To reduce the number of harmful apps targeting Android users, Google has announced that certified Android devices will require all apps to be registered by verified developers in order to be installed. But this new measure is not just about malware that’s found on the Google Play Store, it’s mainly about sideloaded apps (apps downloaded […]
Developer verification: a promised lift for Android security Leggi tutto »
TheTruthSpy is at it again. A security researcher has discovered a flaw in the Android-based stalkerware that allows anyone to compromise any record in the system. TheTruthSpy stalkerware is designed to be installed surreptitiously on a victim’s Android phone. It then monitors that phone’s activities and sends the information it gathers back to a central
More vulnerable stalkerware victims’ data exposed in new TheTruthSpy flaw Leggi tutto »
Google has removed 77 malicious apps from the Google Play Store. Before they were removed, researchers at ThreatLabz discovered the apps had been installed over 19 million times. One of the malware families discovered by the researchers is a banking Trojan known as Anatsa or TeaBot. This banking Trojan is a highly sophisticated Android malware,
77 malicious apps removed from Google Play Store Leggi tutto »
Artificial Intelligence (AI) browsers are gaining traction, which means we may need to start worrying about the potential dangers of something called “prompt injection.” Large language models (LLMs)—like the ones that power AI chatbots including ChatGPT, Claude, and Gemini—are designed to follow “prompts,” which are the instructions and questions that people provide when looking up
AI browsers could leave users penniless: A prompt injection warning Leggi tutto »
Last week on Malwarebytes Labs: Clickjack attack steals password managers’ secrets Grok chats show up in Google searches All Apple users should update after company patches zero-day vulnerability in all platforms Google settles YouTube lawsuit over kids’ privacy invasion and data collection AI-powered stuffed animals: A good alternative for screen time? How to spot the
A week in security (August 18 – August 24) Leggi tutto »
This week on the Lock and Code podcast… If there’s one thing that scam hunter Julie-Anne Kearns wants everyone to know, it is that no one is immune from a scam. And she would know—she fell for one last year. For years now, Kearns has made a name for herself on TikTok as a scam
How a scam hunter got scammed (Lock and Code S06E17) Leggi tutto »
Sometimes it can seem as though everything’s toxic online, and the latest good thing turned bad is here: Browser pop-ups that look like they’re trying to help or authenticate you could be programmed to steal data from your password manager. To make matters worse, most browser extension-based password managers are still vulnerable to the attack.
Clickjack attack steals password managers’ secrets Leggi tutto »
I’m starting to feel like a broken record, but I feel you should know that yet another AI has been found sharing private conversations so that Google was able to index them, and now they can be found in search results. It’s déjà vu in the world of AI: another day, another exposé about chatbot
Grok chats show up in Google searches Leggi tutto »
Apple has released security updates for iPhones, iPads and Macs to fix a zero-day vulnerability (a vulnerability which Apple was previously unaware of) that is reportedly being used in targeted attacks. The updates cover: iOS 18.6.2 and iPadOS 18.6.2 (iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro
Google has agreed to a $30 million settlement in the US over allegations that it illegally collected data from underage YouTube users for targeted advertising. The lawsuit claims Google tracked the personal information of children under 13 without proper parental consent, which is a violation of the Children’s Online Privacy Protection Act (COPPA). The tech
Google settles YouTube lawsuit over kids’ privacy invasion and data collection Leggi tutto »
