Latest news with #SilentPush
Forbes
11-06-2025
- Business
- Forbes
Chrome, Safari, Edge Warning—Do Not Use Any Website On This List
Do not use any of these websites. This threat is not new — but it's still dangerous. Users of all popular browsers are warned that a raft of malicious website domains are now targeting shoppers looking for online discounts on products from some of the world's most popular brands. The warning is from Silent Push, which has 'uncovered a massive 'fake marketplace' campaign.' Dubbed 'GhostVendors,' it works through 'online ads that impersonate dozens of major brands and spoof actual products on thousands of fraudulent websites.' The security researchers found more than 4,000 domains, and warn 'this is a significant threat targeting social networks, major brands, advertising companies, and consumers worldwide.' The attack starts with 'malicious Facebook Marketplace ads' which direct shoppers to its websites. Then the attackers stop the ad campaigns, which 'delete all traces of them from the Meta Ad Library.' All the current attacks making headlines, whether unpaid tolls, fake DMV notices, undelivered packages or phantom discounts rely on this mass registration of domains. Many of these last a day or less, sometimes only minutes. Once a domain is flagged it's blocked, but those few minutes or hours are enough for a hard and fast campaign. Then a fresh domain is pulled from the shelves, and they quickly go again. While users can enable safe browsing protections that will help flag malicious sites, most of these still rely on blacklists. AI updates will try to catch threats in real-time, but it's still early days for those upgrades. Meantime, the usual rules apply. Do not shop via links in messages of any kind, access brands only through usual channels, and above all, remember ads for discounts that seem to be too good to be true are exactly that. Malicious ads Silent Push says 'this campaign appears to focus on impersonating brands that buy large amounts of online ads — many of the impersonated brands are huge and well-known for purchasing significant quantities of ads. In contrast, other brands being impersonated are smaller ones that mostly use online sales processes.' The list of brands being impersonated ie extensive: 'Amazon, Costco, Bath & Body Works, Nordstrom, Saks Fifth Avenue, Lowes, L.L. Bean, Tommy Bahama, Rolex, Brooks Running, Birkenstock, Crocs, Skechers, Total Wine, Omaha Steaks, Instacart, Duluth Trading, Advance Auto Parts, Party City, Dollar General, Tractor Supply, Joann, Big Lots, Orvis, Alo Yoga, On Running, Tom Ford Beauty, Rebecca Minkoff, Yankee Candle, Hoka, Thrive Market, Vionic Shoes, Rock Bottom Golf, Vuori Clothing, Goyard, Icebreaker Clothing, NOBULL Sportswear, Alpha Industries, Volcom, Kizik Shoes, Vessi Shoes, Mammut Outdoor Gear, Buffalo Games & Puzzles, Ravensburger Puzzles, Fast Growing Trees, Gurney's Seed and Nursery, Vivobarefoot, KaDeWe, Palmetto State Armory, Natural Life, Luke's Lobster, Cousins Maine Lobster, White Oak Pastures, Seven Sons Farm, Arcade1Up Gaming, EGO Power+ Tools, Cobble Hill Puzzles, Popflex, Argos UK, Huk Clothing, 44 Farms, Tyner Pond Farm, Pipers Farms, Rebel Sport, The Woobles Crochet, Massimo Dutti, and GE Appliances.' Malicious websites The detailed explanation of the exploitation of Meta's marketplace highlights the sophistication of the attack, but as ever the outcomes remain the same. 'Multiple variations of these types of scams exist, but the end goal for each is typically quick cash-outs. Most of these networks abuse large numbers of domains due to the speed with which social networks and other sources respond and block their sites.' Here is a list of some of the domains caught in the act. It's not complete, but will give you a sense of what you're looking for. Use the list as a guide, and don't shop on any of these websites or any websites similar to this list. General Retail & Department Stores Home Improvement & Specialty Retail Footwear Brands Activewear & Athletic Apparel Fashion & Luxury Brands Outdoor & Sporting Goods Food & Grocery Farm & Garden Home & Hobbies Silent Push warns 'web shop and fake marketplace scams a prolific global threat to social networks, advertising networks, major brands, and the consumers who are unfortunate enough to encounter them. It's clear that many different threat actors launch these marketplace scams, and yet, fortunately, many reuse page and server templates to facilitate the speed of their deployments.' Whatever browser you're using, do not trust that these threats will be caught by the browser or blocked by any other software on your device. Do not take any risks.
