By continuing to use the site or forum, you agree to the use of cookies, find out more by reading our GDPR policy

Google is looking at more options to boost its bottom line, and one of them seems to be shopping links tucked under YouTube videos. The company is running a test where it displays recommended products along with prices on its video-sharing platform, according to The Information. It seems some test ads have popped up under Nike videos. Clicking on them would take you to the Google Express marketplace to complete the purchase. More and more retailers are joining Express, according to the report, while earlier this year Google started testing shoppable ads in image searches. The company is said to be banking on these features to boost its shopping business. Parent company Alphabet reported this week that revenue for physical products such as Pixel phones and Home smart speakers year-over-year, highlighting that there's an opportunity for growth. Meanwhile, Amazon's ad business is growing, which might be prompting Google to focus on other revenue streams since ads are a key source of its income. Google takes a cut from goods sold through Express, though revenue pales next to Amazon's retail income. Express is said to have pulled in a little under $1 billion is 2018, while Amazon's retail arm generated around $141 billion in North America last year. Google is set to hold an event later this month called Google Marketing Live (at which it has revealed ad products in the past), while the I/O developer conference takes place next week, so we might have an official word about the YouTube product ads soon. There's more posted on OUR FORUM.

A new ransomware has been discovered called MegaCortex that is targeting corporate networks and the workstations on them. Once a network is penetrated, the attackers infect the entire network by distributing the ransomware using Windows domain controllers. In a new report, Sophos has stated that they have seen customers in the United States, Italy, Canada, France, the Netherlands, and Ireland being infected with this new ransomware. As this is a fairly new ransomware, not much is currently known about its encryption algorithms, exactly how attackers are gaining access to a network, and whether ransom payments are being honored. As Sophos has found that the Emotet or Qakbot Trojans have been present on networks that have also been infected with MegaCortex, it may suggest that the attackers are paying Trojan operators for access to infected systems in a similar manner as Ryuk. While it is not 100% clear how bad actors are gaining access to a network, victims have reported to Sophos that the attacks originate from a compromised domain controller. On the domain controller, Cobolt Strike is being dropped and executed to create a reverse shell back to an attacker's host. Using this shell, the attackers remotely gain access to the domain controller and configure it to distribute a copy of PsExec, the main malware executable, and a batch file to all of the computers on the network. It then executes the batch file remotely via PsExec. When encrypting a computer, the ransomware will append an extension, which in one case is .aes128ctr,  to encrypted file's names. For more detailed information visit OUR FORUM.

Chromium-based Microsoft Edge users who try to use Google Earth are welcomed by an error message and a link directing them to download Google's Chrome web browser. This might be a surprise for some given that the new Edge uses the same HTML engine as Chrome and that, after 12 years of being a cross-platform desktop application, Google Earth has been converted into a web app which should allow users to "explore worldwide satellite imagery and 3D buildings and terrain for hundreds of cities," according to its website. At the moment though, when users try to launch the Google Earth web app in Microsoft's new Chromium Edge, they get the following error: "Aw snap! Google Earth isn't supported by your browser yet. Try this link in Chrome instead. If you don't have Chrome installed, download it here. Learn more about Google Earth." As Microsoft Edge Product Manager Eric Lawrence explained in a Twitter thread following user reports the issue stems from the fact that the Chromium-based Edge browser does not ship with the Portable Native Client (PNaCl) component, the architecture-independent version of Native Client (NaCl) which was used by Google when converting Earth into a web app during 2017. Google updated its company-wide UA sniffer code last week to recognize Chromium-based Edge as its own browser instead of lumping it in with "Chrome." Some Google products have an explicit allow-list of supported browsers, and those products didn't all update their allow list to say "Oh, and new Edge is fine too." Get better informed by visiting OUR FORUM.

