Threat actors using Google Ads to lure people to fake Kinsta pages in an effort to steal hosting credentials. Be careful of where you click, even on "trusted" pages like Google search results.
Generally, it's best to avoid clicking on sites in the sponsored results of Google (or any search engine, really).
Using an adblocker prevents this section from loading in most cases.
A couple weeks back we noticed an uptick of incidents from trojanized Advanced IP Installer's delivered due to #malvertising. We tied it back to a group who were formerly a #darkside#ransomware affiliate according to Mandiant.
You may remember articles circulating about Bing's AI providing malvertising links. This is from the same campaign.
Hey @leo glad to hear in the latest episode of #securitynow :steve: (Episode 949) that #adblock is not just a way of reducing annoyance but also a #security feature because of the proliferation of #malvertising.
I say all the time on here that using an #adblocker is a way of protecting yourself because ad delivery platforms are a huge vector for malware and #phishing. This would be largely fixable if the owners of these platforms cared, but they don’t.
Every time I see anyone complain about YouTube or any other media site blocking Adblock users, I see entitled people who refuse to compensate their content creators and hosting providers. I wonder how many of you bother to fund your mastodon fediverse instances.
I often use an adblocker. I get it. I respect anyone who denies to serve me as a result. This is working as intended.
Netflix revenue and subscriber numbers went up after they got real about account sharing anti-freeloader enforcement. Clearly a lot of people admitted that value existed and they had been freeloaders just because they could.
@gpshead@brettcannon I have a hard time sympathizing with this, because adblocking is also a security feature. Online ads remain one of the most prevalent delivery vectors for malware. Often this takes the form of advertisement for software -> download site purportedly serving installer for said software -> installer executes malicious code.
For this reason, a lot of corporate IT environments push out adblock extensions to browser installations on endpoint machines, or do DNS-based blocking. Therefore, using an adblocker often isn't even the choice of the end user; it's something that's mandated by their IT department on their work computer.
CISA and NSA both have public advisories highlighting this issue, and recommending that organizations deploy adblockers. Note that in their advisories, they explicitly mention the ability of malicious actors to target advertisements towards specific groups of users or demographics when purchasing ads; this is of course a feature baked in to how modern online advertisements work.
The Associated Press just served me an ad for fake anti-virus. The entire page was taken over, and forwarded to the malicious site, within seconds of opening the news article, every time.
An ad blocker isn't just something to hide some annoying eyesores, it's a vital layer of security.
If you have friends or family who might fall for fake AV or "windows technical the department" scams, they need an ad blocker. No site they visit can be considered "safe" unless it simply doesn't have ads.
🔎 Google-hosted malvertising leads to fake Keepass site that looks genuine
➥Ars Technica
「 There’s no surefire way to detect either malicious Google ads or punycode-encoded URLs. Posting ķeepass[.]info into all five major browsers leads to the imposter site. When in doubt, people can open a new browser tab and manually type the URL, but that’s not always feasible when they’re long 」
Predictably, #microsoft started injecting ads into #openai#gpt4 powered #bingchat conversations…and just as predictably, there is now a huge #malvertising problem in Bing Chat.
It’s actually worse than #malware poisoned advertisements showing up in search engine results for a couple of reasons.
Recently I spent about a week focusing on popular Google search terms and discovered that brand impersonation via malicious ads is still very much a problem.
Facebook Flooded with Ads and Pages for Fake ChatGPT, Google Bard and other AI services, Tricking Users into downloading Malware (blog.checkpoint.com)
Highlights...