sbwarnblur

Google has recently announced its plans to start cracking down on websites that display deceptive ads. The company will begin warning users if they ever enter such places on the web with a message stating "deceptive site ahead", once they click on an ad it suspects contains "social engineered" content.

The company aims to lessen this significantly through its updated social engineering policy. It lists possible deceptive social engineered ads, some of which:

  • Pretend to act, or look and feel, like a trusted entity — like your own device or browser, or the website itself.
  • Try to trick you into doing something you’d only do for a trusted entity — like sharing a password or calling tech support.

These ads, like the images on the right, may come in a form of an alleged "download button," usually stating that a plugin needs to be installed in order for content on the website to be utilized. Another type of deceitful ad is one that states that a user's system is outdated, and that they should click on the illusory message box in order to keep their computer updated. And lastly, one of the most common tricks is an ad disguising as a download/play button for a streaming website.

hacker story

A 26-year-old hacker has been sentenced to 334 years in prison for identity theft as well as mass bank fraud in Turkey, or in simple words, he has been sentenced to life in prison.

Named Onur Kopçak, the hacker was arrested in 2013 for operating a phishing website that impersonated bank site, tricking victims into providing their bank details including credit card information.

 Win32 Dorkbot

Discovered in 2011 the Win32/Dorkbot malware has spread to over a million Windows PCs worldwide. During the last six months alone it had been infecting over 100,000 machines a month. Microsoft announced on Wednesday they had teamed up to enact a coordinated malware eradication campaign to disrupt the botnet.

The malware has been spread via a number of routes including USB drives, IM clients, Social Networks, Email and Drive-by downloads. Its primary aim was to steal online user credentials and any information that can personally identify you. It is also able to install yet more malware to your PC from command and control servers.

outlook mitm digital certificate
 
Dell laptops are coming preloaded with a self-signed root digital certificate that lets attackers spy on traffic to any secure website.
 
The reports first surfaced on Reddit and were soon confirmed by other users and security experts on Twitter and blogs. The root certificate, which has the power of a certificate authority on the laptops it's installed on, comes bundled with its corresponding private key, making the situation worse.
 
With the private key, which is now available online, anyone can generate a certificate for any website that will be trusted by browsers such as Internet Explorer and Google Chrome that use the Windows certificate store on affected laptops. Security experts have already generated proof-of-concept certificates for *.google.com and bankofamerica.com.

android exploit

Hackers have discovered a critical exploit in Chrome for Android reportedly capable of compromising virtually every version of Android running the latest Chrome. Quihoo 360 researcher Guang Gong demonstrated the vulnerability to the PSN2OWN panel at the PacSec conference in Tokyo yesterday. While the inner workings of the exploit are still largely under wraps, we do know that it leverages JavaScript v8 to gain full administrative access to the victim's phone.