SECURITY WARNINGS & Notices - Please post them here

[Asyn]

Fake Malwarebytes installation files distributing coinminer
https://blog.avast.com/fake-malwarebytes-installation-files-distributing-coinminer

[polonus]

Still some 20.000 Word Press WooCommerce websites at risk through vulnerable outdated plug-in by the name of "Discount Rules":
https://wordpress.org/plugins/woo-discount-rules/
Detected by security firm webarxsecurity, read: https://www.webarxsecurity.com/multiple-vulnerabilities-in-discount-rules-for-woocommerce-plugin/

The Discount Rules for WooCommerce plugin (versions 2.0.2 and below) suffers from multiple vulnerabilities such as SQL injection, authorization issues and unauthenticated stored cross-site scripting.

In this scenario, the unauthenticated stored cross-site scripting issue could potentially lead to remote code execution.

Check at https://hackertarget.com/wordpress-security-scan/

polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)

[Asyn]

Alert (AA20-239A) - FASTCash 2.0: North Korea's BeagleBoyz Robbing Banks
https://us-cert.cisa.gov/ncas/alerts/aa20-239a

[Asyn]

Slack fixes 'critical' vulnerability that left desktop app users open to attack
https://mashable.com/article/slack-fixes-critical-remote-code-execution-vulnerabilitybug-bounty/

[Asyn]

Apple mistakenly approved a widely used malware to run on Macs
https://techcrunch.com/2020/08/31/apple-notarized-mac-malware/

[Asyn]

Over 400 GOV.UK domains found on spam blacklists
https://www.bleepingcomputer.com/news/security/over-400-govuk-domains-found-on-spam-blacklists/

[Asyn]

Cybercriminal greeners from Iran attack companies worldwide for financial gain
https://www.group-ib.com/media/iran-cybercriminals

[Asyn]

Microsoft Defender can ironically be used to download malware
https://www.bleepingcomputer.com/news/microsoft/microsoft-defender-can-ironically-be-used-to-download-malware/

[bob3160]

Weekly Security News Roundup W/E 9.4.2020
https://podcasts.apple.com/us/podcast/weekly-security-news-roundup-w-e-9-4-2020/id1511579697?i=1000490094741

[Asyn]

Windows 10 Sandbox activation enables zero-day vulnerability
https://www.bleepingcomputer.com/news/security/windows-10-sandbox-activation-enables-zero-day-vulnerability/

[bob3160]

Windows 10 Sandbox activation enables zero-day vulnerability
https://www.bleepingcomputer.com/news/security/windows-10-sandbox-activation-enables-zero-day-vulnerability/

If this is activated you could be vulnerable.

[polonus]

Three governmental warnings against emotet malware attacks (France, Japan and New-Zealand):
Read: https://www.cert.ssi.gouv.fr/alerte/CERTFR-2020-ALE-019/
and https://twitter.com/CERT_FR/status/1303011855187742722
and https://www.cert.govt.nz/it-specialists/advisories/emotet-malware-being-spread-via-email/

Advice is to disable macro's in Windows Office completely, and/or only allow digitally signed macro's.
Also Power Shell should be so configured that it is only allowed to run signed scripts.

A good resource for reported emotet malcode online can be found at URLHaus.
Visit: https://urlhaus.abuse.ch/browse/ and scan with emotet as query.

Indeed Windows Office MS macro is the bitch.
That is why I run Voodoo Shield and use open source LibreOffice.
And I do not run my OS as admin, but as normal user.

Yep, linux OS is more secure, when rightly configured by a user, that knows what she or he is doing.
It has never come under so much attack as Microsoft Windows has.
But that again is quite another topic.

Again forewarned means forearmed.

polonus

[bob3160]

Security News Roundup for the Week Ending 9-11-2020

https://youtu.be/QdlpvMYm3SI

[polonus]

Some 140.000 and even more Word Press CMS websites with vulnerable File Manager plug-in
open to log-in password stealing malware.

Read: https://www.wordfence.com/blog/2020/09/attackers-fight-for-control-of-sites-targeted-in-file-manager-vulnerability/

Info source: Defiant's Ram Gall,

polonus

[bob3160]

Some 140.000 and even more Word Press CMS websites with vulnerable File Manager plug-in
open to log-in password stealing malware.

Read: https://www.wordfence.com/blog/2020/09/attackers-fight-for-control-of-sites-targeted-in-file-manager-vulnerability/

Info source: Defiant's Ram Gall,

polonus

I guess tou didn't look at my post. It was covered.
https://youtu.be/QdlpvMYm3SI