Author Topic: SECURITY WARNINGS & Notices - Please post them here  (Read 2852409 times)

0 Members and 6 Guests are viewing this topic.

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 48512
  • 64 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #6060 on: February 13, 2020, 01:29:09 PM »
‘The intelligence coup of the century’

For decades, the CIA read the encrypted communications of allies and adversaries.
https://www.washingtonpost.com/graphics/2020/world/national-security/cia-crypto-encryption-machines-espionage/

SRF > https://www.srf.ch/news/schweiz/geheimdienstaffaere-cryptoleaks-weltweite-spionage-operation-mit-schweizer-firma-aufgedeckt
ZDF > https://www.zdf.de/politik/frontal-21/operation-rubikon-100.html
Operation RUBICON > https://www.cryptomuseum.com/intel/cia/rubicon.htm
So how does this effect the average technology user?
In no way, this was cross-national espionage.
Something that goes on in every country. Even if it does effect us, it isn't anything an individual can do anything about.
Free Security Seminar: https://bit.ly/bobg2023  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v22H2 64bit, 16 Gig Ram, 1TB SSD, Avast Free 23.5.6066, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://bit.ly/BobGInternet

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76037
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #6061 on: February 16, 2020, 07:50:12 AM »
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33885
  • malware fighter
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #6062 on: February 18, 2020, 10:18:36 PM »
As Asyn said, over 72.000 Word Press websites vulnerable:
https://www.webarxsecurity.com/critical-issue-in-themegrill-demo-importer/
&
https://wordpress.org/plugins/themegrill-demo-importer/advanced/'

Going from incident to incident with this CMS, based on "worm-can" language PHP, full of outdated and vulnerable plug-in code,
retirable jQuery libraries, misconfigured settings like "user enumeration" and "directory listing"set as "enabled".

Those that have relative knowledge do not count, those that take decisions, often lack relative knowledge.
One rather desires a "licked" website over a secure one. End-users pay the price, often coming to them as "abuse" by malcreants.

I am mentioning these issues over and over again, also in the "virus and worms", but often totally in vain.
No one to react or they are just not interested.

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76037
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #6063 on: February 19, 2020, 08:31:18 AM »
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 48512
  • 64 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Free Security Seminar: https://bit.ly/bobg2023  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v22H2 64bit, 16 Gig Ram, 1TB SSD, Avast Free 23.5.6066, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://bit.ly/BobGInternet

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76037
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #6065 on: February 24, 2020, 05:58:26 AM »
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33885
  • malware fighter
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #6066 on: February 25, 2020, 11:59:05 AM »
Vulnerable Word Press Plug-ins attacked:
https://www.wordfence.com/blog/2020/02/multiple-attack-campaigns-targeting-recent-plugin-vulnerabilities/
Thousands of Word Press websites are at risk,

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33885
  • malware fighter
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #6067 on: February 25, 2020, 08:34:52 PM »
Even big websites have Word Press as CMS: htxps://thecsrjournal.in/wp-content/
and sometimes outdated software running..

Blacklisted external link: htXps://syndication.twitter.com/settings 
 The domain is blacklisted: -syndication.twitter.com from CryptoScamDB
(checked using Open Websniffer extension by Разработка и поддержка5MS 5MS dot ru).
https://syndication.twitter.com/i/jot? - widget ->
Quote
%7B%22_category_%22%3A%22syndicated_impression%22%2C%22triggered_on%22%3A1582656898837%2C%22dnt%22%3Afalse%2C%22event_namespace%22%3A%7B%22client%22%3A%22tfw%22%2C%22page%22%3A%22timeline%22%2C%22action%22%3A%22impression%22%7D%7D ....

