Archive for author: makoadmin

The sudden rise of DeepSeek has raised concerns and questions, especially about the origin and destination of the training data, as well as the security of the data.

For those returning from a short holiday away from the news, DeepSeek is a new player on the Artificial Intelligence (AI) field. The Chinese startup has certainly taken the app stores by storm: In just a week after the launch it topped the charts as the most downloaded free app in the US. This caused an upset on the stock markets that cost nVidia and Oracle shareholders a lot of money.

DeepSeek has been called an open-source project, however this technically is not true because only the model’s outputs and certain aspects are publicly accessible. This makes it qualify as an open-weight model. Anyway, the important difference is that the underlying training data and code necessary for full reproduction of the models are not fully disclosed.

And it’s the data that pose a concern to many. OpenAI has accused DeepSeek of using its ChatGPT model to train DeepSeek’s AI chatbot, which triggered quite some memes. If only because OpenAI previously suffered accusations of using data that was not its own in order to train ChatGPT.

Authorities have started to ask questions as well. The Italian privacy regulator GPDP has asked DeepSeek to provide information about the data it processes in the chatbot, and its training data.  Because it sees a risk to the privacy of millions of Italian citizens, GDPD has demanded DeepSeek answers within 20 days questions about:

• Which personal data is collected
• The origin of the data
• Purpose for the collection
• Whether the data is stored on servers in China

According to the Italian press agency ANSA, DeepSeek disappeared on January 29, 2025 from Google and Apple’s app stores in Italy.

And if all that isn’t scary enough, researchers at Wiz have found a publicly accessible database belonging to DeepSeek.

“This database contained a significant volume of chat history, backend data and sensitive information, including log streams, API Secrets, and operational details. “

The database was not just accessible and readable, it was also open to control and privilege escalation within the DeepSeek environment. No authentication was required, so anybody that stumbled over the database was able to run queries to retrieve sensitive logs and actual plaintext chat messages, and even to steal plaintext passwords and local files.

Needless to say, this oversight put DeepSeek and its users at risk.

We have said this before and we’ll probably have to repeat it numerous times, but the need for fast developments in this field is creating privacy risks that we have never seen before, simply because security is an afterthought for the developers. So, no matter which AI chatbot you prefer, always be mindful of the information you feed it: It may find its way to unexpected and undesirable places.

We don’t just report on threats – we help safeguard your entire digital identity

Cybersecurity risks should never spread beyond a headline. Protect your—and your family’s—personal information by using identity protection.

Australian news outlet ABC NEWS analyzed a data set of 29 million 4-digit PIN numbers that people actually used to secure their devices, ATM withdrawals, building access, and more.

What the outlet discovered is both expected and disappointing: Too many people use insecure PIN codes to protect important parts of their lives.

Now, I feel compelled to add that I’ve always considered any four-digit string of numbers as simply too few numbers to secure anything important. It takes only 10,000 tries in a worst-case scenario for the attacker, which is not an awful lot for a determined—and sometimes machine-assisted—attacker.

My (Dutch) bank uses a five-digit number to access the app, although it still uses four digits for payments or to make withdrawals from an ATM. But that might be because that’s how the machines are programmed to work. Also, in those cases, entering the PIN itself could be considered a second factor in a multi-factor authentication (MFA) procedure since you already need to have possession of the card.

That said, ABC’s research shows that many of us are predictable when it comes to picking out our PINs. For example, it should come as no surprise that 0000 is popular since it is the default PIN code for many devices—and apparently many people don’t see the importance of changing it.

Whether this reflects our doubt in our own memory or it reflects a certain degree of laziness would require a deeper psychological analysis, but as with passwords, people tend to pick easy-to-remember options that are, for instance, the same digit repeated four times over, or a predictable sequence of four digits, such as 1234. They also prefer numbers that are easy to type, like the figure “2580” which goes straight down the numberpad.

Other predictable numbers stem from the fact that we use birthdays and birth-years so we can easily remember the PIN code. This is why we see a lot of pin numbers that start with 19 for a year or where the first digit of a month is either a 0 or a 1 which comes in the first or third place of the code, depending on the way you format your dates.

The worrying part is that by trying the first the options in the list ranked by popularity, an attacker can raise his chances of a breach to 11.7 %.

In some cases the attacker may only have five chances, so guess which ones they will be trying.

I have copied the top 10 PIN codes, so you can get an idea of which codes to avoid or change to improve the security level of them.

As in many situations, it’s prudent to remember that the option that is easiest to use is almost never the most secure.

Apple has released a host of security updates across many devices, including for a zero-day bug which is being actively exploited in iOS.

Apple said:

“A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 17.2.”

Devices affected are those that run:

• iPhone XS and later
• iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
• macOS Sequoia
• Apple Watch Series 6 and later
• All models of Apple TV HD and Apple TV 4K

If you use any of these then you should install updates as soon as you can. To check if you’re using the latest software version, go to Settings (or System Settings) > General > Software Update. It’s also worth turning on Automatic Updates if you haven’t already, which you can do on the same screen.

Technical details about the zero-day

The zero-day vulnerability patched in this update is tracked as CVE-2025-24085. It is described as a use after free (UAF) issue in Apple’s Core Media framework that would allow an attacker to elevate privileges.

The Core Media framework handles multimedia applications like photos, videos, and real-time communication applications. UAF is a type of vulnerability that is the result of the incorrect use of dynamic memory during a program’s operation. If, after freeing a memory location, a program does not clear the pointer to that memory, an attacker can use the error to manipulate the program. Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code. In this case, successful exploitation could provide a malicious app with privileges on the affected device that it shouldn’t have.

We don’t just report on phone security—we provide it

Cybersecurity risks should never spread beyond a headline. Keep threats off your mobile devices by downloading Malwarebytes for iOS, and Malwarebytes for Android today.

Last week on Malwarebytes Labs:

• Your location or browsing habits could lead to price increases when buying online
• AI tool GeoSpy analyzes images and identifies locations in seconds
• 7-Zip bug could allow a bypass of a Windows security feature. Update now
• Warning: Don’t sell or buy a second hand iPhone with TikTok already installed
• Texas scrutinizes four more car manufacturers on privacy issues

Last week on ThreatDown:

• What is SQL injection (SQLi), and how can it be prevented?
• Mastercard fixes potentially catastrophic DNS typo

Stay safe!

Our business solutions remove all remnants of ransomware and prevent you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.

UnitedHealth says it now estimates that the data breach on its subsidiary Change Healthcare affected 190 million people, nearly doubling its previous estimate from October.

In May, UnitedHealth CEO Andrew Witty estimated that the ransomware attack compromised the data of a third of US individuals when he testified before the Senate Finance Committee on Capitol Hill. In October, this was largely confirmed when Change Healthcare reported a number of 100,000,000 affected individuals.

Besides the enormous number of victims, the story behind this ransomware attack is also very complex, because of the cybercriminals involved and how the first group that received the ransom payment disappeared without paying their affiliates.

The ALPHV/BlackCat ransomware group claimed the initial attack. The UnitedHealth Group reportedly paid $22 million to receive a decryptor and to prevent the attackers from publicly releasing the stolen data.

But shortly after the payment, ALPHV disappeared in an unconvincing exit scam designed to make it look as if the group’s website had been seized by the FBI, forgetting to pay its affiliates in the process. A month later, newcomer ransomware group RansomHub listed Change Healthcare as a victim on its own website, claiming to have the data that ALPHV stole.

According to BleepingComputer, the original attackers joined forces with RansomHub and never deleted the data. A few days later, the listing on the RansomHub leaks site disappeared, which usually means someone paid the ransom.

Stolen information

The data breach at Change Healthcare is the largest healthcare data breach in US history. Although Change Healthcare provided details about the types of medical and patient data that was stolen, it can’t provide exact details for every individual. However, the exposed information may include:

• Contact information: Names, addresses, dates of birth, phone numbers, and email addresses.
• Health insurance information: Details about primary, secondary, or other health plans/policies, insurance companies, member/group ID numbers, and Medicaid-Medicare-government payor ID numbers.
• Health information: Medical record numbers, providers, diagnoses, medicines, test results, images, and details of care and treatment.
• Billing, claims, and payment information: Claim numbers, account numbers, billing codes, payment card details, financial and banking information, payments made, and balances due.
• Other personal information: Social Security numbers, driver’s license or state ID numbers, and passport numbers.

Change Healthcare added:

“The information that may have been involved will not be the same for every impacted individual. To date, we have not yet seen full medical histories appear in the data review.”

