Car rental giant Hertz data suffered a data breach caused by a CL0P ransomware attack on file sharing vendor Cleo

The Hertz Corporation, on behalf of Hertz, Dollar, and Thrifty brands, is sending breach notifications to customers who may have had their name, contact information, driver’s license, and—in rare cases—Social Security Number exposed in a data breach.

The car rental giant’s data was stolen in a ransomware attack leveraging a vulnerability in Cleo file sharing products.

In 2023, the CL0P ransomware gang broke the scalability barrier and shook the security world with a series of short, automated campaigns, hitting hundreds of unsuspecting targets simultaneously with attacks based on zero-day exploits in file sharing software like MOVEit Transfer and GoAnywhere MFT.

In 2024, CL0P repeated this method using a zero-day exploit against Cleo, a business-to-business (B2B) tech platform provider that specializes in managed file transfer (MFT) solutions, like Cleo Harmony, VLTrader, and LexiCom.

Hertz acknowledged that it was one of the victims:

> “On February 10, 2025, we confirmed that Hertz data was acquired by an unauthorized third party that we understand exploited zeroday vulnerabilities within Cleo’s platform in October 2024 and December 2024.”

We were already aware of the fact, since CL0P posted about it on their leak site.

A screenshot of some of CL0P’s list of victims (other victims’ names obscured)

This leak site is also where the stolen data is available for download. Malwarebytes Labs was unable to figure out how many people were affected, but the number of available archives for download is in the tenfolds.

A small portion of the downloads list

After a full data analysis, Hertz is sending notifications to affected customers. The type of stolen data varies per customer, but could include:

*   Name
*   Contact information
*   Driver’s license
*   Social Security Number (in rare cases according to Hertz)

> “A very small number of individuals may have had their Social Security or other government identification numbers, passport information, Medicare or Medicaid ID (associated with workers’ compensation claims), or injury-related information associated with vehicle accident claims impacted by the event.”

While Hertz says it’s not aware of any misuse of stolen personal information for fraudulent purposes, it offers affected customers two years of identity monitoring services by Kroll for free.

**Protecting yourself after a data breach**

There are some actions you can take if you are, or suspect you may have been, the victim of a data breach.

*   **Check the vendor’s advice.** Every breach is different, so check with the vendor to find out what’s happened, and follow any specific advice they offer.
*   **Change your password.** You can make a stolen password useless to thieves by changing it. Choose a strong password that you don’t use for anything else. Better yet, let a password manager choose one for you.
*   **Enable two-factor authentication (2FA).** If you can, use a FIDO2-compliant hardware key, laptop or phone as your second factor. Some forms of two-factor authentication (2FA) can be phished just as easily as a password. 2FA that relies on a FIDO2 device can’t be phished.
*   **Watch out for fake vendors.** The thieves may contact you posing as the vendor. Check the vendor website to see if they are contacting victims, and verify the identity of anyone who contacts you using a different communication channel.
*   **Take your time.** Phishing attacks often impersonate people or brands you know, and use themes that require urgent attention, such as missed deliveries, account suspensions, and security alerts.
*   **Consider not storing your card details**. It’s definitely more convenient to get sites to remember your card details for you, but we highly recommend not storing that information on websites.
*   **Set up identity monitoring.** Identity monitoring alerts you if your personal information is found being traded illegally online, and helps you recover after.

**Check your digital footprint**

Malwarebytes has a free tool for you to check how much of your personal data has been exposed online. Submit your email address (it’s best to give the one you most frequently use) to our free Digital Footprint scan and we’ll give you a report and recommendations.

 Hertz data breach caused by CL0P ransomware attack on vendor 

Meta users in Europe will have their public posts swept up and ingested for AI training, the company announced this week.

European Facebook users have so far avoided having their public posts used to train parent company Meta’s AI model. That’s about to change, the company has warned. In a blog post today, it said that EU residents’ data was fair game and it would be slurping up public posts for training soon.

Facebook, which launched its AI service for EU users last month, said that it needs that user data to make its AI service more relevant to Europeans.

