Banning Surveillance-Based Advertising

Schneier on Security

The Norwegian Consumer Council just published a fantastic new report: “ Time to Ban Surveillance-Based Advertising. A ban on surveillance-based advertising does not mean that one can no longer finance digital content using advertising.

Banning Surveillance-Based Advertising

Security Boulevard

The Norwegian Consumer Council just published a fantastic new report: “ Time to Ban Surveillance-Based Advertising. From the Introduction: The challenges caused and entrenched by surveillance-based advertising include, but are not limited to: privacy and data protection infringements.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Instagram Anti-Abuse Tool, Apple Advertiser Restrictions, Terrible Passwords

Security Boulevard

to restrict tracking by advertisers, and a discussion about why people continue to choose terrible passwords. ** Links mentioned on the show ** Instagram debuts new tool to stop abusive message salvos made through new accounts [link] Apple […].

Amazon gets $888 million GDPR fine for behavioral advertising

Bleeping Computer

Amazon has quietly been hit with a record-breaking €746 million fine for alleged GDPR violations regarding how it performs targeted behavioral advertising. [.].

FBI Takes Down a Massive Advertising Fraud Ring

Schneier on Security

The FBI announced that it dismantled a large Internet advertising fraud network, and arrested eight people: A 13-count indictment was unsealed today in federal court in Brooklyn charging Aleksandr Zhukov, Boris Timokhin, Mikhail Andreev, Denis Avdeev, Dmitry Novikov, Sergey Ovsyannikov, Aleksandr Isaev and Yevgeniy Timchenko with criminal violations for their involvement in perpetrating widespread digital advertising fraud.

UK Ministry of Defense publishes an advertisement for a SAS Hacker

CyberSecurity Insiders

In the third week of August this year, UK’s Ministry of Defense posted an advertisement for a role to be filled by a SAS hacker who will earn £33,000 a year and will work for the secretive Computer Network Operations Exploitation Unit.

Apple Privacy Update And Advertisers | Avast

Security Boulevard

Now, in this post, we'll be presenting the advertiser’s perspective of the situation at hand. While advertisers may think the sky is falling, the full-on Chicken Little scenario might not be happening. Last week, we described the privacy changes happening within Apple’s iOS 14.5.

Advertising Plugin for WordPress Threatens Full Site Takeovers

Threatpost

Vulnerabilities Web Security adning Advertising critical bug RCE remote code vulnerability security vulnerability unauthenticated attackers WordFence Wordpress pluginThousands of vulnerable websites need to apply the patch to avoid RCE.

Iranian developer advertised BlackRouter RaaS

Security Affairs

An Iranian developer is advertising on Telegram a Ransomware-as-a-Service called BlackRouter. The same expert advertises other malware and is believed to the author of another ransomware called Blackheart. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. The post Iranian developer advertised BlackRouter RaaS appeared first on Security Affairs.

Facebook Is Using Your Two-Factor Authentication Phone Number to Target Advertising

Schneier on Security

From Kashmir Hill : Facebook is not content to use the contact information you willingly put into your Facebook profile for advertising. Hill again: They found that when a user gives Facebook a phone number for two-factor authentication or in order to receive alerts about new log-ins to a user's account, that phone number became targetable by an advertiser within a couple of weeks.

Musk-Themed ‘$SpaceX’ Cryptoscam Invades YouTube Advertising

Threatpost

Beware: The swindle uses legitimately purchased YouTube ads, real liquidity, legitimate DEX Uniswap, and the real wallet extension MetaMask to create an entirely convincing fake coin gambit. Cryptography Web Security

Facebook sues hackers who hijacked advertising agencies' accounts

Bleeping Computer

Facebook has filed lawsuits against two groups of suspects who took over advertising agency employees' accounts and abused its ad platform to run unauthorized or deceptive ads. [.].

A New Threat Advertises Malicious Privacy Tools as Security Enhancers

Heimadal Security

The post A New Threat Advertises Malicious Privacy Tools as Security Enhancers appeared first on Heimdal Security Blog. Even if we can consider the pretense ironic, the situation can be very risky as it can actually end up deploying infostealer malware on the victim machine.

Facebook Is Suing the Hackers That Hijacked Advertising Agencies’ Accounts

Heimadal Security

Facebook is suing the suspects that took over the advertising agency employees’ accounts and managed to abuse the ad platform in order to run unauthorized or deceptive ads.

Is Your Company Doing Market Research for Your Advertiser?

