Author Topic: SECURITY WARNINGS & Notices - Please post them here  (Read 2860887 times)

0 Members and 3 Guests are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #6120 on: May 06, 2020, 04:16:05 PM »
Word Press CMS with 5 vulnerable extensions being attacked:
https://www.wordfence.com/blog/2020/05/nearly-a-million-wp-sites-targeted-in-large-scale-attacks/

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #6121 on: May 07, 2020, 04:00:55 PM »
A million Word-Press sites are at risk from an actively attacked hole in the Elementor-Pro plug-in.

Read: https://www.wordfence.com/blog/2020/05/combined-attack-on-elementor-pro-and-ultimate-addons-for-elementor-puts-1-million-sites-at-risk/

I have been warning against security issues with this a-priory-insecure CMS, that often has outdated kernel-code (old versions) based on often can-of-worms-PHP-language, with many vulnerable or left plug-ins and themes. Often wrongly set default settings for user enumeration and directory listing and outdated retirable jQuery code libraries.
Automatic updating procedures may break your website code.


polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)

Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #6122 on: May 12, 2020, 02:46:59 PM »
And again approx. 1200 infections on webshops running a PHP based CMS - backtracking MageCart infections
Read:
https://maxkersten.nl/2020/05/06/backtracking-magecart-infections/  (info credits -> Max Kersten)

Scan here: https://www.magereport.com/  and stay fully updated and fully patched!

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76037
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #6123 on: May 13, 2020, 09:50:55 AM »
Hacker group selling databases with millions of user credentials busted in Poland and Switzerland
https://www.europol.europa.eu/newsroom/news/hacker-group-selling-databases-millions-of-user-credentials-busted-in-poland-and-switzerland
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #6124 on: May 13, 2020, 10:28:37 AM »
Top 10 Routinely Exploited Vulnerabilities | CISA (used by State actors and Cybercriminals alike):
https://www.us-cert.gov/ncas/alerts/aa20-133a

source: National Cyber Awareness System,

polonus (volunteer 3rd party cold recon website security-analyst and website error-hunter)
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #6125 on: May 14, 2020, 06:00:48 PM »
1.3 million Word Press sites targeted by a single malcreant:
Re: https://www.wordfence.com/blog/2020/05/one-attacker-rules-them-all/

Attacked were WP extensions like Easy2Map, Blog Designer, WP GDPR Compliance, Total Donations and also Newspaper-theme.

On one of the IP abused: https://intodns.com/bringtolightnyc.org  Apache/2 E-Tag "2c-59c5c662ca35e"

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #6126 on: May 15, 2020, 02:20:38 PM »
The Unattributable leak your data: 23 million e-mail addresses leaked from a non-protected Elasticsearch-server.
But the original "scraper" cannot be defined and be held responsible as the cloud service does not provide us with names,
only gives out "unattributable". Cybercriminals often have more protection then legit end-users have. Sad but true fact.

Read: https://www.troyhunt.com/the-unattributable-db8151dd-data-breach/

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76037
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #6127 on: May 18, 2020, 06:30:11 AM »
North Korean Malicious Cyber Activity
https://www.us-cert.gov/northkorea
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 48523
  • 64 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Free Security Seminar: https://bit.ly/bobg2023  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v22H2 64bit, 16 Gig Ram, 1TB SSD, Avast Free 23.5.6066, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://bit.ly/BobGInternet

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #6130 on: May 18, 2020, 02:27:40 PM »
Supercomputers hacked across Europe to mine crytocurrency:

https://www.zdnet.com/article/supercomputers-hacked-across-europe-to-mine-cryptocurrency/

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76037
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 48523
  • 64 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #6132 on: May 21, 2020, 01:28:50 PM »
Free Security Seminar: https://bit.ly/bobg2023  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v22H2 64bit, 16 Gig Ram, 1TB SSD, Avast Free 23.5.6066, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://bit.ly/BobGInternet

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: SECURITY WARNINGS & Notices - Please post them here
« Reply #6133 on: May 21, 2020, 04:04:28 PM »
Polonus stumbled upon this http-address in France: http://perso102-g5.free.fr/info.php

Not being secure and wondering what was goin'on there, we scanned IP: https://www.shodan.io/host/212.27.63.102 -> -leading to: -http://perso102-g5.free.fr/info.php

Re: https://aw-snap.info/file-viewer/?protocol=not-secure&ref_sel=GSP2&ua_sel=ff&chk-cache=&fs=1&tgt=cHt9c10xMDItZzUuZn17ey5mfWBbbmZdLnBocA%3D%3D~enc

Vulnerable SSL OpenSSL, headers - 1.0.1t 7.8 vulnerabilities:
code found: https://www.openssl.org/news/vulnerabilities.html  via vulners extension in the browser.

Seems this route is (ab)used for ad-monetizing activities via Akidom service over insecure connections.

There is a lot going on under the hood in the browser, the average user is not aware of,
that is why polonus now and then dare to take a glimpse of what is going on there  ;)

polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)
« Last Edit: May 21, 2020, 04:06:58 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76037
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0