Tom's Guide
10-06-2025
- Business
- Tom's Guide
These 'great' deals on Facebook are not from Amazon, Rolex or Nordstrom – they're from a network of scammers
If you've recently been tempted by a great looking advertisement on Facebook, keep scrolling. According to Cybernews, a large network of more than 4,000 domains have been impersonating dozens of popular brands in order to run fake ads across the social media site in order to tempt visitors to check out their scam websites. The aim of these threat actors is to steal money, or payment details, or both. Threat analysts at Silent Push have dubbed these scammers 'GhostVendors' because they've discovered a way to circumvent Meta's policy in order to cover their tracks. According to the researchers, the threat actors run their scam ads through Facebook Marketplace ads. 'Meta's policy dictates that any other types of ads are only saved while those ads are part of active campaigns.' That means that once the fake campaign ends, all proof of the scams vanish. Like any other 'too good to be true' style scam, the ones in this network of thousands of websites promote very, very low prices on popular products in order to tempt victims and unwary online shoppers. Silent Push found the threat actors to be impersonating high profile brands like Amazon, Costco, Lowe's, Crocs, Duluth Trading, Tractor Supply, Thrive Market, Yankee Candle, EGO Power+ Tools and more. The example given by Cybernews is an ad for Milwaukee Tools under the name 'Milaeke' that offers a toolbox for a price of $129 under the domain name wuurkf[.]com. Other ads will use keywords like 'clearance' or 'holiday celebration sale' in order to make a deal seem tempting or temporary so that shoppers will act quickly. The researchers at Silent Push say the threat actors can use a domain generated algorithm (DGA) to clone templates and reproduce the offers quickly to set up dozens of fake copies for various products across categories. Honestly, though it may sound tempting, most of your shopping just shouldn't be happening on social media in the first place. Even if you do see something that looks too good to pass up, your best bet is to note the name of the company and then independently visit their website in a web browser that you've opened yourself, and before you buy, you should first look for reviews and ratings from the Better Business Bureau or similar sites. Get instant access to breaking news, the hottest reviews, great deals and helpful tips. If you're buying something second hand, try to only pay cash or through a payment app like Venmo once you've received the item. If you're purchasing something that's being mailed, try to use a credit card and make sure to get a shipping number. That way, you can do a chargeback if you don't receive the item or get something that isn't at all like its description in the original listing. Remember, if it sounds too good to be true, it probably is, and if an ad or social media post is trying to tempt you with a limited time offer, a countdown or some other form of pressure, it's suspicious at best. You can protect yourself as well by making sure you have one of the best identity theft protection services which will monitor your accounts for signs of fraud and other red flags, and one of the best antivirus software solutions which are also on the lookout out for suspicious websites, malicious behavior and of course, malware.
Korea Herald
22-05-2025
- Business
- Korea Herald
Silent Push Launches Chrome Extension, Providing New Controls and Quick Access to Critical Data to Preemptively Stop Attacks
New, strategic integration partnerships available that enhance capabilities and empower SOC, IR and CTI teams SINGAPORE, May 22, 2025 /PRNewswire/ -- Silent Push, a leading preemptive cybersecurity intelligence company, announced today the launch of its new Google Chrome Extension, providing immediate access to information about indicators discovered through a user's browser and new controls to action on them. As part of the company's continuing efforts to level up security teams' cyber defenses, Silent Push introduces new integration partner Filigran - the developer of OpenCTI. Silent Push partnerships, including ThreatConnect continue to improve the customer experience and enhance company-wide security stacks with enriched data from the Silent Push platform. Simone Filiaggi, Sr. Threat Intelligence Analyst at Box, said: "The Silent Push Chrome Extension makes it a lot easier to access actionable, and high-quality threat intelligence. It's easy to use and improves our ability to detect and respond to threats including quick pivots into the Silent Push platform for a deep dive into adversary infrastructure." Ken Bagnall, CEO and Co-Founder of Silent Push, said: "We are committed to providing our customers with the solutions and resources they need to protect themselves from an attack and maintain business resilience. "Our Chrome Extension is bidirectional and makes it easier and faster to action. It acts as an integration into any of your SaaS platforms. By working directly in your browser through