“That means everything from dialects and colloquialisms, to hyper-local knowledge and the distinct ways different countries use humor and sarcasm on our products,” the company said. It continued:

> “This is particularly important as AI models become more advanced with multi-modal functionality, which spans text, voice, video, and imagery.”

Meta originally planned to start training its AI on user posts in the EU in June last year, but it pressed pause after pushback from the Irish Data Protection Commission (DPC) and the UK’s Information Commissioner’s Office (ICO). This came after European privacy advocacy group NOYB (which informally stands for “none of your business”) complained about the move to several regulators in the region.

Meta had claimed that the data collection was in its legitimate interest, stating that it would allow users to opt out of the AI training. NOYB responded that the company should ask users before using their data to train its AI models (which would make it an opt-in arrangement).

**The EU handballs the issue back to national regulators**

The DPC’s delay was apparently just a speed bump. The Irish DPC asked the European Data Protection Board (EDPB) to mull the issue further, specifically asking several questions. When can an AI model be considered anonymous, it asked? And how can a company demonstrate legitimate interest when collecting data to develop and deploy such a model?

On December 17 of last year, the Board issued a ruling, Opinion 28/2024, that answered those questions by passing them back to regulators. They would have to look at anonymity on a per-case basis, the ruling said. It advised them to consider whether it would be possible to extract personal information from the model, and to look at what the company did during development to prevent personal data from being used in the training or to make it less identifiable.

To determine whether an interest is legitimate, a regulator should decide whether the company’s interest is lawful and with real-world application, rather than just being speculative. Developing an AI model would likely pass that test, it added. Then, they should evaluate whether the data collected is necessary to fulfill it, and then see whether that collection overrides the users’ fundamental rights.

Finally, the DPC asked the Board what the effect on an AI model’s operation would be if a company was found to have used personal data unlawfully to train it. The Board once again handed that to the regulators on a per-case basis.

**Onward and downward**

Meta felt that this opinion was enough.

“We welcome the opinion provided by the EDPB in December, which affirmed that our original approach met our legal obligations,” the company said in the blog post about the forthcoming reintroduction of AI training. “Since then, we have engaged constructively with the IDPC and look forward to continuing to bring the full benefits of generative AI to people in Europe.”

The social media giant appears to have dodged NOYB’s opt-out vs opt-in question. It said that notifications about the AI training—which will arrive via email or via the platform—will include a link to an objection form.

“We have made this objection form easy to find, read, and use, and we’ll honor all objection forms we have already received, as well as newly submitted ones,” Meta said. In short, it’s still an opt-out arrangement.

But objection forms were a concern for NOYB in its original complaint.

“Meta makes it extremely complicated to object, even requiring personal reasons,” NOYB warned last June. “A technical analysis of the opt-out links even showed that Meta requires a login to view an otherwise public page. In total, Meta requires some 400 million European users to ‘object’, instead of asking for their consent.”

It remains to be seen whether the objection forms will be different this time around. Perhaps the real worry here is that we’re about to get an EU AI model trained on traditional Facebook fodder: food pictures, obvious political opinions, an endless stream of vacuous fortune-cookie life lessons, and your cousins’ ongoing feud over what Julie said about Brian’s egg salad at the family barbecue last March.

**We don’t just report on threats – we help protect your social media**

Cybersecurity risks should never spread beyond a headline. Protect your social media accounts by using Malwarebytes Identity Theft Protection.

 Meta slurps up EU user data for AI training 

A newly created inetpub folder turns out to be part of a Microsoft update against a vulnerability tracked as CVE-2025-21204

In a new update for the guide concerning CVE-2025-21204 Microsoft told users they need the new inetpub folder for protection.

As part of April’s patch Tuesday updates, Microsoft released a patch to a link following flaw in the Windows Update Stack. Applying the patch creates a new %systemdrive%\\inetpub folder on the device.

Users who noticed the new folder asked questions because they were concerned about its origin and purpose. Since the empty folder is generally associated with an Internet Information Services (IIS) feature that most users will not be running, this called for an explanation.

Internet Information Services (IIS) is a web server platform created by Microsoft to host websites, web applications, and services on Windows systems. The platform is not installed by default but can be enabled through the Windows Features dialog.

Microsoft states in the update:

> “This folder should not be deleted regardless of whether Internet Information Services (IIS) is active on the target device. This behavior is part of changes that increase protection and does not require any action from IT admins and end users.”

CVE-2025-21204, when successfully exploited, allows an authorized attacker to elevate privileges locally.

Per Microsoft:

> “An authenticated attacker who successfully exploits this vulnerability gains the ability to perform and/or manipulate file management operations on the victim machine in the context of the NT AUTHORITY\\SYSTEM account.”

The “link following flaw” means that the product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

As a resolution, denying access to a file can prevent an attacker from replacing that file with a link to a malicious file. Denying access can be done by assigning file/folder permissions. When you set permissions while creating a folder, you specify what users are allowed to do within that folder, such as limiting their ability to “Read-only” which means it allows the user to open and read files within the folder, but not add or edit existing files in the folder.

Read-only inetpub folder

Short answer: the inetpub folder is there to protect you from an attacker exploiting a vulnerability, and it’s hardly taking up any space, so best leave it alone.

**We don’t just report on threats—we remove them**

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

 No, it’s not OK to delete that new inetpub folder 

Malwarebytes has been rewarded with prestigious accolades by two renowned publications, PCMag and CNET.

Horn tooting time: We’re excited to say we’ve earned a coveted spot in PCMag’s “Best Antivirus Software for 2025” list, and been recognized as the “Best Malware Removal Service 2025” by CNET.   

PCMag’s rigorous evaluation process takes into account a range of factors, including real-world, hands-on testing, independent lab tests, and decades of experience in the field. 

Malwarebytes Premium proved highly effective in malware protection and defending against malicious and fraudulent web pages.  

PCMag recognized Malwarebytes Premium for its speed and effectiveness, stating:

> _“Anyone who’s used Malwarebytes Free to remedy another antivirus tool’s slip-up will appreciate the full-powered Malwarebytes Premium. Even if you never needed that kind of rescue, this app’s speedy scan and excellent hands-on test results are a big draw.”_  
> 
> _Reprinted with permission. (c) 2025 Ziff Davis, LLC. All Rights Reserved._ 

PCMag awarded Malwarebytes: 

*   2025 Best Antivirus 

*   2025 Best Malware Removal 

*   2025 Best Protection Software 

In our second recent award, CNET awarded Malwarebytes “Best Malware Removal Service 2025” after researching and testing antivirus software on setup, features, look and feel, and performance.  

CNET highlighted several standout features, including: 

*   Top-tier malware removal   

*   Comprehensive Browser Guard web protection   

*   An easy-to-use, customizable interface 

We are super grateful to receive these awards and thank the teams of experts at PCMag and CNET for their thorough testing and valuable insights. 

**Download Malwarebytes Premium today to get the “best” protection**.

 Malwarebytes named &#8220;Best Antivirus Software&#8221; and &#8220;Best Malware Removal Service&#8221; 

A list of topics we covered in the week of April 7 to April 13 of 2025

April 14, 2025 - Malwarebytes has been rewarded with prestigious accolades by two renowned publications, PCMag and CNET. 

April 11, 2025 - The US indicated they will sign the Pall Mall Pact, an international treaty to regulate commercial spyware and surveillance tools.

April 10, 2025 - A report from Edinburgh University warns that child abusers are using dating apps to find single parents with vulnerable children.

April 10, 2025 - US senator Cassidy is afraid that Chinese companies will jump at the opportunity to buy the genetic data of 15 million 23andMe customers.

April 9, 2025 - If you use WhatsApp for Windows, you'll want to make sure you're on the latest version.

 A week in security (April 7 &#8211; April 13) 

The US indicated they will sign the Pall Mall Pact, an international treaty to regulate commercial spyware and surveillance tools.

