IT NEWS

For more than a year, Google has said it would phase out the third-party tracking cookies that power much of its advertising business online, proposing new ideas that would allegedly preserve user privacy while still providing businesses with steady revenue streams.

This week, Google tossed much of that work aside.

In an update about Google’s Privacy Sandbox, the tech giant said that due to feedback from authorities and other stakeholders in advertising, it is looking at a new path forward in finding the balance between privacy and an ad-supported internet.

The underlying grounds for the difficulty in finding the balance are not hard to understand. The effectiveness of advertising is determined by whether you’re able to reach your target audience, but the processes involved in determining whether a website visitor belongs to your target audience or not often means that the website publisher gathers information about said visitor, which can quickly become a privacy issue.

The common method to track a visitor’s online behavior was and still involves third-party cookies. You can look at them as small files that your browser drags along the internet while sites record your interests and online behavior in them. They are the reason why you suddenly see advertisements for an article you have looked at in an online store.

When the advertising industry collectively decided they needed something better than cookies, Google introduced the Privacy Sandbox  as a “secure environment for personalization that also protects user privacy.” The idea was to get rid of third-party cookies altogether.

Later, Google started experimenting with FLoC, or “Federated Learning of Cohorts.” FLoC aimed to become a privacy-focused solution intent on delivering relevant ads by clustering large groups of people with similar interests. This way, user behavior would be processed as anonymized accounts, grouped by interests. Most importantly, user information would processed on-device rather than broadcast across the web.

The idea was to get rid of third-party cookies by 2022, but the implementation of FLoC caused so much push-back from privacy experts that Google abandoned the idea.

Then Google came up with Topics, an idea based on Privacy Sandbox where the user does not get tracked based on the sites they visit, but where each site displays contextual advertising, which means the ads match with the content on the page. But Google had to ask websites not to abuse the topics API and other browser developers showed no interest in adopting the API.

Despite Google Chrome’s browser market share (>60%), it does not have the influence needed to persuade its competitors. And the pressure is on, since other browsers like Safari and Firefox went ahead and already started blocking third-party cookies. Ironic, because the push to eliminate third-party cookies was set in motion by Google and now it’s lagging behind.

So, Google is back with a new path for the Privacy Sandbox. It proposes:

“An updated approach that elevates user choice. Instead of deprecating third-party cookies, we would introduce a new experience in Chrome that lets people make an informed choice that applies across their web browsing, and they’d be able to adjust that choice at any time.”

Strengthened with a new feature called IP Protection in Chrome’s Incognito Mode, this should protect the user from being identified by third parties as a potential target IP address for web-wide cross-site tracking.

Does that mean there will be yet another prompt asking the user what they want? It looks like it. But first, Google intends to put out its feelers to find out what regulators and the advertising industry have to say about this new approach.

We have a feeling that this will not be the end of this saga, and we will keep our readers informed about new developments.

Summer mega sale

Go into your vacation knowing you’re much more secure: This summer you can get a huge 50% off a Malwarebytes Standard subscription or Malwarebytes Identity bundle. Run, don’t walk!

The Heritage Foundation this month denied that it had suffered an earlier system breach and the subsequent leaking of internal data. But the organization had to admit that cybercriminals gained access to an archive of Heritage’s affiliated media site, The Daily Signal, dating back to 2022. That archive reportedly contained content of Heritage and non-Heritage contributors’ personal information.

Either way, a Malwarebytes review of the data shows over half a million usernames and passwords.

At the heart of the back-and-forth claims are an alleged breach against the Heritage Foundation that SiegedSec, a politically motivated group, claimed to have carried out on July 2, 2024.

The group said it released the data in response to Heritage Foundation’s Project 2025, a set of proposals that aim to give Donald Trump a set of ready-made policies to implement if he wins this fall’s election in the United States.

The stolen data includes email addresses, usernames, passwords, phone numbers, IP addresses, full names, and may contain other compromised user details.

SiegedSec also claimed to have over 200 gigabytes of additional “mostly useless” data, which they do not intend to release.

The discrepancy in the claims lies in the fact that SiegedSec said it obtained passwords and other user information for “every user” of a Heritage Foundation database. Heritage responded in saying that:

“An organized group stumbled upon a two-year-old archive of The Daily Signal website that was available on a public-facing website owned by a contractor.”

