Google..

Google Ads were weaponized in a way that made them appear like any other ad – Allowing hackers to infect computers with malware via a single click.

https://www.bleepingcomputer.com/news/security/hackers-abuse-google-ads-to-spread-malware-in-legit-software/

Malware operators have been increasingly abusing the Google Ads platform to spread malware to unsuspecting users searching for popular software products such as Grammarly, Audacity, μTorrent, and OBS. The threat actors clone the official websites of these projects and distribute trojanized versions of their software when users click the download button.

Surveillance…

Identifying People Using Cell Phone Location Data

https://www.schneier.com/blog/archives/2023/01/identifying-people-using-cell-phone-location-data.html

According to court documents, the investigators identified Greenwood and Crahan almost immediately after the attacks took place by using cell phone data that allegedly showed both men in the vicinity of all four substations.

You can do a lot of surveillance if you can follow everyone, everywhere, all the time. I don’t even think turning your cell phone off would help in this instance. How many people in the Washington area turned their phones off during precisely the times of the Washington power station attacks? Probably a small enough number to investigate them all.

++++++++

WhatsApp Was Hacked By an Israeli Company – US Supreme Court Allows WhatsApp to Sue NSO Group

https://www.infosecurity-magazine.com/news/us-supreme-court-whatsapp-to-sue/

The US Supreme Court gave the green light on Monday for WhatsApp to pursue a lawsuit against NSO Group, the Israeli surveillance company, for installing the Pegasus spyware on roughly 1400 devices where WhatsApp was also installed.

More specifically, the court has ruled that WhatsApp is allowed to sue for damages ensued by the malicious installation of the spyware.

“Whether or not it will lead to further rulings on ‘cyber weapons’ or these outsourced operations remains to be seen, but private companies could very quickly end up being a proxy for plausible deniability of other governments that are not clear allies of the West,” Barratt added.

Vulnerabilities…

Identity Thieves Bypassed Experian Security to View Credit Reports

https://krebsonsecurity.com/2023/01/identity-thieves-bypassed-experian-security-to-view-credit-reports/

Identity thieves have been exploiting a glaring security weakness in the website of Experian, one of the big three consumer credit reporting bureaus. Normally, Experian requires those seeking a copy of their credit report to successfully answer several multiple choice questions about their financial history. But until the end of 2022, Experian’s website allowed anyone to bypass these questions and go straight to the consumer’s report. All that was needed was the person’s name, address, birthday, and Social Security number.

Kushnir said the crooks learned they could trick Experian into giving them access to anyone’s credit report just by editing the address displayed in the browser URL bar at a specific point in Experian’s identity verification process.

++++++++

CISA orders agencies to patch Exchange bug abused by ransomware gang

https://www.bleepingcomputer.com/news/security/cisa-orders-agencies-to-patch-exchange-bug-abused-by-ransomware-gang/

Organizations with on-premises Microsoft Exchange servers are advised to deploy the latest Exchange security updates immediately (with November 2022 being the minimum patch level) or disable Outlook Web Access (OWA) until they can apply CVE-2022-41080 patches.

The second vulnerability CISA added to its Known Exploited Vulnerabilities (KEV) catalog is a privilege escalation zero-day (CVE-2023-21674) in the Windows Advanced Local Procedure Call (ALPC), tagged as being exploited in attacks and patched by Microsoft during this month’s Patch Tuesday.

++++++++

Threat actors use known Excel vulnerability

https://www.techrepublic.com/article/cisco-talos-xll-excel-vulnerability/

Microsoft Office files, particularly Excel and Word files, have been targeted by some cybercriminals for a long time. Through different techniques, attackers have used embedded Visual Basic for Applications macros to infect computers with different kinds of malware for cybercrime and cyberespionage.

In most cases, users still needed to click their agreement when executing code inside those applications. Still, some social engineering tricks have enticed unsuspecting victims to click and allow the execution of the malicious macros themselves. Launching malware is also possible to directly exploit vulnerabilities without any user interaction.

Glassdoor…

Apple and Meta are not on Glassdoor’s 100 Best Places to Work list for the first time in over a decade.

https://www.cnbc.com/2023/01/11/apple-and-meta-dropped-off-glassdoors-100-best-places-to-work-list-.html

For years, Apple and Meta have been deemed the creme de la creme of tech companies, with employees raving about their culture, values, benefits, and perks. But according to new data from Glassdoor, both tech giants no longer stand out as they once did.

As Glassdoor releases its 100 Best Places to Work report of 2023, both companies are absent from the list. Last year, Meta was ranked #47, significantly declining from its #11 spot in 2021. Similarly, Apple came in at #56 last year after being ranked #31 in 2021.