Adam Levin

Online advertising is a data free-for-all. However, Amazon is doing so well right now because it has access to the data of every seller and advertiser using its platform. Between the two companies, two-thirds of the online advertising market is affected. The post Is Your Company Doing Market Research for Your Advertiser? Unless you live in a boot at the bottom of Loon Lake, you know that everything you do online is tracked.

The Chrome Update Is Bad for Advertisers, but Good for Google

WIRED Threat Level

The world’s most popular browser is about to make it a lot harder for advertisers to track your online activity. Security Security / Security News

ThreatList: Google’s Advertising Network Dominates Global Data Collection

Threatpost

With DoubleClick, Analytics and AdWords under its belt, Google continues dominating when it comes to global data collection for advertising, a new report found. Most Recent ThreatLists Privacy Adsense Advertising advertising network AdWords Analytics aol advertising data collection DoubleClick google moat tracking

Security BSides Dublin 2021 – Kirill Efimov’s ‘Sour Mint – The Case Of Malicious Advertisement SDK Affecting Thousands Of Mobile Apps’

Security Boulevard

The post Security BSides Dublin 2021 – Kirill Efimov’s ‘Sour Mint – The Case Of Malicious Advertisement SDK Affecting Thousands Of Mobile Apps’ appeared first on Security Boulevard.

Magecart Returns with Advertising Library Tactic

Threatpost

Malware Web Security adverline Advertising Card skimming group 12 Library magecart third party javascriptThe threat group also has a new subsidiary, Magecart Group 12.

Twitter Slip-Up Spills MFA Phone Numbers, Emails to Advertisers

Dark Reading

Email addresses and phone numbers provided to secure user accounts were accidentally shared with marketers

CPDP 2021 – Moderator: John Edwards ‘A Path To Empowering User Choice And Boosting User Trust In Advertising’

Security Boulevard

The post CPDP 2021 – Moderator: John Edwards ‘A Path To Empowering User Choice And Boosting User Trust In Advertising’ appeared first on Security Boulevard. Speakers: Marshall Erwin, Jane Horvath, Lucy Purdon, Marcel Kolaja. Organized By Apple Inc.

Advertising Alliance Plans Protocols to Reduce Dangerous Content

Dark Reading

The Global Alliance for Responsible Media will seek ways to clamp down on dangerous and fake content

Mobile Users Targeted With Malware, Tracked by Advertisers

Dark Reading

Cybercriminals continue to seed app stores with malicious apps, advanced attackers successfully compromise mobile devices, and advertisers continue to track users, new reports show

Actor Advertises Japanese PII on Chinese Underground

Dark Reading

The dataset contains 200 million rows of information stolen from websites across industries, likely via opportunistic access

Facebook: User shadow data, including phone numbers may be used by advertisers

Security Affairs

The worst suspect is a disconcerting reality, Facebook admitted that advertisers were able to access phone numbers of its users for enhanced security. Researchers from two American universities discovered that that phone numbers given to Facebook for two-factor authentication were also used for advertising purposes. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

HUMAN (Formerly White Ops) Launches The Human Collective to Protect Against Bot Attacks and Fraud Across Advertising Supply Chain

CyberSecurity Insiders

NEW YORK–(BUSINESS WIRE)–Cybersecurity leader HUMAN, best known for collectively protecting enterprises from bot attacks, today announced the formation of The Human Collective, a new program designed to protect the digital advertising ecosystem from the impacts of fraud. The post HUMAN (Formerly White Ops) Launches The Human Collective to Protect Against Bot Attacks and Fraud Across Advertising Supply Chain appeared first on Cybersecurity Insiders

Cyber Frauds force Facebook to ban Crypto ads on celebrity profiles

CyberSecurity Insiders

Facebook is intending to ban cryptocurrency related advertisements on its platform from November 2021, as they are leading to online scams and money loss schemes targeting to thousands of individuals using Facebook irrespective of their age. News Facebook Crypto currency Ads Advertisements

Scams 98

Signal says its Instagram ads were banned for being too honest

Graham Cluley

Facebook Privacy advertising Instagram SignalSignal tried to run targeted ads on Instagram that showed users *how* they had been targeted, and revealed the extraordinary amount of data Facebook collects about users.

Facebook bans Signal ads that reveal the depth of what it knows about you

Malwarebytes

They bought advertising space on Instagram and showed visitors ads full of the characteristics that were used to target them. Let’s not forget that not only does Facebook gather that data, it also sells it to advertisers, as Signal tried to point out with its campaign.

