Meta has taken down a whopping number of Instagram accounts directly involved in sextortion and more accounts aimed at training scammers ..read more

After the July Microsoft update some systems boot into a BitLocker Recovery screen. How can you find the key you need ..read more

Following three separate data breaches between 2021 and 2023 which exposed the proprietary information (PI) of TracFone Wireless customers, the Federal Communications Commission (FCC) announced that the Verizon-owned company has agreed to pay a $16 million civil penalty to settle the government investigation, and it has made an agreement to improve its application programming interface  (API) security. TracFone Wireless Inc. is an American prepay wireless service provider wholly owned by Verizon. TracFone services are used by the brands Straight Talk, Total by Verizon Wireless, and Walmar ..read more

For more than a year, Google has said it would phase out the third-party tracking cookies that power much of its advertising business online, proposing new ideas that would allegedly preserve user privacy while still providing businesses with steady revenue streams. This week, Google tossed much of that work aside. In an update about Google’s Privacy Sandbox, the tech giant said that due to feedback from authorities and other stakeholders in advertising, it is looking at a new path forward in finding the balance between privacy and an ad-supported internet. The underlying grounds for the diffi ..read more

The Heritage Foundation this month denied that it had suffered an earlier system breach and the subsequent leaking of internal data. But the organization had to admit that cybercriminals gained access to an archive of Heritage’s affiliated media site, The Daily Signal, dating back to 2022. That archive reportedly contained content of Heritage and non-Heritage contributors’ personal information. Either way, a Malwarebytes review of the data shows over half a million usernames and passwords. At the heart of the back-and-forth claims are an alleged breach against the Heritage Foundation that Sieg ..read more

Last week on Malwarebytes Labs: CrowdStrike update at center of Windows “Blue Screen of Death” outage Number of data breach victims goes up 1,000% Gen Z breakups tainted by login abuse for spying and stalking, research shows Rite Aid says 2.2 million people affected in data breach AI device Rabbit r1 logged user interactions without an option to erase them before selling How an AI “artist” stole a woman’s face, with Ali Diamond (Lock and Code S05E15) Disney “breached”, data dumped online Last week on ThreatDown: CrowdStrike security update leads to widespread outages Why Microsoft? Why? Get ..read more

A faulty update from the cybersecurity vendor CrowdStrike crashed countless Windows computers and sent them into a “Blue Screen of Death” (BSOD), grinding to a halt the global operations of airlines, hospitals, news broadcasters, transportation agencies, and more. The incident itself is not the result of a cyberattack. There is no evidence of a breach or of any cybercriminal involvement. But, as Malwarebytes Labs has reported before, many major events can lead to follow-on threats of phishing and scams, and this global outage is no different. On July 19, the US Cybersecurity and Infrastructure ..read more

Nope, that headline’s not a typo. Over one thousand percent. The Identity Theft Resource Center (ITRC) tracked 1,041,312,601 data breach victims in Q2 2024, an increase of 1,170% over Q2 2023 (81,958,874 victims). The ITRC is a national non-profit organization set up with the goal of minimizing the risk and mitigating the impact of identity compromise. Through public and private support, it provides no-cost victim assistance and consumer education. The vast majority of that rise in numbers in due to a few very large compromises. The ITRC mentions Prudential (2.5 million people) and Infosys McC ..read more

Breaking up is hard to do, but for younger Americans today, ending a romantic relationship requires more than a heart-to-heart conversation—it could also require protection against follow-on invasions of online privacy and security. According to a new analysis of research released earlier this summer by Malwarebytes, 45% of Gen Z partners said that, following a breakup, their former partners abused personal login credentials for a variety of harmful activities, such as accessing emails, tracking locations, and even spying on someone through a shared smart device. This type of credential abuse ..read more

The US’ third-largest pharmacy chain Rite Aid has filed a data breach notification in which it reports that the data stolen during a June ransomware attack compromised the data of some 2.2 million people. Ransomware group RansomHub claimed responsibility for the attack that took place on June 6, 2024. Ransomware groups are always looking for ways to increase their leverage over their victims, and threatening to leak stolen customer data is one of their most common methods. The site where RansomHub’s leaks stolen data features a ransom demand next to a typical countdown timer, demanding payment ..read more