Security News
FTX founder Sam Bankman-Fried's eight-count indictment related to the collapse of his crypto empire has been superseded by a new 12-count indictment unsealed in New York which provide graphic details about the extent the defunct biz paid off politicians. According to the superseding indictment [PDF], SBF "Corrupted the operations of the cryptocurrency companies he founded and controlled through a pattern of fraudulent schemes that victimized FTX customers, investors, financial institutions, lenders and the [FEC]."
Europol has dismantled a Franco-Israeli 'CEO fraud' group that employed business email compromise attacks to divert payments from organizations to bank accounts under the threat actor's control. The fraudsters impersonated CEOs when approaching employees in the target organizations' financial departments and tricked them into performing payments to bank accounts under the scammer's control.
8 suspects arrested Seizures include: electronic equipment and vehicles, about EUR 3 million from Portuguese bank accounts, EUR 1.1 million from Hungarian bank accounts, EUR 600 000 from Croatian bank accounts, EUR 400 000 from Spanish bank accounts, EUR 350 000 in virtual currencies. The total value of the seizures is estimated at about EUR 5.5 million.
The threat actors behind the black hat redirect malware campaign have scaled up their campaign to use more than 70 bogus domains mimicking URL shorteners and infected over 10,800 websites. "The main objective is still ad fraud by artificially increasing traffic to pages which contain the AdSense ID which contain Google ads for revenue generation," Sucuri researcher Ben Martin said in a report published last week.
Samsung classified the bugs as moderate risk and released fixes in version 4.5.49.8 shipped earlier this month. Samsung Galaxy Store, previously known as Samsung Apps and Galaxy Apps, is a dedicated app store used for Android devices manufactured by Samsung.
Researchers have shut down an "Expansive" ad fraud scheme that spoofed more than 1,700 applications from 120 publishers and impacted roughly 11 million devices. "VASTFLUX was a malvertising attack that injected malicious JavaScript code into digital ad creatives, allowing the fraudsters to stack numerous invisible video ad players behind one another and register ad views," fraud prevention firm HUMAN said.
A massive ad fraud operation dubbed 'Vastflux' that spoofed more than 1,700 applications from 120 publishers, mostly for iOS, has been disrupted by security researchers at cybersecurity company HUMAN. The operation's name was derived from the VAST ad-serving template and the "Fast flux" evasion technique used to conceal malicious code by rapidly changing a large number of IP addresses and DNS records associated with a single domain. The research team at HUMAN discovered Vastflux while investigating a separate ad fraud scheme.
In this Help Net Security video, André Ferraz, CEO at Incognia, discusses the impact of location spoofing and location-based fraud. Any tool that enables users to alter the location information given by their device is known as location spoofing.
Bots continue to evolve and thrive at the expense of companies. Kasada's research shows revenue loss from bot-driven account fraud and web scraping continues to skyrocket, despite companies spending more on bot mitigation solutions every year.
A massive advertising fraud campaign using Google Ads and 'popunders' on adult sites is estimated to have generated millions of ad impressions on stolen articles, making the fraudsters an estimated $275k per month. The campaign was discovered by Malwarebytes, who reported it to Google and took it down for violating policies forbidding Google Ads on adult sites.