Author Topic: SECURITY WARNINGS & Notices - Please post them here  (Read 1815023 times)

0 Members and 1 Guest are viewing this topic.

Offline Pondus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 36248
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5865 on: March 26, 2019, 06:37:28 PM »
There are two things in combination here

-the backdoored version of ASUS Live Update

-the network adapters targeted


https://motherboard.vice.com/en_us/article/pan9wn/hackers-hijacked-asus-software-updates-to-install-backdoors-on-thousands-of-computers


Quote
The researchers estimate half a million Windows machines received the malicious backdoor through the ASUS update server, although the attackers appear to have been targeting only about 600 of those systems. The malware searched for targeted systems through their unique MAC addresses. Once on a system, if it found one of these targeted addresses, the malware reached out to a command-and-control server the attackers operated, which then installed additional malware on those machines.




« Last Edit: March 26, 2019, 06:44:30 PM by Pondus »
“Ah beer. The cause of and the solution to all of life’s problems.”

"Operator! Give me the number for 911!"

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 41901
  • 59 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5866 on: March 26, 2019, 10:06:38 PM »
There are two things in combination here

-the backdoored version of ASUS Live Update

-the network adapters targeted


https://motherboard.vice.com/en_us/article/pan9wn/hackers-hijacked-asus-software-updates-to-install-backdoors-on-thousands-of-computers


Quote
The researchers estimate half a million Windows machines received the malicious backdoor through the ASUS update server, although the attackers appear to have been targeting only about 600 of those systems. The malware searched for targeted systems through their unique MAC addresses. Once on a system, if it found one of these targeted addresses, the malware reached out to a command-and-control server the attackers operated, which then installed additional malware on those machines.
That malware, if a scan were to be run, would be detected by Avast. I may well be detected without running a scan.
Free avast! Security Seminar: https://goo.gl/kh3cqR  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 10 Pro v1903 64bit, 8 Gig Ram, AvastFree 19.6.xxxx, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq

Offline Pondus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 36248
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5867 on: March 27, 2019, 07:43:31 AM »
ASUS response to the recent media reports regarding ASUS Live Update tool attack by Advanced Persistent Threat (APT) groups

https://www.asus.com/News/hqfgVUyZ6uyAyJe1

https://www.bleepingcomputer.com/news/security/asus-admits-its-live-update-utility-was-backdoored-by-apt-group/


“Ah beer. The cause of and the solution to all of life’s problems.”

"Operator! Give me the number for 911!"

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 61574
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5868 on: March 27, 2019, 08:08:30 AM »
Security Bulletin: NVIDIA GeForce Experience – March 2019
https://nvidia.custhelp.com/app/answers/detail/a_id/4784/kw/Security%20Bulletin
Win 8.1 [x64] - Avast PremSec 19.9.2394.B1 - CC 5.63 - EEK - Firefox ESR 68.2 [NS/AOS/uBO] - Thunderbird 68.2.2 [EM] - ACP/ASL.BC
Deutschsprachiger Bereich -> Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline Pondus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 36248
“Ah beer. The cause of and the solution to all of life’s problems.”

"Operator! Give me the number for 911!"

Offline ehmen

  • Poster
  • *
  • Posts: 449
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5870 on: March 29, 2019, 12:30:22 AM »
ASUS response to the recent media reports regarding ASUS Live Update tool attack by Advanced Persistent Threat (APT) groups

https://www.asus.com/News/hqfgVUyZ6uyAyJe1

https://www.bleepingcomputer.com/news/security/asus-admits-its-live-update-utility-was-backdoored-by-apt-group/
Is this firmware update (which is over two months old) affected by this issue?

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 61574
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5871 on: March 30, 2019, 04:49:19 PM »
Toyota announces second security breach in the last five weeks
https://www.zdnet.com/article/toyota-announces-second-security-breach-in-the-last-five-weeks/
Win 8.1 [x64] - Avast PremSec 19.9.2394.B1 - CC 5.63 - EEK - Firefox ESR 68.2 [NS/AOS/uBO] - Thunderbird 68.2.2 [EM] - ACP/ASL.BC
Deutschsprachiger Bereich -> Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 31878
  • malware fighter
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5872 on: April 03, 2019, 12:17:11 PM »
Vulnerable Word Press CMS websites under constant attack via PHPMYADMIN_WORM
Look at all that worm-activity going on, ->: https://viz.greynoise.io/table

Not a cyberfriendly place on that Visualizer. Look at this random chosen source of infection:
https://www.shodan.io/host/115.68.108.67

Word Press & PHP and also modern languages like Slick.

Net-scans for instance with malicious PHPMYADMIN_WORM
scanner functions via PHP/5.6.0
Quote
The phar_parse_zipfile function in zip.c in the PHAR extension in PHP before 5.5.33 and 5.6.x before 5.6.19 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read and application crash) by placing a PK\x05\x06 signature at an invalid location.