A publicly accessible Elasticsearch database discovered on March 27 exposed various types of personally identifiable information (PII) and medical info of more than 100,000 individuals. Security Discovery's researcher Jeremiah Fowler who discovered the unprotected Elasticsearch database found out after further investigation that the leaked data belonged to SkyMed, a company which provides medical emergency evacuation services for about 30 years. As the researcher says, the Elastic database was "set to open and visible in any browser (publicly accessible) and anyone could edit, download, or even delete data without administrative credentials." The database contained 136,995 records of SkyMed members and included PII data such as full names, addresses, dates of birth, email addresses, phone numbers, with some of the entries also including medical information. Besides finding hundreds of thousands of leaked member records, Fowler also discovered that the company's network might have also been infected at some point in time with an unknown ransomware strain. This was revealed when the researcher found a ransom note entry named "howtogetmydataback" in SkyMed's unsecured ElasticSearch database. While the company did not provide any feedback to the researcher's reports on the exposed database, the good news is that SkyMed did take down the database eventually. "The first data incident notification was sent on March 27th (the same day it was discovered). On April 5th we verified that the database was closed and no longer publicly accessible. No one from SkyMed replied to either message," stated Fowler. BleepingComputer also reached out to SkyMed to ask if breach notifications were sent to the impacted individuals but the company did not provide a response prior to publication. Learn more by visiting OUR FORUM.

Windows 10 May 2019 Update will begin rolling out to the compatible devices in late May 2019. Windows 10 version 1903 is currently only available to Windows Insiders, but the update for Windows 10 is now being blocked from installing on systems with certain configurations. In an updated blog post, Microsoft quietly shared a list of current upgrade blocks for Windows 10 May 2019 Update. At least three sets of devices could be affected during installation due to the blockade. Microsoft says that you cannot upgrade to Windows 10 May 2019 Update if your company is using a USB storage device or SD memory card, but there’s an easy workaround to deal with this problem. Microsoft has advised users to remove any external USB storage devices and/or SD memory cards to start the upgrade installation process. If you have older versions of anti-cheat software that comes bundled with many popular games, you may not be able to install the Windows 10 May 2019 Update. Microsoft discovered a bug where the older versions of anti-cheat software may cause Windows 10 May 2019 Update PCs to experience crashes. Most games have been already updated with a fix for the bug and Microsoft is actively working with affected partners. Microsoft has also blocked the Windows 10 May 2019 Update from installing on devices with any Known Folders or empty folder with that same name is created in your %userprofile% directory when you update. Follow this on OUR FORUM.

Multiple malicious spam campaigns using signed emails have been observed while distributing the GootKit (aka talalpek or Xswkit) banking Trojan with the help of a multi-stage malware loader dubbed JasperLoader over the past few months. This loader is the third one detected by Cisco Talos' research team since July 2018, with Smoke Loader (aka Dofoil) being employed by threat actors to drop ransomware or cryptocurrency miner payloads last year, while Brushaloader was identified during early 2019 and seen while making use of Living-of-the-Land (LotL) tools such as PowerShell scripts to remain undetected on compromised systems. Malware loaders are popular tools for adversaries who want to make the job of dropping various malware payloads onto to their victims' machines easier because they make it possible to maximize their profits by switching the pushed malware to one suited to the infected computer. The current loader tracked by Cisco Talos is JasperLoader and its activity has been picking up during the past months, with malspam campaign operators distributing it to targets from Central Europe, with an apparent focus on Italian and German targets. "JasperLoader employs a multi-stage infection process that features several obfuscation techniques that make the analysis more difficult," says Cisco Talos. "It appears that this loader was designed with resiliency and flexibility in mind, as evidenced in later stages of the infection process." As unearthed by the researchers, JasperLoader has been disseminated by multiple malspam campaigns throughout the last months and it has been used to drop the Gootkit banking Trojan — previously distributed by DanaBot, Neutrino exploit kit and Emotet — which acts as a backdoor and can steal sensitive user information. More in-depth details are posted on OUR FORUM.

 

GTranslate