Author Topic: Technical  (Read 1461035 times)

0 Members and 1 Guest are viewing this topic.

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76038
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: Technical
« Reply #2175 on: May 25, 2018, 08:00:50 AM »
Spectre continues: Did we all trade speed for security?
https://blog.avast.com/spectre-continues-did-we-all-trade-speed-for-security-avast
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76038
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76038
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: Technical
« Reply #2177 on: May 27, 2018, 09:17:15 AM »
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76038
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline Gopher John

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 2098
Re: Technical
« Reply #2179 on: May 28, 2018, 02:28:15 PM »
New VPNFilter malware targets at least 500K networking devices worldwide
https://blog.talosintelligence.com/2018/05/VPNFilter.html
https://www.symantec.com/blogs/threat-intelligence/vpnfilter-iot-malware
https://www.thedailybeast.com/exclusive-fbi-seizes-control-of-russian-botnet
https://www.justice.gov/opa/pr/justice-department-announces-actions-disrupt-advanced-persistent-threat-28-botnet-infected
Foreign Cyber Actors Target Home and Office Routers and Networked Devices Worldwide
https://www.ic3.gov/media/2018/180525.aspx

Can Wi-Fi Inspector detect this router infection?  Since rebooting the router can at least temporarily disrupt the connection to the botnet, is there anything that could be detected?
AMD A6-5350M APU with Radeon HD Graphics, 8.0GB RAM, Win7 Pro SP1 64bit, IE11
i7-3610QM 2.3GHZ, 8.0GB Ram,  Nvidia GeForce GT 630M 2GB, Win7 Pro SP1 64bit, IE 11
Common to both: Avast Premium Security 19.7.2388, WinPatrol Plus, SpywareBlaster 5.5, Opera 12.18, Firefox 68.0.2, MBam Free, CCleaner

Offline Filip Braun

  • Avast team
  • Jr. Member
  • *
  • Posts: 97
Re: Technical
« Reply #2180 on: May 28, 2018, 04:33:05 PM »
New VPNFilter malware targets at least 500K networking devices worldwide
https://blog.talosintelligence.com/2018/05/VPNFilter.html
https://www.symantec.com/blogs/threat-intelligence/vpnfilter-iot-malware
https://www.thedailybeast.com/exclusive-fbi-seizes-control-of-russian-botnet
https://www.justice.gov/opa/pr/justice-department-announces-actions-disrupt-advanced-persistent-threat-28-botnet-infected
Foreign Cyber Actors Target Home and Office Routers and Networked Devices Worldwide
https://www.ic3.gov/media/2018/180525.aspx

Can Wi-Fi Inspector detect this router infection?  Since rebooting the router can at least temporarily disrupt the connection to the botnet, is there anything that could be detected?

Hello,
We were considering whether to add a detection for the VPNFilter exploit, but at this point we are leaning towards NO.
The reasons being:
- It is targeted mostly towards corporate networks (not Wi-Fi Inspectors focus)
- It is not that wide spread
- It is one of the more sophisticated and harder to detect exploits (more development time needed)
Added up, it would not be worth to invest the time into this, when we can add several other detections, that we think will benefit our users more.

Filip

Offline Gopher John

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 2098
Re: Technical
« Reply #2181 on: May 28, 2018, 06:33:26 PM »
Filip, thanks for your reply.

Many brands/models of home routers are vulnerable. If these routers become compromised, it is possible that they could be used for DDos attacks?  At any rate, it seems that the compromised routers is used to steal data traveling thru them.
AMD A6-5350M APU with Radeon HD Graphics, 8.0GB RAM, Win7 Pro SP1 64bit, IE11
i7-3610QM 2.3GHZ, 8.0GB Ram,  Nvidia GeForce GT 630M 2GB, Win7 Pro SP1 64bit, IE 11
Common to both: Avast Premium Security 19.7.2388, WinPatrol Plus, SpywareBlaster 5.5, Opera 12.18, Firefox 68.0.2, MBam Free, CCleaner

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76038
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: Technical
« Reply #2182 on: May 29, 2018, 12:43:33 PM »
EFAIL describes vulnerabilities in the end-to-end encryption technologies OpenPGP and S/MIME that leak the plaintext of encrypted emails
https://efail.de/
https://efail.de/efail-attack-paper.pdf
EFail and Thunderbird, What You Need To Know
https://blog.mozilla.org/thunderbird/2018/05/efail-and-thunderbird/
In Apple Mail, There’s No Protecting PGP-Encrypted Messages
https://theintercept.com/2018/05/25/in-apple-mail-theres-no-protecting-pgp-encrypted-messages/
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76038
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: Technical
« Reply #2183 on: May 30, 2018, 11:25:55 AM »
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76038
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: Technical
« Reply #2184 on: May 31, 2018, 03:36:51 PM »
Frag Grenade! A Remote Code Execution Vulnerability in the Steam Client
https://www.contextis.com/blog/frag-grenade-a-remote-code-execution-vulnerability-in-the-steam-client
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76038
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76038
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: Technical
« Reply #2186 on: June 03, 2018, 11:22:28 AM »
Side-channel attacking browsers through CSS3 features
https://www.evonide.com/side-channel-attacking-browsers-through-css3-features/
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76038
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: Technical
« Reply #2187 on: June 04, 2018, 12:19:07 PM »
Research shows 75% of ‘open’ Redis servers infected
https://www.incapsula.com/blog/report-75-of-open-redis-servers-are-infected.html
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76038
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: Technical
« Reply #2188 on: June 05, 2018, 06:47:44 AM »
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76038
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: Technical
« Reply #2189 on: June 06, 2018, 06:54:53 AM »
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0