A possible cause for the discrepancy is an earlier cyberattack on the Heritage Foundation in April of 2024 which resulted in a shutdown of the organization’s network to prevent further malicious activity. But the nature of that attack is unclear and it is impossible to say whether any data was stolen.

Some sources, however, have reported that it was in fact a ransomware attack by the Play Group, which means that an attempt to steal data is still a possibility.

Protecting yourself after a data breach

There are some actions you can take if you are, or suspect you may have been, the victim of a data breach.

• Check the vendor’s advice. Every breach is different, so check with the vendor to find out what’s happened and follow any specific advice they offer.
• Change your password. You can make a stolen password useless to thieves by changing it. Choose a strong password that you don’t use for anything else. Better yet, let a password manager choose one for you.
• Enable two-factor authentication (2FA). If you can, use a FIDO2-compliant hardware key, laptop or phone as your second factor. Some forms of two-factor authentication (2FA) can be phished just as easily as a password. 2FA that relies on a FIDO2 device can’t be phished.
• Watch out for fake vendors. The thieves may contact you posing as the vendor. Check the vendor website to see if they are contacting victims and verify the identity of anyone who contacts you using a different communication channel.
• Take your time. Phishing attacks often impersonate people or brands you know, and use themes that require urgent attention, such as missed deliveries, account suspensions, and security alerts.
• Consider not storing your card details. It’s definitely more convenient to get sites to remember your card details for you, but we highly recommend not storing that information on websites.
• Set up identity monitoring. Identity monitoring alerts you if your personal information is found being traded illegally online, and helps you recover after.

Check your exposure in the Heritage leak (and elsewhere online)

You can verify whether your information was included in the Heritage data leak now by using the Malwarebytes Digital Footprint portal. Just enter your email address (it’s best to submit the one you most frequently use) to our free Digital Footprint scan, and we’ll give you a report. For those whose information was not included, you’ll still likely find other exposures in previous data breaches.

We don’t just report on threats – we help safeguard your entire digital identity

Cybersecurity risks should never spread beyond a headline. Protect your—and your family’s—personal information by using identity protection.

Summer mega sale

Go into your vacation knowing you’re much more secure: This summer you can get a huge 50% off a Malwarebytes Standard subscription or Malwarebytes Identity bundle. Run, don’t walk!

Last week on Malwarebytes Labs:

• CrowdStrike update at center of Windows “Blue Screen of Death” outage
• Number of data breach victims goes up 1,000%
• Gen Z breakups tainted by login abuse for spying and stalking, research shows
• Rite Aid says 2.2 million people affected in data breach
• AI device Rabbit r1 logged user interactions without an option to erase them before selling
• How an AI “artist” stole a woman’s face, with Ali Diamond (Lock and Code S05E15)
• Disney “breached”, data dumped online

Last week on ThreatDown:

• CrowdStrike security update leads to widespread outages
• Why Microsoft? Why?
• Get patching! Old vCenter vulnerability actively abused
• 22 minutes from PoC exploit to attacks—would you have patched in time?
• Ransomware review: July 2024
• GeoServer vulnerability actively abused, CISA warns

Stay safe!

Our business solutions remove all remnants of ransomware and prevent you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.

Summer mega sale

Go into your vacation knowing you’re much more secure: This summer you can get a huge 50% off a Malwarebytes Standard subscription or Malwarebytes Identity bundle. Run, don’t walk!

A faulty update from the cybersecurity vendor CrowdStrike crashed countless Windows computers and sent them into a “Blue Screen of Death” (BSOD), grinding to a halt the global operations of airlines, hospitals, news broadcasters, transportation agencies, and more.

The incident itself is not the result of a cyberattack. There is no evidence of a breach or of any cybercriminal involvement.

But, as Malwarebytes Labs has reported before, many major events can lead to follow-on threats of phishing and scams, and this global outage is no different. On July 19, the US Cybersecurity and Infrastructure Security Agency (CISA) issued an advisory on this same risk:

“CISA has observed threat actors taking advantage of this incident for phishing and other malicious activity. CISA urges organizations and individuals to remain vigilant and only follow instructions from legitimate sources. CISA recommends organizations to remind their employees to avoid clicking on phishing emails or suspicious links.”

As of reporting, CrowdStrike has already issued a fix.

What happened

On July 19, businesses in Australia began reporting that their Windows computers were restarting automatically into a BSOD, making them inaccessible to users. The reports were limited only to Windows machines and, as verified later by CrowdStrike, computers running Mac OS or Linux were not affected.

As IT admins in Australia scrambled to get their organizations back online, the same BSOD issue began greeting workers across Europe. The problem, it became clear, was becoming global, with reports of similar problems in Germany, Japan, India, and, eventually, the United States.

Hundreds of businesses were immediately impacted. Flights were grounded. Delays are being warned for package delivery provider UPS. Hospitals in the state of Maryland began cancelling procedures. And The Washington Post reported that, while many retailers were unscathed, coffee giant Starbucks was experiencing difficulties with its mobile ordering system.

What every affected business had in common was their use of Windows computers running CrowdStrike’s cybersecurity platform.

In the past 24 hours, CrowdStrike issued a faulty software update for Windows devices that included a problematic “channel file.” Windows devices that installed this update were then sent into a boot loop back into the “Blue Screen of Death” which kept users from accessing their own computers.

The fix

As of 05:27 AM UTC, CrowdStrike had identified the faulty channel file and issued a new, safe channel file for use. Deleting the channel file and installing the correct channel file, however, could require direct, physical access to a computer—a particularly time-intensive task as increasingly more businesses have adopted hybrid and Work From Home models.

CrowdStrike has a full statement on hox to fix Windows machines that are still stuck in the BSOD loop here.

Everyday users who are affected by this outage on their work machines or personal machines are not at heightened risk of a cybersecurity attack. Instead, people should simply remain vigilant about malicious emails and websites that promise fixes for the problem. For any and all maintenance, rely on CrowdStrike’s official statements and, if experiencing problems at work, rely on your IT admin.

Summer mega sale

Go into your vacation knowing you’re much more secure: This summer you can get a huge 50% off a Malwarebytes Standard subscription or Malwarebytes Identity bundle. Run, don’t walk!

Nope, that headline’s not a typo. Over one thousand percent.

The Identity Theft Resource Center (ITRC) tracked 1,041,312,601 data breach victims in Q2 2024, an increase of 1,170% over Q2 2023 (81,958,874 victims).

The ITRC is a national non-profit organization set up with the goal of minimizing the risk and mitigating the impact of identity compromise. Through public and private support, it provides no-cost victim assistance and consumer education.

The vast majority of that rise in numbers in due to a few very large compromises. The ITRC mentions Prudential (2.5 million people) and Infosys McCamish Systems (6 million people) as main contributors.

Because both of these breaches were announced/updated in the second quarter of 2024 they have a huge impact on the numbers. When we compare the number of data breach victims in the first half of 2024 (H1 2024) then we see an increase of 490 percent compared to the first half of 2023. Which is still significant and worrying.

The ITRC broke down some of the numbers to show them in an infographic.

Some notable statistics we can derive from the infographic:

• Almost 90% of the compromises in H1 2024 are due to data breaches.
• Financial services had the most breaches, followed by healthcare.
• The largest data breaches in number of victims are Ticketmaster, Advance Auto Parts, and Dell.
• 80 supply chain attacks accounted for 446 affected entities and over 10 million victims.

Another trend the ITRC highlights is the increase in stolen driver’s license information. Mostly caused by a post pandemic trend to use driver’s license information for identity confirmation. This has increased both the chances of this information being included in a breach, and increased the value of that information to thieves.

The number of data breaches where driver’s license data was stolen totaled 198 instances in pre-pandemic, full-year 2019 compared to 636 in full-year 2023 and 308 through June 30, 2024.

Most of the data breaches are not the result of negligence but of targeted cyberattacks. This explains the rising demand for data deletion services. Not only does it play a significant role in safeguarding privacy rights on the business side, it also helps avoid or lessen the legal consequences of a breach.

ITRC president and CEO Eva Velasquez summarized the report like this:

“The takeaway from this report is simple. Every person, business, institution and government agency must view data and identity protection with a greater sense of urgency.”

Protecting yourself after a data breach

There are some actions you can take if you are, or suspect you may have been, the victim of a data breach.

• Check the vendor’s advice. Every breach is different, so check with the vendor to find out what’s happened and follow any specific advice they offer.
• Change your password. You can make a stolen password useless to thieves by changing it. Choose a strong password that you don’t use for anything else. Better yet, let a password manager choose one for you.
• Enable two-factor authentication (2FA). If you can, use a FIDO2-compliant hardware key, laptop or phone as your second factor. Some forms of two-factor authentication (2FA) can be phished just as easily as a password. 2FA that relies on a FIDO2 device can’t be phished.
• Watch out for fake vendors. The thieves may contact you posing as the vendor. Check the vendor website to see if they are contacting victims and verify the identity of anyone who contacts you using a different communication channel.
• Take your time. Phishing attacks often impersonate people or brands you know, and use themes that require urgent attention, such as missed deliveries, account suspensions, and security alerts.
• Consider not storing your card details. It’s definitely more convenient to get sites to remember your card details for you, but we highly recommend not storing that information on websites.
• Set up identity monitoring. Identity monitoring alerts you if your personal information is found being traded illegally online, and helps you recover after.

Check your exposure

Looking at the numbers in the ITRC report, it’s likely you’ve had other personal information exposed online in previous data breaches. You can check what personal information of yours has been exposed with our Digital Footprint portal. Just enter your email address (it’s best to submit the one you most frequently use) to our free Digital Footprint scan, and we’ll give you a report.

We don’t just report on threats – we help safeguard your entire digital identity

Cybersecurity risks should never spread beyond a headline. Protect your—and your family’s—personal information by using identity protection.

Summer mega sale

Go into your vacation knowing you’re much more secure: This summer you can get a huge 50% off a Malwarebytes Standard subscription or Malwarebytes Identity bundle. Run, don’t walk!

Breaking up is hard to do, but for younger Americans today, ending a romantic relationship requires more than a heart-to-heart conversation—it could also require protection against follow-on invasions of online privacy and security.

According to a new analysis of research released earlier this summer by Malwarebytes, 45% of Gen Z partners said that, following a breakup, their former partners abused personal login credentials for a variety of harmful activities, such as accessing emails, tracking locations, and even spying on someone through a shared smart device.

This type of credential abuse is an abuse of consent. When couples have agreed to let one another access personal apps, messaging platforms, devices, and locations, some exes maintain that access even after a breakup.

The problem is particularly pronounced amongst America’s youth, as, comparatively, just 23% of Gen Xers and 10% of Baby Boomers reported the same behavior from their own exes. Those lower rates are not the function of lower app usage or smartphone adoption by older populations, as Malwarebytes’ research was controlled across all generations for the sharing of online accounts, devices, and location information.

Instead, the disparate privacy invasions could be a consequence of disparate sharing. As Malwarebytes revealed last year, Gen Z were more likely to consensually and non-consensually monitor their partners than any other generation.

The findings emerge from a new analysis of research that Malwarebytes released earlier this year in the report, “What’s mine is yours: How couples share an all-access pass to their digital lives.”

Together, they data reveals that modern breakups—like modern romance—are intimately intertwined with online life.

The kids aren’t alright

The kids (who are hardly kids by now) are having problems of consent.

When asked about how their ex-partners behaved following a breakup, Gen Z respondents experienced higher rates of login abuse than any other generation for nearly every single type of harm described.

For example, 14% of Gen Z respondents said that an ex-partner of theirs had logged into their own social media accounts after a breakup, compared to 8% of Gen Xers and 3% of Baby Boomers who said the same. That higher rate matched the similar 13% of Gen Z respondents who said that an ex-partner had “used my accounts to impersonate me.” Such impersonation included when an ex wrongfully logged into a personal social media account to make fraudulent posts, or when an ex even sent emails on the person’s behalf.

In one slim disparity, 11% of Gen Z respondents said an ex-partner had “accessed my emails, texts, DMs, or other messages,” compared to 9% of Gen X respondents and 4% of Baby Boomers.  

But when Gen Z respondents did not report the highest rates of login abuse for one specific activity, it was common for their next-generation neighbors to take the title.

In fact, when comparing Gen Z respondents and Millennials together—as a combined group—against every generation older than them, the younger generations reported significantly higher rates of overall login abuse (43% of Gen Z and Millennials combined compared to 15% of all people older than Millennials), social media login abuse (13% compared to 4%), financial account login abuse (9% compared to 2%), and streaming service login abuse, such as when an ex continued to use a former partner’s Netflix or Spotify accounts after a breakup (14% compared to 1%).

While having an ex muddy your Hulu recommendations may seem like a minor inconvenience, America’s younger generations also faced higher rates of stalking, non-consensual location tracking, and outright digital spying.

America’s youth and a potential stalking crisis

Gen Z respondents and Millennials, combined, reported significantly higher rates of having an ex that “used my accounts to stalk me,” compared to the combined Gen X respondents and Baby Boomers who reported the same (13% compared to 5%).

Stalking itself is an umbrella term that includes unwanted, repeated attention from someone. That can include an abuser who physically follows their ex around town, or a spurned partner who sends incessant texts, phone calls, and emails. It can also include a divorced spouse who has moved out of a shared home but who, by maintaining access to a smart device, raises a thermostat to dangerous temperatures or who tracks a home’s visitors on a smart doorbell.

Worryingly, these types of activities—which can all fit into the broader term of “stalking”—were also individually reported more often by America’s younger generations.

For instance, significantly more Gen Z respondents and Millennials, combined, said an ex had “used my accounts to track my location or tracked via location sharing apps” than every generation older than them (12% compared to 3%). And 10% of this younger group of Americans also said that an ex had “logged into my smart devices to spy on me,” compared to 4% of Americans older than them.

Remember, also, that younger Americans reported higher rates of suffering from an ex who impersonated them (10% compared to 4% of Americans older than Millennials) and who also accessed their emails, texts, DMs, or other messages (10% compared to 6%).

All of these harms, depending on their regularity, can be described as stalking. With access to a former partner’s email and messaging platforms, an ex can send lewd messages to friends and family, destroy the former partner’s relationships at work, and sign the former partner up for annoying, endless spam mailers. This is targeted, unwanted harassment, which is exactly what stalking encompasses.

Though the reasons for the higher rates of stalking and stalking behavior faced by Gen Z and Millennials are unclear, it’s important to provide context from research that Malwarebytes released last year.

When asking 1,000 people in North America about the ways they monitored both their significant others and their children, Gen Z respondents were significantly more likely to track their romantic partners locations and digital activity—both with consent and without.

In fact, 29% of Gen Z respondents said that, with permission, they tracked a spouse or significant other’s location through an app or Bluetooth tracker (compared to 20% of non-Gen Z respondents), and 25% said they’d installed monitoring software on a spouse or significant other’s device (compared to 17% of non-Gen Z respondents).

Defining what’s “normal” to share

It’s hard to ignore that the generation most likely to engage in consensual location tracking is also the generation most likely to report non-consensual location tracking after a breakup.

This doesn’t mean that location sharing is inherently dangerous, or that relationships amongst younger Americans are inherently more volatile.

Instead, this data merely points to a teaching moment. Romance is complex enough without the addition of location tracking, device sharing, password use, and joint account setups. But while Malwarebytes can’t help with any of the actual difficulties around dating, it can help with everything digital.

Visit Malwarebytes’ “Modern Love in the Digital Age” guidance hub today for advice on safely and securely sharing your digital life with the person you trust most.

Summer mega sale

Go into your vacation knowing you’re much more secure: This summer you can get a huge 50% off a Malwarebytes Standard subscription or Malwarebytes Identity bundle. Run, don’t walk!

The US’ third-largest pharmacy chain Rite Aid has filed a data breach notification in which it reports that the data stolen during a June ransomware attack compromised the data of some 2.2 million people.

Ransomware group RansomHub claimed responsibility for the attack that took place on June 6, 2024. Ransomware groups are always looking for ways to increase their leverage over their victims, and threatening to leak stolen customer data is one of their most common methods.

The site where RansomHub’s leaks stolen data features a ransom demand next to a typical countdown timer, demanding payment before the timer expires on July 26, after which the group has threatened to release the stolen data.

After the discovery of the breach on June 20, Rite Aid started an investigation. The restoration of the compromised systems has now reached completion, according to Rite Aid.  

Reportedly, the stolen data appears to be limited to purchases made between June 6, 2017, and July 30, 2018. Rite Aid says names, addresses, dates of birth, and the numbers associated with driver’s licenses or other ID documents were stolen.

RansomHub claims that:

​”While having access to the Riteaid network we obtained over 10 GB of customer information equating to around 45 million lines of people’s personal information. This information includes name, address, dl_id number, dob, riteaid rewards number.”

Rite Aid is offering affected customers a standard 12 months of credit monitoring from Kroll. Details on how to claim that offer can be found in the letter it’s sending customers.

Protecting yourself after a data breach

There are some actions you can take if you are, or suspect you may have been, the victim of a data breach.

• Check the vendor’s advice. Every breach is different, so check with the vendor to find out what’s happened, and follow any specific advice they offer.
• Change your password. You can make a stolen password useless to thieves by changing it. Choose a strong password that you don’t use for anything else. Better yet, let a password manager choose one for you.
• Enable two-factor authentication (2FA). If you can, use a FIDO2-compliant hardware key, laptop or phone as your second factor. Some forms of two-factor authentication (2FA) can be phished just as easily as a password. 2FA that relies on a FIDO2 device can’t be phished.
• Watch out for fake vendors. The thieves may contact you posing as the vendor. Check the vendor website to see if they are contacting victims, and verify the identity of anyone who contacts you using a different communication channel.
• Take your time. Phishing attacks often impersonate people or brands you know, and use themes that require urgent attention, such as missed deliveries, account suspensions, and security alerts.
• Consider not storing your card details. It’s definitely more convenient to get sites to remember your card details for you, but we highly recommend not storing that information on websites.
• Set up identity monitoring. Identity monitoring alerts you if your personal information is found being traded illegally online, and helps you recover after.

Check your digital footprint

Malwarebytes has a free tool for you to check how much of your personal data has been exposed online. Submit your email address (it’s best to give the one you most frequently use) to our free Digital Footprint scan and we’ll give you a report and recommendations.

Summer mega sale

Go into your vacation knowing you’re much more secure: This summer you can get a huge 50% off a Malwarebytes Standard subscription or Malwarebytes Identity bundle. Run, don’t walk!

Rabbit, the manufacturer of the Artificial Intelligence (AI) assistant r1 has issued a security advisory telling users it’s found a potential security risk. If a user loses or sells their device, a person in possession of the r1 could potentially jailbreak the device and gain access to files that contain logging information, chats, and photos.

To tackle the potential problem with sensitive data being left behind on the r1, Rabbit has taken the following measures:

• A factory reset option is now available in the settings menu that lets you erase all data from the r1 prior to transferring ownership.
• Pairing data is no longer logged to the device.
• The amount of log data that gets stored on the device has been reduced.
• Pairing data can no longer be used to read from the user’s Rabbithole journal section. It can only trigger actions.

Rabbit also says it is performing a full review of device logging practices to check whether additional technical controls are needed.

If you have an r1, you don’t need to do anything as the fix will be downloaded and installed automatically. While most updates to the r1 do not require any action of the user, updates that require you to accept them, including new features and more supported apps, will happen via over-the-air updates. For these, follow the prompt on your r1, make sure you’re connected to WiFi and a power source, and wait for it to update.

For those not familiar with the concept, the Rabbit r1 is an AI-powered gadget that can manage the use of your apps for you. It’s a standalone gadget with a 2.88-inch touchscreen, a rotating camera for taking photos and videos, and a scroll wheel/button designed to navigate the menu or allow you to talk to the built-in AI.

The Rabbithole mentioned earlier is an all-in-one web portal to manage the relationship with rabbit OS, and the device that you pair the r1 to. The Rabbit r1 uses a Large Action Model (LAM) to translate the user’s voice into actions on the device it’s paired with, whether that’s a handheld device, like a phone, or a desktop computer.

It’s still pretty much a project under development. Right now, the Rabbit r1 can answer questions, call an Uber, order DoorDash, play music on Spotify, translate speech, generate images on Midjourney, identify nearby objects with its camera and record voice memos. Nothing your phone can’t do, but Rabbit promises more options on the horizon and claims that all these actions are easier to accomplish when you’re using the r1.

The journal section of the Rabbithole web portal shows any visual searches you’ve conducted using the r1’s camera and voice memos you’ve recorded.

Rabbit says there’s no indication that pairing data has been abused to retrieve Rabbithole journal data belonging to a former device owner. Yet the possibility exists, and it’s good that users now have the ability to erase all data before selling the device. However, this doesn’t solve the issue if the r1 is stolen or lost.

We don’t just report on threats – we help safeguard your entire digital identity

Cybersecurity risks should never spread beyond a headline. Protect your—and your family’s—personal information by using identity protection.

Summer mega sale

Go into your vacation knowing you’re much more secure: This summer you can get a huge 50% off a Malwarebytes Standard subscription or Malwarebytes Identity bundle. Run, don’t walk!

This week on the Lock and Code podcast…

Full-time software engineer and part-time Twitch streamer Ali Diamond is used to seeing herself on screen, probably because she’s the one who turns the camera on.

But when Diamond received a Direct Message (DM) on Twitter earlier this year, she learned that her likeness had been recreated across a sample of AI-generated images, entirely without her consent.

On the AI art sharing platform Civitai, Diamond discovered that a stranger had created an “AI image model” that was fashioned after her. The model was available for download so that, conceivably, other members of the community could generate their own images of Diamond—or, at least, the AI version of her. To show just what the AI model was capable of, its creator shared a few examples of what he’d made: There was AI Diamond standing what looked at a music festival, AI Diamond with her head tilted up and smiling, and AI Diamond wearing, what the real Diamond would later describe, as an “ugly ass ****ing hat.”

AI image generation is seemingly lawless right now.

Popular AI image generators, like Stable Diffusion, Dall-E, and Midjourney, have faced valid criticisms from human artists that these generators are copying their labor to output derivative works, a sort of AI plagiarism. AI image moderation, on the other hand, has posed a problem not only for AI art communities, but for major social media networks, too, as anyone can seemingly create AI-generated images of someone else—without that person’s consent—and distribute those images online. It happened earlier this year when AI-generated, sexually explicit images of Taylor Swift were seen by millions of people on Twitter before the company took those images down.

In that instance, Swift had the support of countless fans who reported each post they found on Twitter that shared the images.

But what happens when someone has to defend themselves against an AI model made of their likeness, without their consent?

Today, on the Lock and Code podcast with host David Ruiz, we speak with Ali Diamond about finding an AI model of herself, what the creator had to say about making the model, and what the privacy and security implications are for everyday people whose likenesses have been stolen against their will.

For Diamond, the experience was unwelcome and new, as she’d never experimented using AI image generation on herself.

“I’ve never put my face into any of those AI services. As someone who has a love of cybersecurity and an interest in it… you’re collecting faces to do what?”

Tune in today to listen to the full conversation.

Show notes and credits:

Intro Music: “Spellbound” by Kevin MacLeod (incompetech.com)
Licensed under Creative Commons: By Attribution 4.0 License
http://creativecommons.org/licenses/by/4.0/
Outro Music: “Good God” by Wowa (unminus.com)

Listen up—Malwarebytes doesn’t just talk cybersecurity, we provide it.

Protect yourself from online attacks that threaten your identity, your files, your system, and your financial well-being with our exclusive offer for Malwarebytes Premium for Lock and Code listeners.

A group of cybercriminals going by the handle NullBulge claims to have downloaded the Slack channels used by Disney’s developers.

“#DisneySlackLeak

#Disney has had their entire dev slack dumped. 1.1TiB of files and chat messages. Anything we could get our hands on, we downloaded and packaged up. Want to see what goes on behind the doors? go grab it.”

The group says it got a hold of a huge amount of data, including unreleased projects and login info:

“1.2 TB of data, almost10,000 channels, every message and file possible, dumped. Unreleased projects, raw images and code, some logins, links to internal api/web pages, and more! Have fun sifting through it, there is a lot there. We tried to hold off until we got deeper in, but our inside man got cold feet and kicked us out! I thought we had something special {name}! Consider the dropping of literally every bit of personal info you have, from logins to credit cards to SSN, as a warning for people in the future.”

This seems to indicate that the group was helped by an insider, and that it might have obtained even more had that person not backed out of assisting. It’s unlikely that NullBulge had access to customer data through these Slack channels, but it does look as if the group accessed a lot of material that Disney was working on.

Calling itself a hacktivist group that aims for better compensation and protection of artists’ rights, the group then announced the breach on infamous data leak site BreachForums and provided screenshots of its findings.

“Hi there folks, it is us again.

Yesterday we leaked some small DB, now we leak the big guns.

1.1TiB of data. almost 10,000 channels, every message and file possible, dumped. Unreleased projects, raw images and code, some logins, links to internal api/web pages, and more! Have fun sifting through it, there is a lot there.

Perfect for gathering intelligence and more.”

The earlier post NullBulge is referring to is a WordPress database dump of the howwelove[.]com domain. We have no idea what the group’s beef with this relationships-focused website is.

Disney is yet to make a comment. We’ll keep this post updated with the latest developments

We don’t just report on threats – we help safeguard your entire digital identity

Cybersecurity risks should never spread beyond a headline. Protect your—and your family’s—personal information by using identity protection.

Summer mega sale

Go into your vacation knowing you’re much more secure: This summer you can get a huge 50% off a Malwarebytes Standard subscription or Malwarebytes Identity bundle. Run, don’t walk!