Hackers injected malicious code into over 250 major news sites

If you are online, you are a target for hackers. No one is truly safe, but negligence and lack of awareness make you more vulnerable to malware, hacks, and scams.

Browsing websites and downloading files are part of the online experience, but you should be careful. How do you know what is safe? Tap or click here to access an online tool that checks websites and files for digital threats before opening them.

No newspaper can keep up with the minute-by-minute delivery of news sites. Millions of people visit these sites daily, making them a prime target for hackers. And that’s what’s happening now. Read on for more details and what to watch out for.

Be careful where you get your news

Cybersecurity researchers at Proofpoint announced via Twitter that threat actors had compromised a media company that broadcasts video content and advertisements to hundreds of major news outlets.

The hackers behind this attack, which Proofpoint calls TA569, injected malicious code into a JavaScript file uploaded by media websites. Over 250 regional and national newspaper sites accessed the malicious JavaScript, which has been around since 2018 and is known as SocGholish.

The relevant media organizations serve, among others, the following areas:

  • Boston.
  • New York.
  • Chicago.
  • Miami.
  • Washington DC.
  • Cincinnati.
  • Palm beach.

Visitors to compromised sites receive software updates for Chrome, Firefox, Internet Explorer, Edge, or Opera. Downloading fake updates can infect your computer with malware and ransomware or redirect you to malicious websites.

RELATED: Check your phone! Malicious apps with millions of downloads spotted

How to stay safe

If you see a pop-up prompting you to download anything, ignore it. If you want to update a device or program, do it directly through the app or website.

Here are some additional tips to avoid being scammed:

  • Protect your information — Never give out personal data if you do not know the sender of an SMS or email or if you cannot verify their identity. Criminals only need your name, email address and phone number to scam you.
  • Always use 2FA — Use two-factor authentication (2FA) for better security whenever available. Tap or click here for more details on 2FA.
  • Always be up to date – Keep your devices and apps up to date with the latest software to protect against security threats. But make sure you get updates through official sources. No random pop-up notifications from news websites.
  • sense of urgency — Here’s a red flag: any message telling you to “act now!” or makes you feel rushed and anxious. This is exactly how scammers want you to feel.
  • Avoid links and attachments — Do not click on links or attachments you receive in unsolicited emails or text messages. They could be malicious and infect your device with malware and/or steal sensitive information.
  • Antivirus is vital — Always have a trusted antivirus program updated and running on all your devices. We recommend our sponsor, TotalAV. Right now, get an annual plan with TotalAV for just $19 at ProtectWithKim.com. That’s over 85% off the regular price!

keep reading

Antivirus warning: what to do if you see this warning from McAfee

This is what it looks like when a virus takes over your computer

Comments are closed.