McDonald’s has outsourced the initial stages of its hiring process to an AI chatbot which seems to have been built without proper security measures. Security researchers managed to extract personal information about McDonald’s job applicants by simply guessing a username and the password “12345.” In doing this, the researchers could have potentially gained access to […]
McDonald’s AI bot spills data on job applicants Leggi tutto »
Researchers have discovered a campaign that tracked users’ online behavior using 18 browser extensions available in the official Chrome and Edge webstores. The total number of installs is estimated to be over two million. These extensions offered functionality, received good reviews, touted verification badges, and some even enjoyed featured placement. But when an extension has
Millions of people spied on by malicious browser extensions in Chrome and Edge Leggi tutto »
If you’re an Android user, you’ll need to take action if you don’t want Google’s Gemini AI to have access to your apps. That’s because, regardless of your previous settings, Google now allows Gemini to interact with third-party apps. Through Gemini extensions, it already had the ability to integrate with apps to lend a helping
No thanks: Google lets its Gemini AI access your apps, including messages Leggi tutto »
If someone is going to negotiate with criminals for you, that person should at least be on your side. That might not have been the case at Digital Mint, a ransomware negotiation company where one worker allegedly went rogue. According to Bloomberg, Digital Mint is cooperating with the US Department of Justive (DoJ) to investigate
Ransomware negotiator investigated over criminal gang kickbacks Leggi tutto »
Let’s Encrypt has announced its issued its first certificate for an IP address. Why that’s significant deserves a little explanation. You may have run into Let’s Encrypt certificates many times without realizing it. When you see a padlock icon in your browser’s address bar, it means the site is using a certificate to secure your
Free certificates for IP addresses: security problem or solution? Leggi tutto »
On Saturday, the Call of Duty team announced that the PC version of Call of Duty: WWII has been taken offline following “reports of an issue.” That issue seems to be a serious security problem, after reports surfaced about a remote code execution (RCE) vulnerability in the game. After Microsoft’s acquisition of Activision in 2023,
Gamers hacked playing Call of Duty: WWII—PC version temporarily taken offline Leggi tutto »
Last week on Malwarebytes Labs: Drug cartel hacked cameras and phones to spy on FBI and identify witnesses Catwatchful “child monitoring” app exposes victims’ data Microsoft, PayPal, DocuSign, and Geek Squad faked in callback phishing scams Qantas: Breach affects 6 million people, “significant” amount of data likely taken Update your Chrome to fix new actively
A week in security (June 30 – July 6) Leggi tutto »
The “El Chapo” Mexican drug cartel snooped on FBI personnel through hacked cameras, and listened in on their phone calls to identify and kill potential witnesses, the US Department of Justice has said. And seven years on, the Bureau’s defenses against this kind of surveillance are still inadequate. The findings came to light in a
Drug cartel hacked cameras and phones to spy on FBI and identify witnesses Leggi tutto »
If an app markets itself as being for “child monitoring”, a customer might expect that their data and those of the person you’re monitoring is handled with the utmost care and respect. However, as we’ve seen many times before, stalkerware (which is what monitoring software is known as) apps have a tendency to be low
Catwatchful “child monitoring” app exposes victims’ data Leggi tutto »
Microsoft, DocuSign, Adobe, McAfee, NortonLifeLock, PayPal, and Best Buy’s Geek Squad are being impersonated online through malicious emails that contain fake telephone support numbers and dangerous QR codes that can ensnare victims into phishing scams. The brands and their products are frequently relied upon for everyday administration, like sending emails, obtaining signatures, viewing documents, receiving
Microsoft, PayPal, DocuSign, and Geek Squad faked in callback phishing scams Leggi tutto »
