4706 matches found
Reddit will start warning users that upvote violent content
In a post on r/RedditSafety by a Reddit administrator, the platform announced that it will start sending warnings to users that upvote violent content. Reddit is a social media platform and online forum where users can share and discuss content across a wide range of topics. The platform's...
I spoke to a task scammer. Here’s how it went
Tasks scam are surging, with a year over year increase of 400%. So I guess it should have been no surprise when I was contacted by a task scammer on X recently. Task scammers prey on people looking for remote jobs by offering them simple repetitive tasks such as liking videos, optimizing apps,...
Google now allows digital fingerprinting of its users
In the ongoing saga that is Google’s struggle to replace tracking cookies, we have entered a new phase. But whether that’s good news is another matter. For years, Google has been saying it will phase out the third-party tracking cookies that power much of its advertising business online, proposin...
Fake Etsy invoice scam tricks sellers into sharing credit card information
This article was researched and written by Stefan Dasic, manager, research and response forThreatDown, powered by Malwarebytes. As an online seller, you’re already juggling product listings, customer service and marketing—so the last thing you need is to be targeted by scammers. Unfortunately, a...
Phishing evolves beyond email to become latest Android app threat
There are plenty of phish in the sea, and the latest ones have little interest in your email inbox. In 2024, Malwarebytes detected more than 22,800 phishing apps on Android, according to the recent 2025 State of Malware report. Of those malicious apps, 5,200 could subvert one of the strongest...
ClickFix vs. traditional download in new DarkGate campaign
During the past several months there have been numerous malware campaigns that use a technique something referred to as "ClickFix". It often consists of a fake CAPTCHA or similar traffic validation page where visitors are instructed to paste and execute code in order to proceed. We have started t...
Three privacy rules for 2025 (Lock and Code S06E02)
This week on the Lock and Code podcast… It’s Data Privacy Week right now, and that means, for the most part, that you’re going to see a lot of well-intentioned but clumsy information online about how to protect your data privacy. You’ll see articles about iPhone settings. You’ll hear acronyms for...
Warning: Don’t sell or buy a second hand iPhone with TikTok already installed
After TikTok was briefly banned in the US last weekend, an unusual phenomenon unearthed. Reportedly, people are selling iPhones that have TikTok installed for up to $25,000. This may require some explanation, so bear with me. TikTok has had a rough time in the US the last weeks. The ban we...
PlugX malware deleted from thousands of systems by FBI
The FBI says it has removed PlugX malware from thousands of infected computers worldwide. The move came after suspicion that cybercriminals groups under control of the People’s Republic of China PRC used a version of PlugX malware to control, and steal information from victims' computers. PlugX h...
Some weeks in security (December 16 – January 5)
During the holiday period on Malwarebytes Labs we covered: A day in the life of a privacy pro, with Ron de Jesus Lock and Code S05E26 Task scams surge by 400%, but what are they? 5 million payment card details stolen in painful reminder to monitor Christmas spending AI-generated malvertising "whi...
A week in security (December 9 – December 15)
Last week on Malwarebytes Labs: Encrypted messaging service intercepted, 2.3 million messages read by law enforcement TikTok ban in US: Company seeks emergency injunction to prevent it Data brokers should stop trading health and location data, new bill proposes Update now! Apple releases new...
No company too small for Phobos ransomware gang, indictment reveals
The US Department of Justice has charged a Russian national named Evgenii Ptitsyn with selling, operating, and distributing a ransomware variant known as “Phobos” during a four-year cybercriminal campaign that extorted at least $16 million from victims across the world. The government’s indictmen...
A week in security (November 18 – November 24)
Last week on Malwarebytes Labs: Meta takes down more than 2 million accounts in fight against pig butchering "Sad announcement" email implies your friend has died Update now! Apple confirms vulnerabilities are already being exploited AI Granny Daisy takes up scammers’ time so they can’t bother yo...
Scammer robs homebuyers of life savings in $20 million theft spree
A 33-year-old Nigerian man living in the UK and his co-conspirators defrauded over 400 would-be home buyers in the US. In the initial phase, Babatunde Francis Ayeni and his criminal gang targeted US title companies, real estate agents, and real estate attorneys. Employees of these companies were...
TikTok ordered to close Canada offices following “national security review”
The Government of Canada ordered the TikTok Technology Canada Inc. to close its offices in the country following a national security review. This decision was made in accordance with the Investment Canada Act, which allows for the review of foreign investments that may be injurious to Canada’s...
1,000+ web shops infected by “Phish ‘n Ships” criminals who create fake product listings for in-demand products
Researchers at the Satori Threat Intelligence and Research team have published their findings about a group of cybercriminals that infect legitimate web shops to create and promote fake product listings. The threat, dubbed "Phish ‘n Ships" by the researchers, reportedly infected more than 1,000...
A week in security (October 21 – October 27)
Last week on Malwarebytes Labs: 100 million US citizens officially impacted by Change Healthcare data breach Pinterest tracks users without consent, alleges complaint After concerns of handing Facebook taxpayer info, four companies found to have improperly shared data LinkedIn bots and spear...
