IT NEWS

Recently, Amazon announced that it will require all privileged Amazon Web Services (AWS) accounts to use multi-factor authentication (MFA), starting in mid-2024.

Our regular readers will know that we feel that passwords alone are not adequate protection, especially not for your important accounts. So we wholeheartedly agree with Amazon on this.

Multi-factor authentication is so much more secure, and with that a lot more forgiving, than passwords alone. I would not recommend it, but writing down your password on a Post-It and pasting it on your monitor won’t do an attacker any good if you have set up your MFA properly. Also not recommended, but you could even re-use your weak password on every site, as long as all those accounts were protected with the best that MFA has to offer.

The last piece of that sentence, “the best that MFA has to offer”, is important. As Amazon wrote in its announcement:

“We recommend that everyone adopts some form of MFA, and additionally encourage customers to consider choosing forms of MFA that are phishing-resistant, such as security keys.”

The takeaway here is that not every form of MFA is equally secure. When given the choice, the best form of MFA is a password and hardware key, but this means you’ll need to buy a hardware key. Please consider dong so, since they are worth the small investment and not nearly as intimidating as they may seem.

Security keys conforming to the FIDO U2F or FIDO2/WebAuthn standards are inherently resistant to reverse proxy and man-in-the-middle attacks that are reportedly on the rise right now.

If you aren’t ready to take that step yet, the next best form of MFA uses an app that prompts you with a notification on your phone. Next best after that is MFA that uses a code from an app on your phone, and the least good version of MFA uses a code sent over SMS.

But even that least good version provides a good chunk of security.

In 2019, Microsoft’s Alex Weinert wrote that, based on Microsoft’s studies, your account is more than 99.9% less likely to be compromised if you use MFA. This year (2023), Microsoft’s Tom Burt blogged:

“While deploying MFA is one of the easiest and most effective defenses organizations can deploy against attacks, reducing the risk of compromise by 99.2%, threat actors are increasingly taking advantage of “MFA fatigue” to bombard users with MFA notifications in the hope they will finally accept and provide access.”

So, the numbers are slightly down, mainly because cybercriminals have started to adapt and are finding ways to bypass the weakest MFA methods.

An MFA fatigue attack, aka MFA bombing or MFA spamming, is a social engineering strategy where attackers repeatedly trigger second-factor authentication requests. The attacker bombards the user with requests to allow access and hopes the intended victim gets tired of the racket or makes a mistake and pushes the coveted “Yes, that’s me” button.

Still, a success rate of over 99% is no small feat. And this number will improve with better MFA.

What is holding us back is the number of sites and services offering us the possibility of using MFA. So please, if you are not doing this, stop asking users for more complex passwords that change every few weeks, but start implementing MFA for them. It will not only increase security but also provide a better user experience.

At some point users should and will, demand to be able to use MFA to protect their accounts from being abused or taken over by cybercriminals. So, providing them with this option means you are ready for the future.

To help you as a user get started, here are links to the 2FA setup instructions for the five most visited websites:

• Google 2-step verification
• YouTube 2-step verification 
• Facebook two-factor authentication
• Twitter two-factor authentication
• Instagram two-factor authentication

Malwarebytes EDR and MDR removes all remnants of ransomware and prevents you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.

TRY NOW

Apple has released iOS 17.0.3, an emergency update fixing two vulnerabilities, one of which has already been exploited by cybercriminals.

The update is available for iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later.

The updates may already have reached you, but it doesn’t hurt to check you’re on the latest version of iOS. Here’s how:

1. Go to Settings > General, then tap Software Update.
2. If an update is available it will ask if you want to update now tonight. Chose Update Now.
3. Enter your passcode, then tap Install Now.

Setting your device to update automatically is really the best way to stay on top of any vulnerabilities. Here’s how:

1. Go to Settings > General, then tap Software Update.
2. Tap Automatic Updates
3. Toggle the settings to all be on.

Technical details

The CVEs patched in these updates are:

CVE-2023-42824: A vulnerability in the kernel. Exploitation would allow a local attacker may be able to elevate their privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.6. The issue was addressed with improved checks.

CVE-2023-5217: A heap buffer overflow in vp8 encoding in libvpx prior to 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. A buffer overflow is a type of software vulnerability that exists when an area of memory within a software application reaches its address boundary and writes into an adjacent memory region. In software exploit code, two common areas that are targeted for overflows are the stack and the heap. A buffer overflow may result in arbitrary code execution. The issue was addressed by updating to libvpx 1.13.1.

The vulnerability in libvpx impacted other applications as well, including Chrome, Edge, and other Chromium browsers.

We don’t just report on threats—we remove them

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

MITRE Engenuity released its 2023 ATT&CK Evaluation results, with Malwarebytes blocking initial malware executions and earning high marks for detection.

The evaluation tested 30 vendor solutions against Turla, a sophisticated Russia-based advanced persistent threat (APT) group with victims in over 45 countries.

MITRE Engenuity’s researchers recorded how well products could analyze and prevent techniques associated with the group, evaluating vendors’ ability to detect “step” of an attack, provide quality alerts with robust information to the end-user, and so on.

Let’s take a closer look at the results and how organizations should use them.

2023 MITRE ATT&CK® Evaluation Results

MITRE executed two attack scenarios throughout the course of the evaluation: Attack Scenario 1 (“Carbon”) and Attack Scenario 2 (“Snake”). With the “Carbon” attack scenario consisting of 10 steps and “Snake” consisting of 9, MITRE Engenuity executed a total of 19 steps during the evaluation.

Malwarebytes alerted on 19/19 steps with no configuration changes, meaning our EDR tool was able to convert telemetry into actionable threat detections “out of the box” for parts of each step.

The MITRE Engenuity red team also tested cybersecurity solution providers on their protection capabilities—what malicious actions can a solution prevent. For the Protections scenario, there were 129 substeps organized into 13 major steps.

Malwarebytes broke the Turla attack kill chain at the initial phase and 6 subsequent steps, including initial malware execution, subsequent malware execution on Domain Controller and other machines, lateral movement, and credential dumping.

Analyzing The MITRE ATT&CK® Evaluation Results

The MITRE ATT&CK® Evaluation is a valuable independent security test, though its relevance will likely vary on the size of your security team.

Larger organizations with more advanced security teams, for example, might find the test particularly useful given its focus on nation-state level actors. The opposite might be true for smaller security teams, who are less affected by threats like Turla.

As organizations go through the data available in MITRE Engenuity’s evaluation portal, keep in mind several other important questions such as: Who will be using the tool MITRE is evaluating? Is it easy to use? Does it have too many unnecessary features for my security goals?

Additional questions to consider asking include:

• Would the attack have been stopped at step 1 in a real-world scenario?
• Does the APT attack apply to my business?
• Do I need to detect 100% of these substeps to be 100% protected?

In sum, while the MITRE ATT&CK Evaluation is undoubtedly important, its results are best considered alongside other independent tests such as MRG Effitas 360° Assessment & Certification, G2 peer-to-peer evaluations, AV-Test, and more.

Try Malwarebytes for Business Today

We invite organizations to check out the full 2023 ATT&CK Evaluation results on MITRE’s official website here: https://attackevals.mitre-engenuity.org/results/enterprise?evaluation=turla&scenario=1

Ready to try award-winning endpoint security today? Get a free trial of Malwarebytes EDR: https://www.malwarebytes.com/business/request_trial

Malwarebytes EDR free trial

Exim is a message transfer agent (MTA) originally developed at the University of Cambridge for use on Unix systems connected to the internet, and is freely available under the terms of the GNU General Public Licence.

Even though the name may be new to you, a Shodan search revealed 3.5 million servers online. According to recent data, they account for more than half of all email servers. Most of these servers are in the US, Russia, Germany, and the Netherlands. The large numbers are, at least partly, due to the fact that on Debian-based Linux systems, Exim is the default MTA software.

For over a year, many of these servers have been vulnerable to six zero-day vulnerabilities. An anonymous researchers filed those vulnerabilities through the Zero Day Initiative (ZDI) that acts as an intermediary to reward researchers and helps them to responsibly disclose vulnerabilities.

The word “finally” in the title stems from the fact that these vulnerabilities were reported to Exim on June 14, 2022. After 10 months of silence, the ZDI made an enquiry to see if anything had been done about them and as a reply received a request to re-send the reports.

Another four months went by and ZDI sent an ultimatum announcing the intention to publish the case as a zero-day advisory on September 27, 2023.

From the description of the vulnerabilities there was no reason to think that these were minor bugs, not worthy of immediate attention. Let’s look, for example, at the vulnerability listed as “CVE-2023-42115 (CVSS score 9.8 out of 10): This vulnerability allows remote attackers to execute arbitrary code on affected installations of Exim. Authentication is not required to exploit this vulnerability.”

The specific flaw exists within the SMTP service, which listens on TCP port 25 by default. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of a buffer. An attacker can leverage this vulnerability to execute code in the context of the service account.

Now, Exim has acknowledged the bugs and published the available fixes on October 2, 2023 providing mitigation advice for all of them.

The delay seems to be a lack of communication where each side is blaming the other for not being clear and proactive enough. It’s hard to say who’s at fault here, but the issue remains that the goal of responsible disclosure wasn’t achieved.

What can Exim administrators do

Even though some researchers say that the vulnerabilities are not that severe, you may want to check if your setup is vulnerable and apply fixes or mitigations where needed.

The three vulnerabilities that have been fixed (CVE-2023-42114, CVE-2023-42115, and CVE-2023-42116) are all related to Secure Password Authentication (SPA)/New Technology LAN Manager (NTLM), and EXTERNAL authentication. EXTERNAL authentication enables authentication based on some properties which are external to the Simple Mail Transfer Protocol (SMTP) session which is usually an x509 certificate.

If you do not use SPA/NTLM, or EXTERNAL authentication, you’re not affected. If you are you should install the latest version (4.96.1 or later).

The solution for CVE-2023-42117 is to not use Exim behind an untrusted proxy-protocol proxy. The proxy protocol is a simple protocol where the client sends a message to the server asking to make a connection from a specific local IP to a specific remote IP. Once the connection is made, traffic in both directions is relayed as is via the proxy. There are many trustworthy ones to chose from that will properly validate user-supplied data. Exim is working on a fix for this one.

The solution for CVE-2023-42118 is to not use the `spf` (Sender Policy Framework) condition in your access-control list  (ACL). The specific flaw exists within the parsing of SPF macros and can only be exploited by network-adjacent attackers.

CVE-2023-42219 is not likely to be fixed by Exim. They feel users should use a trustworthy Domain Name System (DNS) resolver which is able to validate the data according to the DNS record types. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Exim.

We don’t just report on vulnerabilities—we identify them, and prioritize action.

Cybersecurity risks should never spread beyond a headline. Keep vulnerabilities in tow by using Malwarebytes Vulnerability and Patch Management.

According to a report from the Wall Street Journal, Meta is considering charging its European users around $14 a month if they don’t agree to personalized ads on Facebook and Instagram. On mobile devices, the price for a single account would be higher because Meta would factor in commissions charged by Apple’s and Google’s app stores.

European rules require Meta to get users’ consent in order to show them targeted ads, so this seems like an obvious attempt to make up for the lost advertising revenue when a user declines to give their consent. In the past, Meta tried to circumvent the European legislation by claiming in court that showing advertisements was an intricate part of the services stipulated in the user agreement.

A Meta spokesperson said:

“ [the company] believes in free services which are supported by personalized ads, but is exploring options to ensure compliance with evolving regulatory requirements.”

Meta has spoken with digital-competition regulators in Brussels, privacy regulators in Ireland, and other EU privacy regulators about its proposal, according to the report. The company has reportedly named the plan “subscription no ads” (SNA), and it wants to start rolling it out in the coming months.

At the same time, the BBC reports that TikTok is testing a monthly subscription model for ad-free content. The current price during the test for this feature is $4.99 per calendar month. Reportedly, this the test is being done at a small scale and it’s not sure whether a subscription model will be rolled-out globally.

YouTube and X, formerly Twitter, are among sites already offering fewer or no ads for a monthly fee. X Premium promises to show 50% less advertisements on your timelines “Following” and “For you.”  YouTube Premium offers YouTube and YouTube Music without advertisements.

It is unknown if in the SNA model that Meta is trying to agree upon with European privacy watchdogs there will also be restrictions about the information gathering that takes place on the platforms. If not, it is very feasible that you will still get targeted ads based on your Facebook activity, you’d just see them on other sites you visit. If that’s the case, Facebook will make money off your presence on more than one side.

Netflix, Spotify, and others like them, allow you to pay for ad-free movies and music, so maybe the model can easily be ported to YouTube. But whether it will work for social media remains to be seen.

It’s also unknown whether Meta will be offering the same option to users outside of the EU. This may well depend on how successful the formula turns out to be for the company. The announced “Meta Verified” paid verification subscription service wants to provide verification for more than the notable users like politicians, executives, members of the press and organizations to signal their legitimacy.

Obviously it is up to you, if you are presented with a choice, to decide whether you prefer to pay directly, or you’d rather be the subject of targeted advertising. Given that a big part of the population is active on several social media platforms, all the monthly subscriptions would add up to a sum most young people can’t afford to shell out, so there’s a good chance that it will be mostly business as usual for the social media giants.

We don’t just report on threats—we remove them

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

On September 25, newcomer ransomware group RansomedVC claimed to have successfully compromised the computer systems of entertainment giant Sony.

Then, on October 4, news leaked that Sony had told current and former employees and their family members about another cybersecurity breach that exposed personal information. This was confirmed by a Data Breach Notification submitted in Maine.

It looks as if this is fall-out from the attack on Sony that was claimed by the Cl0p ransomware gang in June. This would mean that Sony can be chalked up as yet another victim of the MOVEit vulnerability.

A Sony spokesperson shared a statement with BleepingComputer, confirming a limited security breach:

“Sony has been investigating recent public claims of a security incident at Sony. We are working with third-party forensics experts and have identified activity on a single server located in Japan used for internal testing for the Entertainment, Technology and Services (ET&S) business. Sony has taken this server offline while the investigation is ongoing. There is currently no indication that customer or business partner data was stored on the affected server or that any other Sony systems were affected. There has been no adverse impact on Sony’s operations.”

While the FBI has warned of multiple ransomware attacks on the same victim, neither of these ransomware groups are on their list of ransomware variants that are used in these double attacks, so it is doubtful that this was the play here.

The disputed dataset contained details for the SonarQube platform, certificates, Creators Cloud, incident response policies, a device emulator for generating licenses, and more. The data stolen by Cl0p seems to contain personal information about former and current staff, including Social Security Numbers. According to the Data Breach Notification the total number of persons affected is 6791.

So it seems reasonable to assume that Sony suffered two separate breaches using different methods and stealing different datasets.

How to avoid ransomware

• Block common forms of entry. Create a plan for patching vulnerabilities in internet-facing systems quickly; and disable or harden remote access like RDP and VPNs.
• Prevent intrusions. Stop threats early before they can even infiltrate or infect your endpoints. Use endpoint security software that can prevent exploits and malware used to deliver ransomware.
• Detect intrusions. Make it harder for intruders to operate inside your organization by segmenting networks and assigning access rights prudently. Use EDR or MDR to detect unusual activity before an attack occurs.
• Stop malicious encryption. Deploy Endpoint Detection and Response software like Malwarebytes EDR that uses multiple different detection techniques to identify ransomware, and ransomware rollback to restore damaged system files.
• Create offsite, offline backups. Keep backups offsite and offline, beyond the reach of attackers. Test them regularly to make sure you can restore essential business functions swiftly.
• Don’t get attacked twice. Once you’ve isolated the outbreak and stopped the first attack, you must remove every trace of the attackers, their malware, their tools, and their methods of entry, to avoid being attacked again.

Data breach

There are some actions you can take if you are, or suspect you may have been, the victim of a data breach.

• Check the vendor’s advice. Every breach is different, so check with the vendor to find out what’s happened, and follow any specific advice they offer.
• Change your password. You can make a stolen password useless to thieves by changing it. Choose a strong password that you don’t use for anything else. Better yet, let a password manager choose one for you.
• Enable two-factor authentication (2FA). If you can, use a FIDO2-compliant hardware key, laptop or phone as your second factor. Some forms of two-factor authentication (2FA) can be phished just as easily as a password. 2FA that relies on a FIDO2 device can’t be phished.
• Watch out for fake vendors. The thieves may contact you posing as the vendor. Check the vendor website to see if they are contacting victims, and verify any contacts using a different communication channel.
• Take your time. Phishing attacks often impersonate people or brands you know, and use themes that require urgent attention, such as missed deliveries, account suspensions, and security alerts.

Malwarebytes EDR and MDR removes all remnants of ransomware and prevents you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.

TRY NOW

Google has patched 53 vulnerabilities in its Android October security updates, two of which are known to be actively exploited. Google’s security bulletin notes that there are indications that these two vulnerabilities may be under limited, targeted exploitation.

If your Android phone is at patch level 2023-10-06 or later then the two issues discussed below have been fixed. The updates have been made available for Android 11, 12, 12L and 13. Android partners are notified of all issues at least a month before publication, however, this doesn’t always mean that the patches are available for devices from all vendors.

The Cybersecurity & Infrastructure Security Agency (CISA) has already added these two actively exploited vulnerabilities to its catalog of known to be exploited vulnerabilities. This means that Federal Civilian Executive Branch (FCEB) agencies need to remediate these vulnerabilities before a given due date. CVE-2023-4863 was due on October 4, 2023 and CVE-2023-4211 has to be patched by October 24, 2023. 

You can find your device’s Android version number, security update level, and Google Play system level in your Settings app. You’ll get notifications when updates are available for you, but you can also manually check for updates.

For most phones it works like this: Under About phone or About device you can tap on Software updates to check if there are new updates available for your device, although there may be slight differences based on the brand, type, and Android version of your device.

The Common Vulnerabilities and Exposures (CVE) database lists publicly disclosed computer security flaws. The CVEs listed as actively exploited are:

CVE-2023-4863: a heap buffer overflow in libwebp which affects many applications that use this library to encode and decode images in the WebP format, allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.

This is a vulnerability that impacts many applications, which we have discussed at length in our article explaining how it was used to install spyware. The vulnerability is patched if your phone is at patch level 2023-10-05.

But the next one isn’t. Your phone needs to be at patch level 2023-10-06 for that.

CVE-2023-4211: a local non-privileged user can make improper GPU memory processing operations to gain access to already freed memory. This vulnerability affects multiple versions of Arm Mali GPU drivers which are used in a broad range of Android device models, including on Android phones developed by Google, Samsung, Huawei, and Xiaomi, as well as in some Linux devices. A GPU is a specific type of chip mostly used for graphics-related tasks, such as rendering images and videos, but also for resource-heavy calculations, such as training artificial intelligence and crypto-mining.

Normally Google uses two different patch levels for each round of updates, so Android partners have the flexibility to fix a subset of vulnerabilities that are similar across all Android devices more quickly. The higher the patch level number, the more vulnerabilities will be fixed. In this round the only difference between patch levels 2023-10-05 and 2023-10-06 is the important patch for CVE-2023-4211. 

In its own October security bulletin, chip manufacturer Qualcomm said that there are indications from Google Threat Analysis Group and Google Project Zero that CVE-2023-33106, CVE-2023-33107, CVE-2022-22071, and CVE-2023-33063 may be under limited, targeted exploitation. It is unclear when patches for these issues will be included in security updates by the respective vendors.

Let’s hope that all these patches reach our devices soon.

We don’t just report on Android security—we provide it

Cybersecurity risks should never spread beyond a headline. Keep threats off your Android devices by downloading Malwarebytes for Android today.

The “version history” of the internet was split by what we could do online—simple browsing across Web 1.0’s static web pages, instant connection throughout Web 2.0’s social platforms, and, into the future, potential new forms of ownership within Web 3.0’s dreams of decentralization.

But, as Malwarebytes has uncovered in new research, what we can do online produces its own, generational byproduct: Fear.

Gen Z, unlike any other age group, is most afraid of a vindictive internet that obtains their private photos and videos—and any personal details about sexual activity and mental health—and exposes it online for all to see. More than half worry that such exposure could hurt their relationships with family and friends (54%), and more than a third fear that it could lead to being bullied (36%) and physically harmed (34%).

These are some of the findings from Malwarebytes’ new research survey, “Everyone’s afraid of the internet and no one’s sure what to do about it.”

By polling 1,000 internet users aged 13 – 77 in North America, Malwarebytes can now reveal, across all age groups and not just for Gen Z:

• The 10 biggest concerns of going online, including hacked financial accounts, identity theft, and malware.
• The 10 most common behaviors that can expose sensitive information to malicious actors, including sharing birthdays online, posting about children on social media, and participating in online giveaways that require personal details.
• The worrying percentage of people who monitor their romantic partner online without consent.
• The broad failure to use the most effective cybersecurity protections available, including antivirus, multi-factor authentication (MFA), and a password manager.
• The eye-popping number of people who reuse passwords.
• The most-feared and least-protected online threat (81% worry about it, only 13% do anything to stop it).
• How many Gen Zers have used a generative AI tool, like ChatGPT, to cheat on a school assignment.
• The uphill battle that cybersecurity companies face because of the number of people who think there’s “no point” in using cybersecurity products.

The internet is a constantly evolving space, and with new users—including many who are younger than the internet itself—the concerns, behaviors, and precautions around it will change. “Everyone’s afraid of the internet and no one’s sure what to do about it” provides an in-depth exploration into how people of all age groups approach their time online.

At first glance, the findings may look dour. The number of people who repeat passwords is too high. The number of people who use antivirus is too low.

And yet, within the data, there is opportunity.

Consider this: 41% of people said they “don’t fully understand how different cybersecurity products can protect me,” and 37% said “cybersecurity products only really help with things like viruses and malware.”

The next step, as usual, is education. Cybersecurity tools today provide far more protection against modern threats like malvertising and phishing, while related tools in online privacy can prevent online tracking.

We have the answers to safety. We can get there together.

Read the report

Post anything publicly on Facebook and Instagram? Meta has likely been using those posts to train its AI, according to the company’s top policy executive.

In an interview with Reuters, Meta President of Global Affairs Nick Clegg said the company used the public posts to train the LLM (large language model) that feeds into its new Meta AI virtual assistant.

Large Language Models (LLMs) are huge deep-neural-networks which are trained on the input of billions of pages of written material in a particular language, such as books, articles, and websites. So, in in the ongoing race between tech giants to create the best LLM it’s hardly surprising that they’re looking at social media as a giant source of data.

Clegg said that Meta excluded private posts shared only with family and friends, as well as private chats on its messaging services:

“We’ve tried to exclude datasets that have a heavy preponderance of personal information and the “vast majority” of the data used by Meta for training was publicly available.”

He also said they decided against using LinkedIn content for privacy reasons.

In separate news, X (formerly Twitter) updated its Terms of Service to let it use tweets for AI training. In July 2023, Elon Musk announced the launch of xAI to “understand the true nature of the universe.” In more realistic terms it looks like xAI will set out to compete with companies like OpenAI, Google, and Microsoft, which are behind leading chatbots like ChatGPT, Bard, and others.

Given that Musk threatened to sue Microsoft for using Twitter data for training, it may come as a surprise to some that the policy change states:

“We may use the information we collect and publicly available information to help train our machine learning or artificial intelligence models for the purposes outlined in this policy.”

Musk has already said that xAI will use public tweets for AI model training and in a tweet responding to comments about the policy change, Musk clarified that the plan is to use “just public data, not DMs or anything private.”

So, that seems to be the consensus about what is acceptable to scrape of your social media presence. If others can see it, it’s public knowledge and the tech giants are of the opinion they can use it to train their AI.

There is a world of difference to me, between data being publicly available and then feeding them into an AI that can combine it with information from other sources at a speed faster than any human is capable of.

Another undesirable side-effect of these developments is that the social media giants are relegating the responsibility for scraping copyright protected media and using them unwittingly. Asked whether Meta had taken any such steps to avoid the reproduction of copyrighted imagery, a Meta spokesperson pointed to new terms of service barring users from generating content that violates privacy and intellectual property rights. In other words, it’s not our problem but the user’s.

What to do

Now more than ever you should assume that anything you post on social media is up for grabs for anyone. An extra point of attention is the use of copyrighted material in your posts. The social media companies will not think twice to use it, and hold you responsible for the fact that they copied them from you without asking.

And please don’t believe all the posts, especially rampant on Facebook, that you can protect your content by copying and pasting some 10 year old post that has done at least twenty laps on the platform. You can’t.

Be warned that based on the AI-assigned definitions in the updated terms by X, your access to certain content might be limited, or even cut off. As a consequence, you may find it harder to reach your intended audience. Maybe it really is time to switch to a different platform.

We don’t just report on threats—we remove them

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

Last week on Malwarebytes Labs:

• Dependabot impersonators cause trouble on GitHub
• Update Chrome now! Google patches another actively exploited vulnerability
• Google’s Bard conversations turn up in search results
• Malicious ad served inside Bing’s AI chatbot
• Pegasus spyware and how it exploited a WebP vulnerability
• Xenomorph hunts cryptocurrency logins on Android
• Malwarebytes MDR wins G2 awards for “Best ROI,” “Easiest to Use,” and more
• Malwarebytes Admin update: New Detection screens to manage threats!
• Webinar: Bridging digital transformation & cybersecurity
• Child health data stolen in registry breach
• Credit card thieves target Booking.com customers
• Ransomware group claims it’s “compromised all of Sony systems”
• TikTok flooded with fake celebrity nude photo Temu referrals
• What does a car need to know about your sex life? Lock and Code S04E20

Stay safe!

Malwarebytes EDR and MDR removes all remnants of ransomware and prevents you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.

TRY NOW