HackDig : Dig high-quality web security articles for hacker

Nexus Mods site goes public with “bad ad” report

We cover a lot of Malvertising disasters on this blog, and I’ve previously looked at how many websites will go to war with a user’s ad blockers – or indeed, try to disavow themselves of any harm done through infection (“It wasn’t us, it was the ad provider!”) Today, we have an example of a high traffic website so fed up wi
Publish At:2016-05-17 15:05 | Read:3464 | Comments:0 | Tags:Cybercrime Privacy ad ads adverts malvertising revenue

Gossip Site TMZ, Latest Victim of Malvertising Campaign

The same malvertising campaign we documented last week is still going unabated. The latest large publisher affected by it is celebrity gossip portal TMZ.com which brings in around 30 million visitors to its website every month. The same ad chain pattern from ContextWeb (PulsePoint) to Smarty Ads and eventually various rogue advertisers can be observed. The l
Publish At:2016-02-04 23:50 | Read:4536 | Comments:0 | Tags:Malvertising ads malvertising smartyads

Nuclear EK Leveraged In Large WordPress Compromise Campaign

Security company Sucuri recently noted a spike in WordPress infections, with a large number of sites getting injected with the same malicious scripts. Hacked websites are often used to host spam or perform malicious redirections to exploit kits and this case is no different. What makes it interesting is the volume and singularities that tie it to the same ca
Publish At:2016-02-04 05:45 | Read:3117 | Comments:0 | Tags:Exploits ads exploit exploit kit hack wordpress

Malvertising Campaign via Pop-under Ads Sends CryptoWall 4

We have caught a new malvertising campaign on the PopAds network launching the Magnitude exploit kit via pop-under ads. A pop-under is an ad window that appears behind the main browser window and typically remains open until the user manually closes it. Unsuspecting victims running outdated versions of the Flash Player were immediately infected with the Cryp
Publish At:2016-01-08 02:45 | Read:4791 | Comments:0 | Tags:Malvertising ads cryptowall exploit kit malvertising

Clickjacking Campaign Plays on European Cookie Law

We’ve spotted an advertising campaign that tricks users into clicking on what looks like a notification alert that actually hides a legitimate advert, therefore abusing both the advertiser and the ad network hosting the ad (Google Ads Services). The rogue actors behind this fraudulent activity are cleverly leveraging a European law on the use of cookie
Publish At:2016-01-08 02:45 | Read:3516 | Comments:0 | Tags:Fraud/Scam Alert ads adverts fake fraud Google

Sean Sullivan says look out for extortion, ad blocking in 2016

This is part of a series of posts about what security experts think will happen in 2016. F-Secure Security Advisor Sean Sullivan spends a lot of his time thinking about how people expose themselves to online risks. Whenever you download an app, click on a link, or open an email, there’s potential security problems that most people never even think about. But
Publish At:2015-12-18 18:45 | Read:3685 | Comments:0 | Tags:Online Threats Security ads F-Secure Internet malware protec

Large Number of Adult Sites Distribute Malware Via AdXpansion Malvertising

While malvertising activity on adult sites has been ‘relatively’ quiet for some time, we started picking up dozens of attacks on moderately popular XXX portals, where moderate still means millions of daily visitors. The modus operandi is quite straightforward and facilitated by a compromised Flash advert directly hosted and served by AdXpansion,
Publish At:2015-12-02 22:45 | Read:3430 | Comments:0 | Tags:Malvertising ads adxpansion flash malvertising

Advertising – to block or not to block? (Poll)

I have become pretty immune to advertising on the net. The brain develops an algorithm to locate the relevant content and filter out the junk around it. Frankly speaking, ask me about what ads there were on the page I just visited, and I have no clue. And I believe that’s true for many of us. Except that our internal ad-blockers aren’t perfect. The advertisi
Publish At:2015-10-22 15:05 | Read:4677 | Comments:0 | Tags:Privacy Web ad-blocker adblocker ads advertising Apple Inter

Who is the unknown buyer that bought Adblock Extension

The creator of the popular Adblock Extension made a shocking revelation, the company has been sold to an unknown buyer. Who is and which are the risks? The popular Adblock Extension has been sold to an unknown buyer, Michael Gundlach its creator made the shocking revelation. Michael Gundlach doesn’t provide further det
Publish At:2015-10-04 15:10 | Read:2923 | Comments:0 | Tags:Breaking News Digital ID Adblock Extension ads application s

Forget the personality tests – Ask Facebook instead (Poll)

It’s amazing how advertising can power huge companies. Google has over 57 000 employees and some 66 billion US dollars in revenue. And Facebook with 12 billion and 10 000 employees. These two giants are the best know providers of ad-financed services on the net. And modern advertising is targeted, which means that they must know what the users want to see. W
Publish At:2015-08-13 21:10 | Read:2864 | Comments:0 | Tags:Privacy Social media ad ads advertising Facebook privacy soc

Malvertising campaign hits 10 million users in 10 days

Security Firm Cyphort Labs reported that 10 million users may have been infected in ten days by a malvertising and exploit kit campaign. Nick Bilogorskiy, a security researcher at Cyphort  revealed that 10 million users may have been infected in ten days due to a malvertising and exploit kit campaign. According to the expert t
Publish At:2015-07-29 20:45 | Read:3230 | Comments:0 | Tags:Breaking News Cyber Crime Malware ads Cybercrime Cyphort Hac

Introduction to Alternate Data Streams

What are Alternate Data Streams? Alternate Data Streams (ADS) are a file attribute only found on the NTFS file system. In this system a file is built up from a couple of attributes, one of them is $Data, aka the data attribute. Looking at the regular data stream of a text file there is no mystery. It simply contains the text inside the text file. But that is
Publish At:2015-07-22 23:30 | Read:4273 | Comments:0 | Tags:All Things Dev ads Pieter Arntz powershell streams

Advertising: The Digital Turf War on your Desktop

Hello! Here’s your computer after ten minutes on the Internet: This nightmarish vision of “Buy all the things” is a very old screenshot of mine from many years ago, when ads were in full swing, Adware vendors were happy to cover your screen in wall-to-wall pop ups and ad blockers were still running around in diapers. Ads, ads everywhere: T
Publish At:2015-06-22 19:40 | Read:5505 | Comments:0 | Tags:Privacy ads adverts adware malvertising

Ads on Colouring Pages Website Lead to Installs, Explicit Content

Today we came across a website called “Best Arts Wallpaper Online 2015″ which offers colouring pages intended to be printed / drawn on by the smaller members of your family. The site features Minions (From Despicable Me), My Little Pony, Batman, Mario, Looney Tunes and more – clearly, there’s a wide range of interests on offer. Shall
Publish At:2015-04-27 16:50 | Read:6334 | Comments:0 | Tags:Privacy ads adverts colouring in installs

POLL – How should we deal with harmful license terms?

We blogged last week, once again, about the fact that people fail to read the license terms they approve when installing software. That post was inspired by a Chrome extension that monetized by collecting and selling data about users’ surfing behavior. People found out about this, got mad and called it spyware. Even if the data collection was documented in t
Publish At:2015-04-15 11:21 | Read:4252 | Comments:0 | Tags:Privacy Web ad ads advertising advertizing app apps data per

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud