A week in security (November 25 – December 1)

Last week on Malwarebytes Labs: Printer problems? Beware the bogus help Data broker exposes 600,000 sensitive files including background checks Medical testing company LifeLabs failed to protect customer data, report finds Explained: the Microsoft connected experiences controversy Spotify, Audibl...

Printer problems? Beware the bogus help

Anyone who has ever used a printer likely has had a frustrating experience at some point. There always seems to be some kind of issue with the software not responding, paper getting jammed or one of many other possible failures. When people need help, they often turn to Google and now AI to look...

Data broker exposes 600,000 sensitive files including background checks

A researcher has discovered a data broker had stored 644,869 PDF files in a publicly accessible cloud storage container. The 713.1 GB container an Amazon S3 bucket did not have password-protection, and the data was left unencrypted, so anybody who stumbled on them could read the files. The files...

Medical testing company LifeLabs failed to protect customer data, report finds

In 2019, a ransomware attack hit LifeLabs, a Canadian medical testing company. The ransomware encrypted the lab results of 15 million Canadians, and personally identifiable information PII of 8.6 million people was stolen. After noticing the attack, LifeLabs informed its customers and the Canadia...

Explained: the Microsoft connected experiences controversy

Recently we've seen some heated discussion about Microsoft’s connected experiences feature. As in many discussions lately there seems to be no room for middle ground, but we're going to try and provide it anyway. First of all, it’s important to understand what the “connected experiences” are...

Spotify, Audible, and Amazon used to push dodgy forex trading sites and more

Spotify and Amazon services have been flooded with bogus listings that push dubious "forex trading" sites, Telegram channels, and suspicious links claiming to offer pirated software according to our friends over at BleepingComputer. Cybercriminals are abusing the options to inject keywords and...

“Hilariously insecure”: Andrew Tate’s The Real World breached, 800,000 users affected

Andrew Tate's online education platform The Real World—formerly known as Hustlers University—has been hacked and user data has been stolen. Hacktivists flooded the primary chatroom with emojis as proof that they had breached the site. After this they shared approximately 794,000 usernames of,...

A week in security (November 18 – November 24)

Last week on Malwarebytes Labs: Meta takes down more than 2 million accounts in fight against pig butchering "Sad announcement" email implies your friend has died Update now! Apple confirms vulnerabilities are already being exploited AI Granny Daisy takes up scammers’ time so they can’t bother yo...

Meta takes down more than 2 million accounts in fight against pig butchering

Meta provided insight this week into the company's efforts in taking down more than 2 million accounts that were connected to pig butchering scams on their owned platforms, Facebook and Instagram. Pig butchering scams are big business, with hundreds of millions of dollars involved every year. The...

“Sad announcement” email implies your friend has died

Tech support scammers are again stooping low with their email campaigns. This particular one hints that one of your contacts may have met an untimely end. It all starts with an email titled “Sad announcement” followed by a full name of someone you know. The email may appear to come from the perso...

Update now! Apple confirms vulnerabilities are already being exploited

Apple has released security patches for most of its operating systems, including iOS, Mac, iPadOS, Safari, and visionOS. The updates for iOS and Intel-based Mac systems are especially important, as they tackle vulnerabilities that are being actively exploited by cybercriminals. You should make su...

AI Granny Daisy takes up scammers’ time so they can’t bother you

A mobile network operator has called in the help of Artificial Intelligence AI in the battle against phone scammers. Virgin Media O2 in the UK has built an AI persona called Daisy with the sole purpose of keeping scammers occupied for as long as possible. Basically, until the scammers give up,...

Free AI editor lures in victims, installs information stealer instead on Windows and Mac

A large social media campaign was launched to promote a free Artificial Intelligence AI video editor. If the "free" part of that campaign sounds too good to be true, then that's because it was. Instead of the video editor, users got information stealing malware. Lumma Stealer was installed on...

AI is everywhere, and Boomers don’t trust it

Artificial intelligence tools like ChatGPT, Claude, Google Gemini, and Meta AI represent a stronger threat to data privacy than the social media juggernauts that cemented themselves in the past two decades, according to new research on the sentiments of older individuals from Malwarebytes. A...

An air fryer, a ring, and a vacuum get brought into a home. What they take out is your data (Lock and Code S05E24)

This week on the Lock and Code podcast… The month, a consumer rights group out of the UK posed a question to the public that they’d likely never considered: Were their air fryers spying on them? By analyzing the associated Android apps for three separate air fryer models from three different...

QuickBooks popup scam still being delivered via Google ads

Accounting software QuickBooks, by Intuit, is a popular target for India-based scammers, only rivaled for top spot by the classic Microsoft tech support scams. We've seen two main lures, both via Google ads: the first one is simply a website promoting online support for QuickBooks and shows a pho...

A week in security (November 11 – November 17)

Last week on Malwarebytes Labs: Malicious QR codes sent in the mail deliver malware 122 million people’s business contact info leaked by data broker Advertisers are pushing ad and pop-up blockers using old tricks Scammer robs homebuyers of life savings in $20 million theft spree Temu must respect...

