GO-2022-0794 Weave Net clusters susceptible to MitM attacks via IPv6 rogue router advertisements in github.com/weaveworks/weave

Weave Net clusters susceptible to MitM attacks via IPv6 rogue router advertisements in github.com/weaveworks/weave...

Malicious ad for USPS fishes for banking credentials

We often think of malvertising as being malicious ads that push malware or scams, and quite rightly so these are probably the most common payloads. However, malvertising is also a great vehicle for phishing attacks which we usually see more often via spam emails. Threat actors continue to abuse a...

Google sponsored ads lead to rogue imitation sites

Theres a big push in rogue advert land at the moment, with multiple forms of bogus websites being used as bait to rob people of their logins and funds. This story first came to light a few days ago, with news of a well known cryptocurrency fan "NFT God" being caught out by a bogus video recording...

A week in security (April 25 – May 1)

Last week on Malwarebytes Labs: Why MITRE matters to SMBs Apple’s child safety features are coming to a Messages app near you Why software has so many vulnerabilities, with Tanya Janca: Lock and Code S03E09 Watch out for this SMS phish promising a tax refund Rogue ads phishing for cryptocurrency:...

Steer clear of gift card balance scams

Rogue ads are a problem-causing menace which can strike in many ways. Malvertising often uses a combination of exploits to drop malware. Phishing campaigns get the job done with social engineering and bogus websites. This particular incident is an example of the latter, and a good reminder to be...

Malvertising Campaign On Google Distributed Trojanized AnyDesk Installer

Cybersecurity researchers on Wednesday publicized the disruption of a "clever" malvertising network targeting AnyDesk that delivered a weaponized installer of the remote desktop software via rogue Google ads that appeared in the search engine results pages. The campaign, which is believed to have...