our extension, security teams now have the power to pivot control anywhere on the Internet. Through our integration partnerships and upcoming Abuse Reporting service, we are strengthening our capabilities and commitment so that security teams have the resources they need to identify adversary infrastructure before an attack is launched," Ken Bagnall said. Jan Johansen, SVP Global Alliances, Filigran, the developer of OpenCTI said: "As a new integration partner, our joint customers will benefit from our better together offering of leading threat intelligence from Silent Push leveraged through our OpenCTI platform featuring comprehensive visualizations and analytic tools. This is the best of both worlds to fully enable security teams to protect their organization." Andrew Pendargast, Chief Product Officer, ThreatConnect, said: "Our long-standing integration partnership with Silent Push enables our joint customers to further their journey towards a fully threat and risk-informed cyber defense. The new Chrome Extension, which offers defenders a far faster time to detect emerging threats, is a great example of the innovation the industry has come to expect from Silent Push." Traditional IOC-based security models are such a reactive approach that limit security teams from proactively stopping an attack that is yet to launch. Attackers are faster, more automated and increasingly leverage modern techniques to evade detection. A more modern approach is needed. Indicators of Future Attack (IOFA)™– only available from Silent Push–replace the traditional model providing an cyber early warning system. And, now with its Chrome Extension, Silent Push empowers Incident Response, Threat Intelligence and SOC teams to swiftly act and protect their organization with preemptive technology accessible with a simple click. Currently, the Silent Push Chrome Extension is available to enterprise customers only and downloaded here within the Chrome Web Store. About Silent Push Silent Push is a preemptive cybersecurity intelligence company. It is the first and only solution to provide a complete view of emerging threat infrastructure in real-time, exposing malicious intent through its Indicators Of Future Attack™ (IOFA™) data to enable security teams to proactively block hidden threats and avoid loss. The Silent Push standalone platform is also available via API integrating with any number of security tools, including SIEM & XDR, SOAR, TIP, and OSINT providing automated enrichment and actionable intelligence. Customers include some of the world's largest enterprises within the Fortune 500 and government agencies. Free community edition LinkedIn and X.
Yahoo
22-05-2025
- Business
- Yahoo
Silent Push Launches Chrome Extension, Providing New Controls and Quick Access to Critical Data to Preemptively Stop Attacks
New, strategic integration partnerships available that enhance capabilities and empower SOC, IR and CTI teams SINGAPORE, May 22, 2025 /PRNewswire/ -- Silent Push, a leading preemptive cybersecurity intelligence company, announced today the launch of its new Google Chrome Extension, providing immediate access to information about indicators discovered through a user's browser and new controls to action on them. As part of the company's continuing efforts to level up security teams' cyber defenses, Silent Push introduces new integration partner Filigran - the developer of OpenCTI. Silent Push partnerships, including ThreatConnect continue to improve the customer experience and enhance company-wide security stacks with enriched data from the Silent Push platform. Simone Filiaggi, Sr. Threat Intelligence Analyst at Box, said: "The Silent Push Chrome Extension makes it a lot easier to access actionable, and high-quality threat intelligence. It's easy to use and improves our ability to detect and respond to threats including quick pivots into the Silent Push platform for a deep dive into adversary infrastructure." Ken Bagnall, CEO and Co-Founder of Silent Push, said: "We are committed to providing our customers with the solutions and resources they need to protect themselves from an attack and maintain business resilience. "Our Chrome Extension is bidirectional and makes it easier and faster to action. It acts as an integration into any of your SaaS platforms. By working directly in your browser through our extension, security teams now have the power to pivot control anywhere on the Internet. Through our integration partnerships and upcoming Abuse Reporting service, we are strengthening our capabilities and commitment so that security teams have the resources they need to identify adversary infrastructure before an attack is launched," Ken Bagnall said. Jan Johansen, SVP Global Alliances, Filigran, the developer of OpenCTI said: "As a new integration partner, our joint customers will benefit from our better together offering of leading threat intelligence from Silent Push leveraged through our OpenCTI platform featuring comprehensive visualizations and analytic tools. This is the best of both worlds to fully enable security teams to protect their organization." Andrew