Protecting yourself after a data breach

There are some actions you can take if you are, or suspect you may have been, the victim of a data breach.

• Check the vendor’s advice. Every breach is different, so check with the vendor to find out what’s happened and follow any specific advice they offer.
• Change your password. You can make a stolen password useless to thieves by changing it. Choose a strong password that you don’t use for anything else. Better yet, let a password manager choose one for you.
• Enable two-factor authentication (2FA). If you can, use a FIDO2-compliant hardware key, laptop or phone as your second factor. Some forms of two-factor authentication (2FA) can be phished just as easily as a password. 2FA that relies on a FIDO2 device can’t be phished.
• Watch out for fake vendors. The thieves may contact you posing as the vendor. Check the vendor website to see if they are contacting victims, and verify the identity of anyone who contacts you using a different communication channel.
• Take your time. Phishing attacks often impersonate people or brands you know, and use themes that require urgent attention, such as missed deliveries, account suspensions, and security alerts.
• Consider not storing your card details. It’s definitely more convenient to get sites to remember your card details for you, but we highly recommend not storing that information on websites.
• Set up identity monitoring. Identity monitoring alerts you if your personal information is found being traded illegally online, and helps you recover after.

Check your digital footprint

Malwarebytes has a free tool for you to check how much of your personal data has been exposed online. Submit your email address (it’s best to give the one you most frequently use) to our free Digital Footprint scan and we’ll give you a report and recommendations.

This week on the Lock and Code podcast…

It’s Data Privacy Week right now, and that means, for the most part, that you’re going to see a lot of well-intentioned but clumsy information online about how to protect your data privacy. You’ll see articles about iPhone settings. You’ll hear acronyms for varying state laws. And you’ll probably see ads for a variety of apps, plug-ins, and online tools that can be difficult to navigate.

So much of Malwarebytes—from Malwarebytes Labs, to the Lock and Code podcast, to the engineers, lawyers, and staff at wide—work on data privacy, and we fault no advocate or technologist or policy expert trying to earnestly inform the public about the importance of data privacy.

But, even with good intentions, we cannot ignore the reality of the situation. Data breaches every day, broad disrespect of user data, and a lack of consequences for some of the worst offenders. To be truly effective against these forces, data privacy guidance has to encompass more than fiddling with device settings or making onerous legal requests to companies.

That’s why, for Data Privacy Week this year, we’re offering three pieces of advice that center on behavior. These changes won’t stop some of the worst invasions against your privacy, but we hope they provide a new framework to understand what you actually get when you practice data privacy, which is control.

You have control over who sees where you are and what inferences they make from that. You have control over whether you continue using products that don’t respect your data privacy. And you have control over whether a fast food app is worth giving up your location data to just in exchange for a few measly coupons.

Today, on the Lock and Code podcast, host David Ruiz explores his three rules for data privacy in 2025. In short, he recommends:

1. Less location sharing. Only when you want it, only from those you trust, and never in the background, 24/7, for your apps. 
2. More accountability. If companies can’t respect your data, respect yourself by dropping their products.
3. No more data deals. That fast-food app offers more than just $4 off a combo meal, it creates a pipeline into your behavioral data

Tune in today to listen to the full breakdown.

Show notes and credits:

Intro Music: “Spellbound” by Kevin MacLeod (incompetech.com)
Licensed under Creative Commons: By Attribution 4.0 License
http://creativecommons.org/licenses/by/4.0/
Outro Music: “Good God” by Wowa (unminus.com)

Listen up—Malwarebytes doesn’t just talk cybersecurity, we provide it.

Protect yourself from online attacks that threaten your identity, your files, your system, and your financial well-being with our exclusive offer for Malwarebytes Premium for Lock and Code listeners.

The Texas Attorney General’s Office has started an investigation into how Ford, Hyundai, Toyota, and Fiat Chrysler collect, share, and sell consumer data, expanding an earlier probe launched last year into how modern automakers are potentially using customer driving data.

We’ve addressed cars and privacy at some length on Malwarebytes Labs and came to the conclusion—with the help of many experts in the field—that modern cars simply aren’t very good at it. Many politicians in the US agree with that point of view, too, as US senators have asked the Federal Trade Commission (FTC) to investigate car makers’ privacy practices.

As part of the investigation in Texas, the state’s Attorney General’s Office sent letters—or “notices”—to four automakers earlier this month, demanding written responses under oath.

The Notice delivered to Hyundai discusses “covered data,” which is defined as any information or data about a vehicle manufactured, sold, or leased by you, regardless of whether deidentified or anonymized. And selling data is defined as sharing, disclosing, or transferring of personal data in exchange for monetary or other valuable consideration by you to a third party.

The Notices sent to the car manufacturers are not all exactly the same, but it is clear what the Attorney General’s Office is after:

• Methods of collection used.
• Which third parties received the data and if any restrictions were placed on how the recipients used the data.
• The number of affected customers.
• How consent was obtained from these customers.

In April of 2024, Texas Attorney General Ken Paxton sent “civil investigative demands” to Kia, General Motors, Subaru and Mitsubishi seeking details of their data collection and sharing practices.

And in August, Paxton sued General Motors for selling customer driving data to third parties.

Only recently we reported how the Attorney General also went after the buyers of data like insurance company Allstate and its subsidiary Arity. Arity acts as a data broker which sold insurers the information to set prices on insurance premiums. The car manufacturers involved in that complaint are Toyota, Lexus, Mazda, Chrysler, Dodge, Fiat, Jeep, Maserati, and Ram. But they were not named as defendants in the complaint.

Paxton did single out a few mobile apps and warned them that they were violating Texas’ data privacy law. Those apps are: GasBuddy, Life360, Miles, MyRadar, SiriusXM and Tapestri.

An Allstate spokesperson stated that Arity “helps consumers get the most accurate auto insurance price after they consent in a simple and transparent way that fully complies with all laws and regulations.”

But according to the press release from the Attorney General, Allstate and other insurers used what they alleged to be covertly obtained data to justify raising Texans’ insurance rates.

We don’t just report on threats – we help safeguard your entire digital identity

Cybersecurity risks should never spread beyond a headline. Protect your—and your family’s—personal information by using identity protection.

After TikTok was briefly banned in the US last weekend, an unusual phenomenon unearthed. Reportedly, people are selling iPhones that have TikTok installed for up to $25,000.

This may require some explanation, so bear with me.

TikTok has had a rough time in the US the last weeks. The ban we mentioned originates from back in March, when the House of Representatives passed a bill that would effectively ban TikTok from the US unless Chinese owner ByteDance agreed to give up its share of the immensely popular app.

Despite an overruled emergency injunction to stop or postpone the planned ban on the platform in the US, the ban took effect on January 19.

But TikTok’s messaging was clear, they were coming back.

“Sorry TikTok isn’t available right now

A law banning TikTok has been enacted in the U.S. Unfortunately that means you can’t Use TikTok for now.

We are fortunate that President Trump has indicated that he will work with us on a solution to reinstate TikTok once he takes office. Please stay tuned!

And it was indeed back for millions of US users as of January 19 and 20. That is to say, for those that had the app installed.

Update 3

Welcome back!

Thanks for your patience and support. As a result of President Trump’s efforts, TikTok is back in the U.S.!

You can continue to create, share, and discover all the thing you love on TikTok.

However, anyone that deleted or never had the app installed are unable to download it as the Apple and Google app stores in the US still don’t have it available. And despite an executive order to delay enforcing the ban, it is unclear when it will be available for download again.

Second hand iPhones for sale

Some people have seized on this as a money-making opportunity, selling their iPhones for thousands of dollars on eBay. But is that a smart thing to do?

According to Apple’s Support pages, there is a recommended procedure to follow before you sell, give away, or trade in your iPhone or iPad. One of those steps is to Erase All Content and Settings. From that page:

“When you tap Erase All Content and Settings, it completely erases your device, including any credit or debit cards you added for Apple Pay and any photos, contacts, music, or apps. It will also turn off iCloud, iMessage, FaceTime, Game Center, and other services. Your content won’t be deleted from iCloud when you erase your device.”

If you want to leave an app like TikTok behind, you will have to manually erase all the other items on that list to make sure the buyer will not get hold of other private information about you. This is tough to do and is highly likely you would leave some of your data behind.

If you’re considering buying a second hand iPhone so you can use TikTok, how can you be sure that TikTok is the only thing that’s left behind? I wouldn’t put it past cybercriminals to sell devices they can still access, or even malware.

Another bad idea is to roam the internet for unofficial TikTok apps (in the form of IPA or APK files). Installing an unsigned app requires a jailbreak and it can pose significant risks to your device and personal data. Files from unreliable sources may contain malware, spyware, or information stealers and, once installed, these malicious programs can compromise your device’s security.

My advice would be to exercise some patience. TikTok may well reappear in app stores or it’ll be completely removed from access, so everyone will be in the same boat.

We don’t just report on threats – we help protect your social media

Cybersecurity risks should never spread beyond a headline. Protect your social media accounts by using Malwarebytes Identity Theft Protection.

A patch is available for a vulnerability in 7-Zip that could have allowed attackers to bypass the Mark-of-the-Web (MotW) security feature in Windows.

The MotW is an attribute added to files by Windows when they have been sourced from an untrusted location, like the internet or a restricted zone. The MotW is what triggers warnings that opening or running such files could lead to potentially dangerous behavior, including installing malware on their devices. 7-Zip added support for MotW in June 2022.

The MotW also makes sure that Office documents that are marked with the MotW will be opened in Protected View, which automatically enables read-only mode and means that all macros will be disabled until the user allows them.

For years, attackers were able to bypass the MotW by putting their malicious files in archives. This worked because the MotW is in fact another file that is attached to the main file as an Alternate Data Stream (ADS), and over the years we have seen many vulnerabilities in archivers where the ADS didn’t pass on the individual files when the archive was decompressed.

The same is true this time. Only the attacker will have to prepare an especially crafted nested archive. A nested archive means there is an open archive inside another open archive. Exploitation of the vulnerability also requires user interaction, meaning the target will have to visit a malicious page or open a malicious file.

If you’re a Windows user, check whether you are using version 7-Zip 24.09 or later. If you’re not, then they’ll need to update.

7-Zip does not have an auto-update function, so you will have to download the version that is suitable for your system from the 7-Zip downloads page.

Other security measures

There are some general safety tips to keep in mind when you’re handling archived files on a regular basis:

• Keep track of how and where you obtained the archive.
• Always be careful when opening archived files that you downloaded from the internet.
• Make sure you are using an updated anti-malware solution that is capable of scanning inside archives, and you have that setting enabled.

• Keep track of who accesses archived files and when. This can help identify unauthorized access attempts and help monitor unwanted changes.

We don’t just report on threats—we remove them

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

It’s just become even more important to be conscious about the pictures we post online.

GeoSpy is an Artificial Intelligence (AI) supported tool that can derive a person’s location by analyzing features in a photo like vegetation, buildings, and other landmarks. And it can do so in seconds based on one picture.

Graylark Technologies who makes GeoSpy says it’s been developed for government and law enforcement. But the investigative journalists from 404 Media report that the tool has also been used for months by members of the public, with many making videos marveling at the technology, and some asking for help with stalking specific women.

404 Media says the company trained GeoSpy on millions of images from around the world and can recognize distinct geographical markers such as architectural styles, soil characteristics, and their spatial relationships.

Using the tool to determine anyone’s location requires virtually no training, so anybody can do it. Normally, it would take open source intelligence (OSINT) professionals quite some time of training and experience to reach the level of speed and accuracy that GeoSpy delivers to an untrained individual.

This means that even the most non tech-savvy individual could find a person of interest based on pictures posted on social media, despite the fact that social media strips the metadata—which could include GPS coordinates or other useful information—from these pictures.

Based on its testing and conversations with users, 404 Media concluded:

“GeoSpy could radically change what information can be learned from photos posted online, and by whom.”

Even if the tool is unable to narrow down the location to an exact street address or block, based on vegetation it can bring down the search area to a few square miles.

The company’s founder says he has pushed back against requests from people asking to track particular women. Now GeoSpy has closed off public access to the tool, after 404 Media asked him for a comment.

Aside from the contribution towards a surveillance society, the risks of such a tool are obvious. It poses several significant dangers, particularly concerning privacy, security, and potential abuse if a stalker can access it. Another worry concerns the security of the storage for the data that is used and found by this tool. When involved in a breach, a host of information could become available to cybercriminals.

We don’t just report on threats – we help protect your social media

Cybersecurity risks should never spread beyond a headline. Protect your social media accounts by using Malwarebytes Identity Theft Protection.