SECURITY WARNINGS & Notices - Please post them here

[polonus]

All 3rd parties involved and why a transaction was not realized: https://www.mupload.nl/img/fqxx4rszg0.jpg
Is src=//assets.pcrl.co/js/jstracker.min.js to denote the webshop javascript could be compromised?
See: -https://github.com/LinusHenze/WebKit-RegEx-Exploit

PHP based CMS with manipulated JavaScript is lively dangerous,

Example: https://www.virustotal.com/#/file/48eb8b500ae6a38617b5738d2b3faec481922a7782246e31d2755c034a45cd5d/community
re: https://aw-snap.info/file-viewer/?protocol=secure&ref_sel=GSP2&ua_sel=ff&chk-cache=&fs=1&tgt=XiNuLmd7fH1wfHR9XWwuXl1t~enc

polonus

[Be Secure]

Hackers Inject Magecart Card Skimmer in Forbes’ Subscription Site
https://www.bleepingcomputer.com/news/security/hackers-inject-magecart-card-skimmer-in-forbes-subscription-site/

[polonus]

The latest cybercriminal trend next to ransomeware is third party (obfuscated) javascript injection by malcreants to get to victim data,
so-called form jacking:

Read: https://news.netcraft.com/archives/2019/05/14/french-jewellery-chain-cleor-falls-victim-to-skimming-attack.html

The attackers operate from a type-squatted domain and extract user data from signing out pay pages,
which are being send to a server under their control. 
SRI & CSP and other security header installs can greatly protect against such attacks.

One should also scan and validate: https://github.com/gwillem/magento-malware-scanner
But other scanning should also be brought in next to regular expression rule scanning like
snippet

Code: [Select]

rule obfuscated eval {
strmp: $ = /\\x65\5*\\x76\s* \\x61\5*\S* \\x6c/condition any of them (see https://pastebin.com/aUuN7v7S)
end snippet
source willemg 88 lines in all.

See what a good php scanner script should be up against: https://pastebin.com/aUuN7v7S
and what you need beside this to deobfuscate, e.g. :
http://ddecode.com/hexdecoder/?results=82d5a427fa502e3a5652e15a9602da48

So protection can be had, when security is not a last resort thing and a sort of low level robot.txt like 

polonus (volunteer 3rd party cold reconnaissance website analyst and website error hunter)

[polonus]

L.S.

And why CSP has not been correctly installed all over the cloud at Cloudflare's,
now that form-jacking gains more and more momentum?

Re: https://observatory.mozilla.org/analyze/cdnjs.cloudflare.com

A minimal D-status is a shame really.
Content Security Policy (CSP) implemented unsafely.

This includes 'unsafe-inline' or data: inside script-src, overly broad sources such as
"https: inside object-src or script-src, or not restricting the sources for object-src or script-src".

And here Cloudflare cannot do better as comin' up with a meagre C grade,
See: https://tls.imirhil.fr/https/cdnjs.cloudflare.com

They won't go that extrt security mile for their end-users, just implementing,
what they can get away with I presume?

This will mean, that we won't see that last webshop being hacked by form-hacking attackers there soon,
that's for sure. A shame really, isn't it?

polonus (volunteer 3rd party cold reconnaissance website security analyst ans error-hunter)

[polonus]

Needed now Lets Encrypt transparency log?
-> read https://www.theregister.co.uk/2019/05/15/lets_encrypt_ct_log/

Will it make a big difference with malcreants?

pol

[schmidthouse]

It's everywhere. Data collection!

https://www.cnn.com/2019/05/20/politics/dhs-chinese-drone-warning/index.html

[Asyn]

Google Stored Unhashed G Suite Passwords for Over a Decade
https://www.bleepingcomputer.com/news/security/google-stored-unhashed-g-suite-passwords-for-over-a-decade/
https://cloud.google.com/blog/products/g-suite/notifying-administrators-about-unhashed-password-storage

[Be Secure]

Sectigo Responds to Chronicle's Report About Malware Signed by Their Certs
https://www.bleepingcomputer.com/news/security/sectigo-responds-to-chronicles-report-about-malware-signed-by-their-certs/

[Asyn]

Notice of Security Incident
https://about.flipboard.com/support-information-incident-may-2019/

[Asyn]

YouTube Cryptocurrency Videos Pushing Info-Stealing Trojan
https://www.bleepingcomputer.com/news/security/youtube-cryptocurrency-videos-pushing-info-stealing-trojan/

[bob3160]

YouTube Cryptocurrency Videos Pushing Info-Stealing Trojan
https://www.bleepingcomputer.com/news/security/youtube-cryptocurrency-videos-pushing-info-stealing-trojan/

This scam is the same as most and promises something for nothing. (Bitcoins)
It usually works on those that are greedy and doesn't work on us rational and cautious types.

[Pondus]

ShadowHammer: Malicious updates for ASUS laptops
https://www.kaspersky.com/blog/shadow-hammer-teaser/26149/

https://securelist.com/operation-shadowhammer/89992/

https://www.virustotal.com/gui/file/bebb16193e4b80f4bc053e4fa818aa4e2832885392469cd5b8ace5cec7e4ca19/detection

[Be Secure]

Maze Ransomware Says Computer Type Determines Ransom Amount
https://www.bleepingcomputer.com/news/security/maze-ransomware-says-computer-type-determines-ransom-amount/

[Be Secure]

GandCrab Ransomware Shutting Down After Claiming to Earn $2.5 Billion
https://www.bleepingcomputer.com/news/security/gandcrab-ransomware-shutting-down-after-claiming-to-earn-25-billion/

[Be Secure]

BlackSquid Uses 7 Exploits to Infect Web Servers with Miners
https://www.bleepingcomputer.com/news/security/blacksquid-uses-7-exploits-to-infect-web-servers-with-miners/