21 matches found
A LINDDUN-Based Privacy Threat Modeling Framework for GenAI
As generative AI GenAI systems become increasingly prevalent across various technological stacks, the question of how such systems handle sensitive and personal data flows becomes increasingly important. Specifically, both the ability to harness and process large swaths of information as well as...
Prevalence of Security and Privacy Risk-Inducing Usage of AI-Based Conversational Agents
Recent improvement gains in large language models LLMs have lead to everyday usage of AI-based Conversational Agents CAs. At the same time, LLMs are vulnerable to an array of threats, including jailbreaks and, for example, causing remote code execution when fed specific inputs. As a result, users...
On the Security and Privacy of Federated Learning: a Survey with Attacks, Defenses, Frameworks, Applications, and Future Directions
Federated Learning FL is an emerging distributed machine learning paradigm enabling multiple clients to train a global model collaboratively without sharing their raw data. While FL enhances data privacy by design, it remains vulnerable to various security and privacy threats. This survey provide...
Sextortion email scammers increase their “Hello pervert” money demands
Every so often the sextortion emails that start with “Hello pervert” get a redesign. You may have received one yourself: The emails claim that the sender has been watching your online behavior and caught you red-handed doing activities that you would like to keep private. The email usually starts...
A Taxonomy of Attacks and Defenses in Split Learning
Split Learning SL has emerged as a promising paradigm for distributed deep learning, allowing resource-constrained clients to offload portions of their model computation to servers while maintaining collaborative learning. However, recent research has demonstrated that SL remains vulnerable to a...
Israeli Spyware Graphite Targeted WhatsApp with 0-Click Exploit
Citizen Lab's investigation reveals sophisticated spyware attacks exploiting WhatsApp vulnerabilities, implicating Paragon Solutions. Learn how their research exposed these threats and the implications for digital privacy...
A week in security (August 5 – August 11)
Last week on Malwarebytes Labs: Security company ADT announces security breach of customer data Stolen data from scraping service National Public Data leaked online Android vulnerability used in targeted attacks patched by Google Men report more pressure and threats to share location and accounts...
Privacy Implications of Tracking Wireless Access Points
Brian Krebs reports on research into geolocating routers: Apple and the satellite-based broadband service Starlink each recently took steps to address new research into the potential security and privacy implications of how their services geolocate devices. Researchers from the University of...
U.S. Imposes Visa Restrictions on those Involved in Illegal Spyware Surveillance
The U.S. State Department said it's implementing a new policy that imposes visa restrictions on individuals who are linked to the illegal use of commercial spyware to surveil civil society members. "The misuse of commercial spyware threatens privacy and freedoms of expression, peaceful assembly,...
Polite WiFi loophole could allow attackers to drain device batteries
Researchers at the University of Waterloo in Ontario have further researched a loophole in the WiFi protocol that was dubbed "polite WiFi". Last year the researchers published a study in which they showed someone could use this loophole to triangulate the location of any WiFi enabled device. Now,...
Internet Safety Month: Everything you need to know about Omegle
Omegle reached the heady heights of fame when everyone least expected it. Thanks to TikTok influencers, children flocked to this 13-year-old platform during the pandemic, unaware of the dangers already there. The concept of talking to strangers online is Omegles main selling point, but its not ne...
Bypassing Apple’s AirTag Security
A Berlin-based company has developed an AirTag clone that bypasses Apples anti-stalker security systems. Source code for these AirTag clones is available online. So now we have several problems with the system. Apples anti-stalker security only works with iPhones. Apple wrote an Android app that...
Breaking free from the VirusTotal silo: Lock and Code S02E07
This week on Lock and Code, we speak to Malwarebytes Chief Information Security Officer John Donovan about the flaws in using VirusTotal as the one source of truth when evaluating whether or not a cybersecurity tool actually works. Its a practice that is surprisingly common. Weeks ago, Malwarebyt...
New Research: "Privacy Threats in Intimate Relationships"
I just published a new paper with Karen Levy of Cornell: "Privacy Threats in Intimate Relationships." Abstract: This article provides an overview of intimate threats: a class of privacy threats that can arise within our families, romantic partnerships, close friendships, and caregiving...
Forrester: Keeping Smart Cities Safe From Hacks
SAN FRANCISCO – Municipalities today are dealing with an unanticipated number of cyberthreats, Merritt Maxim, an analyst at Forrester, said last week at the RSA Conference 2020. Local and state governments are increasingly being targeted by ransomware attacks, phishing emails and business email...
Is Your Baby Monitor Susceptible to Hacking?
There’s no doubt that digital technology, in many of its forms, brings everyday tasks much closer-to-hand. From discovering breaking news, to online shopping, to keeping tabs on your home via security cameras—everything is within the touch of a button. Even so, with the growing reach of the...
Data Breach Bonanza: Dating Apps, Equifax, Mass Credential Dumps
In a week full of cyber-incidents and marked by the Valentine’s Day holiday, data breach news was surging. Equifax may have been hacked by spies, two huge credential spills on the Dark Web did their part to endanger people online and several companies admitted to data exposures, data breaches and...
Vanilla: Forum Users Information Disclosure
Summary: An unauthorized even unauthenticated user is able to view some private information about forum users. this information includes: email address even if the user not allows it, IP address of the user, data of some of the private messages between two users. Description: by brute forcing...
Using Ultrasonic Beacons to Track Users
I've previously written about ad networks using ultrasonic communications to jump from one device to another. The idea is for devices like televisions to play ultrasonic codes in advertisements and for nearby smartphones to detect them. This way the two devices can be linked. Creepy, yes. And als...
Outernet - Free Global Wi-Fi Service from Outer Space
If you are reading this THN Article, then you are the one of those lucky guys who has access to the Internet, but everyone is not as lucky as you. On this planet, about 40% of the population is still not having an access to the Internet services. So, there is good news for all those who are still...