Malicious Ads in Search Results Are Driving New Generations of Scams

source: wired.com (contributed by Artemus founder, Bob Wallace)  |  image: pixabay.com

 

The scourge of “malvertising” is nothing new, but the tactic is still so effective that it’s contributing to the rise of investment scams and the spread of new strains of malware.

MALICIOUS DIGITAL ADVERTISEMENTS and “SEO poisoning” that gets those ads to prime spots in search results have been mainstays of the digital scamming ecosystem for years. But as online crime evolves and malicious trends like “pig butchering” investment scams and infostealing malware proliferate, researchers say that so-called “malvertising” is still a key technique for scammers—and still a growing problem. Continue reading “The scourge of “malvertising” is nothing new…”

Chinese tech firm founded by Huawei veterans in the FBI’s crosshairs

source: reuters.com (contributed by Steve Page)  |  image: fbi.gov

 

WASHINGTON, Jan 16 (Reuters) – The U.S. Commerce Department and FBI are both investigating a little-known telecoms hardware firm founded by senior Huawei veterans in China over possible security risks, sources and documents show.
Founded in 2014, Baicells Technologies opened a North American business the next year in Wisconsin and has since provided telecoms equipment for 700 commercial mobile networks across every U.S. state, according to its website.
The Commerce Department is investigating Baicells on national security grounds and has sent subpoenas to the company, four people said. The U.S. telecoms regulator, the Federal Communications Commission (FCC), is advising it on its review, two of the people said.
The FBI’s interest in its equipment and Chinese origins dates back to at least 2019.

Continue reading “Chinese tech firm founded by Huawei veterans in the FBI’s crosshairs”

Chinese hackers infiltrated US Treasury Secretary’s PC — attackers had access to over 400 PCs

source: tomshardware.com (contributed by Steve Page)  |  image: pexels.com 

 

As reported last week, Chinese hackers infiltrated the U.S. Department of Treasury and gained access to several users’ workstations. However, according to Bloomberg, the infiltration was more severe than initially reported, as hackers managed to access systems belonging to Secretary Janet Yellen and other top officials.

Malicious Ads in Search Results Are Driving New Generations of Scams
source: wired.com  |  image: pixabay.com
view source article
 
The scourge of “malvertising” is nothing new, but the tactic is still so effective that it’s contributing to the rise of investment scams and the spread of new strains of malware.

Malicious digital advertisements and “SEO poisoning” that gets those ads to prime spots in search results have been mainstays of the digital scamming ecosystem for years. But as online crime evolves and malicious trends like “pig butchering” investment scams and infostealing malware proliferate, researchers say that so-called “malvertising” is still a key technique for scammers—and still a growing problem.

Instances of malvertising in the US were up 42 percent month-over-month in fall 2023 and increased another 41 percent from July to September of this year, according to data from the security firm Malwarebytes. The company says that scammers typically cycle through the advertising accounts used for malvertising quickly, and 77 percent of the accounts are only used once. The bulk of the activity, though, traces back to South Asia and Southeast Asia, Malwarebytes says, with 90 percent of the ad fraud coming from Pakistan and Vietnam, according to the researchers’ telemetry. But as with many components of the digital crime ecosystem, malvertising is often offered as a service where cybercriminals from around the world can purchase ads that distribute their malware or lead potential victims to a malicious website of their choosing. Continue reading “Malicious Ads in Search Results Are Driving New Generations of Scams”

FBI Warns Smartphone Users—Hang Up And Create A Secret Word Now

source: forbes.com (contributed by Artemus founder, Bob Wallace)  |  image: fbi.gov

 

Update, Dec. 07, 2024: This story, originally published Dec. 05, now includes details of innovative technological solutions for smartphone users looking to protect themselves from the kinds of AI-generated scams the FBI has warned about. An update on Dec. 06 added details on reporting smartphone crime to the FBI along with additional input from security experts.

The use of AI in smartphone cyber attacks is increasing as recent reports have revealed; from tech support scams targeting Gmail users to fraudulent gambling apps and sophisticated biometric protection-busting banking fraud to name but a few. Now the Federal Bureau of Investigations has issued a public service announcement warning of how generative AI is being used to facilitate such fraud and advising smartphone users to hang up and create a secret word to help mitigate these cyber attacks. Here’s what the FBI warned you must do.

FBI Warns Of Generative AI Attacks Against Smartphone Users

In public service alert number I-120324-PSA, the FBI has warned of cyber attackers increasingly looking to generative AI to commit fraud on a large scale and increase the believability of their schemes. “These tools assist with content creation and can correct for human errors that might otherwise serve as warning signs of fraud,” the FBI said. Given that, as the FBI admits, it can be difficult to tell what is real and what is AI-generated today, the public service announcement serves as a warning for everyone when it comes to what to look out for and how to respond to mitigate the risk. Although not all the advice is aimed directly at smartphone users, given that this remains a primary delivery mechanism for many AI deepfake attacks, especially those using both facial and vocal cloning, it is this advice that I am focusing on.

