Author Topic: SECURITY WARNINGS & Notices - Please post them here  (Read 2860987 times)

0 Members and 6 Guests are viewing this topic.

Offline Be Secure

  • Long Time Avast User(10years.....) Security Enthusiast.
  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1908
PC- Windows10 EDU 64Bit,avast! free 21.1.2449,uBlock Origin,NVT_OSA,GoogleChrome(64bit),CCleaner,Unchecky,ZAM Free,Shadow Defender.
Security Enthusiast

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76037
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5941 on: June 23, 2019, 03:38:22 PM »
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0


Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5943 on: June 28, 2019, 10:45:40 PM »
Where address obscurity was meant to be your security for public buckets.

Read: https://www.upguard.com/breaches/attunity-data-leak

So no longer secure as there are search engines now to find these public buckets,
which could otherwise come without protection: https://buckets.grayhatwarfare.com/

Really some insecurity lingers on the Interwebz, folks, it sure does.

Some search example for bootstrap.js:
https://buckets.grayhatwarfare.com/results/bootstrap.js

And some results are not secure: -https://tempdev.s3-us-west-2.amazonaws.com/assets/bower_components/bootstrap/dist/js/bootstrap.js
Detected libraries:
bootstrap - 3.3.7 : -https://tempdev.s3-us-west-2.amazonaws.com/assets/bower_components/bootstrap/dist/js/bootstrap.js
Info: Severity: high
https://github.com/twbs/bootstrap/issues/28236
Info: Severity: medium
https://github.com/twbs/bootstrap/issues/20184
Info: Severity: medium
https://github.com/twbs/bootstrap/issues/20184
Info: Severity: medium
https://github.com/twbs/bootstrap/issues/20184
1 vulnerable library detected

polonus (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)

P.S. Just fiddle a bit around and via cache data you'll get at:
https://webcache.googleusercontent.com/search?q=cache:9hT4lE0DjLUJ:www.smkmuhkandanghaur.sch.id/assets/bower_components/Ionicons/src/+&cd=2&hl=pl&ct=clnk&gl=us&client=avast

Damian
« Last Edit: June 28, 2019, 10:57:19 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76037
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5944 on: July 05, 2019, 02:22:48 PM »
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76037
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5945 on: July 07, 2019, 08:15:26 AM »
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5946 on: July 07, 2019, 08:50:24 PM »
962 Magento webshops hit through formjacking:

Re: https://www.bleepingcomputer.com/news/security/automated-magecart-campaign-hits-over-960-breached-stores/
Re: https://gist.github.com/gwillem/5d936f5a84837d5c1dcb488ce256294a  (the decoded script)

Webshop owners and store-site maintainers should scan here: https://www.magereport.com/scan/

Often the cause of this is sloppy update & patch routines for both Magento CMS and themes and plug-ins.

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5947 on: July 11, 2019, 12:06:56 AM »
25 Million Android Phones Infected.
Is your Whatsapp kicking up adverts?  You are probably being infected.
Read: https://www.forbes.com/sites/thomasbrewster/2019/07/10/25-million-android-phones-infected-with-malware-that-hides-in-whatsapp/

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76037
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5948 on: July 11, 2019, 06:55:53 AM »
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5949 on: July 13, 2019, 12:11:59 AM »
Sad news
Bye bye
Quote
<?php
echo "# ZeuS Tracker has been discontinued on Jul 8th, 2019";
exit();
?>

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76037
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5950 on: July 17, 2019, 07:22:15 AM »
Avast researchers find apparent Android app scam
https://blog.avast.com/avast-researcher-finds-apparent-android-app-scam
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76037
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5951 on: July 17, 2019, 07:52:18 AM »
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76037
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5952 on: July 18, 2019, 09:33:20 AM »
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5953 on: July 18, 2019, 02:20:06 PM »
Spamhouse considers Cloudflare as a privileged botnet-server-hoster.
Cloudflare listed as the number 1 hoster of C&C servers.

https://www.spamhaus.org/news/article/785/spamhaus-botnet-threat-update-q2-2019

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88898
  • No support PMs thanks
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #5954 on: July 18, 2019, 03:04:24 PM »
Spamhouse considers Cloudflare as a privileged botnet-server-hoster.
Cloudflare listed as the number 1 hoster of C&C servers.

https://www.spamhaus.org/news/article/785/spamhaus-botnet-threat-update-q2-2019

polonus

This isn't particularly surprising when you consider just how big Cloudflare is.

As I use uMatrix (and uBlock Origin) in my Firefox browsers, I see just how many sites have connections to Cloudflare.

Though like other hosting services I would be expecting them to be taking positive action to prevent this type of action.  I guess we live in different worlds.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security