www.riskcrew.com
Open in
urlscan Pro
35.176.110.22
Public Scan
Submitted URL: https://www.riskcrew.com/grc/;1
Effective URL: https://www.riskcrew.com/2021/04/120-compromised-advertisement-servers-put-millions-of-internet-users-at-risk/
Submission: On December 17 via api from BE — Scanned from GB
Effective URL: https://www.riskcrew.com/2021/04/120-compromised-advertisement-servers-put-millions-of-internet-users-at-risk/
Submission: On December 17 via api from BE — Scanned from GB
Form analysis
1 forms found in the DOMPOST https://www.riskcrew.com/wp-comments-post.php
<form action="https://www.riskcrew.com/wp-comments-post.php" method="post" id="commentform" class="comment-form" novalidate="">
<p class="comment-notes"><span id="email-notes">Your email address will not be published.</span> Required fields are marked <span class="required">*</span></p>
<p class="comment-form-comment"><label for="comment">Comment</label> <textarea id="comment" name="comment" cols="45" rows="8" maxlength="65525" required="required"></textarea></p>
<p class="comment-form-author"><label for="author">Name <span class="required">*</span></label> <input id="author" name="author" type="text" value="" size="30" maxlength="245" required="required"></p>
<p class="comment-form-email"><label for="email">Email <span class="required">*</span></label> <input id="email" name="email" type="email" value="" size="30" maxlength="100" aria-describedby="email-notes" required="required"></p>
<p class="comment-form-url"><label for="url">Website</label> <input id="url" name="url" type="url" value="" size="30" maxlength="200"></p>
<p class="form-submit"><input name="submit" type="submit" id="submit" class="submit" value="Post Comment"> <input type="hidden" name="comment_post_ID" value="10135" id="comment_post_ID">
<input type="hidden" name="comment_parent" id="comment_parent" value="0">
</p>
</form>
Text Content
Skip to content Please consider updating your browser. Some parts of the website may not function as intended. * * Risk Management * Information Security Threat & Risk Assessment Service * Information Security Policies * Ransomware Readiness Audit * Secure Code Review * Information Security eLearning Courses * Cyber Supply Chain Risk Management * Information Security Risk Consultancy * Security Testing * Red Team Testing * Risk-Driven Application Security Testing * Network Security Penetration Testing * APT Attack Testing * Mobile Application Security Testing * IoT Security Penetration Testing * Web Application Security Penetration Testing * Security Vulnerability Assessment * Cloud Security Testing * Social Engineering Testing * GRC * ISO 27001 Compliance * Cyber Essentials * SOC 2 Compliance * DPA 2018 Compliance * Virtual CISO Service * DPO on-Demand Service * PCI Compliance Services * eRiskology * Contact Us * Blog * Security Alerts * About The Crew * Webinars * Events SECURITY ALERTS 120 COMPROMISED ADVERTISEMENT SERVERS PUT MILLIONS OF INTERNET USERS AT RISK Posted on April 20, 2021April 20, 2021 by Gabriel McLeish 20 Apr An ongoing “malvertising” campaign dubbed “Tag Barnakle” was identified as the breach point of more than 120 Advertisement servers over the past year. The threat actors aim to inject code to host Adware that redirects users to domains under threat actors’ control, exposing them to more malware. The adversaries behind the Tag Barnakle campaign are upgrading their tools to target mobile devices in addition to the initial targets, such as the open-source advertising server Revive. THE IMPACT If someone were to engage with the Adware, their devices could become compromised and potentially used as a base for further attacks. THE REMEDIATION As the malvertising campaign is still active, thousands if not millions of devices are still at risk. Whilst there is no specific remediation, the following are recommendations on reducing the risk of compromise: 1. Raise awareness in an organisation, and social engineering encompasses more than phishing. Potential victims need to be made aware of the dangers of clicking on Adware as well. 2. Keep all antivirus software’s and software versions up to date and make sure that all necessary detection settings are enabled. 3. Applications and software should only be downloaded and or purchased from a reputable source. Source: The Hacker News This entry was posted in Security Alerts and tagged Advertisement Servers. GABRIEL MCLEISH What’s the difference between SOC 1, 2 and 3? Cyber Supply Chain Risk Management – Should Penetration Testing be Required? LEAVE A REPLY CANCEL REPLY Your email address will not be published. Required fields are marked * Comment Name * Email * Website FIND A POST ON THE SUBJECT OF YOUR CHOICE: alerts august2020 awareness training Brexit ciso CREST Accedidated Cyber Essentials Plus Cyber Liability Insurance Cyber Security Cyber security risk management data breach Data Privacy data protection data protection policies dpa 2018 DPA Compliance DPIA elearning eop bug free webinar gdpr GDPR due diligence hotspot shield vpn infographic Information Security Awareness Information Security Awareness Training information security framework infosec awareness IObit forums hacked ISO 27001 ISO 27001 Certification ISO 27701 July2020 June2020 management apps Expose Machines to Attack Penetration testing pen testing personal data deletion phishing ransomware gangs Security Culture security staff awareness program SOC 2 vs ISO 27001 social engineering social engineering attacks CONTACT US 5 Maltings Place 169 Tower Bridge Road London SE1 3JB United Kingdom +44 (0) 20 3653 1234 information@riskcrew.com ABOUT RISK CREW We are an elite group of information security governance, risk & compliance experts and the forerunners in the design & delivery of innovative & effective solutions with a 100% satisfaction guarantee. CONTACT US 5 Maltings Place 169 Tower Bridge Road London, SE1 3JB United Kingdom +44 (0) 20 3653 1234 information@riskcrew.com QUICK LINKS * Home * Customer Promise * Partner Programme * Privacy Notice * Cookie Policy * Promotion Terms and Conditions * GRC Consultancy Services * Security Testing * APT Attack Testing * Cloud Security Testing * Mobile Device Security Testing Copyright 2021 © Risk Crew * Risk Management * Information Security Threat & Risk Assessment Service * Information Security Policies * Secure Code Review * Ransomware Readiness Audit * Information Security eLearning Courses * Cyber Supply Chain Risk Management * Information Security Risk Consultancy * Security Testing * Risk-Driven Application Security Testing * Red Team Testing * APT Attack Testing * Network Security Penetration Testing * Social Engineering Testing * Web Application Security Penetration Testing * IoT Security Penetration Testing * Security Vulnerability Assessment * Mobile Application Security Testing * Cloud Security Testing * GRC * Virtual CISO Service * ISO 27001 Compliance * Cyber Essentials * SOC 2 Compliance * DPA 2018 Compliance * DPO on-Demand Service * PCI Compliance Services * eRiskology * Contact Us * Blog * About The Crew * Webinars * Events * Risk Crew This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. ACCEPT & CLOSE Cookie PolicyCookie Settings Privacy & Cookies Policy Close PRIVACY OVERVIEW This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are as essential for the working of basic functionalit... Necessary Necessary Always Enabled Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information. Non-necessary Non-necessary Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website. SAVE & ACCEPT