Security News
Operators of high-yielding investment scams known as "Pig butchering" have found a way to bypass the defenses in Google Play and Apple's App Store, the official repositories for Android and iOS apps. After gaining the victims' trust, the scammers say that they have an uncle working for a financial analysis firm and launch an invitation to trade cryptocurrency via an app on Play Store or App Store.
A new category of activity tracking applications has been having massive success recently on Google Play, Android's official app store, having been downloaded on over 20 million devices. Dr. Web says all three apps communicate with the same remote server address, indicating a common operator/developer.
Google's Threat Analysis Group has burned more than 50,000 spammy fake news stories and other content posted by the pro-China 'Dragonbridge' gang. Meta and Twitter have also removed fake content from China that looks and sounds very similar to Dragonbridge's efforts.
Bitwarden and other password managers are being targeted in Google ads phishing campaigns to steal users' password vault credentials. Unless you use a local password manager, like KeePass, most password managers are cloud-based, allowing users to access their passwords through websites and mobile apps.
Google's Threat Analysis Group terminated tens of thousands of accounts linked to a group known as "Dragonbridge" or "Spamouflage Dragon" that is disseminating pro-Chinese disinformation across multiple online platforms. According to Google, Dragonbridge gets new Google Accounts from bulk account sellers, and, in some instances, they've even switched to accounts previously used by financially motivated actors repurposed for posting disinformation videos and blogs.
Google on Thursday disclosed it took steps to dismantle over 50,000 instances of activity orchestrated by a pro-Chinese influence operation known as DRAGONBRIDGE in 2022. "Most DRAGONBRIDGE activity is low quality content without a political message, populated across many channels and blogs," the company's Threat Analysis Group said in a report shared with The Hacker News.
A threat actor tracked as DEV-0569 uses Google Ads in widespread, ongoing advertising campaigns to distribute malware, steal victims' passwords, and ultimately breach networks for ransomware attacks. While there appear to be many threat actors abusing the Google Ads platform to distribute malware, two particular campaigns stand out, as their infrastructure was previously associated with ransomware attacks.
The U.S. Justice Department has filed a federal lawsuit today against Google for abusing its dominant position in the online advertising market. The U.S. government alleges that Google used acquisitions of other companies in the ad market to remove competitors and forced advertisers and publishers to use its services using its control over the ad tech services.
Cacti servers under attack by attackers exploiting CVE-2022-46169If you're running the Cacti network monitoring solution and you haven't updated it since early December, now is the time to do it to foil attackers exploiting a critical command injection flaw. PoC for critical ManageEngine bug to be released, so get patching!If your enterprise is running ManageEngine products that were affected by CVE-2022-47966, check now whether they've been updated to a non-vulnerable version because Horizon3 will be releasing technical details and a PoC exploit this week.
The FBI has recently warned the public about search engine ads pushing malware diguised as legitimate software - an old tactic that has lately resulted in too many malicious ads served to users searching for software, cracked software, drivers - anything that can be downloaded, really - via Google and Bing. The malicious ads often manage to be the first link users see when searching for software on Google, and point to a domain that resembles the original software manufacturer's page.