News

Researchers at Wiz uncovered a publicly accessible database belonging to Chinese GenAI provider DeepSeek that leaked sensitive data, including chat history

New York Blood Center Enterprises revealed that it has been hit by a ransomware attack, disrupting activities and blood drives at its centers across the country

UK organizations are significantly increasing cybersecurity budgets, with a projected 31% growth in the next year

The UK’s National Cyber Security Centre has released a new paper making it easier to assess if a flaw is “unforgivable”

There are thousands of fake Reddit and WeTransfer webpages that are pushing malware. They exploit people who are using search engines to search sites like Reddit.

Unsuspecting victims clicking on the link are taken to a fake WeTransfer site that mimicks the interface of the popular file-sharing service. The ‘Download’ button leads to the Lumma Stealer payload hosted on “weighcobbweo[.]top.”

Boingboing post.

The artificial intelligence arms race has a new disruptor—DeepSeek, a Chinese AI startup that has quickly gained traction for its advanced language models.  

Positioned as a low-cost alternative to industry giants like OpenAI and Meta, DeepSeek has drawn attention for its rapid growth, affordability, and potential to reshape the AI landscape.  

But as the buzz around its capabilities grows, so do concerns about data privacy, cybersecurity, and the implications of feeding personal information into AI tools with uncertain oversight. 

What Is DeepSeek, and Why Is It Making Headlines? 

DeepSeek’s AI models, including its latest version, DeepSeek-V3, claim to rival the most sophisticated AI systems developed in the U.S.—but at a fraction of the cost. 

According to reports, training its latest model required just $6 million in computing power, compared to the billions spent by its American counterparts. This affordability has allowed DeepSeek to climb the ranks, with its AI assistant even surpassing ChatGPT as the top free app on Apple’s U.S. App Store. 

What makes DeepSeek’s rise even more surprising is how abruptly it entered the AI race. The company originally launched as a hedge fund before pivoting to artificial intelligence—an unusual shift that has fueled speculation about how it managed to develop such advanced models so quickly. Unlike other AI startups that spent years in research and development, DeepSeek seemed to emerge overnight with capabilities on par with OpenAI and Meta. 

However, DeepSeek’s meteoric rise has sparked skepticism. Some analysts and AI experts question whether its success is truly due to breakthrough efficiency or if it has leveraged external resources—potentially including restricted U.S. AI technology. OpenAI has even accused DeepSeek of improperly using its proprietary tech, a claim that, if proven, could have major legal and ethical ramifications. 

Why Consumers Should Be Cautious 

One of the biggest concerns surrounding DeepSeek isn’t just how it handles user data—it’s that it reportedly failed to secure it altogether.  

According to The Register, security researchers at Wiz discovered that DeepSeek left a database completely exposed, with no password protection, allowing public access to millions of chat logs, API keys, backend data, and operational details.  

This means that conversations with DeepSeek’s chatbot, including potentially sensitive information, were openly available to anyone on the internet. Worse still, the exposure reportedly could have allowed attackers to escalate privileges and gain deeper access into DeepSeek’s infrastructure. While the issue has since been fixed, the incident highlights a glaring oversight: even the most advanced AI models are only as trustworthy as the security behind them. 

Here’s why caution is warranted: 

1. Data Privacy Risks: AI chatbots process and store conversations, which may be used for further training, sold to third parties, or accessed by unauthorized entities. It remains unclear how DeepSeek handles user data or whether its security protocols align with global privacy standards. 

1. Regulatory Uncertainty: Unlike U.S. companies that must comply with laws like the California Consumer Privacy Act (CCPA) and the European Union’s General Data Protection Regulation (GDPR), DeepSeek operates under different legal frameworks. This lack of regulatory clarity could mean weaker protections for user data. 

1. Potential Cybersecurity Threats: History has shown that AI tools can be manipulated for malicious purposes, from deepfake scams to social engineering attacks. If DeepSeek’s security measures are not robust, it could become a target for cybercriminals looking to exploit vulnerabilities. 

DeepSeek specifically states in its terms of service that it collects, stores, and has permission to share just about all the data you provide while using the service.  

 

Figure 1. Screenshot of DeepSeek Privacy Policy shared on LinkedIn

It specifically notes collecting your profile information, credit card details, and any files or data shared in chats. What’s more, that data isn’t stored in the United States, which has strict data privacy regulations. DeepSeek is a Chinese company with limited required protections for U.S. consumers and their personal data. 

How to Stay Safe When Using AI Chatbots 

If you’re using AI tools—whether it’s ChatGPT, DeepSeek, or any other chatbot—it’s crucial to take steps to protect your information: 

• Avoid sharing personal or sensitive data. AI chatbots are not secure vaults—treat them like public forums. You wouldn’t post your social security number or passwords to Facebook, don’t share those details with chatbots either. 

• Review privacy policies carefully. Before using a new AI model, check how your data is collected, stored, and used. Read privacy policies and consider what data is being saved. 

• Use disposable or temporary email addresses. If a chatbot requires registration, consider using an alias to prevent your primary email from being linked to the service. 

• Enable multi-factor authentication. If an AI platform offers account security features, enable them to add an extra layer of protection. 

As AI chatbots like DeepSeek gain popularity, safeguarding your personal data is more critical than ever. With McAfee’s advanced security solutions, including identity protection and AI-powered threat detection, you can browse, chat, and interact online with greater confidence—because in the age of AI, privacy is power. 

 

The post Explaining DeepSeek: The AI Disruptor That’s Raising Red Flags for Privacy and Security appeared first on McAfee Blog.

Identity theft is a growing concern, and Data Privacy Week serves as an important reminder to safeguard your personal information. In today’s digital age, scammers have more tools than ever to steal your identity, often with just a few key details—like your Social Security number, bank account information, or home address.

Unfortunately, identity theft claims have surged in recent years, jumping from approximately 650,000 in 2019 to over a million in 2023, according to the Federal Trade Commission (FTC). This trend underscores the urgent need for stronger personal data protection habits.

So, how do scammers pull it off, and how can you protect yourself from becoming a victim?

How Do Scammers Steal Your Identity? 

Scammers are resourceful, and there are multiple ways they can access your personal information. The theft can happen both in the physical and digital realms. 

• Identity Theft in the Physical World:
  • If you lose your wallet or debit card, that’s an immediate risk. But thieves also use other methods like rummaging through your trash or mail to access sensitive information. In rare cases, they may even file a change-of-address form in your name, redirecting your mail to a different address. 

• Identity Theft in the Digital World: 

• • Data breaches: Hackers infiltrate businesses or government systems, stealing massive amounts of customer data. 

• • Phishing attacks: Fraudsters use deceptive emails, texts, or websites to trick you into entering sensitive information like passwords or credit card details. 

• • Malware: Scammers can infect your devices with malware that secretly harvests your data. 

• • Public Wi-Fi risks: Using unsecured Wi-Fi networks without a Virtual Private Network (VPN) makes it easier for hackers to intercept your online transactions. 

Signs Your Identity May Have Been Stolen 

When scammers steal your identity, they often leave behind a trail of unusual activity that you can detect. Here are some common signs that could indicate identity theft: 

• Unexpected bills or new accounts: If you start receiving bills for accounts you didn’t open, or if you see unfamiliar charges on your bank statements, it’s time to investigate. 

• Missing bills or statements: If your regular bills or account statements stop showing up, it could mean your address has been changed without your knowledge. 

• Fraudulent accounts or transactions: Getting debt collection calls for accounts you never opened, or spotting unauthorized charges on your credit or bank statements, is a major red flag. 

• Denial of credit: If you apply for a loan or a credit card and get denied for reasons you don’t understand, it could be due to fraudulent activity under your name. 

• IRS notifications: If the IRS contacts you about tax returns filed in your name, it’s possible someone has stolen your Social Security number to claim your refund. 

Steps to Take If You Suspect Identity Theft 

If you suspect that your identity has been stolen, time is of the essence. Here’s what you need to do: 

• Contact the companies involved: Immediately report any suspicious transactions to your bank, credit card company, or any business where fraud has occurred. They can help you initiate an investigation. 

• File a police report: Identity theft is a crime, and it’s essential to report it to the authorities. Filing a police report can create an official record of the theft and help protect you if the thief commits other crimes under your name. 

• Contact the FTC: The Federal Trade Commission provides resources for victims of identity theft. You can file a report and get a recovery plan. The FTC’s website is an invaluable resource for walking you through the recovery process. 

• Place a fraud alert or credit freeze: Contact one of the major credit bureaus (Experian, TransUnion, or Equifax) to place a fraud alert on your credit file. This makes it harder for thieves to open accounts in your name. You can also opt for a credit freeze, which prevents creditors from accessing your credit report altogether. 

• Dispute any inaccuracies: Check your credit reports for any unfamiliar activity. Dispute any fraudulent accounts or charges with the relevant credit bureaus and businesses involved. 

• Monitor your credit and accounts: Even after taking the above steps, it’s crucial to keep an eye on your credit report and bank statements. The longer you monitor, the sooner you’ll spot any other fraudulent activity. 

How to Prevent Identity Theft 

While you can’t completely eliminate the risk of identity theft, there are several steps you can take to protect yourself: 

• Use strong passwords: Create unique passwords for each of your online accounts and enable two-factor authentication wherever possible.
  
• Install security software: Use comprehensive security software to protect your devices from malware and hackers. McAfee+ offers enhanced protection against identity theft and provides real-time monitoring for any suspicious activity. McAfee+ Advanced and Ultimate plans also come with full-service Personal Data Cleanup, which sends requests to remove your data automatically.
• Shred personal documents: Shred bills, tax documents, and any sensitive paperwork before disposing of them. Scammers still use physical methods like “dumpster diving” to gather personal information.
• Be cautious online: Be mindful of the information you share on social media. Avoid posting sensitive details like your birth date or mother’s maiden name, which could be used to guess your security questions.
• Regularly monitor your bank accounts: Regularly check your bank activity and credit report to ensure that no unauthorized activity has taken place. You’re entitled to a free credit report annually from the three major credit bureaus. 

Identity theft can be a stressful and overwhelming experience, but by acting quickly and taking proactive steps to protect your personal information, you can minimize the damage and reclaim your identity. 

The post How Scammers Steal Your Identity and What You Can Do About It appeared first on McAfee Blog.

In an effort to blend in and make their malicious traffic tougher to block, hosting firms catering to cybercriminals in China and Russia increasingly are funneling their operations through major U.S. cloud providers. Research published this week on one such outfit — a sprawling network tied to Chinese organized crime gangs and aptly named “Funnull” — highlights a persistent whac-a-mole problem facing cloud services.

In October 2024, the security firm Silent Push published a lengthy analysis of how Amazon AWS and Microsoft Azure were providing services to Funnull, a two-year-old Chinese content delivery network that hosts a wide variety of fake trading apps, pig butchering scams, gambling websites, and retail phishing pages.

Funnull made headlines last summer after it acquired the domain name polyfill[.]io, previously the home of a widely-used open source code library that allowed older browsers to handle advanced functions that weren’t natively supported. There were still tens of thousands of legitimate domains linking to the Polyfill domain at the time of its acquisition, and Funnull soon after conducted a supply-chain attack that redirected visitors to malicious sites.

Silent Push’s October 2024 report found a vast number of domains hosted via Funnull promoting gambling sites that bear the logo of the Suncity Group, a Chinese entity named in a 2024 UN report (PDF) for laundering millions of dollars for the North Korean Lazarus Group.

In 2023, Suncity’s CEO was sentenced to 18 years in prison on charges of fraud, illegal gambling, and “triad offenses,” i.e. working with Chinese transnational organized crime syndicates. Suncity is alleged to have built an underground banking system that laundered billions of dollars for criminals.

It is likely the gambling sites coming through Funnull are abusing top casino brands as part of their money laundering schemes. In reporting on Silent Push’s October report, TechCrunch obtained a comment from Bwin, one of the casinos being advertised en masse through Funnull, and Bwin said those websites did not belong to them.

Gambling is illegal in China except in Macau, a special administrative region of China. Silent Push researchers say Funnull may be helping online gamblers in China evade the Communist party’s “Great Firewall,” which blocks access to gambling destinations.

Silent Push’s Zach Edwards said that upon revisiting Funnull’s infrastructure again this month, they found dozens of the same Amazon and Microsoft cloud Internet addresses still forwarding Funnull traffic through a dizzying chain of auto-generated domain names before redirecting malicious or phishous websites.

Edwards said Funnull is a textbook example of an increasing trend Silent Push calls “infrastructure laundering,” wherein crooks selling cybercrime services will relay some or all of their malicious traffic through U.S. cloud providers.

“It’s crucial for global hosting companies based in the West to wake up to the fact that extremely low quality and suspicious web hosts based out of China are deliberately renting IP space from multiple companies and then mapping those IPs to their criminal client websites,” Edwards told KrebsOnSecurity. “We need these major hosts to create internal policies so that if they are renting IP space to one entity, who further rents it to host numerous criminal websites, all of those IPs should be reclaimed and the CDN who purchased them should be banned from future IP rentals or purchases.”

Reached for comment, Amazon referred this reporter to a statement Silent Push included in a report released today. Amazon said AWS was already aware of the Funnull addresses tracked by Silent Push, and that it had suspended all known accounts linked to the activity.

Amazon said that contrary to implications in the Silent Push report, it has every reason to aggressively police its network against this activity, noting the accounts tied to Funnull used “fraudulent methods to temporarily acquire infrastructure, for which it never pays. Thus, AWS incurs damages as a result of the abusive activity.”

“When AWS’s automated or manual systems detect potential abuse, or when we receive reports of potential abuse, we act quickly to investigate and take action to stop any prohibited activity,” Amazon’s statement continues. “In the event anyone suspects that AWS resources are being used for abusive activity, we encourage them to report it to AWS Trust & Safety using the report abuse form. In this case, the authors of the report never notified AWS of the findings of their research via our easy-to-find security and abuse reporting channels. Instead, AWS first learned of their research from a journalist to whom the researchers had provided a draft.”

Microsoft likewise said it takes such abuse seriously, and encouraged others to report suspicious activity found on its network.

“We are committed to protecting our customers against this kind of activity and actively enforce acceptable use policies when violations are detected,” Microsoft said in a written statement. “We encourage reporting suspicious activity to Microsoft so we can investigate and take appropriate actions.”

Richard Hummel is threat intelligence lead at NETSCOUT. Hummel said it used to be that “noisy” and frequently disruptive malicious traffic — such as automated application layer attacks, and “brute force” efforts to crack passwords or find vulnerabilities in websites — came mostly from botnets, or large collections of hacked devices.

But he said the vast majority of the infrastructure used to funnel this type of traffic is now proxied through major cloud providers, which can make it difficult for organizations to block at the network level.

“From a defenders point of view, you can’t wholesale block cloud providers, because a single IP can host thousands or tens of thousands of domains,” Hummel said.

In May 2024, KrebsOnSecurity published a deep dive on Stark Industries Solutions, an ISP that materialized at the start of Russia’s invasion of Ukraine and has been used as a global proxy network that conceals the true source of cyberattacks and disinformation campaigns against enemies of Russia. Experts said much of the malicious traffic  traversing Stark’s network (e.g. vulnerability scanning and password brute force attacks) was being bounced through U.S.-based cloud providers.

Stark’s network has been a favorite of the Russian hacktivist group called NoName057(16), which frequently launches huge distributed denial-of-service (DDoS) attacks against a variety of targets seen as opposed to Moscow. Hummel said NoName’s history suggests they are adept at cycling through new cloud provider accounts, making anti-abuse efforts into a game of whac-a-mole.

“It almost doesn’t matter if the cloud provider is on point and takes it down because the bad guys will just spin up a new one,” he said. “Even if they’re only able to use it for an hour, they’ve already done their damage. It’s a really difficult problem.”

Edwards said Amazon declined to specify whether the banned Funnull users were operating using compromised accounts or stolen payment card data, or something else.

“I’m surprised they wanted to lean into ‘We’ve caught this 1,200+ times and have taken these down!’ and yet didn’t connect that each of those IPs was mapped to [the same] Chinese CDN,” he said. “We’re just thankful Amazon confirmed that account mules are being used for this and it isn’t some front-door relationship. We haven’t heard the same thing from Microsoft but it’s very likely that the same thing is happening.”

Funnull wasn’t always a bulletproof hosting network for scam sites. Prior to 2022, the network was known as Anjie CDN, based in the Philippines. One of Anjie’s properties was a website called funnull[.]app. Loading that domain reveals a pop-up message by the original Anjie CDN owner, who said their operations had been seized by an entity known as Fangneng CDN and ACB Group, the parent company of Funnull.

“After I got into trouble, the company was managed by my family,” the message explains. “Because my family was isolated and helpless, they were persuaded by villains to sell the company. Recently, many companies have contacted my family and threatened them, believing that Fangneng CDN used penetration and mirroring technology through customer domain names to steal member information and financial transactions, and stole customer programs by renting and selling servers. This matter has nothing to do with me and my family. Please contact Fangneng CDN to resolve it.”

In January 2024, the U.S. Department of Commerce issued a proposed rule that would require cloud providers to create a “Customer Identification Program” that includes procedures to collect data sufficient to determine whether each potential customer is a foreign or U.S. person.

According to the law firm Crowell & Moring LLP, the Commerce rule also would require “infrastructure as a service” (IaaS) providers to report knowledge of any transactions with foreign persons that might allow the foreign entity to train a large AI model with potential capabilities that could be used in malicious cyber-enabled activity.

“The proposed rulemaking has garnered global attention, as its cross-border data collection requirements are unprecedented in the cloud computing space,” Crowell wrote. “To the extent the U.S. alone imposes these requirements, there is concern that U.S. IaaS providers could face a competitive disadvantage, as U.S. allies have not yet announced similar foreign customer identification requirements.”

It remains unclear if the new White House administration will push forward with the requirements. The Commerce action was mandated as part of an executive order President Trump issued a day before leaving office in January 2021.

AI-related API vulnerabilities surged 1,205% in 2024, with 99% tied to API flaws, according to a new report by Wallarm

Google highlighted significant abuse of its Gemini LLM tool by nation state actors to support malicious activities, including research and malware development