4707 matches found
Android malware turns phones into malicious tap-to-pay machines
Got an Android phone? Got a tap-to-pay card? Then you're like millions of other users now at risk from a new form of cybercrime - malware that can read your credit or debit card and hand its data over to an attacker. A newly discovered malicious program effectively turns Android phones into...
Meta slurps up EU user data for AI training
European Facebook users have so far avoided having their public posts used to train parent company Meta's AI model. That's about to change, the company has warned. In a blog post today, it said that EU residents' data was fair game and it would be slurping up public posts for training soon...
72% of people are worried their data is being misused by the government, and that’s not all…
Bad vibes are big news in privacy right now, with the public feeling isolated in securing their sensitive information from companies, governments, AI models, and scammers. That’s the latest from Malwarebytes research conducted this month, which revealed that the vast majority of people are...
Security expert Troy Hunt hit by phishing attack
Internet security expert and educator Troy Hunt disclosed this week that he had been hit by one of the oldest—and most proven—scams in the online world: A phishing attack. Through an automated attack disguised as a notice from Hunt’s chosen newsletter provider Mailchimp, scammers stole roughly...
Amazon disables privacy option, will send your Echo voice recordings to the cloud
Amazon has announced its Echo devices will no longer have the option to store and process requests on the device itself, meaning your voice recordings will now be sent to the cloud for processing. In an email sent to customers, Amazon explained that the feature "Do Not Send Voice Recordings" will...
Warning over free online file converters that actually install malware
The FBI Denver Field Office has warned of an increasing number of scammy websites offering free online file converter services. Instead of converting files, the tools actually load malware onto victims’ computers. The FBI warned specifically about that malware leading to ransomware attacks, but...
Millions of stalkerware users exposed again
There are many reasons not to use stalkerware, but the risk of getting exposed yourself seems to be a recurring deterrent, according to a new investigaton. As we have reported many times before, stalkerware-type apps are coded so badly that it’s possible to gain access to the back-end databases a...
DeepSeek found to be sharing user data with TikTok parent company ByteDance
A couple of weeks ago we reported on the concerns surrounding data collection and security at DeepSeek, the Chinese AI company which recently made headlines for shaking up the industry after seemingly appearing from nowhere to become top of the app download charts. Now South Korea’s Personal...
New AI “agents” could hold people for ransom in 2025
A paradigm shift in technology is hurtling towards us, and it could change everything we know about cybersecurity. Uhh, again, that is. When ChatGPT was unveiled to the public in late 2022, security experts looked on with cautious optimism, excited about the new technology but concerned about its...
A week in security (January 6 – January 12)
Last week on Malwarebytes Labs: Dental group lied through teeth about data breach, fined $350,000 AI-supported spear phishing fools more than 50% of targets US Cyber Trust Mark logo for smart devices is coming GroupGreeting e-card site attacked in "zqxq" campaign Massive breach at location data...
TP-Link faces US national security probe, potential ban on devices
The US government launched a national security investigation into the popular, Chinese-owned router maker TP-Link, with a potential eye on banning the company's devices in the United States. The investigation comes amid heightened tension between the US and the Chinese government, and after a...
Task scams surge by 400%, but what are they?
An unfamiliar type of scam has surged against everyday people, with a year-over-year increase of some 400%, putting job seekers at risk of losing their time and money. The emerging threat is delivered in "task scams" or "gamified job scams." While these scams were virtually non-existent in 2020,...
AI chatbot provider exposes 346,000 customer files, including ID documents, resumes, and medical records
Researchers have discovered a huge Google Cloud Storage bucket, found freely accessible on the internet and containing a treasure trove of personal information. AI startup WotNot provides companies with the ability to create their own customized chatbot. The company reportedly has 3,000 customers...
Repeat offenders drive bulk of tech support scams via Google Ads
Of all the different kinds of malicious search ads we track, those related to customer service are by far the most common. Brands such as PayPal, eBay, Apple or Netflix are among the most coveted ones as they tend to drive a lot of online searches. Tech support scammers are leveraging Google ads ...
Printer problems? Beware the bogus help
Anyone who has ever used a printer likely has had a frustrating experience at some point. There always seems to be some kind of issue with the software not responding, paper getting jammed or one of many other possible failures. When people need help, they often turn to Google and now AI to look...
Free AI editor lures in victims, installs information stealer instead on Windows and Mac
A large social media campaign was launched to promote a free Artificial Intelligence AI video editor. If the "free" part of that campaign sounds too good to be true, then that's because it was. Instead of the video editor, users got information stealing malware. Lumma Stealer was installed on...
Why your vote can’t be “hacked,” with Cait Conley of CISA (Lock and Code S05E23)
This week on the Lock and Code podcast … The US presidential election is upon the American public, and with it come fears of "election interference." But "election interference" is a broad term. It can mean the now-regular and expected foreign disinformation campaigns that are launched to sow...
