/ASB/ASL.BC
Deutschsprachiger Bereich -> Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523

Offline Pondus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 35863
Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline ehmen

  • Poster
  • *
  • Posts: 449
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5870 on: March 29, 2019, 12:30:22 AM »
ASUS response to the recent media reports regarding ASUS Live Update tool attack by Advanced Persistent Threat (APT) groups

https://www.asus.com/News/hqfgVUyZ6uyAyJe1

https://www.bleepingcomputer.com/news/security/asus-admits-its-live-update-utility-was-backdoored-by-apt-group/
Is this firmware update (which is over two months old) affected by this issue?

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 59932
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5871 on: March 30, 2019, 04:49:19 PM »
Toyota announces second security breach in the last five weeks
https://www.zdnet.com/article/toyota-announces-second-security-breach-in-the-last-five-weeks/
Windows 8.1 [x64] - Avast Premier 19.7.2384.B1 - CC 5.60 - EEK - Firefox ESR 60.8 [NS/AOS/uBO] - TB 60.8 [EM] - ACP/ASB/ASL.BC
Deutschsprachiger Bereich -> Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523

Online polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 31552
  • malware fighter
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5872 on: April 03, 2019, 12:17:11 PM »
Vulnerable Word Press CMS websites under constant attack via PHPMYADMIN_WORM
Look at all that worm-activity going on, ->: https://viz.greynoise.io/table

Not a cyberfriendly place on that Visualizer. Look at this random chosen source of infection:
https://www.shodan.io/host/115.68.108.67

Word Press & PHP and also modern languages like Slick.

Net-scans for instance with malicious PHPMYADMIN_WORM
scanner functions via PHP/5.6.0
Quote
The phar_parse_zipfile function in zip.c in the PHAR extension in PHP before 5.5.33 and 5.6.x before 5.6.19 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read and application crash) by placing a PK\x05\x06 signature at an invalid location.

Keep an eye on this forthcoming logs, you cyberdefense folks. Word Press CMS admins look after your configuration and eventual compromittal. You are under constant attack from all corners all over the globe.

Do you know what all these crawlers and bad bots are up to all the time all of the time? Time to come and stop and block.
Info credits go to J.O.

polonus (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Online polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 31552
  • malware fighter
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5873 on: April 04, 2019, 11:27:42 PM »
2 million Apache webservers vulnerable through a gaping hole - possible Server Privilege Escalation:
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2019-0211

https://blog.rapid7.com/2019/04/03/apache-http-server-privilege-escalation-cve-2019-0211-what-you-need-to-know/

Patch else hackers may go for this low hanging fruit via excessive server info proliferation, you may be spreading.

So at least go for an extra security model like SELinux GRSecurity (a very good one), Yamato or AppArmor.

polonus (volunteer website security analyst and website error-hunter)
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 59932
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5874 on: April 06, 2019, 08:31:43 PM »
Windows 8.1 [x64] - Avast Premier 19.7.2384.B1 - CC 5.60 - EEK - Firefox ESR 60.8 [NS/AOS/uBO] - TB 60.8 [EM] - ACP/ASB/ASL.BC
Deutschsprachiger Bereich -> Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 59932
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Windows 8.1 [x64] - Avast Premier 19.7.2384.B1 - CC 5.60 - EEK - Firefox ESR 60.8 [NS/AOS/uBO] - TB 60.8 [EM] - ACP/ASB/ASL.BC
Deutschsprachiger Bereich -> Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523

Offline =Snake=

  • ..... minden elfelejtettem.
  • Massive Poster
  • ****
  • Posts: 3170
  • There's a kind of hope for me!
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5876 on: April 11, 2019, 02:39:27 PM »
Main: AMD LE1620, W7ult SP1 | MS-7091, P4, XP pro SP3 || AMD_Athlon 1800+ (W7ult SP1 + XP pro SP3, FFesr 45.9, TB 45.8, CC 5.11) |
Laptops: Acer Aspire V5-591G, W10 Home[x64] v1809 (Build 17763.437) | HPI_2020M, W8.1 pro[x64] | Amilo Xi2428, W8.1 pro | MD95400, W7ult SP1 | MD97400, XP pro SP3 |
FFesr 60.7.0[NS,ABP,MBBE], TB 60.6.1, MCS, CC 5.57, MBAM, FW (W7+XP): CIS 3.14[FW,D+], AV (W8.1, W7+XP): Avast Free 2015.10.4.2233 |

Offline =Snake=

  • ..... minden elfelejtettem.
  • Massive Poster
  • ****
  • Posts: 3170
  • There's a kind of hope for me!
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5877 on: April 11, 2019, 02:44:50 PM »
« Last Edit: April 11, 2019, 02:55:05 PM by =Snake= »
Main: AMD LE1620, W7ult SP1 | MS-7091, P4, XP pro SP3 || AMD_Athlon 1800+ (W7ult SP1 + XP pro SP3, FFesr 45.9, TB 45.8, CC 5.11) |
Laptops: Acer Aspire V5-591G, W10 Home[x64] v1809 (Build 17763.437) | HPI_2020M, W8.1 pro[x64] | Amilo Xi2428, W8.1 pro | MD95400, W7ult SP1 | MD97400, XP pro SP3 |
FFesr 60.7.0[NS,ABP,MBBE], TB 60.6.1, MCS, CC 5.57, MBAM, FW (W7+XP): CIS 3.14[FW,D+], AV (W8.1, W7+XP): Avast Free 2015.10.4.2233 |

Offline =Snake=

  • ..... minden elfelejtettem.
  • Massive Poster
  • ****
  • Posts: 3170
  • There's a kind of hope for me!
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5878 on: April 11, 2019, 02:47:06 PM »
Main: AMD LE1620, W7ult SP1 | MS-7091, P4, XP pro SP3 || AMD_Athlon 1800+ (W7ult SP1 + XP pro SP3, FFesr 45.9, TB 45.8, CC 5.11) |
Laptops: Acer Aspire V5-591G, W10 Home[x64] v1809 (Build 17763.437) | HPI_2020M, W8.1 pro[x64] | Amilo Xi2428, W8.1 pro | MD95400, W7ult SP1 | MD97400, XP pro SP3 |
FFesr 60.7.0[NS,ABP,MBBE], TB 60.6.1, MCS, CC 5.57, MBAM, FW (W7+XP): CIS 3.14[FW,D+], AV (W8.1, W7+XP): Avast Free 2015.10.4.2233 |

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 41036
  • 59 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Free avast! Security Seminar: https://goo.gl/kh3cqR  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 10 Pro v1903 64bit, 8 Gig Ram, AvastFree 19.5.2378, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq