fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Warning: Google Alerts Abused To Push Fake Adobe Flash Updater

Warning: Google Alerts Abused To Push Fake Adobe Flash Updater

Threat actors are using Google Alerts to promote a fake Adobe Flash Player updater that installs other unwanted programs on unsuspecting users’ computers.

The threat actors create fake stories with titles containing popular keywords that Google Search then indexes. Once indexed, Google Alerts will alert people who are following those keywords.

When visiting the fake stories using a Google redirect link, as shown below, the visitor will be redirected to the threat actor’s malicious site.

Example Google Alerts link for a fake story

However, if you visit the fake story’s URL directly, the website will state that the page does not exist.

Page does not exist when directly visiting the URL
Page does not exist when directly visiting the URL

This past week, BleepingComputer has been monitoring fake stories being indexed by Google and pushed out by Google Alerts. These have been redirecting users to web pages pushing browser notification spam, unwanted extensions, or fake giveaways, like the Amazon one below.

Also Read: The 3 Main Benefits Of PDPA For Your Business

Fake Amazon giveaway scam
Fake Amazon giveaway scam

Threat actors switch to a new campaign

This weekend, BleepingComputer observed the fake news stories redirecting to a new campaign that states your Flash Player is outdated and then prompts you to install an updater.

Website stating Flash Player needs to be updated
Website stating Flash Player needs to be updated

While Adobe Flash Player has reached the end of life and is no longer supported by any browsers, many people may not realize this and click on the ‘Update’ button thinking they are installing the latest update.

If a user clicks on the Update button, they will download a setup.msi file [VirusTotal] that installs a potentially unwanted program called ‘One Updater.’

One Update potentially unwanted program
The One Updater potentially unwanted program

Over time, One Updater will display updates that should be installed and offer potentially unwanted programs.

While we have not seen One Updater pushing anything malicious at this time, similar software in the past has installed password-stealing Trojans and cryptocurrency miners.

If you are redirected to a website, whether via Google Alerts, Google Search, or any other means and are prompted to install an extension or program update, simply close the browser.

Also Read: What Do 4 Messaging Apps Get From You? Read The iOS Privacy App Labels

Installing these programs typically leads to malicious activity or unwanted behavior that only benefits the application developers.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us