Author: admin

Google Play blocked 2.36 million policy-violating apps and banned 158,000 harmful developer accounts in 2024

HTTP client tools used to compromise Microsoft 365 environments with 78% of tenants targeted in 2024

SquareX researchers warn that browser syncjacking could lead to full browser and device hijacking

Researchers at Wiz uncovered a publicly accessible database belonging to Chinese GenAI provider DeepSeek that leaked sensitive data, including chat history

New York Blood Center Enterprises revealed that it has been hit by a ransomware attack, disrupting activities and blood drives at its centers across the country

UK organizations are significantly increasing cybersecurity budgets, with a projected 31% growth in the next year

The UK’s National Cyber Security Centre has released a new paper making it easier to assess if a flaw is “unforgivable”

There are thousands of fake Reddit and WeTransfer webpages that are pushing malware. They exploit people who are using search engines to search sites like Reddit.

Unsuspecting victims clicking on the link are taken to a fake WeTransfer site that mimicks the interface of the popular file-sharing service. The ‘Download’ button leads to the Lumma Stealer payload hosted on “weighcobbweo[.]top.”

Boingboing post.

The artificial intelligence arms race has a new disruptor—DeepSeek, a Chinese AI startup that has quickly gained traction for its advanced language models.  

Positioned as a low-cost alternative to industry giants like OpenAI and Meta, DeepSeek has drawn attention for its rapid growth, affordability, and potential to reshape the AI landscape.  

But as the buzz around its capabilities grows, so do concerns about data privacy, cybersecurity, and the implications of feeding personal information into AI tools with uncertain oversight. 

What Is DeepSeek, and Why Is It Making Headlines? 

DeepSeek’s AI models, including its latest version, DeepSeek-V3, claim to rival the most sophisticated AI systems developed in the U.S.—but at a fraction of the cost. 

According to reports, training its latest model required just $6 million in computing power, compared to the billions spent by its American counterparts. This affordability has allowed DeepSeek to climb the ranks, with its AI assistant even surpassing ChatGPT as the top free app on Apple’s U.S. App Store. 

What makes DeepSeek’s rise even more surprising is how abruptly it entered the AI race. The company originally launched as a hedge fund before pivoting to artificial intelligence—an unusual shift that has fueled speculation about how it managed to develop such advanced models so quickly. Unlike other AI startups that spent years in research and development, DeepSeek seemed to emerge overnight with capabilities on par with OpenAI and Meta. 

However, DeepSeek’s meteoric rise has sparked skepticism. Some analysts and AI experts question whether its success is truly due to breakthrough efficiency or if it has leveraged external resources—potentially including restricted U.S. AI technology. OpenAI has even accused DeepSeek of improperly using its proprietary tech, a claim that, if proven, could have major legal and ethical ramifications. 

Why Consumers Should Be Cautious 

One of the biggest concerns surrounding DeepSeek isn’t just how it handles user data—it’s that it reportedly failed to secure it altogether.  

According to The Register, security researchers at Wiz discovered that DeepSeek left a database completely exposed, with no password protection, allowing public access to millions of chat logs, API keys, backend data, and operational details.  

This means that conversations with DeepSeek’s chatbot, including potentially sensitive information, were openly available to anyone on the internet. Worse still, the exposure reportedly could have allowed attackers to escalate privileges and gain deeper access into DeepSeek’s infrastructure. While the issue has since been fixed, the incident highlights a glaring oversight: even the most advanced AI models are only as trustworthy as the security behind them. 

Here’s why caution is warranted: 

1. Data Privacy Risks: AI chatbots process and store conversations, which may be used for further training, sold to third parties, or accessed by unauthorized entities. It remains unclear how DeepSeek handles user data or whether its security protocols align with global privacy standards. 

1. Regulatory Uncertainty: Unlike U.S. companies that must comply with laws like the California Consumer Privacy Act (CCPA) and the European Union’s General Data Protection Regulation (GDPR), DeepSeek operates under different legal frameworks. This lack of regulatory clarity could mean weaker protections for user data. 

1. Potential Cybersecurity Threats: History has shown that AI tools can be manipulated for malicious purposes, from deepfake scams to social engineering attacks. If DeepSeek’s security measures are not robust, it could become a target for cybercriminals looking to exploit vulnerabilities. 

DeepSeek specifically states in its terms of service that it collects, stores, and has permission to share just about all the data you provide while using the service.  

 

Figure 1. Screenshot of DeepSeek Privacy Policy shared on LinkedIn

It specifically notes collecting your profile information, credit card details, and any files or data shared in chats. What’s more, that data isn’t stored in the United States, which has strict data privacy regulations. DeepSeek is a Chinese company with limited required protections for U.S. consumers and their personal data. 

How to Stay Safe When Using AI Chatbots 

If you’re using AI tools—whether it’s ChatGPT, DeepSeek, or any other chatbot—it’s crucial to take steps to protect your information: 

• Avoid sharing personal or sensitive data. AI chatbots are not secure vaults—treat them like public forums. You wouldn’t post your social security number or passwords to Facebook, don’t share those details with chatbots either. 

• Review privacy policies carefully. Before using a new AI model, check how your data is collected, stored, and used. Read privacy policies and consider what data is being saved. 

• Use disposable or temporary email addresses. If a chatbot requires registration, consider using an alias to prevent your primary email from being linked to the service. 

• Enable multi-factor authentication. If an AI platform offers account security features, enable them to add an extra layer of protection. 

As AI chatbots like DeepSeek gain popularity, safeguarding your personal data is more critical than ever. With McAfee’s advanced security solutions, including identity protection and AI-powered threat detection, you can browse, chat, and interact online with greater confidence—because in the age of AI, privacy is power. 

 

The post Explaining DeepSeek: The AI Disruptor That’s Raising Red Flags for Privacy and Security appeared first on McAfee Blog.

Identity theft is a growing concern, and Data Privacy Week serves as an important reminder to safeguard your personal information. In today’s digital age, scammers have more tools than ever to steal your identity, often with just a few key details—like your Social Security number, bank account information, or home address.

Unfortunately, identity theft claims have surged in recent years, jumping from approximately 650,000 in 2019 to over a million in 2023, according to the Federal Trade Commission (FTC). This trend underscores the urgent need for stronger personal data protection habits.

So, how do scammers pull it off, and how can you protect yourself from becoming a victim?

How Do Scammers Steal Your Identity? 

Scammers are resourceful, and there are multiple ways they can access your personal information. The theft can happen both in the physical and digital realms. 

• Identity Theft in the Physical World:
  • If you lose your wallet or debit card, that’s an immediate risk. But thieves also use other methods like rummaging through your trash or mail to access sensitive information. In rare cases, they may even file a change-of-address form in your name, redirecting your mail to a different address. 

• Identity Theft in the Digital World: 

• • Data breaches: Hackers infiltrate businesses or government systems, stealing massive amounts of customer data. 

• • Phishing attacks: Fraudsters use deceptive emails, texts, or websites to trick you into entering sensitive information like passwords or credit card details. 

• • Malware: Scammers can infect your devices with malware that secretly harvests your data. 

• • Public Wi-Fi risks: Using unsecured Wi-Fi networks without a Virtual Private Network (VPN) makes it easier for hackers to intercept your online transactions. 

Signs Your Identity May Have Been Stolen 

When scammers steal your identity, they often leave behind a trail of unusual activity that you can detect. Here are some common signs that could indicate identity theft: 

• Unexpected bills or new accounts: If you start receiving bills for accounts you didn’t open, or if you see unfamiliar charges on your bank statements, it’s time to investigate. 

• Missing bills or statements: If your regular bills or account statements stop showing up, it could mean your address has been changed without your knowledge. 

• Fraudulent accounts or transactions: Getting debt collection calls for accounts you never opened, or spotting unauthorized charges on your credit or bank statements, is a major red flag. 

• Denial of credit: If you apply for a loan or a credit card and get denied for reasons you don’t understand, it could be due to fraudulent activity under your name. 

• IRS notifications: If the IRS contacts you about tax returns filed in your name, it’s possible someone has stolen your Social Security number to claim your refund. 

Steps to Take If You Suspect Identity Theft 

If you suspect that your identity has been stolen, time is of the essence. Here’s what you need to do: 

• Contact the companies involved: Immediately report any suspicious transactions to your bank, credit card company, or any business where fraud has occurred. They can help you initiate an investigation. 

• File a police report: Identity theft is a crime, and it’s essential to report it to the authorities. Filing a police report can create an official record of the theft and help protect you if the thief commits other crimes under your name. 

• Contact the FTC: The Federal Trade Commission provides resources for victims of identity theft. You can file a report and get a recovery plan. The FTC’s website is an invaluable resource for walking you through the recovery process. 

• Place a fraud alert or credit freeze: Contact one of the major credit bureaus (Experian, TransUnion, or Equifax) to place a fraud alert on your credit file. This makes it harder for thieves to open accounts in your name. You can also opt for a credit freeze, which prevents creditors from accessing your credit report altogether. 

• Dispute any inaccuracies: Check your credit reports for any unfamiliar activity. Dispute any fraudulent accounts or charges with the relevant credit bureaus and businesses involved. 

• Monitor your credit and accounts: Even after taking the above steps, it’s crucial to keep an eye on your credit report and bank statements. The longer you monitor, the sooner you’ll spot any other fraudulent activity. 

How to Prevent Identity Theft 

While you can’t completely eliminate the risk of identity theft, there are several steps you can take to protect yourself: 

• Use strong passwords: Create unique passwords for each of your online accounts and enable two-factor authentication wherever possible.
  
• Install security software: Use comprehensive security software to protect your devices from malware and hackers. McAfee+ offers enhanced protection against identity theft and provides real-time monitoring for any suspicious activity. McAfee+ Advanced and Ultimate plans also come with full-service Personal Data Cleanup, which sends requests to remove your data automatically.
• Shred personal documents: Shred bills, tax documents, and any sensitive paperwork before disposing of them. Scammers still use physical methods like “dumpster diving” to gather personal information.
• Be cautious online: Be mindful of the information you share on social media. Avoid posting sensitive details like your birth date or mother’s maiden name, which could be used to guess your security questions.
• Regularly monitor your bank accounts: Regularly check your bank activity and credit report to ensure that no unauthorized activity has taken place. You’re entitled to a free credit report annually from the three major credit bureaus. 

Identity theft can be a stressful and overwhelming experience, but by acting quickly and taking proactive steps to protect your personal information, you can minimize the damage and reclaim your identity. 

The post How Scammers Steal Your Identity and What You Can Do About It appeared first on McAfee Blog.