Artificial intelligence (AI) and small business tools are being abused as smokescreens to hit unsuspecting victims with ransomware. In the masquerade campaigns discovered by Cisco Talos, cybercriminals hid malware behind software and install packages that mimicked the websites or names of the lead monetization service Nova Leads, the enormously popular Chat GPT, and an AI-empowered […]
Ransomware hiding in fake AI, business tools Leggi tutto »
Google has released an update for the Chrome browser to patch an actively exploited flaw. The update brings the Stable channel to versions 137.0.7151.68/.69 for Windows and Mac and 137.0.7151.68 for Linux. The easiest way to update Chrome is to allow it to update automatically, but you can end up lagging behind if you never
Google fixes another actively exploited vulnerability in Chrome, so update now! Leggi tutto »
Mobile scams are becoming increasingly sophisticated, leaving people vulnerable to cybercriminals. We recently reported on the ever-increasing number of scams that are created by AI-supported tools, with attackers crafting highly convincing phishing emails that target both individuals and businesses, resulting in devastating financial losses, reputational damage, and compromised personal data. Elaborate sextortion scams
For the fourth time in its history, The North Face has notified customers that their account may have been compromised. This time, the company laid blame on a credential stuffing attack. The North Face is best known for its line of outdoor clothing, footwear, and related equipment. With an annual revenue of over $3 billion,
The North Face warns customers about potentially stolen data Leggi tutto »
Remember juice jacking? It’s a term that crops up every couple of years to worry travelers. This spring has seen another spate of stories, including a new, more sophisticated form of attack. But how much of a threat is it, really? Juice jacking is where an attacker uses a malicious public USB charger to install
Juice jacking warnings are back, with a new twist Leggi tutto »
Cybercriminals have started a campaign of redirecting links placed on gaming sites and social media—and as sponsored ads—that lead to fake websites posing as Booking.com. According to Malwarebytes research, 40% of people book travel through a general online search, creating a lot of opportunities for scammers. The first signs of the campaign showed up mid-May and
Victims risk AsyncRAT infection after being redirected to fake Booking.com sites Leggi tutto »
Last week on Malwarebytes Labs: Porn sites probed for allegedly failing to prevent minors from accessing content Take back control of your browser—Malwarebytes Browser Guard now blocks search hijacking attempts Deepfake-posting man faces huge $450,000 fine Fake AI video generator tools lure in Facebook and LinkedIn users to deliver malware New warning issued over toll
A week in security (May 26 – June 1) Leggi tutto »
This week on the Lock and Code podcast… There’s an easy way to find out what Facebook knows about you—you just have to ask. In 2020, the social media giant launched an online portal that allows all users to access their historical data and to request specific types of information for download across custom time
What does Facebook know about me? (Lock and Code S06E11) Leggi tutto »
Four porn sites are being investigated by the European Commission under its Digital Services Act (DSA) for allegedly failing to verify its users’ ages properly. The Commission, which drafts and enforces the European Union’s laws, is focusing the lens on Pornhub, Stripchat, XNXX, and XVideos with the investigation. It launched the inquiry after sending requests
Porn sites probed for allegedly failing to prevent minors from accessing content Leggi tutto »
Search hijacking, often referred to as browser hijacking, occurs when cybercriminals modify users’ browser settings without their consent. This often results in users being redirected to potentially malicious websites, such as fake customer service offerings. Search hijacking commonly happens through free downloads, bundled software, or fake browser extensions that pose as helpful tools. These attacks can