Keep an eye on this forthcoming logs, you cyberdefense folks. Word Press CMS admins look after your configuration and eventual compromittal. You are under constant attack from all corners all over the globe.

Do you know what all these crawlers and bad bots are up to all the time all of the time? Time to come and stop and block.
Info credits go to J.O.

polonus (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 31878
  • malware fighter
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5873 on: April 04, 2019, 11:27:42 PM »
2 million Apache webservers vulnerable through a gaping hole - possible Server Privilege Escalation:
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2019-0211

https://blog.rapid7.com/2019/04/03/apache-http-server-privilege-escalation-cve-2019-0211-what-you-need-to-know/

Patch else hackers may go for this low hanging fruit via excessive server info proliferation, you may be spreading.

So at least go for an extra security model like SELinux GRSecurity (a very good one), Yamato or AppArmor.

polonus (volunteer website security analyst and website error-hunter)
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 61574
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5874 on: April 06, 2019, 08:31:43 PM »
Win 8.1 [x64] - Avast PremSec 19.9.2394.B1 - CC 5.63 - EEK - Firefox ESR 68.2 [NS/AOS/uBO] - Thunderbird 68.2.2 [EM] - ACP/ASL.BC
Deutschsprachiger Bereich -> Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 61574
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Win 8.1 [x64] - Avast PremSec 19.9.2394.B1 - CC 5.63 - EEK - Firefox ESR 68.2 [NS/AOS/uBO] - Thunderbird 68.2.2 [EM] - ACP/ASL.BC
Deutschsprachiger Bereich -> Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline =Snake=

  • ..... minden elfelejtettem.
  • Massive Poster
  • ****
  • Posts: 4270
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5876 on: April 11, 2019, 02:39:27 PM »
Main: AMD LE1620, W7ult SP1 | MS-7091, P4, XP pro SP3 || AMD_Athlon 1800+ (W7ult SP1 + XP pro SP3, FFesr 45.9, TB 45.8, CC 5.11)|
Laptops: Acer Aspire V5-591G, W10 Home[x64] v1809 (Build 17763.437) | HPI_2020M, W8.1 pro[x64] | Amilo Xi2428, W8.1 pro | MD95400, W7ult SP1 | MD97400, XP pro SP3|
FFesr 68.2.0[NS,ABP,AOS],TB 68.2.1,MCS,CC 5.63,MBAM,MBAE,ASB 77.1,FW (W7+XP): CIS 3.14[FW,D+],AV (W7+XP): Avast Free 2015.10.4.2233|

Offline =Snake=

  • ..... minden elfelejtettem.
  • Massive Poster
  • ****
  • Posts: 4270
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5877 on: April 11, 2019, 02:44:50 PM »
« Last Edit: April 11, 2019, 02:55:05 PM by =Snake= »
Main: AMD LE1620, W7ult SP1 | MS-7091, P4, XP pro SP3 || AMD_Athlon 1800+ (W7ult SP1 + XP pro SP3, FFesr 45.9, TB 45.8, CC 5.11)|
Laptops: Acer Aspire V5-591G, W10 Home[x64] v1809 (Build 17763.437) | HPI_2020M, W8.1 pro[x64] | Amilo Xi2428, W8.1 pro | MD95400, W7ult SP1 | MD97400, XP pro SP3|
FFesr 68.2.0[NS,ABP,AOS],TB 68.2.1,MCS,CC 5.63,MBAM,MBAE,ASB 77.1,FW (W7+XP): CIS 3.14[FW,D+],AV (W7+XP): Avast Free 2015.10.4.2233|

Offline =Snake=

  • ..... minden elfelejtettem.
  • Massive Poster
  • ****
  • Posts: 4270
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5878 on: April 11, 2019, 02:47:06 PM »
Main: AMD LE1620, W7ult SP1 | MS-7091, P4, XP pro SP3 || AMD_Athlon 1800+ (W7ult SP1 + XP pro SP3, FFesr 45.9, TB 45.8, CC 5.11)|
Laptops: Acer Aspire V5-591G, W10 Home[x64] v1809 (Build 17763.437) | HPI_2020M, W8.1 pro[x64] | Amilo Xi2428, W8.1 pro | MD95400, W7ult SP1 | MD97400, XP pro SP3|
FFesr 68.2.0[NS,ABP,AOS],TB 68.2.1,MCS,CC 5.63,MBAM,MBAE,ASB 77.1,FW (W7+XP): CIS 3.14[FW,D+],AV (W7+XP): Avast Free 2015.10.4.2233|

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 41901
  • 59 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Free avast! Security Seminar: https://goo.gl/kh3cqR  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 10 Pro v1903 64bit, 8 Gig Ram, AvastFree 19.6.xxxx, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq