Connect with us

Published

on

With just one click, a person’s computer or even the entire network can be invaded. Despite the constant use of ad blockers and advanced security software, malware spread through ads is still a big problem, especially when they masquerade as ads from legitimate sites.

Malicious search ads represent just one form of ad exploitation by threat actors. Other types include the distribution of malicious banner ads on legitimate websites that hide bad code using steganography. malicious Ads may also be encountered through in-text hyperlinks, pop-ups, and more.

Advert

How do malicious ads work on search engines?

Following the boom in various search engines throughout the 90s, and considering the online world is increasingly penetrating our physical daily lives, it is not surprising that advertising companies want to target such areas.

However, there may also be malicious ones among these search ads. Malvertising often involves threat actors buying prime ad space from search engines to persuade potential victims to click on their ads.

Scammers who pay for search ads automatically push their malicious pages to the top of people’s search results. Internet users searching for specific products may encounter such situations where only subtle clues are available to distinguish between a legitimate and a malicious ad or page.

Advert

In 2023, Google blocked or removed more than 1 billion ads that abused its ad network, including ads that promoted malware. Other online advertisers are also victims. Due to the nature of the advertising business, malicious actors can manipulate and compromise an entire ad chain in a variety of possible ways, from buying ads to spoofing search engine providers to hacking websites and ad servers.

While search engine providers continually remove malicious ads or websites from search results, hackers are persistent and continue to find new ways to counter content filtering, creating a game of mole between search providers and criminals. As a result, you can never be 100 percent sure whether what you clicked is a malicious link or not.

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Security

Attackers Malware Urea

HP Wolf Security’sten reports point to the use of artificial intelligence when creating malware scripts, threat actors relying on malvertising to spread fake PDF tools, and malware embedded in image files.

Published

on

HP Wolf Security’sten reports point to the use of artificial intelligence when creating malware scripts, threat actors relying on malvertising to spread fake PDF tools, and malware embedded in image files.

The latest in HP Imagine reveals how attackers are using generative AI to help write malicious code. Threat Insights Report published. HP’s threat research team has detected a large, refined ChromeLoader attack spread via malvertisements that lead to professional-looking fake PDF tools and identified cybercriminals who injected malicious code into SVG images.

The report provides an analysis of real-world cyberattacks, helping organizations stay abreast of the latest techniques cybercriminals are using to evade detection and breach computers in the rapidly changing cybercrime landscape. Based on data from millions of endpoints running HP Wolf Security, key attacks identified by HP threat researchers include:

Wolf Security

  • Generative AI helps develop malware in all environments: Cybercriminals are already using AI to create convincing phishing traps, but to date there has been limited evidence of threat actors using AI tools to write code. The team detected a campaign targeting French speakers using VBScript and JavaScript, believed to have been written with the help of AIZ. The structure of the scripts, comments explaining each line of code, and native language function names and selection of variables are strong indicators that the threat actor is using ARMS to create the malware. The attack infects users with the freely available AsyncRAT malware, an easy-to-obtain information stealer that can record the victim’s screens and keystrokes. This activity demonstrates how AIM lowers the bar for cybercriminals to infect endpoints.
  • Subtly crafted malicious advertising campaigns that lead to fake but functional PDF tools: ChromeLoader attacks are getting bigger and more convincing, relying on popular search keywords and malicious ads to direct victims to well-designed websites that offer functional tools like PDF readers and converters. These applications hide malicious code in an MSI file, while valid code signing certificates bypass Windows security policies and user warnings, increasing the likelihood of infection. Installing these fake applications allows attackers to hijack victims’ browsers and redirect searches to attacker-controlled sites.
  • “This logo cannot be used” hides malware in Scalable Vector Graphics (SVG) images: Some cybercriminals are bucking the trend by switching from HTML files to vector images to disguise malware. Vector images commonly used in graphic design generally use the XML-based SVG format. Because SVGs open automatically in browsers, embedded JavaScript codes are executed when the image is viewed. While victims think they are viewing an image, they are interacting with a complex file format that leads to the installation of multiple types of stealing malware.

By isolating threats that evade detection tools on computers—but by allowing malware to safely engage first—HP Wolf Security can capture specific insights into the latest techniques used by cybercriminals. To date, HP Wolf Security customers have clicked on more than 40 billion email attachments, web pages, and downloaded files without any reported breaches.

Examining data from Q2 2024, the report details how cybercriminals continue to diversify their attack methods to bypass security policies and detection tools:

HP Sure Click At least 12% of email threats detected by Microsoft bypassed one or more email gateway scanners, the same rate as in the previous quarter.

– The top threat vectors were email attachments (61%), downloads from browsers (18%), and other infection vectors such as removable storage such as USB flash drives and file shares (21%).

– Archives were the most popular malware distribution type (39%), of which 26% were ZIP files.

HP Wolf Security runs risky tasks in isolated, hardware-hardened virtual machines running at the edge to protect users without impacting their productivity. It also captures detailed traces of infection attempts. HP’s application isolation technology reduces threats that can evade other security tools and provides unique insight into intrusion techniques and behavior of threat actors.

Continue Reading

Security

Tips for Keeping Social Media Accounts Safe

Social media has become an indispensable part of modern life with billions of users around the world. According to July 2024 data from Kepios, there are 5.17 billion social media users worldwide, or 63.7% of the global population.

Published

on

Social media has become an indispensable part of modern life with billions of users around the world. According to July 2024 data from Kepios, there are 5.17 billion social media users worldwide, or 63.7% of the global population.

