CyberSecurityBoard
Sponsor Register Login

Google Ads Displaying Phishing Sites for Amazon Web Services in Search Results

A recent phishing campaign that is targeting Amazon Web Services logins has been discovered by Sentinel Labs. The malicious search results were seen on January 30, 2023, and the bad ads were ranked second when searching for Aws, right behind Amazon's own promoted search result. The attackers initially linked the ad directly to the phishing page, but later added a redirection step to try and avoid detection by Google's ad fraud detection systems. This redirection takes the victim to a website that looks like a legitimate vegan food blog, but is actually under the attackers control. From there, the victim is taken to a fake AWS login page that is made to look authentic. The page also has a JavaScript function that disables right clicks, middle mouse buttons, and keyboard shortcuts, likely to prevent the victim from navigating away from the page. The Whois details used for registering the domains point to a Brazilian person, and the JavaScript code comments and variables are in Portuguese. Sentinel Labs reported the abuse to CloudFlare, who quickly shut down the account, but the malicious Google Ads remain. Google Ads have been abused by cybercriminals lately as an alternative way to reach potential victims, and have been used for phishing password manager accounts, ransomware deployment, and malware distribution. Last week, Sentinel Labs discovered a campaign that uses virtualization technology together with Google Ads to spread malware that is harder to detect by antivirus tools.

This Cyber News was published on www.bleepingcomputer.com. Publication date: Thu, 09 Feb 2023 18:37:03 +0000


Cyber News related to Google Ads Displaying Phishing Sites for Amazon Web Services in Search Results

