On July 18, a group of 17 newspaper and media organizations—aided by Amnesty International’s Security Lab and the research group Citizen Lab—revealed that one of the world’s most advanced and viciously invasive spyware tools had been used to hack, or attempt to hack, into 37 mobile phones owned by human rights activists, journalists, political dissidents, an

Microsoft executive Tom Burt told Congressional lawmakers Wednesday that Federal law enforcement agencies send “routine” secret orders for customer information from the Seattle-based company, numbering anywhere from 2,400 to 3,500 such requests a year. “While the recent news about secret investigations is shocking, most shocking is just how routine secrec

If your kids use social media, as many children do, you may be worried about protecting their privacy. Teenagers may be a bit unconcerned about such things, and may not care who reads their Twitter or Facebook posts, or who sees their photos on Instagram or Snapchat. As a parent, you know how important it is to keep your kids’ online life out of the

A billion data points, including the usernames and mobile phone numbers of customers have been siphoned off Alibaba websites by a web crawler. The information has reached us about a week after a court ruling in the case. The court ruling A central Chinese court has ruled that an employee of a consultancy firm was guilty of gathering more than a billion

WhatsApp, the end-to-end encrypted messaging service that has lost users, its founders, and a large amount of public goodwill, issued a reversal on its recent privacy policy enforcement measures, clarifying that it will no longer punish users who refuse to share some of their data with the company’s owner, Facebook. Previously, the company said it would r

Fake, positive reviews have infiltrated nearly every corner of life online these days, confusing consumers while offering an unwelcome advantage to fraudsters and sub-par products everywhere. Happily, identifying and tracking these fake reviewer accounts is often the easiest way to spot scams. Here’s the story of how bogus reviews on a counterfeit Micr

Adobe. Yahoo!. The US Department of Energy (DoE). The New York Times. What these names have in common is that they have all experienced at least one breach in 2013—the year when threat actors started targeting organizations across industries to either steal data for profit or leak them to “teach companies a lesson about cybersecurity.” The

Last week on Malwarebytes Labs, we watched and reported on the Colonial Pipeline ransomware attack as developments of its story unfolded. This attack triggered the White House to refine a planned Executive Order on cybersecurity. We also profiled DarkSide, the ransomware responsible for the Colonial Pipeline attack, and the criminal gang behind it. Speaki

WhatsApp told users last week that there was no need for alarm regarding an upcoming privacy policy deadline, as users who refuse to accept the privacy policy will not have their accounts deleted—they will just have their apps rendered useless, eventually incapable of receiving calls and messages. The planned removal of core features represents a stunning

Most of our readers are well aware of the fact that the big tech corporations, especially those that run social media know a great deal about us and our behavior. But it rarely hits home how much personal data they have about us and how they can guess, quite correctly, even more. Lots more. Signal came up with an idea to drive that point home. A simple bu

Apple issued emergency security updates to its operating systems to protect against vulnerabilities exploited in the wild. Facebook and Instagram plead to be allowed to track users. And we discuss how QR codes can be switched and could pose risks to users. Apple releases iOS 14.5.1 (and iOS 12.5.3), watchOS 7.4.1, macOS Big Sur 11.3.1A full history of macOS

Last week on Malwarebytes Labs, we interviewed Youssef Sammouda, a 21-year-old bug bounty hunter who is focused on finding vulnerabilities on Facebook. We looked into the CodeCov supply-chain attack, the vulnerabilities in Pulse Secure VPN that are being actively exploited by attackers, and the discovery of SUPERNOVA malware found on a SolarWinds Orion se

More bad news about Facebook, more browsers just saying no to FLoC, and we look at Apple’s Spring Loaded product announcements. Coding error allowed attackers to delete Facebook live videoFacebook plans to decline to make statements regarding “scraping incidents” in the futureWordPress may auto-disable Google FLoC, citing “security concern”Am I FLoCed?

Behind the scenes there are many people working in cyber-security that make the internet a safer place. Youssef Sammouda is one of these people. He has submitted at least a hundred reports to Facebook which have been resolved, making Facebook a safer platform along the way. Generally speaking, people may refer to this work as being a bug bounty hunter, but t

Scammers have a new technique for delivering malware: using online contact forms. A couple of browsers are nixing Google’s FLoC ad tracking technology. The FBI has been playing white hat hacker. And e talk about Facebook, and especially the “off-Facebook activity” that tracks you across the internet.Criminals spread malware using website co