SECURITY WARNINGS & Notices - Please post them here

[polonus]

Many an adblock- and vpn-app is a hidden data grabbing tool:
Read: https://www.buzzfeednews.com/article/craigsilverman/vpn-and-ad-blocking-apps-sensor-tower

Mentioned here are Free and Unlimited VPN, Luna VPN, Mobile Data, & Adblock Focus found in the Google Play Store.

polonus

[Asyn]

IPAS: Security Advisories for March 2020
https://blogs.intel.com/technology/2020/03/ipas-security-advisories-for-march-2020/

[polonus]

Just to stress the importance of JavaScript security in the Tor browser:
https://www.zdnet.com/article/tor-team-warns-of-tor-browser-bug-that-runs-javascript-on-sites-it-shouldnt/

Mind tor settings: about:config: extensions.torbutton.noscript_inited = true

Good to be aware of the implications of JavaScript insecurity.

JavaScript can be used to unmask the users of a particular browser and their real IP address they send over the wire,
JavaScript flaws has been used against Tor users in the past as a firefox zero-day.

FBI also used it to be able to unmask Tor browser users in the past in the Freedom Hosting hijack...
http://www.independent.ie/irish-news/courts/child-porn-accused-trying-to-move-to-russia-fbi-29574802.html

polonus

[Asyn]

FBI Arrests Alleged Owner of Deer.io, a Top Broker of Stolen Accounts
https://krebsonsecurity.com/2020/03/fbi-arrests-alleged-owner-of-deer-io-a-top-broker-of-stolen-accounts/

[poundeinigo]

Used to be a big fan of Avast and saw this today. Should not be surprised. But a warning to anyone using Avast or AVG.

https://www.pcworld.com/article/3516502/report-avast-and-avg-collect-and-sell-your-personal-info-via-their-free-antivirus-programs.html

where to read the official position?

[Asyn]

where to read the official position?

-> https://forum.avast.com/index.php?topic=231828.0

[polonus]

Malicious corona-virus-tracker app locks your phone.
Re: https://twitter.com/LukasStefanko/status/1239826056103825408
Re: https://www.domaintools.com/resources/blog/covidlock-update-coronavirus-ransomware

The universal key to unlock = "4865083501".

Malcreants with too much time on their hands, because of corona-virus-measures, use this to think of ways to abuse.
The one uses his free time to protect and aid others, the others to abuse and ruin for money.

Stay vigilant and do not fall for the PHISH, scam and spam.
Look before you leap, uh I mean install an app.

polonus

[Asyn]

ADV200006 | Type 1 Font Parsing Remote Code Execution Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/adv200006

[polonus]

Magento-webshops kept failed log-on data in plain txt.
Better and more secure ways already exist:  https://en.wikipedia.org/wiki/Digest_access_authentication
 
Read: https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update

Apply the hotfix: https://magento.com/security/hot-fix-available-cve-2019-8118

Scan at: https://www.magereport.com/

A better way however is to make use of digital signatures (SSH authenticatiion,
TLS client certificates, WebAuthn) because a server only keeps public data as information.

polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)

[Asyn]

VPN bypass vulnerability in Apple iOS
https://protonvpn.com/blog/apple-ios-vulnerability-disclosure/

[Asyn]

FBI Warns of Ongoing Zoom-Bombing Attacks on Video Meetings
https://www.bleepingcomputer.com/news/security/fbi-warns-of-ongoing-zoom-bombing-attacks-on-video-meetings/
https://www.fbi.gov/contact-us/field-offices/boston/news/press-releases/fbi-warns-of-teleconferencing-and-online-classroom-hijacking-during-covid-19-pandemic

[bob3160]

FBI Warns of Ongoing Zoom-Bombing Attacks on Video Meetings
https://www.bleepingcomputer.com/news/security/fbi-warns-of-ongoing-zoom-bombing-attacks-on-video-meetings/
https://www.fbi.gov/contact-us/field-offices/boston/news/press-releases/fbi-warns-of-teleconferencing-and-online-classroom-hijacking-during-covid-19-pandemic

Don't advertise your meetings on open or social websites. Protect the meeting with a password.
It isn't hard to keep the bad guys out.

[Asyn]

Security Advisories: D-Link DSL-2640B
https://raelize.com/posts/d-link-dsl-2640b-security-advisories/

[polonus]

Ongoing scans for port 5555 by all kind of systems?

Two views on this and such scans:
 https://www.experts-exchange.com/questions/22726184/Port-5555-is-open.html

Scanning is for an Android Device Debug Poort:
https://www.bleepingcomputer.com/news/security/tens-of-thousands-of-android-devices-are-exposing-their-debug-port/
Consider: https://www.shodan.io/search?query=Android+Debug+Bridge+port%3A5555&language=en

With all these thousands of Google Propriety Android devices and IoT-crap around, not astounding, also on 8.8.8.8.

-> https://www.shodan.io/host/8.8.8.8/raw
Cybercriminals wanna contact open ADB ports to be able to get "root".
Wahy - to silently install a Miner worm and the likes.

How to disable this port 5555 ADD service:
http://www.hacktabs.com/enable-disable-adb-wifi-rooted-non-rooted-android/

Stay vigilant users, (info credits go to luntrus)

polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)

[polonus]

Here we can see what the issue is: https://viz.greynoise.io/query/?gnql=port%3A5555
Stop this firewalling see:
https://www.openbsd.org/faq/pf/filter.html#defdeny &
http://linux-training.be/networking/ch14.html#idp69772096 (or for your language).

So conclusion as for now some malicious e.g. Mirai & Telnet Scanning

polonus