Malwarebytes Labs discovered a Bing ad disguised as a link to install NordVPN, which instead led to a remote access trojan named SecTopRAT. The researchers found that the trojan could control browser sessions and send system information to an attacker’s control server. The deceptive ad was reported to Microsoft and Dropbox, the latter of which has since removed the linked account. Despite this, the malvertising campaign may still be active under a different identity.
CISA announces secure by design pledges from leading tech providers
The CISA announced that 68 software manufacturers have agreed to their Secure by Design pledge, indicating a commitment to prioritizing security measures in their products.