Threat actor impersonates Google via fake ad for Authenticator

We have previously reported on the brand impersonation issue with Google ads: users who search for popular keywords are shown malicious ads that purport to be from an official vendor. Not only does this trick innocent victims into downloading malware or losing their data to phishing sites, it als...

SIEM is not storage, with Jess Dodson (Lock and Code S05E16)

This week on the Lock and Code podcast… In the world of business cybersecurity, the powerful technology known as "Security Information and Event Management" is sometimes thwarted by the most unexpected actors—the very people setting it up. Security Information and Event Management—or SIEM—is a te...

US senators ask FTC to investigate car makers’ privacy practices

An ongoing US Senate investigation indicated that connected car makers violate consumer privacy by sharing and selling drivers’ data, including their location, on a vast scale, and that the same car makers often obtain consumer consent through deception. Based on this investigation, senators have...

A week in security (July 22 – July 28)

Last week on Malwarebytes Labs: Meta takes down 63,000 sextortion-related accounts on Instagram Windows update may present users with a BitLocker recovery screen TracFone will pay $16 million to settle FCC data breach investigation Google admits it can’t quite quit third-party cookies Heritage...

Meta takes down 63,000 sextortion-related accounts on Instagram

Meta announced the take-down of 63,000 sextortion-related Instagram accounts in Nigeria alone. The action was directed against a group known as Yahoo Boys, a loosely organized set of cybercriminals that largely operate out of Nigeria and specialize in different types of scams. Meta took down a ho...

Windows update may present users with a BitLocker recovery screen

Some Windows users may see a BitLocker Recovery screen after applying the Microsoft patch Tuesday updates. BitLocker is a Windows security feature that encrypts entire drives. It prevents someone that has obtained a stolen or lost device from reading the files stored on that drive. Unfortunately,...

TracFone will pay $16 million to settle FCC data breach investigation

Following three separate data breaches between 2021 and 2023 which exposed the proprietary information PI of TracFone Wireless customers, the Federal Communications Commission FCC announced that the Verizon-owned company has agreed to pay a $16 million civil penalty to settle the government...

Google admits it can’t quite quit third-party cookies

For more than a year, Google has said it would phase out the third-party tracking cookies that power much of its advertising business online, proposing new ideas that would allegedly preserve user privacy while still providing businesses with steady revenue streams. This week, Google tossed much ...

Heritage Foundation data breach containing personal data is available online

The Heritage Foundation this month denied that it had suffered an earlier system breach and the subsequent leaking of internal data. But the organization had to admit that cybercriminals gained access to an archive of Heritages affiliated media site, The Daily Signal, dating back to 2022. That...

A week in security (July 15 – July 21)

Last week on Malwarebytes Labs: CrowdStrike update at center of Windows "Blue Screen of Death" outage Number of data breach victims goes up 1,000% Gen Z breakups tainted by login abuse for spying and stalking, research shows Rite Aid says 2.2 million people affected in data breach AI device Rabbi...

CrowdStrike update at center of Windows “Blue Screen of Death” outage

A faulty update from the cybersecurity vendor CrowdStrike crashed countless Windows computers and sent them into a “Blue Screen of Death” BSOD, grinding to a halt the global operations of airlines, hospitals, news broadcasters, transportation agencies, and more. The incident itself is not the...

Number of data breach victims goes up 1,000%

Nope, that headlines not a typo. Over one thousand percent. The Identity Theft Resource Center ITRC tracked 1,041,312,601 data breach victims in Q2 2024, an increase of 1,170% over Q2 2023 81,958,874 victims. The ITRC is a national non-profit organization set up with the goal of minimizing the ri...

Gen Z breakups tainted by login abuse for spying and stalking, research shows

Breaking up is hard to do, but for younger Americans today, ending a romantic relationship requires more than a heart-to-heart conversation—it could also require protection against follow-on invasions of online privacy and security. According to a new analysis of research released earlier this...

Rite Aid says 2.2 million people affected in data breach

The US third-largest pharmacy chain Rite Aid has filed a data breach notification in which it reports that the data stolen during a June ransomware attack compromised the data of some 2.2 million people. Ransomware group RansomHub claimed responsibility for the attack that took place on June 6,...

AI device Rabbit r1 logged user interactions without an option to erase them before selling

Rabbit, the manufacturer of the Artificial Intelligence AI assistant r1 has issued a security advisory telling users its found a potential security risk. If a user loses or sells their device, a person in possession of the r1 could potentially jailbreak the device and gain access to files that...

How an AI “artist” stole a woman’s face, with Ali Diamond (Lock and Code S05E15)

This week on the Lock and Code podcast… Full-time software engineer and part-time Twitch streamer Ali Diamond is used to seeing herself on screen, probably because she’s the one who turns the camera on. But when Diamond received a Direct Message DM on Twitter earlier this year, she learned that h...

Disney “breached,” data dumped online

A group of cybercriminals going by the handle NullBulge claims to have downloaded the Slack channels used by Disney’s developers. “DisneySlackLeak Disney has had their entire dev slack dumped. 1.1TiB of files and chat messages. Anything we could get our hands on, we downloaded and packaged up. Wa...

A week in security (July 8 – July 14)

Last week on Malwarebytes Labs: "Nearly all" AT&T customers had phone records stolen in new data breach disclosure Fake Microsoft Teams for Mac delivers Atomic Stealer Dangerous monitoring tool mSpy suffers data breach, exposes customer details iPhone users in 98 countries warned about spyware by...

Fake Microsoft Teams for Mac delivers Atomic Stealer

Competition between stealers for macOS is heating up, with a new malvertising campaign luring Mac users via a fraudulent advert for Microsoft Teams. This attack comes on the heels of the new Poseidon OSX.RodStealer project, another threat using a similar code base and delivery techniques. Based o...

Dangerous monitoring tool mSpy suffers data breach, exposes customer details

In a new episode of Spy vs Spy, the mobile monitoring app mSpy has suffered a data breach that exposed information about millions of its customers. As Malwarebytes Labs has reported before, the types of companies that make mobile applications that enable users to non-consensually spy and monitor ...

“Nearly all” AT&T customers had phone records stolen in new data breach disclosure

In a déjà-vu nightmare, US phone giant AT&T has notified customers that cybercriminals managed to download phone call and text message records of "nearly all of AT&T cellular customers from May 1, 2022 to October 31, 2022 as well as on January 2, 2023". In a filing with the Securities and Exchang...

iPhone users in 98 countries warned about spyware by Apple

In April 2024, we reported how Apple was warning people of mercenary attacks via its threat notification system. At the time it warned users in 92 countries. In a new round, Apple is now warning users in 98 countries of potential mercenary spyware attacks. The message sent to the affected users...

Peloton accused of providing customer chat data to train AI

It seems that Peloton may have been providing more training than just for its customers, as its set to face court in California accused of using user chat data to train AI. Peloton Interactive, Inc. is a US-based exercise equipment and media company, known for its stationary bicycles, treadmills,...

Ticketmaster says stolen Taylor Swift Eras Tour tickets are useless

While cybercriminals are offering free tickets to Taylor Swift Eras Tour and other events, Ticketmaster is telling would-be purchasers that these tickets will prove to be worthless. Those who have claimed responsibility for the Ticketmaster data breach say they’ve stolen 440,000 tickets for Taylo...

Shopify says stolen customer data was taken in third-party breach

Shopify has denied a breach of its systems after a cybercriminal posted alleged Shopify customer details online. Shopify told BleepingComputer and other publications that the incident happened at a third party: "Shopify systems have not experienced a security incident. The data loss reported was...

‘RockYou2024’: Nearly 10 billion passwords leaked online

On a popular hacking form, a user has leaked a file that contains 9,948,575,739 unique plaintext passwords. The list appears to be a compilation of passwords that were obtained during several old and more recent data breaches. The list is referred to as RockYou2024 because of its filename,...

A week in security (July 1 – July 7)

Last week on Malwarebytes Labs: Ticketmaster hackers release stolen ticket barcodes for Taylor Swift Eras Tour Authy phone numbers accessed by cybercriminals, warns Twilio Affirm says Evolve Bank data breach also compromised some of its customers Prudential Financial data breach impacts 2.5 milli...

Ticketmaster hackers release stolen ticket barcodes for Taylor Swift Eras Tour [updated]

The cybercriminals who claimed responsibility for the Ticketmaster data breach say theyve stolen 440,000 tickets for Taylor Swift’s Eras Tour. As proof, an entity using the handle Sp1d3rHunters, a merger of Sp1d3r and ShinyHunters who are both aliases associated with the breach, leaked 170k...

Authy phone numbers accessed by cybercriminals, warns Twilio

Twilio has warned users of the Authy multi-factor authentication MFA app about an incident in which cybercriminals may have obtained their phone numbers. Twilio said the cybercriminals abused an unsecured Application Programming Interface API endpoint to verify the phone numbers of millions of...

Affirm says Evolve Bank data breach also compromised some of its customers

Buy now, pay later payment specialist Affirm has warned that holders of its payment cards had their personal information exposed after a ransomware attack and data breach at Evolve Bank & Trust. In a form 8-K, submitted to the Securities and Exchange Commission SEC, Affirm states: “Because the...

Prudential Financial data breach impacts 2.5 million people, not 36,000 as first thought

In February 2024, Prudential Financial reported it had fallen victim to a ransomware attack. The attack was discovered one day after it started, but not before some 2.5 million people had been impacted by the resulting data breach. As one of the largest insurance companies in the US, Prudential...

Personal data stolen from unsuspecting airport visitors and plane passengers in “evil twin” attacks, man charged

The Australian Federal Police AFP have charged a man for setting up fake free WiFi access points in order to steal personal data from people. The crime was discovered when an airline reported a suspicious WiFi network identified by its employees during a domestic flight. When the alleged...

Busted for book club? Why cops want to see what you’re reading, with Sarah Lamdan (Lock and Code S05E14)

This week on the Lock and Code podcast… More than 20 years ago, a law that the United States would eventually use to justify the warrantless collection of Americans phone call records actually started out as a warning sign against an entirely different target: Libraries. Not two months after...

A week in security (June 24 – June 30)

Last week on Malwarebytes Labs: TEMU sued for being "dangerous malware" by Arkansas Attorney General Driving licences and other official documents leaked by authentication service used by Uber, TikTok, X, and more "Poseidon" Mac stealer distributed via Google ads Federal Reserve "breached" data m...

TEMU sued for being “dangerous malware” by Arkansas Attorney General

Chinese online shopping giant Temu is facing a lawsuit filed by State of Arkansas Attorney General Tim Griffin, alleging that the retailers mobile app spies on users. “Temu purports to be an online shopping platform, but it is dangerous malware, surreptitiously granting itself access to virtually...

Driving licences and other official documents leaked by authentication service used by Uber, TikTok, X, and more

A company that helps to authenticate users for big brands had a set of administration credentials exposed online for over a year, potentially allowing access to user identity documents such as driving licenses. As more and more legislation emerges requiring websites and platforms—like gambling...

‘Poseidon’ Mac stealer distributed via Google ads

On June 24, we observed a new campaign distributing a stealer targeting Mac users via malicious Google ads for the Arc browser. This is the second time in the past couple of months where we see Arc being used as a lure, certainly a sign of its popularity. It was previously used to drop a Windows...

[updated] Federal Reserve “breached” data may actually belong to Evolve Bank

A shockwave went through the financial world when ransomware group LockBit claimed to have breached the US Federal Reserve, the central banking system of the United States. On LockBits dark web leak site, the group threatened to release over 30 TB of banking information containing Americans banki...

Malwarebytes Premium Security stops 100% of malware during AV Lab test

Malwarebytes Premium Security has maintained its long-running, perfect record in protecting users against online threats by blocking 100% of the malware samples deployed in the AV Lab Cybersecurity Foundation’s “Advanced In-The-Wild Malware Test.” For its performance in the May 2024 evaluation,...

Neiman Marcus confirms breach. Is the customer data already for sale?

Luxury retail chain Neiman Marcus has begun to inform customers about a cyberattack it discovered in May. The attacker compromised a database platform storing customers personal information. The letter tells customers: “Promptly after learning of the issue, we took steps to contain it, including ...

Change Healthcare confirms the customer data stolen in ransomware attack

For the first time since news broke about a ransomware attack on Change Healthcare, the company has released details about the data stolen during the attack. First, a quick refresher: On February 21, 2024, Change Healthcare experienced serious system outages due to a cyberattack. The incident led...

A week in security (June 17 – June 23)

Last week on Malwarebytes Labs: Microsoft Recall delayed after privacy and security concerns Almost everything you always wanted to know about cybersecurity, but were too afraid to ask, with Tjitske de Vries: Lock and Code S05E13 43% of couples experience pressure to share logins and locations,...

First million breached Ticketmaster records released for free

The cybercriminal acting under the name "Sp1d3r" gave away the first 1 million records that are part of the data set that they claimed to have stolen from Ticketmaster/Live Nation. The files were released without a price, for free. When Malwarebytes Labs first learned about this data breach, it...

US bans Kaspersky, warns: “Immediately stop using that software”

The US government will ban the sale of Kaspersky antivirus products to new customers in the United States starting July 20, with a follow-on deadline to prohibit the cybersecurity company from providing users with software updates after September 29. The move follows years of allegations that the...

Was T-Mobile compromised by a zero-day in Jira?

A moderator of the notorious data breach trading platform BreachForums is offering data for sale they claim comes from a data breach at T-Mobile. The moderator, going by the name of IntelBroker, describes the data as containing source code, SQL files, images, Terraform data, t-mobile.com...

TikTok facing fresh lawsuit in US over children’s privacy

The Federal Trade Commission FTC has announced its referred a complaint against TikTok and parent company ByteDance to the Department of Justice. The investigation originally focused on Musical.ly which was acquired by ByteDance on November 10, 2017, and merged it into TikTok. The FTC started a...

Explained: Android overlays and how they are used to trick people

Sometimes you’ll see the term "overlays" used in articles about malware and you might wonder what they are. In this post we will try to explain what overlays—particularly on Android devices—are, and how cybercriminals deploy them. Most of the time, overlays are used to make people think they are...

43% of couples experience pressure to share logins and locations, Malwarebytes finds

All isn’t fair in love and romance today, as 43% of people in a committed relationship said they have felt pressured by their own partners to share logins, passcodes, and/or locations. A worrying 7% admitted that this type of pressure has included the threat of breaking up or the threat of physic...

(Almost) everything you always wanted to know about cybersecurity, but were too afraid to ask, with Tjitske de Vries: Lock and Code S05E13

This week on the Lock and Code podcast… Ready to know what Malwarebytes knows? Ask us your questions and get some answers. What is a passphrase and what makes it—what’s the word? Strong? Every day, countless readers, listeners, posters, and users ask us questions about some of the most commonly...

Microsoft Recall delayed after privacy and security concerns

Microsoft has announced it will postpone the broadly available preview of the heavily discussed Recall feature for Copilot+ PCs. Copilot+ PCs are personal computers that come equipped with several artificial intelligence AI features. The Recall feature tracks anything from web browsing to voice...