Pinterest tracks users without consent, alleges complaint
Pinterest has received a complaint from privacy watchdog noyb None of your business over the unsolicited tracking of its users. Pinterest allows you to pin images to virtual pinboards; useful for interior design, recipe ideas, party inspiration, and much more. It started as a virtual replacement...
Exposing the Facebook funeral livestream scam (Lock and Code S05E21)
This week on the Lock and Code podcast … Online scammers were seen this August stooping to a new low—abusing local funerals to steal from bereaved family and friends. Cybercrime has never been a job of morals calling it a "job" is already lending it too much credit, but, for many years, scams...
iOS 18 is out. Here are the new privacy and security features
On September 16, 2024, Apple released iOS 18. Besides a lot of exciting new features, iOS 18 comes with some privacy and security enhancements. One of the most promising new features is the new Passwords app. Built on the foundation of Apple's password management system Keychain, Passwords makes ...
Lowe’s employees phished via Google ads
In mid-August, we identified a malvertising campaign targeting Lowes employees via Google ads. Like many large corporations, Lowes has their own employe portal called MyLowesLife, for all matters related to schedule, pay stubs, or benefits. Lowes employees who searched for "myloweslife" during th...
London’s city transport hit by cybersecurity incident [updated]
Transport for London TfL, the citys transport authority, is fighting through an ongoing cyberattack. TfL runs three separate units that arrange transports on Londons surface, underground, and Crossrail transportation systems. It serves some 8 million inhabitants of the London metropolitan area. I...
Fraudulent Slack ad shows malvertiser’s patience and skills
In the past year alone, we have reported almost five hundred unique malvertising incidents related to Google search ads. While it can be difficult to attribute each incident to a specific threat actor, we usually notice similarities between campaigns. Some malvertisers go to great lengths to bypa...
Meta to pay $1.4 billion over unauthorized facial recognition image capture
Texas Attorney General Ken Paxton has announced a $1.4 billion settlement with Meta to “stop the company’s practice of capturing and using the personal biometric data of millions of Texans without the authorization required by law.” The prime reason for the initial lawsuit that led to the...
CrowdStrike update at center of Windows “Blue Screen of Death” outage
A faulty update from the cybersecurity vendor CrowdStrike crashed countless Windows computers and sent them into a “Blue Screen of Death” BSOD, grinding to a halt the global operations of airlines, hospitals, news broadcasters, transportation agencies, and more. The incident itself is not the...
A week in security (July 8 – July 14)
Last week on Malwarebytes Labs: "Nearly all" AT&T customers had phone records stolen in new data breach disclosure Fake Microsoft Teams for Mac delivers Atomic Stealer Dangerous monitoring tool mSpy suffers data breach, exposes customer details iPhone users in 98 countries warned about spyware by...
Shopify says stolen customer data was taken in third-party breach
Shopify has denied a breach of its systems after a cybercriminal posted alleged Shopify customer details online. Shopify told BleepingComputer and other publications that the incident happened at a third party: "Shopify systems have not experienced a security incident. The data loss reported was...
Busted for book club? Why cops want to see what you’re reading, with Sarah Lamdan (Lock and Code S05E14)
This week on the Lock and Code podcast… More than 20 years ago, a law that the United States would eventually use to justify the warrantless collection of Americans phone call records actually started out as a warning sign against an entirely different target: Libraries. Not two months after...
How to remove a user from a shared Windows device
There will be times when you need to remove a user from a device. In this article well show you how to remove a user from Windows 10 or 11. On Windows you can create a local user account an offline account for anyone who will frequently use your PC. But the best option in most cases, is for...
A week in security (May 13 – May 19)
Last week on Malwarebytes Labs: Deleted iPhone photos show up again after iOS update Scammers can easily phish your multi-factor authentication codes. Here’s how to avoid it Notorious data leak site BreachForums seized by law enforcement Apple and Google join forces to stop unwanted tracking Upda...
How to change your Social Security Number
After seeing their Social Security Number SSN leaked in the AT&T breach, some US citizens are wondering if and how they can change their SSN. The good news is that even though it’s a challenging process, it is possible. But if youve ever had to abandon an email address that you used for years,...
A week in security (February 19 – February 25)
Last week on Malwarebytes Labs: Joomla! patches XSS flaws that could lead to remote code execution Update now! ConnectWise ScreenConnect vulnerability needs your attention Why ransomware gangs love using RMM tools—and how to stop them Signal to shield user phone numbers by default Vibrator virus...
Safer Internet Day, or why Brad Pitt needed an internet bodyguard
February 6, 2024 is Safer Internet Day. When I was asked to write about the topic, I misunderstood the question and heard: “can you cover save the internet” and we all agreed that it might be too late for that. While we laughed about it, it made me think. The internet has been around for quite so...
