Author Topic: SECURITY WARNINGS & Notices - Please post them here  (Read 1988305 times)

0 Members and 4 Guests are viewing this topic.

Online polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32702
  • malware fighter
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #6090 on: April 02, 2020, 03:56:36 PM »
LS

Every IP scan or domain scan or AS scan for that matter should be examined separately to know what is going on from there.
Sometimes this means benign security scans, sometimes probing with malicious intent, sometimes simple outright malware
to send out spamraids with, scam & malware (Mirai).

Let us just take a random example IP which is doing port scanning for port 5555, a scanning that comes from
IP address 112.119.218.130 in HongKong, apparently performed by  netvigator (game shield) dot com domain.

VirusTotal shows 1 engine to detect, detecting spam, here we have it:
https://www.virustotal.com/gui/ip-address/112.119.218.130/detection

GreyNoise cannot help us much in these respects, just alerts the scans being performed:
https://viz.greynoise.io/query/?gnql=metadata.rdns%3An112119218130.netvigator.com

Shodan is not quite clear on what it is: https://www.shodan.io/host/112.119.218.130/raw

Again here we stumble on quite some interesting underlying data: https://intelx.io/?s=netvigator.com
Data, coming from this awful Intelligence scanner made by the firm of the renowned Peter Kleissner,
hacker/researcher/ sinkhole expert from Vienna (now Prague).
I was so happy to get some online outbuilding on automated sinkholing from him during 2017.

Summa summarum every IP address and/or domain/AS should be considered separately to what this scanning means.
I do this just through  3rd party cold recon security scanning.

In this case the buzzword apparently is "gamer SPAM".
But it could also be something quite innocent like benign bot-scans or security scantool action.

Moreover at netvigator dot com JSONP script I found flaws in the settings of their CSP implementation,
just to mention this on the by and by. (Info credits go to: luntrus)

polonus

« Last Edit: April 02, 2020, 03:58:25 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Online polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32702
  • malware fighter
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #6091 on: April 03, 2020, 01:32:13 PM »
WordPress removes plug-in100.000 times installed.
Left by developer. It is this plug-in that's involved: https://wordpress.org/plugins/contact-form-7-datepicker/
Where it was being reported: https://www.wordfence.com/blog/2020/04/high-severity-vulnerability-leads
See: https://wordpress.org/support/topic/why-was-this-plugin-removed-should-i-remove-it-from-my-site/

Scan when you use WordPress with this WP security scan: https://hackertarget.com/wordpress-security-scan/

polonus (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Online polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32702
  • malware fighter
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #6092 on: April 05, 2020, 01:40:37 PM »
Hi robert1297,

Coronavirus means hey-days for cybercriminals all sorts, malcreants, scammers, spammers,  fake-news & fraud spreaders, the lot.
Mind your "clicks" while you keep your distance also digitally. Let's stick together from home.

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 83800
  • No support PMs thanks
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #6093 on: April 05, 2020, 05:52:59 PM »
Hi robert1297,

Coronavirus means hey-days for cybercriminals all sorts, malcreants, scammers, spammers,  fake-news & fraud spreaders, the lot.
Mind your "clicks" while you keep your distance also digitally. Let's stick together from home.

polonus

Nothing has change in this regard for pond scum and bottom feeders, they are quick to jump on anything of social interest.
WinXP ProSP3/ Core2Duo E8300/ 4GB Ram/ avast! free 18.5.2342/ Firefox ESR, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security
Windows 10 Home 2004 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 20.7.2425 (build 20.7.5568.598) UI-1.0.558/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 66907
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #6094 on: April 07, 2020, 01:33:13 PM »
Win 8.1 [x64] - Avast PremSec 20.8.2429.Beta4 [UI.562] - CC 5.72 - EEK - FF ESR 78.3 [NS/AOS/uBO/PB] - TB 68.12 - SB/CP/SL/DU.BC
Deutschsprachiger Bereich -> Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 83800
  • No support PMs thanks
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #6095 on: April 07, 2020, 07:33:44 PM »
Banking Malware Spreading via COVID-19 Relief Payment Phishing
https://www.bleepingcomputer.com/news/security/banking-malware-spreading-via-covid-19-relief-payment-phishing/

This isn't helped by legit companies asking for donations (such as PayPal) and peoples genuine wish to help.  So these pond life scum take advantage, so no change there then.

People really need to be aware of any such scam/s relating to what is currently the hot topic in social media/news etc.  In that too, nothing has changed, be suspicious and know the source you are supposedly visiting.
WinXP ProSP3/ Core2Duo E8300/ 4GB Ram/ avast! free 18.5.2342/ Firefox ESR, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security
Windows 10 Home 2004 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 20.7.2425 (build 20.7.5568.598) UI-1.0.558/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 44138
  • 60 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #6096 on: April 07, 2020, 07:37:18 PM »
Banking Malware Spreading via COVID-19 Relief Payment Phishing
https://www.bleepingcomputer.com/news/security/banking-malware-spreading-via-covid-19-relief-payment-phishing/

This isn't helped by legit companies asking for donations (such as PayPal) and peoples genuine wish to help.  So these pond life scum take advantage, so no change there then.

