Author Topic: SECURITY WARNINGS & Notices - Please post them here  (Read 2860797 times)

0 Members and 2 Guests are viewing this topic.

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37505
  • Not a avast user
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5865 on: March 26, 2019, 06:37:28 PM »
There are two things in combination here

-the backdoored version of ASUS Live Update

-the network adapters targeted


https://motherboard.vice.com/en_us/article/pan9wn/hackers-hijacked-asus-software-updates-to-install-backdoors-on-thousands-of-computers


Quote
The researchers estimate half a million Windows machines received the malicious backdoor through the ASUS update server, although the attackers appear to have been targeting only about 600 of those systems. The malware searched for targeted systems through their unique MAC addresses. Once on a system, if it found one of these targeted addresses, the malware reached out to a command-and-control server the attackers operated, which then installed additional malware on those machines.




« Last Edit: March 26, 2019, 06:44:30 PM by Pondus »

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 48523
  • 64 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5866 on: March 26, 2019, 10:06:38 PM »
There are two things in combination here

-the backdoored version of ASUS Live Update

-the network adapters targeted


https://motherboard.vice.com/en_us/article/pan9wn/hackers-hijacked-asus-software-updates-to-install-backdoors-on-thousands-of-computers


Quote
The researchers estimate half a million Windows machines received the malicious backdoor through the ASUS update server, although the attackers appear to have been targeting only about 600 of those systems. The malware searched for targeted systems through their unique MAC addresses. Once on a system, if it found one of these targeted addresses, the malware reached out to a command-and-control server the attackers operated, which then installed additional malware on those machines.
That malware, if a scan were to be run, would be detected by Avast. I may well be detected without running a scan.
Free Security Seminar: https://bit.ly/bobg2023  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v22H2 64bit, 16 Gig Ram, 1TB SSD, Avast Free 23.5.6066, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://bit.ly/BobGInternet

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37505
  • Not a avast user
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5867 on: March 27, 2019, 07:43:31 AM »
ASUS response to the recent media reports regarding ASUS Live Update tool attack by Advanced Persistent Threat (APT) groups

https://www.asus.com/News/hqfgVUyZ6uyAyJe1

https://www.bleepingcomputer.com/news/security/asus-admits-its-live-update-utility-was-backdoored-by-apt-group/



Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76037
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5868 on: March 27, 2019, 08:08:30 AM »
Security Bulletin: NVIDIA GeForce Experience – March 2019
https://nvidia.custhelp.com/app/answers/detail/a_id/4784/kw/Security%20Bulletin
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37505
  • Not a avast user

Offline ehmen

  • Poster
  • *
  • Posts: 498
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5870 on: March 29, 2019, 12:30:22 AM »
ASUS response to the recent media reports regarding ASUS Live Update tool attack by Advanced Persistent Threat (APT) groups

https://www.asus.com/News/hqfgVUyZ6uyAyJe1

https://www.bleepingcomputer.com/news/security/asus-admits-its-live-update-utility-was-backdoored-by-apt-group/
Is this firmware update (which is over two months old) affected by this issue?

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76037
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5871 on: March 30, 2019, 04:49:19 PM »
Toyota announces second security breach in the last five weeks
https://www.zdnet.com/article/toyota-announces-second-security-breach-in-the-last-five-weeks/
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5872 on: April 03, 2019, 12:17:11 PM »
Vulnerable Word Press CMS websites under constant attack via PHPMYADMIN_WORM
Look at all that worm-activity going on, ->: https://viz.greynoise.io/table

Not a cyberfriendly place on that Visualizer. Look at this random chosen source of infection:
https://www.shodan.io/host/115.68.108.67

Word Press & PHP and also modern languages like Slick.

Net-scans for instance with malicious PHPMYADMIN_WORM
scanner functions via PHP/5.6.0
Quote
The phar_parse_zipfile function in zip.c in the PHAR extension in PHP before 5.5.33 and 5.6.x before 5.6.19 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read and application crash) by placing a PK\x05\x06 signature at an invalid location.

Keep an eye on this forthcoming logs, you cyberdefense folks. Word Press CMS admins look after your configuration and eventual compromittal. You are under constant attack from all corners all over the globe.

Do you know what all these crawlers and bad bots are up to all the time all of the time? Time to come and stop and block.
Info credits go to J.O.

polonus (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5873 on: April 04, 2019, 11:27:42 PM »
2 million Apache webservers vulnerable through a gaping hole - possible Server Privilege Escalation:
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2019-0211

https://blog.rapid7.com/2019/04/03/apache-http-server-privilege-escalation-cve-2019-0211-what-you-need-to-know/

Patch else hackers may go for this low hanging fruit via excessive server info proliferation, you may be spreading.

So at least go for an extra security model like SELinux GRSecurity (a very good one), Yamato or AppArmor.

polonus (volunteer website security analyst and website error-hunter)
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76037
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5874 on: April 06, 2019, 08:31:43 PM »
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76037
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline =Snake=

  • Still using Avast Free!
  • Maybe Bot
  • ***
  • Posts: 17412
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5876 on: April 11, 2019, 02:39:27 PM »
Desktops: AMD LE1620, W7 ult SP1 [x86] | IP-4, XP pro SP3[x86] | Intel Celeron, W7 ult SP1 [x86] | AMD-Athlon 1800+, XP pro SP3, [x86] in WL |
Laptops:   HP G72 , W10 Home [x64]  v22H2 (Build 19045.2728) | Acer Aspire ES1-131, W10 Home [x64] v1511 (Build 10586.1106)|
Firefox ESR [AOS,NS,uBO,uMatrix],Thunderbird,MCShield,CCleaner,Defraggler,MBAM Free,MBAE, Avast Free Antivirus|

Offline =Snake=

  • Still using Avast Free!
  • Maybe Bot
  • ***
  • Posts: 17412
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5877 on: April 11, 2019, 02:44:50 PM »
« Last Edit: April 11, 2019, 02:55:05 PM by =Snake= »
Desktops: AMD LE1620, W7 ult SP1 [x86] | IP-4, XP pro SP3[x86] | Intel Celeron, W7 ult SP1 [x86] | AMD-Athlon 1800+, XP pro SP3, [x86] in WL |
Laptops:   HP G72 , W10 Home [x64]  v22H2 (Build 19045.2728) | Acer Aspire ES1-131, W10 Home [x64] v1511 (Build 10586.1106)|
Firefox ESR [AOS,NS,uBO,uMatrix],Thunderbird,MCShield,CCleaner,Defraggler,MBAM Free,MBAE, Avast Free Antivirus|

Offline =Snake=

  • Still using Avast Free!
  • Maybe Bot
  • ***
  • Posts: 17412
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5878 on: April 11, 2019, 02:47:06 PM »
Desktops: AMD LE1620, W7 ult SP1 [x86] | IP-4, XP pro SP3[x86] | Intel Celeron, W7 ult SP1 [x86] | AMD-Athlon 1800+, XP pro SP3, [x86] in WL |
Laptops:   HP G72 , W10 Home [x64]  v22H2 (Build 19045.2728) | Acer Aspire ES1-131, W10 Home [x64] v1511 (Build 10586.1106)|
Firefox ESR [AOS,NS,uBO,uMatrix],Thunderbird,MCShield,CCleaner,Defraggler,MBAM Free,MBAE, Avast Free Antivirus|

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 48523
  • 64 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Free Security Seminar: https://bit.ly/bobg2023  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v22H2 64bit, 16 Gig Ram, 1TB SSD, Avast Free 23.5.6066, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://bit.ly/BobGInternet