IT NEWS

iPhone 15 launch: Wonderlust scammers rear their heads

Yesterday, Apple launched its latest iPhone and Watch models at its massive Wonderlust event. As with many high profile launches like this, it attracted not just a mountain of press, but a whole load of scammers too.

One site uses the Apple brand to host a cryptocurrency scam. The hook is a supposed giveaway of “50,000 ETH and 5,000 BTC”, which is $79,885,500 and $130,325,000 respectively. Sadly the site, registered just yesterday, is not giving away this kind of digital cash.

The front page claims:

We believe that Blockchain and BTC coin will make the world more fair. To speed up the process of cryptocurrency mass adoption, we decided to run a 5,000 BTC giveaway.

Fake Apple giveaway site

As to how the scammers claw their ill-gotten gains from the victims, it’s a case of double your money. To get your foot on the ladder, all participants are required to chip in a little cryptocurrency of their own so there’s a large pool of funds for the lucky winner.

The site continues:

To participate you just need to send from 0.1 BTC to 50 BTC to the contribution address and we will immediately send you back 0.2 BTC to 100 BTC (x2) to the address you sent it from.

Fake donate links

To give you an idea of the supposed investment in the prize fund, 0.1 BTC is $2,606. 50 BTC is an eye watering $1,305,600. Meanwhile over in ETH land, a donation of 1 ETH would set you back $1,599. The maximum donation amount of 500 ETH is worth $79,9975.

This is an incredibly fast path to losing all of your money. An ETH and BTC address are provided for both fake donation options, and anyone sending funds to these addresses will likely not be seeing their money again.

Scrolling down the page shows a very long list of supposed transactions, as a way of encouraging people to hop on the bandwagon. However, sites which track address transactions and other activity display zero funds going in or out of those addresses.

With the event now over, the chances of this particular site hitting a payday will become increasingly remote. The people behind these kinds of sites are hoping that visitors won’t look too closely lest they spot the scam coming apart at the seams.

Even so, this is a common tactic and a popular way for scammers to encourage panic sending with the promise of huge payouts just out of reach. If any site asks you to “donate” cryptocurrency funds claiming you’ll double your money, you can safely ignore and move on.

This fake donation technique was doing the rounds last year, typically bolted on to Elon Musk scams. Here’s one from last April which used a “guess the planet” competition as bait. That same month, another scam made use of fake Medium blogs to achieve the same end result.

The value of your digital currency may rise or fall, but none of it matters if you’ve handed the lot to a scammer. If ever something had “If it’s too good to be true…” attached, this is most definitely somewhere up at the top.


We don’t just report on threats—we remove them

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

Update Chrome now! Google patches critical vulnerability being exploited in the wild

Google has released an update for Chrome Desktop which includes one critical security fix. There is an active exploit for the patched vulnerability, according to Google, which means cybercriminals are aware of the vulnerability and are using it.

If you’re a Chrome user on Windows, Mac, or Linux, you should update as soon as possible.

The easiest way to update Chrome is to allow it to update automatically, which basically uses the same method as outlined below but does not require your attention. But you can end up lagging behind if you never close the browser or if something goes wrong—such as an extension stopping you from updating the browser.

So, it doesn’t hurt to check now and then. And now would be a good time, given the severity of the vulnerabilities in this batch. My preferred method is to have Chrome open the page chrome://settings/help which you can also find by clicking Settings > About Chrome.

If there is an update available, Chrome will notify you and start downloading it. Then all you have to do is relaunch the browser in order for the update to complete.

up to date Chrome

After the update, the version should be 116.0.5845.187 for Mac and Linux, and 116.0.5845.187/.188 for Windows, or later.

The vulnerability

Google never gives out a lot of information about vulnerabilities, for obvious reasons. Access to bug details and links may be kept restricted until a majority of users are updated with a fix. However, from the update page we can learn a few things.

The Common Vulnerabilities and Exposures (CVE) database lists publicly disclosed computer security flaws. The zero-day patched in this update is listed as:

CVE-2023-4863: a heap buffer overflow in WebP, also described as a vulnerability that resides in the WebP image format which could lead to arbitrary code execution or a crash.

A buffer overflow is a type of software vulnerability that exists when an area of memory within a software application reaches its address boundary and writes into an adjacent memory region. In software exploit code, two common areas that are targeted for overflows are the stack and the heap.

The heap is an area of memory made available use by the program. The program can request blocks of memory for its use within the heap. In order to allocate a block of some size, the program makes an explicit request by calling the heap allocation operation.

Credit for reporting the vulnerability was given to Apple Security Engineering and Architecture (SEAR) and The Citizen Lab at The University of Torontoʼs Munk School on 2023-09-06. The fact that this happens to coincide with a report by CitizenLab about two Apple vulnerabilities that used by the NSO group to drop the Pegasus spyware, seems too much to be a coincidence.

Add the fact that both Apple CVE-2023-41064 and  Chrome CVE-2023-4863 are based on image processing and we feel comfortable saying that these two vulnerabilities are very, very likely to be related.


We don’t just report on threats—we remove them

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

Ransomware review: September 2023

This article is based on research by Marcelo Rivero, Malwarebytes’ ransomware specialist, who monitors information published by ransomware gangs on their Dark Web sites. In this report, “known attacks” are those where the victim did not pay a ransom. This provides the best overall picture of ransomware activity, but the true number of attacks is far higher.

Ransomware news in August was highlighted by the sudden fall of CL0P from the list of the most active gangs in any given month, while Lockbit returned to the number one spot after a steady four-month decline in activity.

CL0P published the data of just four victims on their leak site last month, down from 91known victims in June and 170 known victims in July. In June, CL0p shot to the top of the charts due to their use of a zero-day exploit in MOVEit Transfer, with victims of those attacks continuing to be posted into July.

This dramatic decrease isn’t too surprising given that CL0P’s vulnerability-focused approach to attacking has diminishing returns. As more organizations became aware of and patched the zero-day that CL0P discovered, CL0P’s zero-day campaign saw less and less momentum, with fewer at-risk targets. We witnessed a similar trend earlier this year when, after targeting 104 victims using a GoAnywhere MFT zero-day, CL0P’s presence almost vanished in April and May, as organizations presumably caught on and patched the vulnerability.

Lockbit, on the other hand, posted a total of a 124 victims on its leak site last month to reclaim its usual number one spot on the monthly charts. Before this sudden increase in attacks, we had been observing an average decrease of 20 attacks a month from the group since April 2023.

Known ransomware attacks by gang, August 2023
Known ransomware attacks by gang, August 2023
Known ransomware attacks by country, August 2023
Known ransomware attacks by country, August 2023
Known ransomware attacks by industry sector, August 2023
Known ransomware attacks by industry sector, August 2023

We speculated on reasons for the downward trend in last month’s review, such as it being possibly related to a recent affiliate arrest, but interesting research published last month may also hold the clue to other answers.

In the third installation of his “Ransomware Diaries” series, researcher Jon DiMaggio reveals the extent of Lockbit’s alleged internal instability, including how its apparent storage limitations and slow response times have led to affiliates leaving it for competitors. If more frustrated clientelle are leaving Lockbit than before, then it could be a novel, possible explanation to any monthly dips in activity.

To get a better idea of the true strength of Lockbit’s current operations, however, we can compare any period of decline to their typical number of monthly attacks. Data stretching back to March 2022, for example, places their median number of attacks at around 67 a month. From April 2023 to July 2023, their median number of attacks was actually slightly higher than this at 69 attacks a month, making the decline seem less substantial. In other words, while Lockbit might be plagued by internal instability at the moment, the effect of this on their monthly numbers seems insignificant in the long-run.

Contrasting with LockBit’s storage server challenges, the recent move by CL0P last month to use torrents underscores the evolving tactics ransomware gangs employ to circumvent storage limitations.

As ransomware gangs steal data from major companies, the scale of the information requires immense storage capacities. Traditional cloud services like AWS and Azure not only come with high costs but also demand personal identifiable information (PII) and credit card details upon registration—information that can easily be subpoenaed by law enforcement. A torrenting service, on the other hand, optimizes downloads by sourcing data from multiple proximate locations, rather than a lone server.

Since torrenting necessitates the data be scattered across all participating nodes in the peer-to-peer network, ransomware gangs can bypass the challenges of storage and bandwidth while also better evading law enforcement. Additionally, if more top ransomware gangs can follow CL0p’s footsteps and start to rely more on torrents to distribute stolen data, victims may feel increased pressure to pay ransoms as their data becomes more widely available. 

Newcomers

CloAk

CloAk is a relatively new ransomware group that emerged between late 2022 and the beginning of 2023. In August 2023 the group published the data of 25 victims, mostly from Europe and with a special focus on Germany.

easset upload file90933 280710 eThe CloAk leak site

Metaencryptor

Metaencryptor is a new ransomware gang that published the data of 12 victims in August 2023.

easset upload file5833 280710 eThe Metaencryptor leak site

RansomedVC

RansomedVC is a new group that published the data of nine victims on its leak site last month. The group has adopted a favorite ideology of other ransomware actors—that they are serving as nothing more than “pen-testers”—and added a twist, alleging that any vulnerabilities they have found in victims’ networks must also be reported under compliance to Europe’s General Data Protection Regulation (GDPR). RansomedVC has advertised themselves as a “digital tax for peace” service and threatened victims with data breach fines if the ransom isn’t paid.

easset upload file95557 280710 eThe RansomedVC leak site

INC Ransom 

INC Ransom is a newcomer to the ransomware scene last month that published three victims to its leak site in August.

easset upload file74852 280710 e

The INC Ransomware leak site

How to avoid ransomware

  • Block common forms of entry. Create a plan for patching vulnerabilities in internet-facing systems quickly; disable or harden remote access like RDP and VPNs; use endpoint security software that can detect exploits and malware used to deliver ransomware.
  • Detect intrusions. Make it harder for intruders to operate inside your organization by segmenting networks and assigning access rights prudently. Use EDR or MDR to detect unusual activity before an attack occurs.
  • Stop malicious encryption. Deploy Endpoint Detection and Response software like Malwarebytes EDR that uses multiple different detection techniques to identify ransomware, and ransomware rollback to restore damaged system files.
  • Create offsite, offline backups. Keep backups offsite and offline, beyond the reach of attackers. Test them regularly to make sure you can restore essential business functions swiftly.
  • Don’t get attacked twice. Once you’ve isolated the outbreak and stopped the first attack, you must remove every trace of the attackers, their malware, their tools, and their methods of entry, to avoid being attacked again.

Malwarebytes EDR and MDR removes all remnants of ransomware and prevents you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.

TRY NOW

Major cyberattack leaves MGM Resorts reeling

A major incident impacting MGM Resorts has caused computer shutdowns all over the US. The systems most impacted are tied to casinos and hotel computer systems. According to the AP, locations caught by this shutdown range from New York and Ohio to Michigan and Mississippi.

At this point I’d link to the post on the company website explaining what’s occurred but at time of writing, the site tends to not load properly which is probably due to heavy traffic. When it does, it simply says that the MGM Resorts website is currently unavailable and gives visitors a list of contact numbers. AP also mentions that other MGM websites have been replaced with “back soon” style pages while the clean up from the attack is no doubt still ongoing.

At present, what’s available is a selection of posts made to X (formerly Twitter) giving brief details of the incident.

This is what MGM Resorts has to say on the matter:

MGM Resorts recently identified a cybersecurity issue affecting some of the company’s systems. Promptly after detecting the issue, we quickly began an investigation with assistance from leading external cybersecurity experts.  We also notified law enforcement and took prompt action to protect our systems and data, including shutting down certain systems. Our investigation is ongoing, and we are working diligently to determine the nature and scope of the matter.

MGM goes on to say that “resorts are fully operational”. Meanwhile, BBC reporter Joe Tidy reports that slot machines and casino floors were left empty, and that physical room keys had to be distributed. An additional admin error caused a guest to walk in on someone else. Clearly things are not going swimmingly for MGM Resorts.

Some systems are slowly coming back to life, but there’s no estimate for when full functionality will be restored. The initial fallout of the attack seems to have been the worst of it, with reports of “thousands” of guests locked out of their rooms.

In terms of what the attack could mean for guests, it’s too early to say. MGM has not touched on whether or not customer data has been breached or exfiltrated, and if the culprit is ransomware this could rumble on for days or weeks. Nobody wants to think about their personal data being wrapped up and dropped onto a data dump website, but as with all these incidents it is a distinct possibility. Unverified sources are claiming this to be the case, but we would suggest sticking to official sources only.

If you’re a guest at an MGM resort, don’t panic. Keep note of the contact numbers, and ask staff what the process is for keeping you informed of any breaking developments. An abundance of caution would suggest monitoring credit and debit card payments for a little while, along with watching out for any MGM themed emails. If you do receive the latter, go back to an official point of contact and verify its authenticity. Sometimes organisations send out emails which are genuine, but look suspicious. It’s always better to check.

If this attack does prove to be ransomware, the next development we hear about could be the attackers announcing a data dump or additional demands. For the time being, don’t panic and try to enjoy your resort time as best as you can given the unusual circumstances.


We don’t just report on threats—we remove them

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

Two Apple issues added by CISA to its catalog of known exploited vulnerabilities

The Cybersecurity & Infrastructure Security Agency (CISA) has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. This means that Federal Civilian Executive Branch (FCEB) agencies need to remediate this vulnerability by October 2, 2023 in order to protect their devices against active threats. We urge everyone else to take these seriously too.

Apple released security updates for several products to address these vulnerabilities on September 7, 2023.

An overview of the updates that are available at the time of writing:

 Name and information link

 Available for

 Release date

 iOS 15.7.9 and iPadOS 15.7.9

 iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation)

 11 Sep 2023

 macOS Monterey 12.6.9

 macOS Monterey

 11 Sep 2023

 macOS Big Sur 11.7.10

 macOS Big Sur

 11 Sep 2023

 macOS Ventura 13.5.2

 macOS Ventura

 07 Sep 2023

 iOS 16.6.1 and iPadOS 16.6.1

 iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later

 07 Sep 2023

 watchOS 9.6.2

 Apple Watch Series 4 and later

 07 Sep 2023

 

The updates may already have reached you in your regular update routines, but it doesn’t hurt to check if your device is at the latest update level. If a Safari update is available for your device, you can get it by updating or upgrading macOS, iOS, or iPadOS.

How to update your iPhone or iPad.

How to update macOS on Mac.

The Common Vulnerabilities and Exposures (CVE) database lists publicly disclosed computer security flaws. The CVEs added to the Catalog of Known Exploited Vulnerabilities are:

CVE-2023-41064: A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.6.9, macOS Big Sur 11.7.10, macOS Ventura 13.5.2, iOS 16.6.1 and iPadOS 16.6.1, iOS 15.7.9 and iPadOS 15.7.9. Processing a maliciously crafted image may lead to arbitrary code execution.

A buffer overflow is a type of software vulnerability that exists when an area of memory within a software application reaches its address boundary and writes into an adjacent memory region. In software exploit code, two common areas that are targeted for overflows are the stack and the heap.

The heap is an area of memory made available use by the program. The program can request blocks of memory for its use within the heap. In order to allocate a block of some size, the program makes an explicit request by calling the heap allocation operation.

CVE-2023-41061: A validation issue was addressed with improved logic. This issue is fixed in watchOS 9.6.2, iOS 16.6.1 and iPadOS 16.6.1. A maliciously crafted attachment may result in arbitrary code execution.

At the time of the patches being released, Apple said it was aware of a report that these issues may have been actively exploited.

The vulnerabilities were discovered as zero-days by CitizenLab, while checking the device of an individual employed by a Washington DC-based civil society organization with international offices. Together, these two vulnerabilities were found to be used in an attack chain dubbed BLASTPASS. The exploit chain was capable of compromising iPhones running the latest version of iOS (16.6) without any interaction from the victim and was reportedly used by the NSO Group to deliver the Pegasus spyware.


We don’t just report on threats—we remove them

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

Microsoft Teams used to deliver DarkGate Loader malware

Researchers have found a new method by which cybercriminals are spreading the DarkGate Loader malware. Until now, DarkGate was typically distributed via phishing emails. The malspam campaign used stolen email threads to lure victims into clicking a hyperlink, which downloaded the malware. But Malwarebytes also found DarkGate reloaded via malvertising and SEO poisoning campaigns.

A cybercriminal who goes by the handle RastaFarEye has been advertising DarkGate Loader on cybercrime forums since June 16, 2023. Once active, the malware can be used for several malicious activities like remote access, cryptocurrency mining, keylogging, clipboard stealing, and information stealing.

What’s new is that the researchers found evidence of a campaign using Microsoft Teams to deliver the DarkGate Loader.

“On August 29, in the timespan from 11:25 to 12:25 UTC, Microsoft Teams chat messages were sent from two external Office 365 accounts compromised prior to the campaign. The message content aimed to social engineer the recipients into downloading and opening a malicious file hosted remotely.”

The distributed link initially points to a traffic distribution system (TDS). If the requirements set by the attacker are met, the TDS will redirect the victim user to the final payload URL for the MSI download. When the user opens the downloaded MSI file, the DarkGate infection is triggered.

The download locations observed in the Teams attacks were sharepoint.com URLs hosting .zip files with names like “Changes to the vacation schedule.zip.”  The ZIP file contains a malicious LNK file (shortcut) posing as a PDF document: “Changes to the vacation schedule.pdf.lnk.”

Clicking the shortcut executes a command line which triggers the download and execution of a renamed cURL (a command-line tool for getting or sending data including files using URL syntax) to download and execute Autoit3.exe and a bundled script. The pre-compiled AutoIT script hides the code in the middle of the file and, on execution, drops a new file that contains shellcode.

When the shellcode is run, the first thing it uses is the “byte by byte” technique aka called stacked strings, to create a new file: a Windows executable identified as DarkGate Loader.

Protection

Current Microsoft Teams security features such as Safe Attachments or Safe Links failed to detect or block this attack. BleepingComputer reported in June of 2023 that security researchers had found a simple way to deliver malware to an organization with Microsoft Teams, despite restrictions in the application for files from external sources. Microsoft Teams has client-side protections in place to block file delivery from external tenant accounts. But the restriction can be circumvented by changing the internal and external recipient ID in the POST request of a message, which ends up with Teams treating an external user as if it was an internal one.

The only way to prevent this attack vector within Microsoft Teams is to only allow Microsoft Teams chat requests from specific external domains. This may be troublesome in some environments since this means that all trusted external domains need to be whitelisted by an IT administrator.

Malwarebytes customers are protected against this attack as Malwarebytes blocks the C2 server hosting the downloaded files. Malwarebytes detects the LNK file and the scripts as Trojan.DarkGate.

Malwarebytes blocks 5.188.87.58

Malwarebytes blocks 5.188.87.58


We don’t just report on threats—we remove them

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

A week in security (September 4 – September 10)

The main causes of ransomware reinfection

A few months ago, we wrote about a ransomware reinfection incident. Ransomware reinfection arguably could be even worse than being a first time victim. Unfortunately it happens more often than you may think.

Research shows that in 2022, more than a third (38%) of surveyed organizations fell victim to a repeat ransomware attack. This means that they were hit twice or more, either by the same or by different ransomware attackers.

Even paying the first time is not much help. A 2022 study found that 80% of companies that paid a ransom were hit again at a later time. Among those, 40% paid up a second time, with 70% of those companies paying a higher amount than they did after the first attack.

The most common reasons for reinfection are:

  • backdoors left behind by the criminals
  • credentials stolen in the course of the first attack
  • unpatched vulnerabilities
  • restoration of infected backups

In some ransomware attacks criminals have access to the target network for weeks or months, giving them ample opportunity to open a backdoor or otherwise retain the necessary controls and permissions to return and trigger another attack. Another likely option to consider is that exploitation of a vulnerable network device may provided criminals with login credentials they can use to come right back even if the vulnerability has been patched.

Every chain has a weakest link, but when one breaks it’s important to replace it with a stronger one. Vulnerable devices, services, and software either need to get patched or, when possible, should be stopped from being internet facing. If those are not viable options, it’s time to consider what’s cheaper. Replacing it by something more secure, or go through another ransomware attack. Other options are very strict access policies to limit the attackers’ options, network segmentation to limit the possible damage, and constant active monitoring to get an alert at the first sign of trouble. These options should not be treated as a “pick one” but should be fully deployed where possible.

Knowing the weakest link and figuring out what information the criminals may have obtained is why it’s important to conduct a full forensic examination after an incident. It is necessary to address the vulnerability that the criminals used to get in, any backdoors they may have left behind, and change credentials that may have been stolen.

Having recent actionable backups is important to limit the disruption caused by the incident. But recent backups do come with the risk of containing parts of the infection or backdoors, which is another reason why a forensic investigation is important. Once you have pinpointed the time of the initial breach, you can rule out restoring any files that were left behind by the attackers.

Not only does a thorough forensic investigation help you find the cause that might be remediated, it’s important to be able to follow the tracks the attacker left in your network, so you can reconstruct what access they may have gained and what they may have copied, left behind, changed, or deleted.

To be able to perform an effective forensic investigation you need reliable logs, and preferably ones that are easy to interpret. Something to keep in mind when you’re shopping for an EDR or SIEM solution.

How to avoid ransomware

  • Block common forms of entry. Create a plan for patching vulnerabilities in internet-facing systems quickly; and disable or harden remote access like RDP and VPNs.
  • Prevent intrusions. Stop threats early before they can even infiltrate or infect your endpoints. Use endpoint security software that can prevent exploits and malware used to deliver ransomware.
  • Detect intrusions. Make it harder for intruders to operate inside your organization by segmenting networks and assigning access rights prudently. Use EDR or MDR to detect unusual activity before an attack occurs.
  • Stop malicious encryption. Deploy Endpoint Detection and Response software like Malwarebytes EDR that uses multiple different detection techniques to identify ransomware, and ransomware rollback to restore damaged system files.
  • Create offsite, offline backups. Keep backups offsite and offline, beyond the reach of attackers. Test them regularly to make sure you can restore essential business functions swiftly.
  • Don’t get attacked twice. Once you’ve isolated the outbreak and stopped the first attack, you must remove every trace of the attackers, their malware, their tools, and their methods of entry, to avoid being attacked again.

Malwarebytes EDR and MDR removes all remnants of ransomware and prevents you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.

TRY NOW

Wyze home cameras temporarily show other people’s security feeds

A mishap has resulted in security feeds and camera logs from home cameras being temporarily visible online. Users of Wyze, makers of smart products and home cameras, fell victim to this bizarre incident sometime around September 8.

One of the first posts about this appeared on Reddit, where a user highlighted that they were “seeing someone else’s webcam feed”. They’d logged onto the website to check their cameras and were met with someone else’s dog in someone else’s house. It didn’t take long before other people started reporting the same thing.

Here’s a bedroom, and (disturbingly) another Reddit user claiming to have seen people naked. While there’s no way to prove the latter claim, being able to view bedrooms and other spots around the house does at least make it a possibility.

As far as home cameras go, this is absolutely up there at the top of the “things you don’t want to happen” list. 

These were visible on the service’s web view located at view(dot)wyze(dot)com. According to a Wyze spokesperson, this situation was live for “about 30 minutes” and that roughly ten users had their cameras visible online.

While there is no detailed additional information with regard to the specifics, Mashable notes that one Reddit user claims the cause was due to webpages being cached while on the viewer site then potentially shared with others. Wyze then confirmed to Mashable that the feed mashup did indeed originate from a “web caching issue”.

If you’re curious, the official Wyze rundown reads as follows. It does not go into more detail than what’s already been revealed above:

This was a web caching issue and is now resolved. For about 30 minutes this afternoon, a small number of users who used a web browser to log in to their camera on view(dot)wyze(dot)com may have seen cameras of other users who also may have logged in through view(dot)wyze(dot)com during that time frame. The issue DID NOT affect the Wyze app or users that did not log in to view(dot)wyze(dot)com during that time period.

Once we identified the issue we shut down view(dot)wyze(dot)com for about an hour to investigate and fix the issue.

This experience does not reflect our commitment to users or the investments we’ve made over the last few years to enhance security. We are continuing to investigate this issue and will make efforts to ensure it doesn’t happen again. We’re also working to identify affected users.

We will let you know if there are any further updates.

If nothing else, it’s good news that no more feeds should be accidentally loaded up while checking your own Wyze viewing area. Having said that, this is a shockingly poor thing to have happened. We may simply never know for sure who was viewed, or what they may have been doing at the time.

If you have smart cameras in and around your home, it might be a good idea to check your settings. I’ve known people who’ve bought smart cameras and had no idea there was any sort of web or cloud based functionality. Not everything is local!

If you’re in your property when the cameras are running, what happened to those Wyze users is probably not going to happen to you. Even so, you may wish to revisit your setup. Consider turning off video and audio, or disabling any web-based feed. You can probably still record locally if you need to, or at least come to a privacy-focused setting which meets your needs. On the off chance that your equipment settings don’t fit with your expectations, you may need to be in the market for a new smart security system.


We don’t just report on threats—we remove them

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

Re-air: What teenagers face growing up online: Lock and Code S04E19

This week on the Lock and Code podcast…

In 2022, Malwarebytes investigated the blurry, shifting idea of “identity” on the internet, and how online identities are not only shaped by the people behind them, but also inherited by the internet’s youngest users, children. Children have always inherited some of their identities from their parents—consider that two of the largest indicators for political and religious affiliation in the US are, no surprise, the political and religious affiliations of someone’s parents—but the transfer of online identity poses unique risks.  

When parents create email accounts for their kids, do they also teach their children about strong passwords? When parents post photos of their children online, do they also teach their children about the safest ways to post photos of themselves and others? When parents create a Netflix viewing profile on a child’s iPad, are they prepared for what else a child might see online? Are parents certain that a kid is ready to watch before they can walk?

Those types of questions drove a joint report that Malwarebytes published last year, based on a survey of 2,000 people in North America. That research showed that, broadly, not enough children and teenagers trust their parents to support them online, and not enough parents know exactly how to give the support their children need.

But stats and figures can only tell so much of the story, which is why last year, Lock and Code host David Ruiz spoke with a Bay Area high school graduate about her own thoughts on the difficulties of growing up online. Lock and Code is re-airing that episode this week because, in less than one month, Malwarebytes is releasing a follow-on report about behaviors, beliefs, and blunders in online privacy and cybersecurity. And as part of that follow-on report, Lock and Code is speaking again with the guest brought on last year, Nitya Sharma. 

Before our follow-on report releases, we are sharing with listeners our prior episode that aired in 2022 about the difficulties that an everyday teenager faces online, including managing her time online, trying to meet friends and complete homework, the traps of trading online interaction with in-person socializing, and what she would do differently with her children, if she ever started a family, in preparing them for the Internet.

Tune in today. 

You can also find us on Apple PodcastsSpotify, and Google Podcasts, plus whatever preferred podcast platform you use. 

Show notes and credits:

Intro Music: “Spellbound” by Kevin MacLeod (incompetech.com)
Licensed under Creative Commons: By Attribution 4.0 License
http://creativecommons.org/licenses/by/4.0/
Outro Music: “Good God” by Wowa (unminus.com)