Continue reading “FBI Warns Smartphone Users…”

A New Phone Scanner That Detects Spyware Has Already Found 7 Pegasus Infections

source: wired.com (contributed by FAN, Steve Page)  |  image: unsplash.com

 

The mobile device security firm iVerify has been offering a tool since May that makes spyware scanning accessible to anyone—and it’s already turning up victims.

IN RECENT YEARS, commercial spyware has been deployed by more actors against a wider range of victims, but the prevailing narrative has still been that the malware is used in targeted attacks against an extremely small number of people. At the same time, though, it has been difficult to check devices for infection, leading individuals to navigate an ad hoc array of academic institutions and NGOs that have been on the front lines of developing forensic techniques to detect mobile spyware. On Tuesday, the mobile device security firm iVerify is publishing findings from a spyware detection feature it launched in May. Of 2,500 device scans that the company’s customers elected to submit for inspection, seven revealed infections by the notorious NSO Group malware known as Pegasus. Continue reading “Phone Scanner That Detects Spyware”

FBI Warns iPhone And Android Users—Stop Sending Texts

source: forbes.com (contributed by FAN, Steve Page  |  image: pexels.com

 

Republished on December 6 as new cybersecurity regulations are proposed, and with further warnings following the FBI’s encrypted communications push.

Timing is everything. Just as Apple’s adoption of RCS had seemed to signal a return to text messaging versus the unstoppable growth of WhatsApp, then along comes a surprising new hurdle to stop that in its tracks. While messaging Android to Android or iPhone to iPhone is secure, messaging from one to the other is not.

The network cyberattacks, attributed to Salt Typhoon, a group associated with China’s Ministry of Public Security, has generated heightened concern as to the vulnerabilities within critical U.S. communication networks. The reality is different. Without fully end-to-end encrypted messaging and calls, there has always been a potential for content to be intercepted. That’s the entire reason Apple, Google and Meta advise its use, highlighting the fact that even they can’t see content. Continue reading “FBI Warns iPhone And Android Users—Stop Sending Texts”

Rising Threat of China’s Volt Typhoon

image - china tech

source: axios.com (contributed by FAN, Bill Amshey)  |  Image: pexels.com

 

Notorious China-linked hackers known for burrowing deep into U.S. infrastructure are back, according to a report out today.

Why it matters: The resurgence shows that the Chinese government isn’t backing down from its quest to infiltrate American utilities in preparation for a potential destructive cyberattack.

Zoom in: The research team at SecurityScorecard, a cyber risk assessment company, says it has noticed Volt Typhoon moving traffic through a set of compromised routers in New Caledonia, an island nation off the coast of Australia, as recently as September.

  • Global law enforcement disrupted a significant portion of Volt Typhoon’s botnet in January, but the group quickly set up new servers.
  • However, actual movement across these servers hadn’t been seen until September, according to the report.
  • Routing through New Caledonia gives the hackers a “silent bridge” to hide traffic moving between the Asia-Pacific region and the Americas, the report says. Continue reading “Rising Threat of China’s Volt Typhoon”

Say Goodbye to Passwords

source: fastcompany.com  |  image: pixabay.com

 

Passkey adoption is up, and problems are being fixed.

It’s been a couple of years since Apple, Google, and Microsoft started trying to kill the password, and its demise seems more likely than ever.

In 2022, all three companies embraced an alternative called passkeys, which sync securely between your devices and are protected by face recognition, a fingerprint, or a PIN. The thinking goes that if you don’t have to remember a password—or even create one in a password manager—you’re less likely to fall prey to phishing scams. And if websites don’t have to store their customers’ passwords anymore, security breaches won’t be as disastrous. Continue reading “Say Goodbye to Passwords”

Security News This Week: The FBI Made a Crypto Coin Just to Catch Fraudsters

source: wired.com  |  image: fbi.gov

 
/ NexFundAI, the FBI’s Ethereum-based token, was used to investigate price manipulation in crypto markets.

The FBI created a cryptocurrency as part of an investigation into price manipulation in crypto markets, the government revealed on Wednesday. The FBI’s Ethereum-based token, NexFundAI, was created with the help of “cooperating witnesses.”

As a result of the investigation, the Securities and Exchange Commission charged three “market makers” and nine people for allegedly engaging in schemes to boost the prices of certain crypto assets. The Department of Justice charged 18 people and entities for “widespread fraud and manipulation” in crypto markets. Continue reading “Security News This Week: The FBI Made a Crypto Coin Just to Catch Fraudsters”