Joaquín Ruiz Security Vulnerabilities
This week on the Lock and Code podcast… Ready to know what Malwarebytes knows? Ask us your questions and get some answers. What is a passphrase and what makes it—what’s the word? Strong? Every day, countless readers, listeners, posters, and users ask us questions about some of the most commonly...
7.3AI Score
This week on the Lock and Code podcast… This is a story about how the FBI got everything it wanted. For decades, law enforcement and intelligence agencies across the world have lamented the availability of modern technology that allows suspected criminals to hide their communications from legal...
7.2AI Score
Your vacation, reservations, and online dates, now chosen by AI: Lock and Code S05E11
This week on the Lock and Code podcast… The irrigation of the internet is coming. For decades, we’ve accessed the internet much like how we, so long ago, accessed water—by traveling to it. We connected (quite literally), we logged on, and we zipped to addresses and sites to read, learn, shop, and.....
6.8AI Score
_This week on the Lock and Code podcast… _ You’ve likely felt it: The dull pull downwards of a smartphone scroll. The “five more minutes” just before bed. The sleep still there after waking. The edges of your calm slowly fraying. After more than a decade of our most recent technological...
7.3AI Score
Picking fights and gaining rights, with Justin Brookman: Lock and Code S05E09
This week on the Lock and Code podcast… Our Lock and Code host, David Ruiz, has a bit of an apology to make: “Sorry for all the depressing episodes.” When the Lock and Code podcast explored online harassment and abuse this year, our guest provided several guidelines and tips for individuals to...
7AI Score
This week on the Lock and Code podcast… Few words apply as broadly to the public—yet mean as little—as “home network security.” For many, a “home network” is an amorphous thing. It exists somewhere between a router, a modem, an outlet, and whatever cable it is that plugs into the wall. But the...
7.6AI Score
Canada revisits decision to ban Flipper Zero
In February 2024 the Canadian government announced plans to ban the sale of the Flipper Zero, mainly because of its reported use to steal cars. The Flipper Zero is a portable device that can be used in penetration testing with a focus on wireless devices and access control systems. If that doesn't....
7.2AI Score
Going viral shouldn’t lead to bomb threats, with Leigh Honeywell: Lock and Code S05E06
This week on the Lock and Code podcast… A disappointing meal at a restaurant. An ugly breakup between two partners. A popular TV show that kills off a beloved, main character. In a perfect world, these are irritations and moments of vulnerability. But online today, these same events can sometimes.....
7.4AI Score
How to make a fake ID online, with Joseph Cox: Lock and Code S05E05
This week on the Lock and Code podcast… For decades, fake IDs had roughly three purposes: Buying booze before legally allowed, getting into age-restricted clubs, and, we can only assume, completing nation-state spycraft for embedded informants and double agents. In 2024, that's changed, as the...
7.2AI Score
If only you had to worry about malware, with Jason Haddix: Lock and Code S05E04
Today on the Lock and Code podcast… If your IT and security teams think malware is bad, wait until they learn about everything else. In 2024, the modern cyberattack is a segmented, prolonged, and professional effort, in which specialists create strictly financial alliances to plant malware on...
7.6AI Score
In conversation: Bruce Schneier on AI-powered mass spying
For decades, governments and companies have surveilled the conversations, movements, and behavior of the public. And then the internet came along and made that a whole lot easier. Today, search engines collect our queries, browsers collect our device information, smartphones collect out...
6.8AI Score
Exploit for Out-of-bounds Write in Polkit Project Polkit
CVE-2021-4034 One day for the polkit privilege escalation...
7.8CVSS
8.8AI Score
0.0005EPSS
Bruce Schneier predicts a future of AI-powered mass spying: Lock and Code S05E03
This week on the Lock and Code podcast… If the internet helped create the era of mass surveillance, then artificial intelligence will bring about an era of mass spying. That’s the latest prediction from noted cryptographer and computer security professional Bruce Schneier, who, in December, shared....
7.4AI Score
A true tale of virtual kidnapping: Lock and Code S05E02
This week on the Lock and Code podcast… On Thursday, December 28, at 8:30 pm in the Utah town of Riverdale, the city police began investigating what they believed was a kidnapping. 17-year-old foreign exchange student Kai Zhuang was missing, and according to Riverdale Police Chief Casey Warren,...
7.3AI Score
A true tale of virtual kidnapping: Lock and Code S05E02
This week on the Lock and Code podcast… On Thursday, December 28, at 8:30 pm in the Utah town of Riverdale, the city police began investigating what they believed was a kidnapping. 17-year-old foreign exchange student Kai Zhuang was missing, and according to Riverdale Police Chief Casey Warren,...
7.3AI Score
5 ways to make your DevSecOps strategy developer-friendly
There are many benefits to implementing DevSecOps: minimized risk, reduced remediation costs, and faster and more secure product releases. But from a developer's perspective, there’s a lot to be desired from the day-to-day practice. Developers often experience fragmented tool integration and are...
7.3AI Score
DNA data deserves better, with Suzanne Bernstein: Lock and Code S05E01
This week on the Lock and Code podcast… Hackers want to know everything about you: Your credit card number, your ID and passport info, and now, your DNA. On October 1 2023, on a hacking website called BreachForums, a group of cybercriminals claimed that they had stolen—and would soon...
7.2AI Score
New Sneaky Xamalicious Android Malware Hits Over 327,000 Devices
A new Android backdoor has been discovered with potent capabilities to carry out a range of malicious actions on infected devices. Dubbed Xamalicious by the McAfee Mobile Research Team, the malware is so named for the fact that it's developed using an open-source mobile app framework called...
7.4AI Score
Meet the entirely legal, iPhone-crashing device, the Flipper Zero: Lock and Code S04E25
This week on the Lock and Code podcast… It talks, it squawks, it even blocks! The stocking-stuffer on every hobby hacker’s wish list this year is the Flipper Zero. “Talk” across low-frequency radio to surreptitiously change TV channels, emulate garage door openers, or even pop open your friend’s...
7AI Score
Healthcare giant Norton breach leads to theft of millions of patient records
Healthcare company Norton says a May breach led to the theft of data of around 2.5 million of its patients, as well as employees and their dependents. Norton has more than 40 clinics and hospitals in and around Louisville, Kentucky. In a filing with Maine’s attorney general on Friday, Norton said.....
7.2AI Score
Why a ransomware gang tattled on its victim, with Allan Liska: Lock and Code S04E24
This week on the Lock and Code podcast… Like the grade-school dweeb who reminds their teacher to assign tonight's homework, or the power-tripping homeowner who threatens every neighbor with an HOA citation, the ransomware group ALPHV can now add itself to a shameful roster of pathetic, little...
7.2AI Score
Defeating Little Brother requires a new outlook on privacy: Lock and Code S04E23
This week on the Lock and Code podcast… A worrying trend is cropping up amongst Americans, particularly within Generation Z—they're spying on each other more. Whether reading someone's DMs, rifling through a partner's text messages, or even rummaging through the bags and belongings of someone...
7.3AI Score
MGM attack is too late a wake-up call for businesses, says James Fair: Lock and Code S04E22
This week on the Lock and Code podcast… In September, the Las Vegas casino and hotel operator MGM Resorts became a trending topic on social media… but for all the wrong reasons. A TikTok user posted a video taken from inside the casino floor of the MGM Grand—the company's flagship hotel complex...
7AI Score
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Abel Ruiz GuruWalk Affiliates plugin <= 1.0.0...
4.8CVSS
4.8AI Score
0.0004EPSS
This week on the Lock and Code podcast... What are you most worried about online? And what are you doing to stay safe? Depending on who you are, those could be very different answers, but for teenagers and members of Generation Z, the internet isn't so scary because of traditional threats like...
6.8AI Score
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Abel Ruiz GuruWalk Affiliates plugin <= 1.0.0...
4.8CVSS
5.4AI Score
0.0004EPSS
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Abel Ruiz GuruWalk Affiliates plugin <= 1.0.0...
5.9CVSS
4.9AI Score
0.0004EPSS
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Abel Ruiz GuruWalk Affiliates plugin <= 1.0.0...
5.9CVSS
5.5AI Score
0.0004EPSS
What does a car need to know about your sex life? Lock and Code S04E20
This week on the Lock and Code podcast... When you think of the modern tools that most invade your privacy, what do you picture? There's the obvious answers, like social media platforms including Facebook and Instagram. There's email and "everything" platforms like Google that can track your...
6.9AI Score
Pegasus spyware and how it exploited a WebP vulnerability
Recent events have demonstrated very clearly just how persistent and wide-spread the Pegasus spyware is. For those that have missed the subtle clues, we have tried to construct a clear picture. We attempted to follow the timeline of events, but have made some adjustments to keep the flow of the...
8.8CVSS
7.5AI Score
0.642EPSS
Re-air: What teenagers face growing up online: Lock and Code S04E19
This week on the Lock and Code podcast... In 2022, Malwarebytes investigated the blurry, shifting idea of "identity" on the internet, and how online identities are not only shaped by the people behind them, but also inherited by the internet's youngest users, children. Children have always...
7AI Score
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Joaquín Ruiz Easy Admin Menu plugin <= 1.3...
4.8CVSS
4.8AI Score
0.0004EPSS
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Joaquín Ruiz Easy Admin Menu plugin <= 1.3...
5.9CVSS
4.8AI Score
0.0004EPSS
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Joaquín Ruiz Easy Admin Menu plugin <= 1.3...
4.8CVSS
5.4AI Score
0.0004EPSS
CVE-2023-33929 WordPress Easy Admin Menu Plugin <= 1.3 is vulnerable to Cross Site Scripting (XSS)
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Joaquín Ruiz Easy Admin Menu plugin <= 1.3...
5.9CVSS
5.5AI Score
0.0004EPSS
Becky Holmes is a big deal online. Hugh Jackman has invited her to dinner. Prince William has told her she has "such a beautiful name." Once, Ricky Gervais simply needed her photos ("I want you to take a snap of yourself and then send it to me on here...Send it to me on here!" he messaged on...
6.8AI Score
"Freedom" is a big word, and for many parents today, it's a word that includes location tracking. Across America, parents are snapping up Apple AirTags, the inexpensive location tracking devices that can help owners find lost luggage, misplaced keys, and--increasingly so--roving toddlers setting...
7AI Score
How Apple fixed what Microsoft hasn't, with Thomas Reed: Lock and Code S04E16
Earlier this month, a group of hackers was spotted using a set of malicious tools--that originally gained popularity with online video game cheaters--to hide their Windows-based malware from being detected. Sounds unique, right? Frustratingly, it isn't, as the specific security loophole that was...
6.8AI Score
Spy vs. spy: Exploring the LetMeSpy hack, with maia arson crimew
The language of a data breach, no matter what company gets hit, is largely the same. There's the stolen data--be it email addresses, credit card numbers, or even medical records. There are the users--unsuspecting, everyday people who, through no fault of their own, mistakenly put their trust into.....
6.9AI Score
Of sharks, surveillance, and spied-on emails: This is Section 702, with Matthew Guariglia
In the United States, when the police want to conduct a search on a suspected criminal, they must first obtain a search warrant. It is one of the foundational rights given to US persons under the Constitution, and a concept that has helped create the very idea of a right to privacy at home and...
6.7AI Score
Why businesses need a disinformation defense plan, with Lisa Kaplan: Lock and Code S04E13
When you think about the word "cyberthreat," what first comes to mind? Is it ransomware? Is it spyware? Maybe it's any collection of the infamous viruses, worms, Trojans, and botnets that have crippled countless companies throughout modern history. In the future, though, what many businesses...
10AI Score
Trusting AI not to lie: The cost of truth: Lock and Code S04E12
In May, a lawyer who was defending their client in a lawsuit against Columbia's biggest airline, Avianca, submitted a legal filing before a court in Manhattan, New York, that listed several previous cases as support for their main argument to continue the lawsuit. But when the court reviewed the...
6.9AI Score
On January 1, 2023, the Internet in Louisiana looked a little different than the Internet in Texas, Mississippi, and Arkansas--its next-door state neighbors. And on May 1, the Internet in Utah looked quite different, depending on where you looked, than the Internet in Arizona, or Idaho, or Nevada,....
6.8AI Score
The rise of "Franken-ransomware," with Allan Liska: Lock and Code S04E11
Ransomware is becoming bespoke, and that could mean trouble for businesses and law enforcement investigators. It wasn't always like this. For a few years now, ransomware operators have congregated around a relatively new model of crime called "Ransomware-as-a-Service." In the...
7.1AI Score
Removing the human: When should AI be used in emotional crisis? Lock and Code S03E09
In January, a mental health nonprofit admitted that it had used Artificial Intelligence to help talk to people in distress. Prompted first by a user's longing for personal improvement--and the difficulties involved in that journey--the AI tool generated a reply, which, with human intervention,...
6.4AI Score
How the cops buy a "God view" of your location data, with Bennett Cyphers: Lock and Code S04E09
The list of people and organizations that are hungry for your location data--collected so routinely and packaged so conveniently that it can easily reveal where you live, where you work, where you shop, pray, eat, and relax--includes many of the usual suspects. Advertisers, obviously, want to send....
6.5AI Score
Solving the password’s hardest problem with passkeys, featuring Anna Pobletts
How many passwords do you have? If you're at all like our Lock and Code host David Ruiz, that number hovers around 200. But the important follow up question is: How many of those passwords can you actually remember on your own? Prior studies suggest a number that sounds nearly...
6.8AI Score
Riello UPS Restricted Shell Bypass Vulnerability
Riello UPS systems can have their restricted configuration shell bypassed to gain full underlying operating system...
0.4AI Score
0.4AI Score
Becky Holmes knows how to throw a romance scammer off script--simply bring up cannibalism. In January, Holmes shared on Twitter that an account with the name "Thomas Smith" had started up a random chat with her that sounded an awful lot like the beginning stages of a romance scam. But rather than.....
6.7AI Score