Google Ads were weaponized in a way that made them appear like any other ad – Allowed hackers to infect computers with malware via a single click.
https://www.bleepingcomputer.com/news/security/hackers-abuse-google-ads-to-spread-malware-in-legit-software/
Hackers have weaponized Google Ads to spread malware to unsuspecting users by disguising them as regular ads. They do this by cloning the official websites of popular software products, such as Grammarly, Audacity, μTorrent, and OBS, and distributing trojanized versions of the software when users click the download button. This tactic allows hackers to infect users’ computers with malware through a single click.
Google Ads, also known as Google AdWords, is a platform provided by Google that allows businesses and individuals to create and display online advertisements on various websites and platforms across the internet, including Google’s own search engine results pages. Advertisers can create and target ads based on keywords, demographics, interests, and other factors to reach potential customers. The ads are typically displayed as text, images, or video and can be tailored to specific audiences. Advertisers pay for the ads on a pay-per-click or pay-per-impression basis, depending on the specific ad format chosen.
++++++++
Identifying People Using Cell Phone Location Data
https://www.schneier.com/blog/archives/2023/01/identifying-people-using-cell-phone-location-data.html
The use of cell phone location data is a powerful tool for identifying individuals, as demonstrated in the case of the recent power station attacks. Court documents reveal that investigators were able to quickly identify suspects Greenwood and Crahan by analyzing cell phone data that placed them near the scene of all four attacks. It is important to note that this type of surveillance can be highly effective, as even turning off one’s cell phone would likely not be enough to evade detection in this instance. Given the widespread use of cell phones, it is likely that a small number of individuals in the Washington area were in the vicinity of the attacks and had their phones turned off during that time, making them easy to investigate.
++++++++
WhatsApp Was Hacked By an Israeli Company – US Supreme Court Allows WhatsApp to Sue NSO Group
https://www.infosecurity-magazine.com/news/us-supreme-court-whatsapp-to-sue/
On Monday, the US Supreme Court cleared the way for WhatsApp to take legal action against NSO Group, an Israeli surveillance firm, for allegedly installing the Pegasus spyware on approximately 1400 devices where the messaging app was also installed. The court’s ruling allows WhatsApp to seek damages for the harm caused by the unauthorized installation of the spyware. It is yet to be seen if this case will set a precedent for further litigation regarding “cyber weapons” and outsourced operations, but it raises concerns about private companies being used as a cover for governments that are not necessarily allied with the West, according to Barratt.
++++++++
Identity Thieves Bypassed Experian Security to View Credit Reports
https://krebsonsecurity.com/2023/01/identity-thieves-bypassed-experian-security-to-view-credit-reports/
Identity thieves have been taking advantage of a significant vulnerability on the website of Experian, one of the major credit reporting bureaus. Typically, Experian requires individuals requesting a copy of their credit report to answer multiple-choice questions about their financial history. However, until the end of 2022, Experian’s website had a vulnerability that allowed anyone to bypass these questions and directly access the consumer’s credit report by simply providing their name, address, birthday and Social Security Number. The security weakness was discovered as the crooks figured out they could manipulate Experian’s identity verification process by altering the address displayed in the browser’s URL bar at a specific point in the process.