The US State Department reportedly plans to sign an international agreement designed to govern the use of commercial spyware known as the Pall Mall Pact.

The Pall Mall Pact, formally known as the Pall Mall Process, was initiated by France and the United Kingdom in February 2024. The goal of the Pall Mall Pact is to regulate Commercial Cyber Intrusion Capabilities (CCICs), or what we usually refer to as spyware and surveillance tools.

Signed by France, the UK, Japan, and 18 other EU member states, the Code of Practice is a voluntary non-binding agreement establishing “best practices” among governments in relation to the development, facilitation, purchase, transfer, and use of commercial cyber intrusion tools and services.

Primarily, it aims to tackle the misuse of powerful cybertools sold on the open market. These tools, often developed by private companies like the NSO Group and Paragon Solutions, have been exploited by state and non-state actors to surveil journalists, human rights defenders, activists, and even government officials. The misuse of spyware has raised concerns about its impact on democracy, human rights, and national security.

By promoting international collaboration among governments, combined with industry players like Google and Microsoft, civil society organizations, and academics, the pact represents a collective effort to regulate an industry that has operated almost without reins.

The ongoing proliferation of spyware poses existential risks to privacy and civil liberties. Commercial hacking tools have enabled intrusive surveillance practices that undermine fundamental freedom and human rights. For example, spyware can infiltrate smartphones and computers, granting unauthorized access to sensitive data such as messages, emails, and location information.

Initially, countries like the United States opted not to sign the Pall Mall Pact but to pursue similar initiatives independently. However, this fragmentation could dilute global efforts to regulate spyware effectively. Not ideal, since its voluntary nature already raises questions about its effectiveness.

While not legally binding, the Code offers building blocks for the future and builds momentum for further development. It also offers the participating states a framework for further discussion and national implementation into laws.

In an increasingly digital world, privacy is a growing concern. As our recent research showed, a majority of people feel isolated in securing their sensitive information from companies, governments, AI models, and scammers.

Privacy is more than a personal concern. It’s a cornerstone of democracy and human rights. The Pall Mall Pact offers a roadmap for protecting these values against the misuse of powerful surveillance technologies. No one should be subject to arbitrary or unlawful interference with their privacy, as set out in the International Covenant on Civil and Political Rights and other applicable international and regional treaties.

**We don’t just report on privacy—we offer you the option to use it.**

Privacy risks should never spread beyond a headline. Keep your online privacy yours by using Malwarebytes Privacy VPN.

 The Pall Mall Pact and why it matters 

A report from Edinburgh University warns that child abusers are using dating apps to find single parents with vulnerable children.

Using a dating app? Beware of your potential partner’s motives. A report from Edinburgh University warns that child abusers are using these apps to find single parents with vulnerable children.

The Searchlight 2025 report, from the University’s Childlight Global Child Safety Institute, analyses the tools and techniques that child abusers use to reach their prey. It found that more than one in five (22%) of male abusers use dating apps daily, compared to 8.1% of other men.

With this in mind, the report suggests increasing safeguards such as ID verification on dating apps, along with developing tools such as automated recognition of grooming language and more reporting of suspicious behavior by the app companies.

**A network of child abusers**

While child abuse is often purely for the abuser’s own gratification, the Institute also documented how abusers frequently profit from their crimes by producing child sexual abuse material (CSAM).

“They groom single parents via dating apps to access their children. They target displaced children in conflict zones like Ukraine. And they trade images using sophisticated payment methods, including cryptocurrencies, to evade detection,” warned Paul Stanfield, CEO of Childlight, in the report.

Alongside the use of dating apps, the report also points to the growing humanitarian crisis around the world as an opportunity for abusers. As millions of children are displaced, it cites growing searches for content involving displaced women and children, along with increased trafficker activity targeting displaced victims in Ukraine and Turkey, which hosts Syrian refugees.

**The path to illicit profit**

One way that abusers profit is by sharing images and video of the abuse. Networks for the exchange and sale of these materials are rife, and abusers have taken to producing specific CSAM content on demand to fit a buyer’s requirements. Files of this type can fetch up to $1,200, the report found. Abusers will also often livestream their abuse sessions for money.

Some organizations that create CSAM are often relatively small, with individuals in single figures, according to the report. They operate on a traditional corporate model, dividing responsibilities between specific people. Individuals will specialize in recruitment, control of the children, finding locations for the abuse, marketing the material, and financial management.

**Children producing CSAM**

Children themselves are now becoming more involved in the provision of CSAM. In some cases, they will gather images and video of their peers for sale, the report said. In others, children are recruited to provide images of themselves – sometimes willingly for money, and sometimes via sextortion.

Late last month the UK’s National Crime Agency warned about a surge in online networks of mostly teenaged boys that are procuring and sharing CSAM. Reports of these networks, often known collectively as the Com, increased sixfold between 2022 and 2024, the NCA said. They often groom their peers online and then extort them after persuading them to send compromising images of themselves.

While the Com’s members will sell such material, the abuses are also often for their own gratification. Members have been arrested for encouraging victims to commit suicide.

Teenaged boys themselves can also be victims of sextortion, alongside girls. The NCA launched an awareness campaign last month for boys between 15 and 17, whom it says are frequently targeted. It warned that sextortion is often perpetrated by gangs in West Africa or South East Asia, and are purely money-motivated.

The NCA’s CEOP Safety Centre received 380 reports of sextortion in 2024, while the the US National Centre for Missing & Exploited Children (NCMEC) has documented 28,000 global cases per year.

**What can you do?**

Parents can take action to help protect their children.

**Vet potential dates.** While the majority of online dating app users are legitimate, it pays to be extra vigilant when forming a relationship – especially when introducing new romantic partners to your family.

**Talk to your children.** You might think your children understand sextortion, but they might not. The NCA found that 74% of boys did not fully understand what sextortion was, and didn’t see requests for nude images as a warning sign. Educating both girls and boys on the risks is crucial. That in turn takes a relationship built on trust. Explain that if they are in trouble they can tell you anything and they are not to blame.

**Get help.** The NCA operates a site offering more resources and education for parents, children, and professionals.

**We don’t just report on threats—we remove them**

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

 Child predators are lurking on dating apps, warns report 

US senator Cassidy is afraid that Chinese companies will jump at the opportunity to buy the genetic data of 15 million 23andMe customers.

Senator Cassidy, the chair of the US Senate Health, Education, Labor, and Pensions Committee has expressed concerns about foreign adversaries, including the Chinese Communist Party, acquiring the sensitive genetic data of millions of Americans through 23andMe. 

The risk is considered real because of the impending takeover of the genetic database that belongs to 23andMe. Since the DNA testing company 23andMe filed for bankruptcy it has been looking for a new owner, and views its genetic data as an asset in the possible sale.

An asset that Senator Cassidy fears could do a lot of harm in the wrong hands, as he wrote in a letter to Treasury Secretary Scott Bessent:

> “The recent bankruptcy filing by 23andMe raises questions about potential buyers of its genetic database that contains the information of approximately 15 million customers. Chinese companies have already taken steps to collect genetic data across the world that could be used for adverse purposes.”

The Department of the Treasury, through the Committee on Foreign Investment in the United States (CFIUS), has broad authority to review transactions that may impact the national security of the United States.

23andMe tried to reassure customers that:

> “Any buyer of 23andMe will be required to agree to comply with our privacy policy and with all applicable law with respect to the treatment of customer data.”

However, the senator fears that the company and its assets will be sold to the highest bidder which will put the information of its approximately 15 million customers at risk of falling into the wrong hands. For this reason he has asked 23andMe to answer a number of questions about the sales process, the supervision of the transfer, the ability of customers to delete their data, and the effect of the bankruptcy on 23andMe’s cybersecurity infrastructure.

For those that missed our tips the last time, I’ll repeat them here.

**How to delete your 23andMe data**

For 23andMe customers who want to delete their data from 23andMe:

*   Log into your account and navigate to **Settings**.
*   Under **Settings**, scroll to the section titled **23andMe data**. Select **View**.
*   You will be asked to enter your date of birth for extra security. 
*   In the next section, you’ll be asked which, if there is any, personal data you’d like to download from the company (onto a personal, not public, computer). Once you’re finished, scroll to the bottom and select **Permanently delete data**.
*   You should then receive an email from 23andMe detailing its account deletion policy and requesting that you confirm your request. Once you confirm you’d like your data to be deleted, the deletion will begin automatically, and you’ll immediately lose access to your account. 

**Check if your 23andMe data was part of the 2023 breach**

In 2023, 23andMe suffered a data breach that impacted up to seven million people. Found being sold on the dark web, the data reportedly included “profile and account ID numbers, names, gender, birth year, maternal and paternal genetic markers, ancestral heritage results, and data on whether or not each user has opted into 23AndMe’s health data.”

With the data, cybercriminals could learn about a person’s genealogy and potentially use some of the information to aid them in committing identity fraud.

There is no meaningful way to _remove_ this data from the dark web. Instead, we recommend that you run a scan using our free Digital Footprint Portal to see if your data was exposed in the 2023 breach, and then to take additional steps to protect yourself.

**We don’t just report on threats – we help safeguard your entire digital identity**

Cybersecurity risks should never spread beyond a headline. Protect your—and your family’s—personal information by using identity protection.

 Your 23andMe genetic data could be bought by China, senator warns 

If you use WhatsApp for Windows, you'll want to make sure you're on the latest version.

In a security advisory, Meta has disclosed a vulnerability that allowed an attacker to run arbitrary code on a user’s system that existed in all WhatsApp versions before 2.2450.6.

WhatsApp offers a desktop application for Windows and macOS, which users can synchronize with their mobile devices. Desktop versions of WhatsApp are generally used as extensions of mobile apps rather than primary platforms. So, while wide usage of these apps exists, their adoption rate lies likely significantly lower when compared to mobile platforms.

WhatsApp has over 3.14 billion monthly active users as of January 2025, with 73% using Android and 22% using iOS. Using WhatsApp on your desktop offers some advantages that users might appreciate. My excuse is that I can type faster on my laptop and I can make better screenshots of my conversations.

If you use WhatsApp for Windows, you should update as soon as you can.

You can find the current version of your WhatsApp for Windows by clicking on the **Settings** (gear symbol) > **Help**.

If your version number is lower than 2.2450.6, install a new version by following these steps:

1.  Click the **Start** menu and search for **Microsoft Store** to open it.
2.  In the Microsoft Store, click on **Library** located at the bottom left corner.
3.  Scroll through the list or use the search bar to find **WhatsApp Desktop**.
4.  Click on **Get Updates** or look for an **Update** button next to WhatsApp Desktop. If an update is available, it will appear here.
5.  Click the **Update** button to download and install the latest version of WhatsApp Desktop.
6.  Once the update is complete, restart the application to ensure all changes are applied.

My WhatsApp was already up to date because I have automatic updates turned on. This is how Microsoft Store on Windows can automatically install app updates.

1.  Select **Start**, then search for and select **Microsoft Store**.
2.  In the Microsoft Store app, select **Profile** (your account picture) > **Settings**.
3.  Make sure **App updates** is turned **On**.

**The vulnerability**

The vulnerability tracked as CVE-2025-30401 is described by Meta as:

> “A spoofing issue in WhatsApp for Windows prior to version 2.2450.6 displayed attachments according to their MIME type but selected the file opening handler based on the attachment’s filename extension. A maliciously crafted mismatch could have caused the recipient to inadvertently execute arbitrary code rather than view the attachment when manually opening the attachment inside WhatsApp.”

In other words, it was possible for a sender to disguise the true nature of their attachment by changing the file extension to something harmless, like a jpeg, when in reality it was a malicious file that would be opened with the program the receiver had set as default for such a file.