MoneyGram confirms customer data breach
Money transfer company MoneyGram has notified its customers of a data breach in which it says certain customers had their personal information taken between September 20 and 22, 2024. The investigation into the incident that was discovered on September 27 is still ongoing, and the number of...
Radiology provider exposed tens of thousands of patient files
An anonymous person has disclosed that they gained online access to a radiologist's platform that hosted patient information using stolen credentials. I-MED Radiology is Australia’s leading medical imaging provider. Their clinics offer a range of imaging procedures including MRI, CT, x-ray,...
Fake Disney+ activation page redirects to pornographic scam
A common way to activate digital subscriptions such as Netflix, Prime or Disney+ on a new TV is to visit a website and enter the code seen on your screen. It's much easier than having to authenticate using a remote and typing a username and password. Scammers are creating fake activation pages th...
Privacy watchdog files complaint over Firefox quietly enabling its Privacy Preserving Attribution
A European privacy watchdog has filed a complaint against Mozilla for quietly enabling Privacy Preserving Attribution PPA in its Firefox browser. Noyb none of your business argues that despite its reassuring name, the feature allows the browser to track your online behavior. By design, Privacy...
Telegram will hand over user details to law enforcement
Last month we reported how Telegram CEO Pavel Durov was indicted on charges of complicity in the distribution of child sex abuse images, aiding organized crime, drug trafficking, fraud, and refusing lawful orders to give information to law enforcement. Now, in a potentially related development,...
What the arrest of Telegram’s CEO means, with Eva Galperin (Lock and Code S05E19)
This week on the Lock and Code podcast… On August 24, at an airport just outside of Paris, a man named Pavel Durov was detained for questioning by French investigators. Just days later, the same man was charged in crimes related to the distribution of child pornography and illicit transactions,...
CODAC Behavioral Healthcare, US Marshalls are latest ransomware targets
The Qilin ransomware group listed CODAC Behavioral Healthcare, a nonprofit health care treatment organization, as one of their latest victims. Qilin seems to have a preference for healthcare and support organizations. One of their most well-known victims was the pathology lab services provider...
A week in security (August 19 – August 25)
Last week on Malwarebytes Labs: Millennials’ sense of privacy uniquely tested in romantic relationships Hacked GPS tracker reveals location data of customers "We will hold them accountable": General Motors sued for selling customer driving data to third parties Why you need to know about ransomwa...
“We will hold them accountable”: General Motors sued for selling customer driving data to third parties
Texas Attorney General Ken Paxton has sued General Motors GM for the unlawful collection and sale of over 1.5 million Texans’ private driving data to insurance companies without their knowledge or consent. In June, the Attorney General AG announced he had opened an investigation into several car...
A week in security (August 12 – August 18)
Last week on Malwarebytes Labs: Dozens of Google products targeted by scammers via malicious search ads Microsoft patches bug that could have allowed an attacker to revert your computer back to an older, vulnerable version We’re making it easier for you to protect your identity X accused of...
AI girlfriends want to know all about you. So might ChatGPT (Lock and Code S05E17)
This week on the Lock and Code podcast… Somewhere out there is a romantic AI chatbot that wants to know everything about you. But in a revealing overlap, other AI tools—which are developed and popularized by far larger companies in technology—could crave the very same thing. For AI tools of any...
Scammers are impersonating cryptocurrency exchanges, FBI warns
The Federal Bureau of Investigation FBI issued a public service announcement warning the public about scammers impersonating cryptocurrency exchange employees to steal funds. There are many types of crypto related scams, but in this case, the FBI provided an advisory about scammers that contact t...
A week in security (July 22 – July 28)
Last week on Malwarebytes Labs: Meta takes down 63,000 sextortion-related accounts on Instagram Windows update may present users with a BitLocker recovery screen TracFone will pay $16 million to settle FCC data breach investigation Google admits it can’t quite quit third-party cookies Heritage...
[updated] Federal Reserve “breached” data may actually belong to Evolve Bank
A shockwave went through the financial world when ransomware group LockBit claimed to have breached the US Federal Reserve, the central banking system of the United States. On LockBits dark web leak site, the group threatened to release over 30 TB of banking information containing Americans banki...
Fidelity National Financial acknowledges data breach affecting 1.3 million customers
In November 2023, real estate services company Fidelity National Financial FNF got its systems knocked offline for a week after a cyberincident. As is often the case these days, it turns out that the cyberincident was very likely a ransomware attack that included a data breach. Ransomware operato...
MongoDB warns customers about data breach after cyberattack
Database provider MongoDB has posted a security notice about a security incident in which attackers obtained unauthorized access to some of its corporate systems. The targeted system contained customer names, phone numbers, and email addresses among other customer account metadata, including syst...