Malicious QR codes sent in the mail deliver malware

Physical letters that contain a QR code to trick people into downloading malware are being sent through the mail, according to a warning issued by The Swiss National Cyber Security Centre NCSC. The letters are sent as if they come from the official Swiss Federal Office of Meteorology and...

122 million people’s business contact info leaked by data broker

A data broker has confirmed a business contact information database containing 132.8 million records has been leaked online. In February, 2024, a cybercriminal offered the records for sale on a data breach forum claiming the information came from pureincubation.com. Pure Incubation was founded in...

Advertisers are pushing ad and pop-up blockers using old tricks

Despite the countermeasures some services are taking against well-known ad blockers, lots of people now use one. This is no doubt due to increased privacy concerns around online tracking, along with the growing number of ads per site. And where there is money to be made, you’ll find social...

Scammer robs homebuyers of life savings in $20 million theft spree

A 33-year-old Nigerian man living in the UK and his co-conspirators defrauded over 400 would-be home buyers in the US. In the initial phase, Babatunde Francis Ayeni and his criminal gang targeted US title companies, real estate agents, and real estate attorneys. Employees of these companies were...

Temu must respect consumer protection laws, says EU

Temu has been accused of a number of infringements on its platform against European Union EU consumer law. The Consumer Protection Cooperation CPC Network of national consumer authorities and the European Commission teamed up for a coordinated ongoing investigation into Temu and its practices. Th...

Warning: Online shopping threats to avoid this Black Friday and Cyber Monday

.kb-row-layout-wrap.wp-block-kadence-rowlayout.kb-row-layout-id1206714424da-98margin-top:0px;margin-bottom:var--global-kb-spacing-xl, 4rem;.kb-row-layout-id1206714424da-98 .kt-row-column-wrapalign-content:center;:where.kb-row-layout-id1206714424da-98 .kt-row-column-wrap...

DNA testing company vanishes along with its customers’ genetic data

.kb-row-layout-wrap.wp-block-kadence-rowlayout.kb-row-layout-id12063564d0c4-23margin-top:0px;margin-bottom:var--global-kb-spacing-sm, 1.5rem;.kb-row-layout-id12063564d0c4-23 .kt-row-column-wrapalign-content:center;:where.kb-row-layout-id12063564d0c4-23 .kt-row-column-wrap...

A week in security (November 4 – November 10)

Last week on Malwarebytes Labs: Hello again, FakeBat: popular loader returns after months-long hiatus TikTok ordered to close Canada offices following "national security review" Air fryers are the latest surveillance threat you didn’t consider Malwarebytes acquires AzireVPN to fuel additional VPN...

Hello again, FakeBat: popular loader returns after months-long hiatus

The web browser, and search engines in particular, continue to be a popular entry point to deliver malware to users. While we noted a decrease in loaders distributed via malvertising for the past 3 months, today's example is a reminder that threat actors can quickly switch back to tried and teste...

TikTok ordered to close Canada offices following “national security review”

The Government of Canada ordered the TikTok Technology Canada Inc. to close its offices in the country following a national security review. This decision was made in accordance with the Investment Canada Act, which allows for the review of foreign investments that may be injurious to Canada’s...

Air fryers are the latest surveillance threat you didn’t consider

Consumer group Which? has warned shoppers to be selective when it comes to buying smart air fryers from Xiaomi, Cosori, and Aigostar. We've learned to expect that “smart” appliances come with privacy risks—toothbrushes aside—but I really hadn’t given my air fryer any thought. Now things are about...

Malwarebytes acquires AzireVPN to fuel additional VPN features and functionalities

Today I have great news to share: We've acquired AzireVPN, a privacy-focused VPN provider based in Sweden. I wanted to share with you our intentions behind this exciting step, and what this means for our existing users and the family of solutions they rely on to keep them private and secure...

Large eBay malvertising campaign leads to scams

Tech support scammers are targeting eBay customers in the U.S. via fraudulent Google ads. In a few separate searches, we were able to identify multiple Sponsored results that were created from at least four different advertiser accounts. While most of those ads clearly looked fake, they appeared...

8 security tips for small businesses

Small businesses and startups are known to face some extra challenges when it comes to cybersecurity. Because they don’t have the size or budget to have a fully-fledged dedicated security team, it often comes down to one person that doesn’t have the time to do everything that is recommended or ev...

8 security tips for small businesses

Small businesses and startups are known to face some extra challenges when it comes to cybersecurity. Because they don’t have the size or budget to have a fully-fledged dedicated security team, it often comes down to one person that doesn’t have the time to do everything that is recommended or ev...

Update your Android: Google patches two zero-day vulnerabilities

Google has announced patches for several high severity vulnerabilities. In total, 51 vulnerabilities have been patched in November's updates, two of which are under limited, active exploitation by cybercriminals. If your Android phone shows patch level 2024-11-05 or later then the issues discusse...

