Threat actors using Google Ads to lure people to fake Kinsta pages in an effort to steal hosting credentials. Be careful of where you click, even on "trusted" pages like Google search results.
Generally, it's best to avoid clicking on sites in the sponsored results of Google (or any search engine, really).
Using an adblocker prevents this section from loading in most cases.
A couple weeks back we noticed an uptick of incidents from trojanized Advanced IP Installer's delivered due to #malvertising. We tied it back to a group who were formerly a #darkside#ransomware affiliate according to Mandiant.
You may remember articles circulating about Bing's AI providing malvertising links. This is from the same campaign.
Hey @leo glad to hear in the latest episode of #securitynow :steve: (Episode 949) that #adblock is not just a way of reducing annoyance but also a #security feature because of the proliferation of #malvertising.
I say all the time on here that using an #adblocker is a way of protecting yourself because ad delivery platforms are a huge vector for malware and #phishing. This would be largely fixable if the owners of these platforms cared, but they don’t.
Every time I see anyone complain about YouTube or any other media site blocking Adblock users, I see entitled people who refuse to compensate their content creators and hosting providers. I wonder how many of you bother to fund your mastodon fediverse instances.
I often use an adblocker. I get it. I respect anyone who denies to serve me as a result. This is working as intended.
Netflix revenue and subscriber numbers went up after they got real about account sharing anti-freeloader enforcement. Clearly a lot of people admitted that value existed and they had been freeloaders just because they could.
@gpshead@brettcannon I have a hard time sympathizing with this, because adblocking is also a security feature. Online ads remain one of the most prevalent delivery vectors for malware. Often this takes the form of advertisement for software -> download site purportedly serving installer for said software -> installer executes malicious code.
For this reason, a lot of corporate IT environments push out adblock extensions to browser installations on endpoint machines, or do DNS-based blocking. Therefore, using an adblocker often isn't even the choice of the end user; it's something that's mandated by their IT department on their work computer.
CISA and NSA both have public advisories highlighting this issue, and recommending that organizations deploy adblockers. Note that in their advisories, they explicitly mention the ability of malicious actors to target advertisements towards specific groups of users or demographics when purchasing ads; this is of course a feature baked in to how modern online advertisements work.
The Associated Press just served me an ad for fake anti-virus. The entire page was taken over, and forwarded to the malicious site, within seconds of opening the news article, every time.
An ad blocker isn't just something to hide some annoying eyesores, it's a vital layer of security.
If you have friends or family who might fall for fake AV or "windows technical the department" scams, they need an ad blocker. No site they visit can be considered "safe" unless it simply doesn't have ads.
📨 Latest issue of my curated #cybersecurity and #infosec list of resources for week #42/2023 is out! It includes the following and much more:
➝ 🔓 👀 Tracking Unauthorized Access to #Okta's Support System
➝ 🔓 🇯🇵 #Casio discloses #databreach impacting customers in 149 countries
➝ 🔓 🧬 Hacker leaks millions more #23andMe user records on #cybercrime forum
➝ 🔓 🇨🇳 D-Link confirms data breach after employee #phishing attack
➝ 🔓 💰 #Equifax Fined $13.5 Million Over 2017 Data Breach
➝ 🇺🇦 🧹 Ukrainian activists hack Trigona #ransomware gang, wipe servers
➝ 🇺🇸 🇰🇵 FBI: Thousands of Remote IT Workers Sent Wages to #NorthKorea to Help Fund Weapons Program
➝ 🇮🇳 ☁️ #India targets #Microsoft, #Amazon tech support #scammers in nationwide crackdown
➝ 🇵🇸 🇮🇷 #Hamas-linked app offers window into cyber infrastructure, possible links to Iran
➝ 👮🏻♂️ 🥷🏻 Police seize #RagnarLocker leak site
➝ 🇰🇵 North Korean Hackers Exploiting Recent #TeamCity Vulnerability
➝ 🇨🇳 🇷🇺 #China replaces #Russia as top #cyberthreat
➝ 🇺🇦 📡 CERT-UA Reports: 11 Ukrainian Telecom Providers Hit by Cyberattacks
➝ 🇫🇷 🇪🇸 #France frees the two biggest Spanish hackers
➝ 🇺🇸 ⚓️ Ex-Navy IT head gets 5 years for selling people’s data on #darkweb
➝ 🇨🇭 🗳️ #Switzerland’s e-voting system has predictable implementation blunder
➝ 🔓 🏭 Critical Vulnerabilities Expose #Weintek HMIs to Attacks
➝ 🔓 🏭 #Milesight Industrial Router #Vulnerability Possibly Exploited in Attacks
➝ 🦠 🇻🇳 Fake #Corsair job offers on #LinkedIn push #DarkGate malware
➝ 🦠 Google-hosted #malvertising leads to fake #Keepass site that looks genuine
➝ 🦠 💬 #Discord still a hotbed of #malware activity — Now APTs join the fun
➝ 🦠 🕵🏻♂️ SpyNote: Beware of This Android #Trojan that Records Audio and Phone Calls
➝ 🛍️ 🦠 #Android will now scan sideloaded apps for malware at install time
➝ 💬 🔐 #WhatsApp#passkeys on the way, but as usual, for Android first
➝ 🇷🇺 🗂️ Pro-Russian Hackers Exploiting Recent #WinRAR Vulnerability in New Campaign
➝ 🗓️ ❌ Signal Pours Cold Water on Zero-Day Exploit Rumors
➝ 🔓 💥 #Cisco warns of new #IOS XE #zeroday actively exploited in attacks
📚 This week's recommended reading is: "RTFM: Red Team Field Manual v2" by Ben Clark and Nicholas Downer
Subscribe to the #infosecMASHUP newsletter to have it piping hot in your inbox every week-end ⬇️
Rule 17 of the internet: any data retained long enough will leak. Google should not store this information. Next year, expect Texas to subpoena Google for everyone who has ever made abortion related searches in the past 5 years.
🔎 Google-hosted malvertising leads to fake Keepass site that looks genuine
➥Ars Technica
「 There’s no surefire way to detect either malicious Google ads or punycode-encoded URLs. Posting ķeepass[.]info into all five major browsers leads to the imposter site. When in doubt, people can open a new browser tab and manually type the URL, but that’s not always feasible when they’re long 」
@arstechnica Speaking of google, today was the first time I got one of those deepfake Elon Musk-videos about something something cryptocurrency as an ad before a youtube video. And I could find no way to flag or report an ad. I've reported those abominations when they were normal videos, but as ads? #nogoogle#google#malvertising#badvertising#youtube#elonmusk#deepfake
Welp, looks like Ublock Origin is over... YT now detects it and harasses your ass to try & give up your safety/comfort just so they can throw malicious ads down your throat.
And no, I won't stop using my adblocker as it keeps me safe, comfortable and secure from the tones of malicious/toxic ads YT tries to expose you to.
Hopefully UBlock manage to find a patch that stops YT from doing this if its still possible.
Predictably, #microsoft started injecting ads into #openai#gpt4 powered #bingchat conversations…and just as predictably, there is now a huge #malvertising problem in Bing Chat.
It’s actually worse than #malware poisoned advertisements showing up in search engine results for a couple of reasons.
We could be using #AI tools to help with things like searching for #malware or develop #threatmodels or tailor #cybersecurity controls. A company like #microsoft could use it for some of these things (they have a widely used threat modeling methodology and associated tool). Instead they are using it to trick people with #bingchat and make #malvertising worse.