Ring curtails law enforcement’s access to footage
US law enforcement will no longer be able to request footage through the Neighbors app produced by Ring video doorbells and surveillance cameras. Until now Ring’s Request for Assistance RFA function allowed law enforcement to ask for and obtain user footage, but this function will be retired. Alo...
Apple now requires a judge’s order to hand over your push notification data
Last week, we reported on how US government agencies have been asking Apple and Google for metadata related to push notifications, but the companies arent allowed to tell users about it happening. The content of the notifications is diverse. It ranges from a weather app warning you about rain to ...
1Password reports security incident after breach at Okta
Password manager 1Password says it’s been affected by a breach at Okta, but it reports no user data has been stolen. In a security incident report, 1Password says that a member of its IT team received an unexpected email suggesting they had initiated an Okta report of a list of admins. They hadnt...
The US wants governments to commit to not paying ransoms
As the White House prepares to host its annual International Counter Ransomware Initiative CRI summit, Bloomberg reports that the US is pushing other countries to stop paying ransoms to cybercriminals. The CRI wants to enhance international cooperation to combat the growth of ransomware, and its ...
Customer data stolen from gaming cloud host Shadow
Cloud infrastructure provider Shadow has warned of the data theft of over 500,000 customers. The customers were informed by a breach notification which was posted online. Cloud is known in the gaming world and, among other things, allows gamers to play resource heavy games on lower-end devices, T...
Upgrading your Android device? Read this first
Last month, we wrote an article about what to do when upgrading your iPhone. Since then, we've received several requests to do a similar post about Android devices. Providing uniform and easy to follow instructions is a bit harder to do for Android, because there are many differences between make...
Sony was attacked by two ransomware operators
On September 25, newcomer ransomware group RansomedVC claimed to have successfully compromised the computer systems of entertainment giant Sony. Then, on October 4, news leaked that Sony had told current and former employees and their family members about another cybersecurity breach that exposed...
Food delivery robots give captured video footage to police
In what sounds like a new step towards Skynet, footage from a food delivery robot has been used as part of a criminal investigation. As 404 Media reports, the food delivery robots that are deployed for Uber Eats in Los Angeles are operated by Serve Robotics, which ultimately wants to deploy up to...
Malwarebytes Admin update: New Detection screens to manage threats!
We released version 1.2 of the Malwarebytes Admin app for iOS and Android last week, adding new Detection features make it easier to see and manage threats. Designed as a companion to the Nebula console, Malwarebytes Admin allows administrators to quickly review, investigate, and resolve security...
Credit card thieves target Booking.com customers
Staff in the hospitality industry are trained to accommodate their guests, and when they have a few years of experience under their belt you can be sure they'll have received some extraordinary requests. Which is something that clever cybercriminals are taking advantage of. Researchers at...
T-Mobile spills billing information to other customers
Some T-Mobile customers logged into their accounts on Wednesday to find another customers billing and account information showing on their online dashboards. T-Mobile denied there was an attack, but confirmed there had been a data leak. It said a "temporary system glitch" had misplaced some...
A week in security (September 11 - September 17)
Last week on Malwarebytes Labs: Europol lifts the lid on cybercrime tactics Malwarebytes wins every Q2 MRG Effitas award & scores 100% on new phishing test Watch out, this LastPass email with "Important information about your account" is a phish iPhone 15 launch: Wonderlust scammers rear their...
Upgrading your iPhone? Read this first
Apple's Wonderlust event on Tuesday saw the launch of the company's top-of-the-line iPhone 15 Pro Max with a titanium chassis and an improved telephoto camera, as well as other iPhone 15 models and new Apple Watches. Also this week, Apple was reportedly banned from selling the iPhone 12 in France...
The main causes of ransomware reinfection
A few months ago, we wrote about a ransomware reinfection incident. Ransomware reinfection arguably could be even worse than being a first time victim. Unfortunately it happens more often than you may think. Research shows that in 2022, more than a third 38% of surveyed organizations fell victim ...
Qakbot botnet infrastructure suffers major takedown
The Qakbot botnet has suffered a major setback after its infrastructure was heavily disrupted by US and European law enforcement agencies. Operation DuckHunt, as it was codenamed, is possibly the largest US-led financial and technical disruption of a botnet infrastructure. Not only did the agenci...
Social Security Numbers leaked in ransomware attack on Ohio History Connection
The Ohio History Connection OHC has posted a breach notification in which it discloses that a ransomware attack successfully encrypted internal data servers. During the attack, the cybercriminals may have had access to names, addresses, and Social Security Numbers SSNs of current and former OHC...
Old exploit kits still kicking around in 2023
The year is 2023 and there still are some people using Internet Explorer on planet Earth. More shocking perhaps, is the fact there are still threat actors maintaining exploit kit infrastructure and dropping new malware. In this quick blog post, we review two well-known toolkits from the past,...