23andMe says, er, actually some genetic and health data might have been accessed in recent breach
In October we reported that the data of as many as seven million 23andMe customers were for sale on criminal forums following a password attack against the genomics company. Now, a filing with the US Securities and Exchange Commission SEC has provided some more insight into the data theft. The...
A week in security (November 27 – December 3)
Last week on Malwarebytes Labs: Explained: Domain fronting Will ChatGPT write ransomware? Yes. Associated Press, ESPN, CBS among top sites serving fake virus alerts Meta sued over forcing users to pay to stop tracking Update now! Chrome fixes actively exploited zero-day vulnerability Many major...
Child health data stolen in registry breach
Canadian healthcare organization Better Outcomes Registry & Network BORN has disclosed a data breach affecting client data. BORN--an Ontario perinatal and child registry that collects, interprets, shares, and protects critical data about pregnancy, birth, and childhood--says it was attacked on Ma...
The end looms for Meta's behavioural advertising in Europe
The EU is going toe to toe with Meta once more, with the social network giant conceding defeat yet again. After having taken Meta to task for various privacy violations and data breaches, Meta is now having to provide European users with a way to opt out of behavioural advertising. The threat of...
How small businesses can secure employees' mobile devices
Fact: 77% of organizations are convinced they're capable of protecting their mobile devices--smartphones, tablets, and laptops including Chromebooks--from cybersecurity threats. Another fact: A third of those organizations aren't protecting their mobile devices at all. And that matters--in its...
Woman tracks down and turns table on Airbnb scammer
The internet is full of Airbnb scams and accounts told by victims. But there is a twist in this latest story-gone-viral that is usually lacking in most narratives: The victim evens the score. Airbnb host and scammer "Mr. Tyler" met his match when his would-be guest, TikTok user Olivia @livvoogus,...
Don't plug your phone into a free charging station, warns FBI
In a recent tweet, the FBI office in Denver warned consumers against using free public charging stations, stating that criminals have managed to hijack public chargers with the objective of infecting devices with malware or other software that can give hackers access to your phone, tablet or...
2023 State of Malware Report: What the channel needs to know to stay ahead of threats
The channel, comprising managed service providers MSPs, Systems Integrators SIs, value-added resellers VARs, and more, plays a vital role in providing cybersecurity for companies around the globe today. But as malware evolves and cyberattacks become more common, keeping up with the top threats to...
iPhone calendar spam: What it is, and how to remove it
If you open up your iPhone and see a variety of messages claiming that youve been hacked, your phone is not protected, that viruses have damaged your phone, or, my personal favourite, "Click to get rid of annoying ads", fear not. Its quite possible youve accidentally wandered into a common form o...
How the CISA catalog of vulnerabilities can help your organization
The Cybersecurity and Infrastructure Security Agency CISA maintains a "known exploited vulnerabilities catalog" which can be useful if you need help prioritizing the patching of vulnerabilities. In essence it is a long list of vulnerabilities that are actually being used by criminals to do harm,...
Vehicle Identification Numbers reveal driver data via telematics
There are many ways that data collection, and data availability, make less sense as the years pass by. This is frequently accompanied by a resistance to change, to improve these processes, because "thats how weve always done it". Sadly this is often the case even when those data collectors have...
BOD 23-01: Improving asset visibility and vulnerability detection on federal networks
On October 3, 2022, the Cybersecurity and Infrastructure Security Agency CISA issued Binding Operational Directive 23-01 BOD 23-10. This directive requires all Federal Civilian Executive Branch FCEB entities to maintain an inventory of all IPv4- and IPv6-networked assets, perform regular, periodi...
Romance scammer deepfakes Mark Ruffalo to con elderly artist
Deepfakes have settled into a groove, as most scam techniques do. It seems most deepfakers have decided to make as much cash as possible from unsuspecting victims instead of doing anything particularly earth-shattering with their technology. One curious twist we may not have seen coming is the...
The ransomware landscape changes as fewer victims decide to pay
Fewer victims are choosing to pay their ransomware extorters, especially among large enterprises, according to a recent investigation from Coveware. As a result of this, and other circumstances, we can see some shifts in the way that ransomware groups and their affiliates work. Large organization...
Watch out for this SMS phish promising a tax refund
Imagine logging into your bank’s website after responding to a text message claiming you’re due a refund, only to see a warning to watch out for bogus texts: Beware of SMS phishing! For those who dont read Dutch, the warning reads: Never respond to unusual emails or texts! Fraudsters often send...
Nintendo warns of imitation websites and suspicious hardware
Brave indeed is the soul who decides to take on Nintendo with scam-filled behaviour online. The console legends have a long history of crunching down on fraud, as well as gaming past-times some would consider to be harmless. Whether you create fan-made games, offer up plundered ROMs for use in...
Google Play sign-ins can be abused to track another person’s movements
Even people that have been involved in cybersecurity for over 20 years make mistakes. I’m not sure whether that is a comforting thought for anyone or whether everyone should be worried now. But it is what it is and I make it a habit of owning my mistakes. So here goes. With the aid of Google I wa...