An anonymous reader quotes a report from Bleeping Computer: A group of cyber-criminals created 28 fake ad agencies and bought over 1 billion ad views in 2017, which they used to deliver malicious ads that redirected unsuspecting users to tech support scams or sneaky pages peddling malware-laden software updates or software installers. The entire operation — codenamed Zirconium — appears to have started in February 2017, when the group started creating the fake ad agencies which later bought ad views from larger ad platforms. These fake ad agencies each had individual websites and even LinkedIn profiles for their fake CEOs. Their sole purpose was to interface with larger advertising platforms, appearing as legitimate businesses. Ad security company Confiant, the one who discovered this entire operation, says ads bought by this group reached 62% of ad-monetized websites on a weekly basis. All in all, Confiant believes that about 2.5 million users who’ve encountered Zirconium’s malicious ads were redirected to a malicious site, with 95% of the victims being based in the U.S. Read more of this story at Slashdot.
View post:
Crooks Created 28 Fake Ad Agencies To Disguise Massive Malvertising Campaign
An anonymous reader shares a Gizmodo report (condensed for space): For nearly two weeks, the company’s official Twitter account has been directing users to a fake lookalike website. After announcing the breach, Equifax directed its customers to equifaxsecurity2017.com, a website where they can enroll in identity theft protection services and find updates about how Equifax is handing the “cybersecurity incident.” But the decision to create “equifaxsecurity2017” in the first place was monumentally stupid. The URL is long and it doesn’t look very official — that means it’s going to be very easy to emulate. To illustrate how idiotic Equifax’s decision was, developer Nick Sweeting created a fake website of his own: securityequifax2017.com. (He simply switched the words “security” and “equifax” around.) As if to demonstrate Sweeting’s point, Equifax appears to have been itself duped by the fake URL. The company has directed users to Sweeting’s fake site sporadically over the past two weeks. Gizmodo found eight tweets containing the fake URL dating back to September 9th. Read more of this story at Slashdot. 
Mitch Lowe, a founder of Netflix, has a crazy idea. Through his new startup MoviePass, he wants to subsidize our film habit, letting us go to the theater once a day for about the price of a single ticket. From a report: Lowe, an early Netflix executive who now runs a startup called MoviePass, plans to drop the price of the company’s movie ticket subscriptions on Tuesday to $9.95. The fee will let customers get in to one showing every day at any theater in the U.S. that accepts debit cards. MoviePass will pay theaters the full price of each ticket used by subscribers, excluding 3D or Imax screens. MoviePass could lose a lot of money subsidizing people’s movie habits. So the company also raised cash on Tuesday by selling a majority stake to Helios and Matheson Analytics, a small, publicly traded data firm in New York. Theater operators should certainly welcome any effort to increase sales. The top four cinema operators, led by AMC Entertainment, lost $1.3 billion in market value early this month after a disappointing summer. Read more of this story at Slashdot. 
Chrisq shares a report from The Telegraph: Fears have been raised that Britain’s largest ever warship could be vulnerable to cyber attacks after it emerged it appears to be running the outdated Microsoft Windows XP. A defense source told The telegraph that some of the on-boar hardware and software “would have been good in 2004” when the carrier was designed, “but now seems rather antiquated.” However, he added that HMS Queen Elizabeth is due to be given a computer refit within a decade. And senior officers said they will have cyber specialists on board to defend the carrier from such attacks. Read more of this story at Slashdot. 
An anonymous reader quotes the Bay Area Newsgroup: Wells Fargo may have opened as many as 3.5 million bogus bank accounts without its customers’ permission, attorneys for customers suing the bank have alleged in a court filing, suggesting the bank may have created far more fake accounts than previously indicated. The plaintiffs’ new estimate of bogus bank accounts is about 1.4 million, or 67%, higher than the original estimate — disclosed last year as part of a settlement with regulators — that up to 2.1 million accounts were opened without customers’ permission… The attorneys covered a period from 2002 to 2017, rather than the previously scrutinized five-year stretch from 2011 to some time in 2016 in which the bank acknowledged setting up unauthorized accounts. Wells Fargo terminated 5, 300 employees for creating fake accounts, and their CEO now acknowledges that “we had an incentive program and a high-pressure sales culture within our community bank that drove behavior that many times was inappropriate and inconsistent with our values.” In a possibly-related story, Wells Fargo plans to shut 450 branches over the next two years. Read more of this story at Slashdot.