WordPress sites hacked through defunct Rich Reviews plugin

An estimated 16,000 websites are believed to be running a vulnerable and no-longer-maintained WordPress plugin that can be exploited to display pop-up ads and redirect visitors to webpages containing porn, scams, and–worst of all–malware designed to infect users’ computers.

Read more in my article on the Tripwire State of Security blog.

Smashing Security podcast #124: Poisoned porn ads, the A word, and why why why Wipro?

The hacker who lived the high life after spreading malware via porn sites, Wipro demonstrates how to turn a cybersecurity crisis into a PR disaster, and why are humans listening in to your Alexa conversations?

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by special guest Brian Honan.

Salon website gives you a choice: turn off your ad blocker or let us mine cryptocurrencies

If you don’t want to disable your ad blocker, maybe you’ll feel comfortable letting run code from Coinhive which will gobble up your computer’s resources to mine some Monero cryptocurrency.

PornHub visitors hit with malware attack via poisoned ads

Poisoned ads served up by the X-rated adult PornHub site tricked users into installing malicious browser updates.

If these universities had run an ad blocker they might have been saved from ransomware attack

Until advertising networks manage to clean up their act, and stop distributing ads that are put our privacy and security at risk, I can’t advocate anyone going on the internet without an ad blocker.

Compromised websites redirecting tech support scam hosted on numeric domains

US internet users are being targeted with technical support scams hosted on sites with numeric domain names.

David Bisson reports.

Google is building an ad-blocker into Google Chrome, report claims

Google, an advertising company, is planning to introduce ad-blocking technology into the world’s most popular web browser – Google Chrome.

Read more in my article on the Tripwire State of Security blog.

Smut surfers infected with Ramnit trojan as malvertising campaign deploys pop-under ads

This isn’t the kind of thing you want to pop up when you’re surfing a porn site.

David Bisson reports.

Google search results are falling foul of scammers spoofing well-known sites

Online fraudsters managed to waltz past Google’s vetting and successfully plant a rogue ad for the world’s most searched for retail store: Amazon.

Read my latest article on the Hot for Security blog.

Adblock Plus wants to put more ads on your screen

When an ad blocker announces its plans to put more ads on users’ screens, you can probably imagine the internet’s reaction…

The AdGholas malvertising network was using steganography, researchers reveal

The AdGholas malvertising network planted malicious ads on popular sites including The New York Times and The Verge.

David Bisson reports.

Perez Hilton website visitors hit by two malvertising attacks in same week

Visitors to the immensely popular celebrity gossip blogging website Perez Hilton have recently been struck by ransomware attacks pushed out via poisoned ads.

David Bisson reports.

Crypto-ransomware spreads via poisoned ads on major websites

Famous sites which displayed the malicious ads and endangered visiting computers include MSN,, the New York Times, AOL and Newsweek.

Read more in my article on the Tripwire State of Security blog.

Ad blocking is on the rise

A study by the Internet Advertising Bureau has found that 22% of British web users over 18 years old are using ad blocking software.

That’s up from 18% in October 2015.

Come on, we can do better than that…

Malvertising campaign used Wajam browser extension to infect PCs

The malicious Angler exploit kit is being distributed via malvertising campaigns, with help from a browser add-on that injects ads into webpages.

David Bisson reports.

Skype users hit by ads spreading malicious Angler exploit kit

You don’t have to be using a web browser to be hit by malvertising.

David Bisson reports.