A week in security (March 16 – March 22)

Last week on Malwarebytes Labs: Could your face change what you pay? NYC wants limits on biometric tracking That "job brief" on Google Forms could infect your device A DarkSword hangs over unpatched iPhones Your tax forms sell for $20 on the dark web Researchers found font-rendering trick to hide...

That “job brief” on Google Forms could infect your device

We've identified a campaign using business-related lures, such as job interviews, project briefs, and financial document, to distribute malware, including the PureHVNC Remote Access Trojan RAT. It's not the malware that's new, but how the attack starts. Instead of the usual phishing email or fake...

A week in security (February 16 – February 22)

Last week on Malwarebytes Labs: Age verification vendor Persona left frontend exposed, researchers say Facebook ads spread fake Windows 11 downloads that steal passwords and crypto wallets AI-generated passwords are a security risk Intimate products maker Tenga spilled customer data Meta patents ...

Job scam uses fake Google Forms site to harvest Google logins

As part of our investigation into a job-themed phishing campaign, we came across several suspicious URLs that all looked like this: https://forms.google.ss-o.com/forms/d/e/uniqueid/viewform?form=opportunitysec&promo= The subdomain forms.google.ss-o.com is a clear attempt to impersonate the...

Following the digital trail: what happens to data stolen in a phishing attack

Introduction A typical phishing attack involves a user clicking a fraudulent link and entering their credentials on a scam website. However, the attack is far from over at that point. The moment the confidential information falls into the hands of cybercriminals, it immediately transforms into a...

EUVD-2022-43174

Malicious code in bioql PyPI...

Scams Based on Fake Google Emails

Scammers are hacking Google Forms to send email to victims that come from google.com. Brian Krebs reports on the effects. Boing Boing post...

How to Lose a Fortune with Just One Bad Click

Image: Shutterstock, iHaMoo. Adam Griffin is still in disbelief over how quickly he was robbed of nearly $500,000 in cryptocurrencies. A scammer called using a real Google phone number to warn his Gmail account was being hacked, sent email security alerts directly from google.com, and ultimately...

CVE-2024-9613

The FormFacade – WordPress plugin for Google Forms plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'userId' and 'publishId' parameters in all versions up to, and including, 1.3.6 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2024-9613

CVE-2024-9613 affects the FormFacade – WordPress plugin for Google Forms. It is a Reflected Cross-Site Scripting vulnerability reachable without authentication, exploitable via the 'userId' and 'publishId' parameters in all versions up to 1.3.6 due to insufficient input sanitization and output es...

CVE-2024-9613 FormFacade – WordPress plugin for Google Forms <= 1.3.6 - Reflected Cross-Site Scripting

The FormFacade – WordPress plugin for Google Forms plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'userId' and 'publishId' parameters in all versions up to, and including, 1.3.6 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2024-9613 FormFacade – WordPress plugin for Google Forms <= 1.3.6 - Reflected Cross-Site Scripting

The FormFacade – WordPress plugin for Google Forms plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'userId' and 'publishId' parameters in all versions up to, and including, 1.3.6 due to insufficient input sanitization and output escaping. This makes it possible for...

Scammers Weaponize Google Forms in New BazarCall Attack

By Waqas BazarCall Evolves: Unraveling the Complexities of Google Forms in the Latest Phishing Tactics! This is a post from HackRead.com Read the original post: Scammers Weaponize Google Forms in New BazarCall Attack...

BazaCall Phishing Scammers Now Leveraging Google Forms for Deception

The threat actors behind the BazaCall call back phishing attacks have been observed leveraging Google Forms to lend the scheme a veneer of credibility. The method is an "attempt to elevate the perceived authenticity of the initial malicious emails," cybersecurity firm Abnormal Security said in a...

A new video series, Google Forms spam and the various gray areas of cyber attacks

I found the juxtaposition of stories on the Talos blog over the past week-plus kind of funny. On one hand, we had a massive story about Arid Viper, a Middle Eastern threat actor spreading spyware, one of the most dangerous types of malware out there right now, operating out of Gaza no less. Then,...

Spammers abuse Google Forms’ quiz to deliver scams

Spammers are exploiting the "Release scores" feature of Google Forms quizzes to deliver email. The emails originate from Googles own servers and consequently may have an easier time bypassing anti-spam protections and finding the victims inbox. Volumes of these messages hovered near noise levels...

WordPress Google Forms plugin cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress Google Forms plug...

CVE-2022-3834

The Google Forms WordPress plugin through 0.95 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2022-3834

The Google Forms WordPress plugin through 0.95 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

Cross site scripting

The Google Forms WordPress plugin through 0.95 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...