January 24, 2023
Good morning, everyone!
This week’s critical vulnerabilities:
Patch All the Things!
Google Ads feature fake websites, used to deliver malware
I know we've talked before about the importance of consulting original sources of information. This week's news reinforces this advice.
Several security researchers have reported a rapid increase, in recent weeks, in the number of Google Ads pointing to fake sites hosting malware. I've read several reports of as many as five Google Ads showing up above an organic search result, where every single one of them was pointing to a fake website.
Especially prevalent right now, cyber criminals are hosting infected versions of popular free and open-source software, including tools like VLC, 7-Zip, CCleaner, Audacity, OBS, NotePad++ and more, hosting them on websites and paying for Google Ads to push them. It's happening even to tech-savvy people (when they aren't careful):
Over the weekend, crypto influencer Alex, better known by their online persona NFT God, was hacked after launching a fake executable for the Open Broadcaster Software (OBS) video recording and live streaming software they had downloaded from a Google ad in search results.
And, hey, it's not just Google Ads, right? Cyber criminals routinely attack engines that serve advertisements to multiple online sites. This advice goes for ANY online advertisement.
How do you protect yourself?
(1) Check the URL of any website before clicking on a link. On a desktop computer, hover your mouse over the link. On a mobile device, press and hold the link. In both cases, the true destination of that link will show up in a popup, so you can see where that link will really take you. If the domain name doesn't look familiar, or anything looks suspicious, look for another way (an original source!) to get what you need.
(2) Download only from known, safe sites. If you routinely use a free software package, bookmark the developer's website so you can get updates with confidence. Sign up for his/her newsletter to get notified of updates and clean links to download.
(3) Consider using an ad blocker. I'm not a huge fan of ad blockers for work computers, because they do block legitimate functions pretty regularly, but for home computers, yes, definitely, using an ad blocker can protect against malicious downloads, especially when less-than-savvy users are surfing the web for fun.
Stay safe online this (and every) week!
Have a great week!
Security Awareness Training Available Here, There, Everywhere!
Thanks to COVID-19, lots of things went virtual, including my employee Security Awareness Training. Live training made a comeback a few months ago, but many organizations are retreating. No worries. Wherever you and your employees may be, I can deliver an interesting and informative training session in whatever format you prefer.
Contact me to schedule your employee training sessions. They're fun! ☺