Security
  • Menu
  • All Tips
  • FAQs
  • Categories
  • Guidelines
  • Data Security Support
  • Tools
  • Have I Been Pwned?
  • Pwned Passwords
  • Email Checker
  • Password Generator
  • My IP
  • Privacy
DATA PRIVACY NOTICE AND CONSENT FORM

Cloudstaff is committed to protecting the privacy of its data subjects, and ensuring the safety and security of personal data under its control and custody. This policy provides information on what personal data is gathered by Cloudstaff Security Tips about its current, past, and prospective employees; how it will use and process this; how it will keep this secure; and how it will dispose of it when it is no longer needed. This information is provided in compliance with the Philippine Republic Act No. 10173, also known as, the Data Privacy Act of 2012 (DPA) and its Implementing Rules and Regulations (DPA-IRR). It sets out Cloudstaffs’ data protection practices designed to safeguard the personal data of individuals it deals with, and also to inform such individuals of their rights under the Act.

The personal data obtained from this application is entered and stored within the Cloudstaff system and will only be accessed by the Cloudstaff’s authorized personnel. Cloudstaff have instituted appropriate organizational, technical and cloud security measures (Amazon Web Services Shared Responsibility) to ensure the protection of the users personal data.

Information collected will be automatically deleted after three (3) years inactivity.

Furthermore, the information collected and stored in the application are as follows:
  • Given Name
  • Family Name
  • Avatar [Profile Picture]

USER CONSENT

I have read the Data Privacy Statement and expressed my consent for Cloudstaff to collect, record, organize, update or modify, retrieve, consult, use, consolidate, block, erase or destruct my personal data as part of my information.

I hereby affirm my right to be informed, object to processing, access and rectify, suspend or withdraw my personal data, and be indemnified in case of damages pursuant to the provisions of the Republic Act No. 10173 of the Philippines, Data Privacy Act of 2012 and its corresponding Implementing Rules and Regulations.

If you want to exercise any of your rights, or if you have any questions about how we process your personal data, please contact Cloudstaff’s Data Protection Officer, through the following channel:

Email to privacy@cloudstaff.com

  • Log in Now
Malvertisers Leverage Google Ads to Target Individuals In Search for Popular Software

New information has surfaced regarding a malicious advertising campaign that exploits Google Ads to direct users searching for popular software to fake landing pages and distribute subsequent-stage malware.

Malwarebytes, the organization that uncovered this activity, noted its uniqueness in user fingerprinting and the distribution of time-sensitive payloads. This attack targets individuals searching for software like Notepad++ and PDF converters. It presents deceptive ads in Google search results that, when clicked, identify and eliminate bots and unintended IP addresses, showing a decoy site.

If the visitor is considered interesting to the threat actor, they are redirected to a counterfeit website advertising the software while secretly fingerprinting the user's system to detect if it's running on a virtual machine. Users who fail this check are taken to the authentic Notepad++ website, while potential targets are assigned unique IDs for tracking and to ensure each download is unique and time-sensitive.

The ultimate-stage malware is an HTA payload that establishes a connection to a remote domain ("mybigeye[.]icu") on a custom port and delivers additional malware. Jérôme Segura, director of threat intelligence, emphasized the successful evasion techniques employed by threat actors, bypassing ad verification checks to target specific victims. This disclosure aligns with a similar campaign targeting users searching for the KeePass password manager with malicious ads that direct victims to a domain using Punycode, a special encoding.

The use of Punycode with rogue Google Ads highlights the increasing sophistication of malvertising through search engines. This tactic aims to trick users into installing malware by registering domain names that appear similar to legitimate ones, executing a homograph attack.

In addition, multiple threat actors have been observed using visual trickery to distribute various malicious payloads, including Cobalt Strike, loaders, stealers, and remote access trojans. They exploit themes related to fake browser updates to gain end-user trust, using compromised websites and tailored lures to persuade users to click.

Source: https://thehackernews.com/2023/10/malvertisers-using-google-ads-to-target.html

Caitlin Joyce (CaitlinG) Galanza | News
Created: October 23 2023 | Updated: on 10/23/23
Comments

  2021 © Mazer

Security Tips v2.0.1 | Crafted with by Saugi