126 matches found
A week in security (June 1 – June 7)
Last week on Malwarebytes Labs: Your phone called. It needs a cleanup. Fake BlueWallet steals passwords, accounts, and crypto from Macs Fake virus alerts are invading mobile games 23andMe exposed genetic information of millions, lawsuit says These convincing copyright notices are designed to stea...
How to better protect your growing business in an AI-powered world
AI is rapidly reshaping how work gets done in companies and organizations. In celebrating National Small Business Month, we want to acknowledge the unique challenges that growing business leaders face as AI creates both opportunity and risk. They face constant tradeoffs between moving fast,...
Harden your identity defense with improved protection, deeper correlation, and richer context
In today’s digital-first enterprise, identities have become the new corporate security perimeter. Hybrid work and cloud-first strategies have dissolved traditional network boundaries and dramatically increased the complexity of identity fabrics. Security teams are left managing a constellation of...
Building a lasting security culture at Microsoft
At Microsoft, building a lasting security culture is more than a strategic priority—it is a call to action. Security begins and ends with people, which is why every employee plays a critical role in protecting both Microsoft and our customers. When secure practices are woven into how we think,...
Building a lasting security culture at Microsoft
At Microsoft, building a lasting security culture is more than a strategic priority—it is a call to action. Security begins and ends with people, which is why every employee plays a critical role in protecting both Microsoft and our customers. When secure practices are woven into how we think,...
Introducing the smarter, more sophisticated Malwarebytes Trusted Advisor, your cybersecurity personal assistant
You ever get that feeling when you double-check the locks, but still wonder if you’ve missed something? That’s what a lot of people feel about cybersecurity. That’s where Malwarebytes Trusted Advisor comes in. You can see it as your very own cybersecurity personal assistant, giving you real-time...
Security Bulletin: Disable IP forwarding
Summary Security Bulletin: Disable IP forwarding Vulnerability Details CVEID:CVE-1999-0511 DESCRIPTION: IP forwarding is enabled on a machine which is not a router or firewall. CVSS Source: NVD CVSS Base score: 7.5 CVSS Vector:AV:N/AC:L/Au:N/C:P/I:P/A:P Affected Products and Versions Affected...
Entra ID Data Protection: Essential or Overkill?
Microsoft Entra ID formerly Azure Active Directory is the backbone of modern identity management, enabling secure access to the applications, data, and services your business relies on. As hybrid work and cloud adoption accelerate, Entra ID plays an even more central role — managing authenticatio...
Perfection is a Myth. Leverage Isn't: How Small Teams Can Secure Their Google Workspace
Let's be honest: if you're one of the first or the first security hires at a small or midsize business, chances are you're also the unofficial CISO, SOC, IT Help Desk, and whatever additional roles need filling. You're not running a security department. You are THE security department. You're...
Aura or LifeLock: Who Offers Better Identity Protection in 2025?
The Growing Threat of Digital Identity Theft Identity theft is a continuous online threat that lurks behind every…...
Cache Utility - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2025-019
The Cache Utility module provides an ability to view status and flush various caches. The module doesn't sufficiently protect against Cross Site Request Forgery CSRF attacks by validating user identity and intent when flushing a cache...
AI chatbot provider exposes 346,000 customer files, including ID documents, resumes, and medical records
Researchers have discovered a huge Google Cloud Storage bucket, found freely accessible on the internet and containing a treasure trove of personal information. AI startup WotNot provides companies with the ability to create their own customized chatbot. The company reportedly has 3,000 customers...
MoneyGram confirms customer data breach
Money transfer company MoneyGram has notified its customers of a data breach in which it says certain customers had their personal information taken between September 20 and 22, 2024. The investigation into the incident that was discovered on September 27 is still ongoing, and the number of...
No, not every Social Security number in the U.S. was stolen
My current least favorite thing about the churn of social media that Ive seen over the past week is waves of stories, posts and videos saying that every U.S. citizens Social Security number has been stolen or potentially viewed by a threat actor. The claim comes from a class action lawsuit filed ...
Man certifies his own (fake) death after hacking into registry system using stolen identity
A 39-year-old man has been sentenced to 81 months in jail after hacking governments systems to fake his own death to dodge paying child support. Yes, you read that right. The press release by the US Attorneys Office, Eastern District of Kentucky, paints a detailed picture of what went down. In...
AI device Rabbit r1 logged user interactions without an option to erase them before selling
Rabbit, the manufacturer of the Artificial Intelligence AI assistant r1 has issued a security advisory telling users its found a potential security risk. If a user loses or sells their device, a person in possession of the r1 could potentially jailbreak the device and gain access to files that...
Disney “breached,” data dumped online
A group of cybercriminals going by the handle NullBulge claims to have downloaded the Slack channels used by Disney’s developers. “DisneySlackLeak Disney has had their entire dev slack dumped. 1.1TiB of files and chat messages. Anything we could get our hands on, we downloaded and packaged up. Wa...
‘RockYou2024’: Nearly 10 billion passwords leaked online
On a popular hacking form, a user has leaked a file that contains 9,948,575,739 unique plaintext passwords. The list appears to be a compilation of passwords that were obtained during several old and more recent data breaches. The list is referred to as RockYou2024 because of its filename,...
Ticketmaster hackers release stolen ticket barcodes for Taylor Swift Eras Tour [updated]
The cybercriminals who claimed responsibility for the Ticketmaster data breach say theyve stolen 440,000 tickets for Taylor Swift’s Eras Tour. As proof, an entity using the handle Sp1d3rHunters, a merger of Sp1d3r and ShinyHunters who are both aliases associated with the breach, leaked 170k...
(Almost) everything you always wanted to know about cybersecurity, but were too afraid to ask, with Tjitske de Vries: Lock and Code S05E13
This week on the Lock and Code podcast… Ready to know what Malwarebytes knows? Ask us your questions and get some answers. What is a passphrase and what makes it—what’s the word? Strong? Every day, countless readers, listeners, posters, and users ask us questions about some of the most commonly...