Media 114

Facebook Hits Back At Apple’s iOS 14 Privacy Update

Threatpost

While privacy experts praised Apple’s upcoming iOS 14 updates, Facebook said the new features could cut its advertising business in half. Facebook Mobile Security Privacy Advertising apple facebook ads Facebook Privacy ios iOS 14 iphone

A week in security (July 5 – July 11)

Malwarebytes

Other cybersecurity news: A group of privacy-first tech companies have published an open letter today asking regulators to ban surveillance-based advertising. Last week on Malwarebytes Labs: Racing against a real-life ransomware attack. Podcast with Ski Kacoroski.

Twitter Could Face $250M FTC Fine Over Improper Data Use

Threatpost

The potential FTC fine comes after Twitter last year acknowledged that user emails and phone numbers were being used for targeted advertising. Hacks Web Security Data Privacy Federal Trade Commission FTC FTC fine improper data use privacy violation targeted advertising twitter

Will Google’s Privacy Sandbox take the bite out of tracking cookies?

Malwarebytes

Third-party cookies have been the lynchpin of online advertising for many years. The building blocks for this were essentially: Most aspects of the web need money to survive, and advertising that relies on cookies is the dominant revenue stream.

Adrozek Malware Delivers Fake Ads to 30K Devices a Day

Threatpost

Malware Web Security ad injection Adrozek Advertising browser modifier Credential Theft fake ads Google Chrome infostealer Malvertising malware Malware campaign Microsoft Microsoft Edge persistent malware campaign web browser Web security

Zoom Faces More Legal Challenges Over End-to-End Encryption

Threatpost

Government Mobile Security Privacy Web Security Consumer Protection Procedures Act damages End to end encryption false advertising Lawsuit legal challenges sued Washington D.C. The video-conferencing specialist has yet to roll out full encryption, but it says it's working on it.

October Patch Tuesday: Microsoft Patches Critical, Wormable RCE Bug

Threatpost

Cloud Security Vulnerabilities Web Security critical CVE-2020-16898 Microsoft october 2020 patch tuesday Patches publicly disclosed remote code execution router advertisements security bug Security Vulnerabilities tcp/ip unpatched bugs wormable

‘Minecraft Mods’ Attack More Than 1 Million Android Devices

Threatpost

Fake Minecraft Modpacks on Google Play deliver millions of abusive ads and make normal phone use impossible.

NetWalker Ransomware Gang Hunts for Top-Notch Affiliates

Threatpost

Malware advertisements affiliates COVID-19 Dark Web double extortion healthcare attacks netwalker RaaS ransomware ransomware as a service technically advanced toll group underground forumThe operators behind the Toll Group attack are taking applications for technically advanced partners.

Google Faces Privacy Lawsuit Over Tracking Users in Incognito Mode

Threatpost

Privacy apple Browser chrome class action lawsuit Data Privacy Duck Duck Go google Google Ad Manager Google Analytics incognito mode legal Online Advertising online privacy Safari

Google Bans 600 Android Apps for Obnoxious Ads

Threatpost

The Google Play apps violated the tech behemoth's disruptive advertising policies. Mobile Security 600 apps ad fraud advertising policy Android ban disruptive ads enforcement action google google play mobile apps

Silent Night Banking Trojan Charges Top Dollar on the Underground

Threatpost

Malware Web Security banking trojan Malware analysis malware as a service Malwarebytes obfuscation silent night source code sphinx terdot underground advertisement ZeusThe malware-as-a-service is advanced, obfuscated and modular -- and built for mass campaigns.

$12m Grindr fine shows GDPR’s got teeth

Malwarebytes

From the document: Pursuant to Article 58(2)(i) GDPR, we impose an administrative fine against Grindr LLC of 100 000 000 – one hundred million – NOK for – having disclosed personal data to third party advertisers without a legal basis, which constitutes a violation of Article 6(1) GDPR and – having disclosed special category personal data to third party advertisers without a valid exemption from the prohibition in Article 9(1) GDPR.

Streaming TV Fraudsters Steal Millions of Ad Dollars in ‘ICEBUCKET’ Attack

Threatpost

Cloud Security IoT Web Security ad fraud connected tv ctv cybercrime operation fake viewers icebucket programmatic advertising stealing ad dollars streaming tv supply side ad insertion White OpsCrooks manipulated connected TV supply-side ad platforms to create millions of fictional eyeballs.