People really need to be aware of any such scam/s relating to what is currently the hot topic in social media/news etc.  In that too, nothing has changed, be suspicious and know the source you are supposedly visiting.
https://forum.avast.com/index.php?topic=232867.msg1541456#msg1541456
Free avast! Security Seminar: http://bit.ly/2N1eaR2  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 10 Pro v1909 64bit, 24 Gig Ram, 1TB SSD, AvastOmni 20.7.xxx, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 83800
  • No support PMs thanks
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #6097 on: April 07, 2020, 07:42:06 PM »
Banking Malware Spreading via COVID-19 Relief Payment Phishing
https://www.bleepingcomputer.com/news/security/banking-malware-spreading-via-covid-19-relief-payment-phishing/

This isn't helped by legit companies asking for donations (such as PayPal) and peoples genuine wish to help.  So these pond life scum take advantage, so no change there then.

People really need to be aware of any such scam/s relating to what is currently the hot topic in social media/news etc.  In that too, nothing has changed, be suspicious and know the source you are supposedly visiting.
https://forum.avast.com/index.php?topic=232867.msg1541456#msg1541456

Something that most people need to view, as for me I have been watching out for pond life scammers for many many years.  As long as I have been using the forums for sure :)
WinXP ProSP3/ Core2Duo E8300/ 4GB Ram/ avast! free 18.5.2342/ Firefox ESR, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security
Windows 10 Home 2004 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 20.7.2425 (build 20.7.5568.598) UI-1.0.558/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 44138
  • 60 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #6098 on: April 07, 2020, 07:46:57 PM »
Banking Malware Spreading via COVID-19 Relief Payment Phishing
https://www.bleepingcomputer.com/news/security/banking-malware-spreading-via-covid-19-relief-payment-phishing/

This isn't helped by legit companies asking for donations (such as PayPal) and peoples genuine wish to help.  So these pond life scum take advantage, so no change there then.

People really need to be aware of any such scam/s relating to what is currently the hot topic in social media/news etc.  In that too, nothing has changed, be suspicious and know the source you are supposedly visiting.
https://forum.avast.com/index.php?topic=232867.msg1541456#msg1541456

Something that most people need to view, as for me I have been watching out for pond life scammers for many many years.  As long as I have been using the forums for sure :)
Sometimes,on this forum, it's hard to get folks to actually spend the time to watch a video even if it may be helpful. :)
Free avast! Security Seminar: http://bit.ly/2N1eaR2  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 10 Pro v1909 64bit, 24 Gig Ram, 1TB SSD, AvastOmni 20.7.xxx, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 83800
  • No support PMs thanks
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #6099 on: April 07, 2020, 07:50:05 PM »
<snip quotes>
Sometimes,on this forum, it's hard to get folks to actually spend the time to watch a video even if it may be helpful. :)

Unfortunately for some, they don't do anything/seek help until they are hit.

Hopefully people aren't ignoring the real Corvid-19 advice.
WinXP ProSP3/ Core2Duo E8300/ 4GB Ram/ avast! free 18.5.2342/ Firefox ESR, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security
Windows 10 Home 2004 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 20.7.2425 (build 20.7.5568.598) UI-1.0.558/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 44138
  • 60 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #6100 on: April 08, 2020, 05:25:01 PM »
If you're using ZOOM, here's an excellent video to make Zoom and you
more secure. https://youtu.be/-_mgnmmCv2M
Free avast! Security Seminar: http://bit.ly/2N1eaR2  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 10 Pro v1909 64bit, 24 Gig Ram, 1TB SSD, AvastOmni 20.7.xxx, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq

Online polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32702
  • malware fighter
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #6101 on: April 09, 2020, 01:18:31 PM »
Stop downloading "unkillable malware" apps!
Read: https://www.theregister.co.uk/2020/04/08/xhelper_android_malware/

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Online polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32702
  • malware fighter
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #6102 on: April 10, 2020, 07:30:26 PM »
L.S.

Always keep your friends close but your enemies even closer:
https://www.blackhatworld.com/seo/guides-get-this-pandemic-backlinks.1209771/

Forewarned always means being forearmed.

polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline =Snake=

  • ..... minden elfelejtettem.
  • Starting Graphoman
  • *
  • Posts: 6510
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #6103 on: April 10, 2020, 09:20:29 PM »
@polonus

Hi!

Why is s.th. of this thread(?) not secure (see screenshot). Have I to change s.th.(where)?
 ;)
=Snake=
Main:AMD LE1620,W7ult SP1 | MS-7091,P4,XPpro SP3 | AMD-Athlon 1800+ (W7ult SP1 + XP pro SP3,FFesr 45.9,TB 45.8,CC 5.11)|
Laptops: Acer Aspire V5-591G,W10 Home[x64] v1909 (Build 18363.959) | HPI_2020M,W8.1 pro[x64] | Amilo Xi2428,W8.1 pro | MD95400,W7ult SP1 | MD97400,XP pro SP3|
FF 68.11.0esr[NS,AOS,ABP],TB 68.10.0,MCS,CC 5.69,MBAM,MBAE, FW (XP+W7):CIS 3.14[FW,D+],AV:Avast Free [XP+W7:10.4.2233] 19.8.2393|

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 83800
  • No support PMs thanks
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #6104 on: April 11, 2020, 12:58:03 AM »
@polonus

Hi!

Why is s.th. of this thread(?) not secure (see screenshot). Have I to change s.th.(where)?
 ;)
=Snake=

There is nothing to change, whilst the site is https not all of the content is from https sources, this is typically when people attach imaged (or other elements) located on non secure locations.

Just click on the secure icon and it will tell you, see attached image.
WinXP ProSP3/ Core2Duo E8300/ 4GB Ram/ avast! free 18.5.2342/ Firefox ESR, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security
Windows 10 Home 2004 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 20.7.2425 (build 20.7.5568.598) UI-1.0.558/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro