More stories

  • in

    Massive data breach exposes 184 million passwords for Google, Microsoft, Facebook, and more

    JuSun/Getty Images Yet another data breach has exposed passwords and other sensitive information – but this one is a whopper. Cybersecurity researcher Jeremiah Fowler revealed his discovery of a massive online database containing more than 184 million unique account credentials, in a report published Thursday. Usernames, passwords, emails, and URLs for a host of applications […] More

  • in

    7 ways to thwart phone thieves – and avoid China’s infamous ‘stolen iPhone building’

    Sabrina Ortiz/ZDNETA thief who steals your smartphone can try to crack it themselves, sell it locally, or use it to commit fraud. But your stolen phone could also travel as far away as China. A recent investigation by The Financial Times (paywall) found that a particular building in Shenzhen’s Huaqiangbei district is home to a treasure trove of second-hand iPhones, including stolen devices.Though several locations in and around the Huaqiangbei district are hot spots for trading used phones, FT’s investigation focused mostly on the Feiyang Times building. Much of the buying and selling here is for phones that were legitimately traded in by their owners, according to the reporter who covered the action. But at least some of the activity involves stolen phones, leading the Feiyang Times to be known as China’s “stolen iPhone building.” Also: 5 warning signs that your phone’s been hacked – and how to fight backThe Times relates one unfortunate individual whose iPhone 15 Pro was stolen by thieves in London. Using tracking technology, the victim followed the phone to its final destination in the Huaqiangbei district. After sharing his experience on LinkedIn, he discovered that many other people had encountered similar situations. A woman in North Carolina whose phone was stolen tracked it on its journey from Charlotte to Miami and then finally to Shenzhen, according to WRAL News. In this case, the thieves compounded the crime with a spin on the usual ransomware ploy. In texts sent to the woman, they told her that unless she deactivated the stolen phone, they would sell her private information on the black market, meaning the dark web. Phone theft is on the rise, especially in major cities like London, Paris, and New York. In February, the UK’s Metropolitan Police said that phone theft in London is a business that generates £50 million ($67 million) per year. In one week, UK police officials captured 1,000 stolen devices and made 230 arrests, FT reported. More

  • in

    I thought my favorite browser blocked trackers but this free privacy tool proved me wrong

    Jack Wallen / Elyse Betters Picaro / ZDNETHow safe is your browser? You’re probably using Chrome, right? Or maybe you’ve migrated to Opera, Firefox, Edge, Brave, or some other browser that you believe has your back. It probably doesn’t. At least not as well as you might think.That’s why the EFF created Cover Your Tracks. Also: I found the most private and secure way to browse the web – and it isn’t incognito modeThis site tests your browser to see how trackers view your browser. It’s a brilliant tool that gives you enough insight into the browser you use that you might want to think about switching or adding some plugins to strengthen the default offerings. How does Cover Your Tracks work?The site is simple to use: Open your browser.Point your browser to coveryourtracks.eff.org.Click Test Your Browser.Wait for the results.As the site runs, it loads fake trackers. If your browser blocks a tracker, it passes that test and moves on to the next. The tests are: A fake ad.A tracker.A domain that respects the EFF’s Do Not Track policy.It only collects anonymous data, so you don’t have to worry, and the EFF can be fully trusted. Also: I’ve tried nearly every browser out there, and these are my top 6 (none are Chrome)The results give you basic and detailed information, but the important thing is that it’s going to say something like: “Our tests indicate that you have some protection against Web tracking, but it has some gaps.” Or maybe: “Our tests indicate that you have strong protection against Web tracking.”My results with Cover Your TracksI’m not gonna lie, the results caused me to switch browsers. Here’s the deal: My default has been Zen Browser for some time. I love the UI and the ability to really customize it. However, Zen Browser fell under the “some protection” category. On the other hand, Opera fell under the “strong protection” category.Needless to say, I went back to Opera. Surprise, surpriseFor me, the big surprise was Chrome. For the longest time, I’ve railed on Chrome for being one of the most insecure browsers available. Guess what? Cover Your Tracks flagged Chrome as having “strong protection” against trackers. Also: 5 Firefox-based, privacy-first web browsers that improve on the originalThat, of course, doesn’t mean Chrome is 100% safe to use, but if blocking trackers is your primary need, Chrome passed the test with flying colors. How other browsers faredHere’s the list of browsers I have installed: Tor – strong protectionFireDragon – some protectionFirefox – some protectionEdge – no protectionBrave – strong protectionYandex Browser – some protectionSafari – strong protectionArc Browser – no protectionFloorp – some protectionLibreWolf – strong protectionThe results are a mixed bag. You’d think that all Chrome-based browsers would have strong protection, but not Arc. You would also think that all Firefox-based browsers would have some protection, but LibreWolf proves that wrong. More

  • in

    AI agent adoption is driving increases in opportunities, threats, and IT budgets

    Yuichiro Chino/Getty Images In an AI-powered economy, data security is not just a box-checking exercise. Instead, security is the catalyst for trust and innovation within your organization and with your customers. That’s the conclusion from the State of IT report from Salesforce, which surveyed over 4,000 IT decision-makers worldwide, including more than 2,000 professionals specializing […] More

  • in

    A drug developer is buying 23andMe – what does that mean for your DNA data?

    23andMe/ZDNETFollowing a data breach and bankruptcy, genetic testing service 23andMe will soon be in different hands. On Monday, biotechnology company Regeneron announced that it won the top bid in a bankruptcy auction for 23andMe. In the $256 million acquisition expected to close in the third quarter of 2025, 23andMe will become a subsidiary of Regeneron but continue its current operations and business.Also: How to delete your 23andMe data and why you should do it nowThe deal comes at a rocky time for 23andMe. In late 2023, the company revealed that it had been hit by a data breach that compromised around 14,000 accounts. Using credential stuffing to gain access, the attackers were able to view DNA Relative profiles of 5.5 million people. The compromised data included display names, relationships to the compromised accounts, locations, ancestor birth locations, birth years, percentage DNA matches, and the Family Tree profiles of 1.4 million people.In response, a slew of class action lawsuits sprang up, alleging that 23andMe didn’t effectively protect customer data and that it failed to notify users with Chinese or Ashkenazi Jewish ancestry that their information was targeted and shared across the dark web. With the suits proving successful, affected customers can now file a claim to collect their portion of the overall $30 million penalty. More

  • in

    Microsoft goes all in on Anthropic’s MCP standard for safer AI agent deployments

    smirkdingo/Getty Images As AI agent fever spreads, support for Model Context Protocol (MCP), an AI data connection standard created by Anthropic last year, is growing — and Microsoft is the latest to join in, emphasizing security.  Also: What is Model Context Protocol? The emerging standard bridging AI and data, explained The company joined the MCP […] More

  • in

    I tested a TCL smart lock, and its palm vein recognition feature blew me away

    <!–> ZDNET’s key takeaways The TCL D1 Pro smart lock is available for $170. This smart lock features some of the most reliable and fastest palm recognition technology I’ve tested, and it has a rechargeable battery instead of the standard replaceable batteries. The TCL D1 Pro’s biggest downfall is the app, which is not user-friendly […] More

  • in

    Rebooting your phone daily is your best defense against zero-click attacks – here’s why

    Elyse Betters Picaro / ZDNETOver the past decade, spyware tools have been repeatedly found on the phones of journalists, activists, and politicians. This has raised concerns about the unprecedented proliferation of spyware technologies and the lack of protections within the tech sector.Also: Got a suspicious E-ZPass text? Don’t click the link (and what to do if you already did)Meta’s WhatsApp recently revealed it discovered a hacking campaign targeting about 90 users — mostly journalists and civil society members across two dozen countries. According to a WhatsApp spokesperson, the Israeli spyware company Paragon Solutions — now acquired by Florida-based private equity firm AE Industrial Partners — was behind the attack.Graphite, Paragon’s spyware, was found to have infiltrated WhatsApp groups by simply sending users a malicious PDF attachment. Without users’ knowledge, it can access and read messages on encrypted applications like WhatsApp and Signal. What is a zero-click capability?What happened to WhatsApp was a zero-click attack, meaning targets don’t have to take any action for their devices to be compromised. In contrast, phishing or one-click attacks require user interaction with a malicious link or attachment. Once a phone is infected with a zero-click capability, the attacker can quietly gain complete access by exploiting a security vulnerability. In an interview with ZDNET, Rocky Cole, co-founder of mobile threat protection company iVerify, said that “in the case of graphite, via WhatsApp, some kind of payload, like a PDF or an image, [was sent to the victims’ devices] and the underlying processes that receive and handle those packages have vulnerabilities that the attackers exploit [to] infect the phone.” Also: 7 simple things I always do on Android to protect my privacy – and why you should tooWhile public reporting does not specify “whether graphite can engage in privilege escalation [vulnerability] and operate outside WhatsApp or even move into the iOS kernel itself, we do know from our own detections and other work with customers, that privilege escalation via WhatsApp in order to gain kernel access is indeed possible,” Cole said. iVerify has uncovered instances where “a number of WhatsApp crashes on [mobile] devices [they’re] monitoring with iVerify” have appeared to be malicious in nature, leading the iVerify team to believe that the malicious attacks are “potentially more widespread” than just the 90 people reported to have been infected by graphite. While the WhatsApp attack was predominantly launched against members of civil society, mobile spyware is an emerging threat against everyone because mobile exploitation is more widespread than one might think, Cole said. Moreover, “the result is an emerging ecosystem around mobile spyware development and an increasing number of VC-backed mobile spyware companies are ‘under pressure to become profitable enterprises,'” he said. This ultimately “creates marketing competition” for spyware merchants and “lowers barriers” that would deter these mobile exploitation attacks. Also: I clicked on four sneaky online scams on purpose – to show you how they workEarlier this year, WhatsApp won a lawsuit against NSO after a federal judge in California found that NSO was exploiting a security vulnerability within the messaging app to deliver Pegasus. The infamous NSO Group — known for infecting the phones of journalists, activists, and Palestinian rights organizations — has used similar zero-click capabilities through its Israeli-made Pegasus spyware, a commercial spyware and phone-hacking tool. Historically, the NSO Group has avoided selling to US-based clients and has also been banned by the US Commerce Department under former President Joe Biden’s administration for allegedly supplying spyware to authoritarian governments. However, “shifting political dynamics [under the Trump administration] raises the possibility that spyware may become more prevalent in the United States” — exacerbating mobile exploitation. Cole said the world is totally unprepared to deal with that. More