WordPress version WordPress 5.2.5
Reputation Check
PASSED
Google Safe Browse:OK
Spamhaus Check:OK
Abuse CC:OK
Dshield Blocklist:OK
Cisco Talos Blacklist:OK
Web Server:
Apache/2.4.18 (Ubuntu)
X-Powered-By:
PHP/7.2.20-2+ubuntu16.04.1+deb.sury.org+1 (excessive server version info proliferation)
IP Address:
210.89.48.48
Hosting Provider:
Broadband Pacenet Pvt. Ltd
Shared Hosting:
2 sites found on 210.89.48.48  (see vulnerabilities: https://www.shodan.io/host/210.89.48.48 )

Consider: https://urlscan.io/result/7604e69d-fb8b-44a2-9736-53b4e386aecc

Outdated content: Apache under 2.4.41 http://httpd.apache.org/security/vulnerabilities_24.html
Outdated PHP: PHP under 7.2.25 -> http://php.net/ChangeLog-7.php#7.2.25

Vuln.: https://webcookies.org/cookies/thecsrjournal.in/29134540?114990  E-grade results.

Retirable jQuery libraries: Retire.js
jquery-mobile   1.3.2   Found in -https://thecsrjournal.in/wp-content/plugins/photo-gallery/js/jquery.mobile.min.js?ver=1.3.2
Vulnerability info:
Medium   open redirect leads to cross site scripting   
jquery   1.12.4   Found in -https://thecsrjournal.in/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp
Vulnerability info:
Medium   2432 3rd party CORS request may execute CVE-2015-9251   
Medium   CVE-2015-9251 11974 parseHTML() executes scripts in event handlers   
Low   CVE-2019-11358 jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution

JavaScript syntax errors: SyntaxError: Invalid or unexpected token
 /wp-content/plugins/news-ticker-tj/js/custom.js?ver=6.0.2:2

TypeError: Cannot read property 'querySelector' of null
 / etc.

polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)
« Last Edit: February 25, 2020, 08:47:23 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33885
  • malware fighter
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #6068 on: February 26, 2020, 11:29:22 PM »
For the insecurity aware among us: http://www.nothink.org/
Know what is out there on the Interwebz...

pol
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33885
  • malware fighter
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #6069 on: March 05, 2020, 01:07:07 PM »
I have been reporting about unpatched and vulnerable PHP-based CMS software as long as I am on these here forums,
and that is quite some time. And in this case especially about Word Press flaws and Magento Webshop glitches and insecurity.

These issues showed up in many of my 3rd party cold recon scan results of vulnerable/infested Word Press driven websites,
for which I asked attention in the virus and worms section of these here forums.

Seems however all in vain, as the trained monkeys develop on
for decision makers that rather would see a "licked" website than a more secure one.

So no one seems to give "a hoot" to what this here "oldtimer", polonus, has to say.
Alas, that's how the world turns 'round these days. :'(

Now the Australian government comes with recommendations to get Word Press CMS somewhat more secure:
https://www.cyber.gov.au/publications/securing-content-management-systems

Magento driven webshops not much better situation, consider: https://publicwww.com/websites/magento+/3
(Mind this is a resource address for researchers, do not abuse the info found there  >:( )

Have a nice day,

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33885
  • malware fighter
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #6070 on: March 05, 2020, 01:35:42 PM »
And another never-ending story, ransomware...yep, even here on an MS subdomain...
Re: https://www.theregister.co.uk/2020/03/04/microsoft_subdomain_takeover/
Mind to check for your fraudulous updates, folks. "Do not click to get your OS and all of your files sick".

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76037
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76037
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #6072 on: March 07, 2020, 07:35:00 AM »
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76037
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #6073 on: March 08, 2020, 10:17:27 AM »
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33885
  • malware fighter
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #6074 on: March 09, 2020, 11:20:56 AM »
Word Press sites under attack because of vulnerable "left" plug-in code.
One could easily see that this is "left" code, never been updated since 2016 :>(

See : https://github.com/ghsh88/custom-searchable-data-entry-system
Who is installing some plug-in code from 2015/16 onto a 2020 website?
Not a very bright thing to do, isn't it?

Esy peasy for malcreants by courtesy of a PHP-based CMS (insecure outside the core-code).

Consider this testing site: https://turgensec.com/Obscurity/Obscurity.html  (do not do any evil with it).

And you also are left with zero security advice here:
https://github.com/ghsh88/custom-searchable-data-entry-system/security/advisories

Also Kate at Kate@example.com cannot give you any further assistance.  (info source: luntrus)

polonus

Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!