Warning: Hackers could take over your email account by stealing cookies, even if you have MFA

The Federal Bureau of Investigation FBI has issued a warning that cybercriminals are taking over email accounts via stolen session cookies, allowing them to bypass the multi-factor authentication MFA a user has set up. Here's how it works. Most of us don’t think twice about checking the “Remember...

Why your vote can’t be “hacked,” with Cait Conley of CISA (Lock and Code S05E23)

This week on the Lock and Code podcast … The US presidential election is upon the American public, and with it come fears of "election interference." But "election interference" is a broad term. It can mean the now-regular and expected foreign disinformation campaigns that are launched to sow...

City of Columbus breach affects around half a million citizens

A ransomware attack against the City of Columbus, Ohio—which drew public scrutiny following the city government's attempt to silence a researcher who told the public about the attack—has received a little more detail from an unexpected source: The Attorney General for the state of Maine. In a dat...

Crooks bank on Microsoft’s search engine to phish customers

We identified a new wave of phishing for banking credentials that targets consumers via Microsoft's search engine. A Bing search query for 'Keybank login' currently returns malicious links on the first page, and sometimes as the top search result. We have reported the fraudulent sites to Microsof...

A week in security (October 28 – November 3)

Last week on Malwarebytes Labs: 1,000+ web shops infected by "Phish ‘n Ships" criminals who create fake product listings for in-demand products Android malware FakeCall intercepts your calls to the bank Patch now! New Chrome update for two critical vulnerabilities Update your iPhone, Mac, Watch:...

1,000+ web shops infected by “Phish ‘n Ships” criminals who create fake product listings for in-demand products

Researchers at the Satori Threat Intelligence and Research team have published their findings about a group of cybercriminals that infect legitimate web shops to create and promote fake product listings. The threat, dubbed "Phish ‘n Ships" by the researchers, reportedly infected more than 1,000...

Android malware FakeCall intercepts your calls to the bank

An Android banking Trojan called FakeCall is capable of hijacking the phone calls you make to your bank. Instead of reaching your bank, your call will be redirected to the cybercriminals. The Trojan accomplishes this by installing itself as the default call handler on the infected device. The...

Patch now! New Chrome update for two critical vulnerabilities

Google has released an update for its Chrome browser which includes patches for two critical vulnerabilities. The update brings the Stable channel to versions 130.0.6723.91/.92 for Windows and Mac and 130.0.6723.91 for Linux. The easiest way to update Chrome is to allow it to update automatically...

Update your iPhone, Mac, Watch: Apple issues patches for several vulnerabilities

Apple has released security patches for most of its operating systems, including iOS, Mac, iPadOS and watchOS. Especially important are the updates for iOS and iPadOS which tackle vulnerabilities which could potentially leak sensitive user information. You should make sure you update as soon as y...

Europol warns about counterfeit goods and the criminals behind them

With the holidays around the bend, many are looking for gifts for their family and friends. And since we somehow decided we want to give more each time, we’re also looking for good deals. But European law enforcement agency Europol issued a warning about buying fake goods. Sure, they are cheaper,...

A week in security (October 21 – October 27)

Last week on Malwarebytes Labs: 100 million US citizens officially impacted by Change Healthcare data breach Pinterest tracks users without consent, alleges complaint After concerns of handing Facebook taxpayer info, four companies found to have improperly shared data LinkedIn bots and spear...

100 million US citizens officially impacted by Change Healthcare data breach

In April, we reported that a “substantial proportion” of Americans may have had their health and personal data stolen in the Change Healthcare breach. That was based on a report provided by the UnitedHealth Group after the February cyberattack on its subsidiary Change Healthcare. The attack on...

Pinterest tracks users without consent, alleges complaint

Pinterest has received a complaint from privacy watchdog noyb None of your business over the unsolicited tracking of its users. Pinterest allows you to pin images to virtual pinboards; useful for interior design, recipe ideas, party inspiration, and much more. It started as a virtual replacement...

After concerns of handing Facebook taxpayer info, four companies found to have improperly shared data

Four tax preparation software companies failed to comply with government rules that require the sharing of tax-related info to be done only with specific disclosures and full tax-payer consent, according to an audit released by the Treasure Inspector General for Tax Administration TIGTA in the...

LinkedIn bots and spear phishers target job seekers

Microsoft's social network for professionals, LinkedIn, is an important platform for job recruiters and seekers alike. It's also a place where criminals go to find new potential victims. Like other social media platforms, LinkedIn is no stranger to bots attracted to special keywords and hashtags...

Upload a video selfie to get your Facebook or Instagram account back

Meta, the company behind Facebook and Instagram says its testing new ways to use facial recognition—both to combat scams and to help restore access to compromised accounts. The social media giant is testing the use of video selfies and facial recognition to help users get their hijacked accounts...

This industry profits from knowing you have cancer, explains Cody Venzke (Lock and Code S05E22)

This week on the Lock and Code podcast … On the internet, you can be shown an online ad because of your age, your address, your purchase history, your politics, your religion, and even your likelihood of having cancer. This is because of the largely unchecked “data broker” industry. Data brokers...