Cybercriminals’ activities on social media are becoming increasingly sophisticated. Users are threatened by many different methods, from social engineering techniques to fake accounts. Hackers can commit fraud by capturing users’ personal data, take over their accounts and use these accounts for spam content or malicious links.

Additionally, since social media users often use the same passwords on more than one platform, a vulnerability in one account can put other accounts at risk.

social media

Common Hacking Methods Used Against Social Media Accounts

  1. Phishing Attacks

Phishing is a tactic where hackers send fake messages or emails pretending to be a trusted source. Cybercriminals try to trick users into providing their login information or clicking a malicious link that compromises their account. Phishing attacks often target influencers by impersonating brands, sponsorship deals, and even platform notifications.

  1. Filling out Credentials

This method involves using stolen login credentials (data breaches or leaks) to access social media accounts. Social media enthusiasts who reuse their passwords on different sites are especially at risk from such attacks.

  1. Brute Force Attacks

Hackers use automated tools to try thousands of different password combinations until they guess the accounts’ password. Weak or common passwords make users an easy target for brute force attacks.

  1. Malware and Keyloggers

Malware can be installed on devices via malicious downloads, email attachments, or drive-by downloads. Once installed, malware such as Remote Access Trojans track keystrokes, allowing hackers to steal users’ passwords and gain access to your accounts.

  1. Session Hijacking

If users are using public or unsecured Wi-Fi, hackers can hijack their sessions to access their social media accounts. By capturing data exchanged between the device and the network, hackers can access users’ sessions without needing login information.

Methods to Protect Social Media Accounts from Hackers

  1. Use Strong and Unique Passwords

The first line of defense against hackers and account takeovers is a strong, unique password for each account. Avoid using birthdays, common expressions, or words that can be easily guessed. Instead, choose long and random combinations of letters, numbers and symbols.

  1. Enable Two-Factor Authentication (2FA)

Two-factor authentication adds an extra layer of security to your account by requiring you to verify your identity with a secondary method (usually a code sent to your phone) after you enter your password. This makes it much more difficult for hackers to access your account, even if they somehow get hold of your login information (email address and password combination).

  1. Be Careful of Phishing Scams

Always double check the sender before clicking on links in emails or messages. Avoid downloading attachments from unknown senders or clicking on suspicious links. Hover over links to see the actual URL before clicking, and if you’re unsure, go directly to the website in question instead of using the link.

  1. Keep Your Software Updated

Outdated software may contain vulnerabilities that hackers can exploit. Update your operating system, browser, and applications regularly to ensure security patches are applied.

  1. Use VPN When On Public Wi-Fi

Public Wi-Fi networks are notorious for risks that make it easy for hackers to get hold of your data. Use a VPN to encrypt your internet connection and prevent your data from being stolen when using public networks. bitdefender‘s VPN service offers secure, encrypted connections that protect your online activity from prying eyes.

  1. Limit Third-Party App Access

Many social media platforms allow you to log in to third-party applications. However, every app you allow to access your social media accounts increases your risk of exposure to hackers. Regularly check apps that have access to your account and revoke unnecessary permissions.

Continue Reading

Security

Google reCAPTCHA V2 System is a Victim of Huge Controversies

The Google reCAPTCHA V2 system, which we frequently encounter today, is used as an important barrier in terms of internet security. However, recent developments show that artificial intelligence can easily overcome this system. Here is the final point in the struggle between artificial intelligence and reCAPTCHA!

Published

on

The Google reCAPTCHA V2 system, which we frequently encounter today, is used as an important barrier in terms of internet security. However, recent developments show that artificial intelligence can easily overcome this system. Here is the final point in the struggle between artificial intelligence and reCAPTCHA!

A group of researchers from the Swiss Federal Institute of Technology developed Google’s reCAPTCHA V2 system using the image recognition model called YOLO (You Only Look Once). 100% successfully managed to pass. This model is an artificial intelligence algorithm that specializes in recognizing objects. By training this model with a dataset of 14 thousand traffic images, the researchers achieved a perfect result in visual verification tests.

Google reCAPTCHA V2 System: Motorcycle and Fire Hydrant Tests with Artificial Intelligence

The model used in the research was a bicycle, fire hydrant, objects such as motorcycles It was very effective in recognition tasks. Although similar successes were achieved in previous studies, reaching a 100% accuracy rate in this project was a remarkable development. This clearly shows that artificial intelligence has reached a point where it can overcome CAPTCHA systems without difficulty.

Google reCAPTCHA V2 system

reCAPTCHA V2 was based exclusively on visual verification tests and is still actively used by many websites around the world. Although Google Like reCAPTCHA V3 Although it has moved on to more advanced systems, widespread use of V2 continues. For this reason, artificial intelligence defeating V2 is considered a serious threat to internet security.

Google reCAPTCHA V2 System: YOLO’s ability to run on low hardware is a great advantage

The YOLO model can work effectively not only on high-performance devices but also on low-end devices. This makes the power of artificial intelligence suitable for use at all levels. Researchers also This artificial intelligence model They also state that they have taken various additional precautions, such as preventing people from constantly logging in from the same IP address.

This development raises big questions about the security of CAPTCHA systems. Artificial of intelligence As it becomes more powerful day by day, it is a matter of curiosity how secure such security systems will remain in the future.

Continue Reading

Trending

Copyright © 2022 RAZORU NEWS.
Project by V