A researcher details a malicious and convincing Google ad linking to a fake site for password manager Keepass; Google shows a verified advertiser paid for them (Dan Goodin/Ars Technica)

Dan Goodin / Ars Technica:

A researcher details a malicious and convincing Google ad linking to a fake site for password manager Keepass; Google shows a verified advertiser paid for them  —  Google-verified advertiser + legit-looking URL + valid TLS cert = convincing look-alike.  —  Google has been caught hosting …