In the past we’ve seen this used against users that have Python installed on their systems. People were sent a python or php script as an attachment which would get executed without any warning if the receiver opened them.

**We don’t just report on threats—we remove them**

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

 WhatsApp for Windows vulnerable to attacks. Update now! 

A recent case of alleged cyber-voyeurism shows how important it is to secure your computer against unwanted eavesdroppers using malware.

When you next type something sensitive on your computer keyboard, be sure that no-one else is watching. A recent case of alleged cyber-voyeurism shows how important it is to secure your computer against unwanted eavesdroppers using malwareware.

In a class action lawsuit, six women have accused pharmacist Matthew Bathula of invading their privacy by spying on them at work and at home.

According to the lawsuit, Bathula is alleged to have planted spyware on at least 400 computers in clinics, treatment rooms, and labs at the University of Maryland Medical Center where he worked. Bathula is said to have installed a keylogger. This software monitors what a user types on a keyboard without their knowledge, relaying it back to the keylogger’s owner.

The lawsuit claims that this gave Bathula login credentials for the victims’ personal accounts and systems, including bank accounts, emails, home surveillance systems, Dropbox accounts, Google Drives, dating applications, Google Nests, and iCloud accounts.

This access enabled Bathula to download the victims’ personal information, including their private photographs and videos, the class action asserts, adding that he also used his access to systems both at home and at work to spy on the victims in real time.

He used webcams installed on work computers for telehealth sessions to spy on new mothers pumping milk at work, and did the same through their home webcams.

Bathula allegedly spied on victims with their children at home, and also watched them undressing and being intimate with partners. He is said to have disabled the cameras’ operating lights so that victims could not see they were being viewed.

**How to protect yourself**

Bathula has not thus far been charged with a crime. The anonymous women, who first became aware of the issue when the FBI contacted them, are suing their employer, University of Maryland Medical Systems, for “failure to take reasonable, readily available measures to protect its employees.”

But spyware is a threat for people outside the workplace too. What should you do to protect yourself from someone logging your keystrokes? Here are some tips.

**Keep your software up to date.** Some spies manually install keyloggers on target computers, but others use malware to install it remotely. Malware droppers frequently take advantage of known vulnerabilities in older versions of operating system and application software. They exploit these security holes to install their malware. You can minimize these loopholes by constantly keeping your software up to date.

**Install anti-malware protection.** Anti-malware protection works at the lowest level of the operating system to check on the software applications that it’s running and watch for suspicious or known malicious activity.

**Watch where you download from.** Software downloaded from unofficial sites – especially pirated software – often comes with unwelcome additions including keyloggers and other spyware.

**Don’t reuse passwords.** People often use the same password across multiple accounts for convenience. This is not a good idea. If a keylogger reads one password, its owner can try the same credentials on your other accounts. According to the lawsuit, Bathula harvested passwords from the workplace keylogger and used them to hijack personal accounts that victims hadn’t accessed at work.

**Use a password manager.** Another way to prevent a keylogger from reading your passwords is not to type them in. Instead, you can use a trusted password manager that will auto-fill password fields on login pages for you.

**Use multi-factor authentication.** Where online accounts support it, use two authentication methods to log in. Your password is one such method, but many use an authenticator app on their phone that provides an extra code to type in. Because that code changes all the time, an attacker won’t be able to use it to enter your account in future. For even more security against keyloggers, some accounts now support the use of hardware-based passkeys that don’t require you to type in a code at all.

**Protect your webcam.** Another layer of defense is to protect your webcam and microphone. Some come with security shutters, while for others, a Post-It will do. If Mark Zuckerberg covers up his camera, it’s probably a good sign that we should too, while using a microphone with a physical off switch – or at least covering your laptop one tightly with tape – can protect your audio. If someone does gain access to your webcam, at least it won’t reveal your secrets.

As with all layers of protection, these defensive measures are best used in conjunction with each other. The more difficult you make it for an attacker to spy on you, the less likely they are to succeed.

**We don’t just report on threats—we remove them**

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

Source

Malwarebytes