Pendargast, Chief Product Officer, ThreatConnect, said: "Our long-standing integration partnership with Silent Push enables our joint customers to further their journey towards a fully threat and risk-informed cyber defense. The new Chrome Extension, which offers defenders a far faster time to detect emerging threats, is a great example of the innovation the industry has come to expect from Silent Push." Traditional IOC-based security models are such a reactive approach that limit security teams from proactively stopping an attack that is yet to launch. Attackers are faster, more automated and increasingly leverage modern techniques to evade detection. A more modern approach is needed. Indicators of Future Attack (IOFA)™–only available from Silent Push–replace the traditional model providing an cyber early warning system. And, now with its Chrome Extension, Silent Push empowers Incident Response, Threat Intelligence and SOC teams to swiftly act and protect their organization with preemptive technology accessible with a simple click. Currently, the Silent Push Chrome Extension is available to enterprise customers only and downloaded here within the Chrome Web Store. About Silent Push Silent Push is a preemptive cybersecurity intelligence company. It is the first and only solution to provide a complete view of emerging threat infrastructure in real-time, exposing malicious intent through its Indicators Of Future Attack™ (IOFA™) data to enable security teams to proactively block hidden threats and avoid loss. The Silent Push standalone platform is also available via API integrating with any number of security tools, including SIEM & XDR, SOAR, TIP, and OSINT providing automated enrichment and actionable intelligence. Customers include some of the world's largest enterprises within the Fortune 500 and government agencies. Free community edition is available. For more information, visit or follow on LinkedIn and X. View original content to download multimedia: SOURCE Silent Push Sign in to access your portfolio
Forbes
13-05-2025
- Business
- Forbes
Tim Cook's Apple iToken Ad Is A Con, X Users Warned
Threat actors have been targeting Apple users for the longest time. I recently reported how Apple passwords were being stolen in a macOS attack impersonating a Realtek driver update, while the Banshee Stealer puts 100 million Apple users in the credential-hacking crosshairs. Indeed, if you needed any proof that a hacker target is hovering over Apple users heads, the fact that macOS infostealer attacks were up 101% in the last quarter of 2024 should provide it. The latest threat takes a bit of an off-ramp from the usual password-stealing stuff though, and heads into straight-up financial fraud with a little bit of help from a faked X advertising campaign, a phoney Tim Cook endorsement, and an offer to get ahead of the crowd and preorder Apple iToken crypto. I'll admit it, I'm an Apple fanboy and would likely be interested in most anything with an 'i' prefix to be fair. Whether that would stretch to cryptocurrency in the form of an Apple iToken is unlikely, as I'm not really a wannabe crypto bro. Unfortunately, the same cannot be said for many Apple fans, and crypto investors, for that matter. At least, that's what the threat actors behind the iToken scam are working on. They are also, it would appear, hoping that their target victim is going to be a user of X, the social media platform formerly known as Twitter and home to an active and highly vocal cryptocurrency community. Threat analysts working at Silent Push have uncovered a financial fraud campaign that employs all of the above, plus a little bit of Tim Cook, in order to try and get victims to part with their cash. Silent Push investigators were made aware of the campaign after spotting what appeared to be an advert on X, published May 1, that promoted an Apple iToken. The advertising URL displayed pointed to CNN for added gravitas and believability. This was, the Silent Push report said, achieved by using a 'known exploit for spoofing a URL on X/Twitter.' The crypto presale scam exploited the premise of an official Apple iToken release being forthcoming, and even went so far as to use a fake endorsement from Apple CEO Tim Cook himself to bolster the air of trust. Anyone clicking on the advert would be redirected to the presale website where an account would need to be created and payment made from any of 22 crypto wallets to pay for the non-existent crypto token. 'We found nearly 90 sites going back to 2024,' the researchers warned, 'with almost identical financial lures, all appearing to be from the same threat actor group.' This Apple iToken scam campaign's ability to spoof a visible X advertising URL is, the Silent Push report warned, 'a novel method for tricking potential victims, one only occasionally seen in the wild.' I have reached out to X and Apple for a statement and will update this article if any is forthcoming. In the meantime, don't get taken in by these scammers: there is no Apple iToken, Tim Cook has not endorsed it, CNN is not buying advertising promoting it.