9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
6 months ago Esecurityplanet.com
Frustration grows over Google's AI Overviews feature, how to disable - Since Google enabled its AI-powered search feature, many people have tried and failed to disable the often incorrect AI Overviews feature in regular search results. When you're signed into Google and search for general topics like how to install one ...
1 month ago Bleepingcomputer.com
ACM will no longer cross sign certificates with Starfield Class 2 starting August 2024 - AWS Certificate Manager is a managed service that you can use to provision, manage, and deploy public and private TLS certificates for use with Elastic Load Balancing, Amazon CloudFront, Amazon API Gateway, and other integrated AWS services. Starting ...
1 week ago Aws.amazon.com
Spear Phishing vs Phishing: What Are The Main Differences? - Almost half of them used phishing to obtain the passwords of users. Highly targeted phishing campaigns against specific individuals or types of individuals are known as spear phishing. It's important to be able to spot phishing in general. For ...
4 months ago Techrepublic.com
Master the Art of Data Security - As we step further into the digital age, the importance of data security becomes increasingly apparent. As with all data storage services, it's crucial to ensure that the data stored on Amazon S3 is secure, particularly when it's 'at rest'-that is, ...
7 months ago Feeds.dzone.com
Crypto drainer steals $59 million from 63k people in Twitter ad push - Google and Twitter ads are promoting sites containing a cryptocurrency drainer named 'MS Drainer' that has already stolen $59 million from 63,210 victims over the past nine months. According to blockchain threat analysts at ScamSniffer, they ...
6 months ago Bleepingcomputer.com
Cisco Foundation Grantees prioritize Indigenous leadership to protect the Amazon Basin - This is the first of our three-part series on Cisco Foundation grantees working in the Amazon and South America region. This series will introduce you to eight Cisco Foundation Climate Impact & Regeneration grantees working to support preservation ...
5 months ago Feedpress.me
Ahead of Regulatory Wave: Google's Pivotal Announcement for EU Users - Users in the European Union will be able to prevent Google services from sharing their data across different services if they do not wish to share their data. Google and five other large technology companies must comply with the EU's Digital Markets ...
5 months ago Cysecurity.news
Google Ads Displaying Phishing Sites for Amazon Web Services in Search Results - A recent phishing campaign that is targeting Amazon Web Services logins has been discovered by Sentinel Labs. The malicious search results were seen on January 30, 2023, and the bad ads were ranked second when searching for Aws, right behind Amazon's ...
1 year ago Bleepingcomputer.com
The Dark Side of Digital Reading: E-Books as Corporate Surveillance Tools - Americans are reading digital books at a rate of three out of ten. In a market where the majority of readers are subject to both Big Publishing's greed and those of Big Tech, it is no surprise that these readers are subject to both the greed of Big ...
6 months ago Cysecurity.news
WordPress hosting service Kinsta targeted by Google phishing ads - WordPress hosting provider Kinsta is warning customers that Google ads have been observed promoting phishing sites to steal hosting credentials. Kinsta says the phishing attacks aim to steal login credentials for MyKinsta, a key service the company ...
6 months ago Bleepingcomputer.com
Microsoft again bothers Chrome users with Bing popup ads in Windows - Microsoft is once again harassing Google Chrome users on Windows 10 and Windows 11 with popup desktop advertisements promoting Bing and its GPT-4 Bing Chat platform. Due to the quality of the pixelated ads, some who received them were concerned that ...
3 months ago Bleepingcomputer.com
30 Best Cyber Security Search Engines - In recent years, several search engines have been developed that are primarily focused on cyber security. In today's era, having all the necessary resources and search tools related to cyber security is crucial to staying protected against emerging ...
3 days ago Cybersecuritynews.com
Rundown of Security News from AWS re:Invent 2023 - Amazon Web Services has been unveiling a steady stream of announcements during its AWS re:Invent 2023 event in Las Vegas this week. The focus over the four days, as expected, is on AI as AWS strives to show that its offerings can match - or surpass - ...
7 months ago Darkreading.com
Amazon Prime Video Ads 5 February - Adverts will start appearing for UK users of Amazon Video Prime on 5 February 2024, unless extra fee is paid. Amazon has confirmed that adverts will begin appearing for UK customers of the Amazon Prime Video service in early 2024. In an email to UK ...
6 months ago Silicon.co.uk
Flipping the BEC funnel: Phishing in the age of GenAI - For years, phishing was just a numbers game: A malicious actor would slap together an extremely generic email and fire it out to thousands of recipients in the hope that a few might take the bait. Common among these new techniques was a shift towards ...
5 months ago Helpnetsecurity.com
Google Ads Invite Being Abused to Push Spam & Adult Sites - Google Ads has become another way for malicious actors to spread spam and adult sites. Recent reports have highlighted that fraudsters are abusing Google Ads invites to push their malicious content. Google Ads is Google's advertising platform, and ...
1 year ago Bleepingcomputer.com
What SOCs Need to Know About Water Dybbuk - According to the Federal Bureau of Investigation, BEC costs victims more money than ransomware, with an estimated US$2.4 billion being lost to BEC in the US in 2021. Recently, BEC scammers have been using stolen accounts from legitimate Simple Mail ...
1 year ago Trendmicro.com
Google Cloud Next 2024: New Data Center Chip Joins Ecosystem - Google Cloud announced a new enterprise subscription for Chrome and a bevy of generative AI add-ons for Google Workspace during the Cloud Next '24 conference, held in Las Vegas from April 9 - 11. Overall, Google Cloud is putting its Gemini generative ...
2 months ago Techrepublic.com
Amazon sues REKK fraud gang that stole millions in illicit refunds - Amazon's Customer Protection and Enforcement team has taken legal action against an underground store refund scheme that has resulted in the theft of millions of dollars worth of products from Amazon's online platforms. This lawsuit targets 20 ...
6 months ago Bleepingcomputer.com
USPS Delivery Phishing Scam Exploits SaaS Providers to Steal Data - A new USPS Delivery Phishing Scam has surfaced, in which scammers are exploiting Freemium Dynamic DNS and SaaS Providers to steal victims' login credentials and other data. Cybersecurity researchers at Bloster AI have uncovered a new USPS Delivery ...
6 months ago Hackread.com
A Handbook for Managing Containers on Amazon Web Services - Container management is a way to help you create, govern, and maintain your containers. There are tools and services available that can automate the creation, deployment, maintenance, scaling, and monitoring of application or system containers. In ...
1 year ago Trendmicro.com
Combat Phishing Attacks With AI-Powered Threat Protection - According to statistics, 81% of organizations have seen an increase in phishing emails since 2020, with an estimated 3.4 billion emails sent every day. AI-generated phishing emails are a sophisticated and evolving cybersecurity threat. ...
4 months ago Gbhackers.com
Fake KeePass site uses Google Ads and Punycode to push malware - A Google Ads campaign was found pushing a fake KeePass download site that used Punycode to appear as the official domain of the KeePass password manager to distribute malware. Google has been battling with ongoing malvertising campaigns that allow ...
7 months ago Bleepingcomputer.com
Hackers Stolen Over $58 Million Crypto Via Malicious Google Ads - Threat actors targeting crypto wallets for illicit transactions have been in practice for quite some time. Threat actors have been using Wallet Drainers for such cybercrime activities, which have seen great success in recent years. Several techniques ...
6 months ago Gbhackers.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)