#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News

YouTube | Breaking Cybersecurity News | The Hacker News

Category — YouTube
Google Takes Down Influence Campaigns Tied to China, Indonesia, and Russia

Google Takes Down Influence Campaigns Tied to China, Indonesia, and Russia

Jun 10, 2024 Social Media / Influence Operation
Google has revealed that it took down 1,320 YouTube channels and 1,177 Blogger blogs as part of a coordinated influence operation connected to the People's Republic of China (PRC). "The coordinated inauthentic network uploaded content in Chinese and English about China and U.S. foreign affairs," Google Threat Analysis Group (TAG) researcher Billy Leonard said in the company's quarterly bulletin released last week. The tech giant said it also terminated Ads, AdSense, and Blogger accounts linked to two coordinated influence operations with ties to Indonesia that shared content supportive of the ruling party in the country. Another big cluster dismantled by Google involved a network of 378 YouTube channels that it said originated from a Russian consulting firm and disseminated content that projected Russia in a favorable light and denigrated Ukraine and the West. The company further terminated one AdSense account and blocked 10 domains from showing up in Google News an...
Beware! YouTube Videos Promoting Cracked Software Distribute Lumma Stealer

Beware! YouTube Videos Promoting Cracked Software Distribute Lumma Stealer

Jan 09, 2024 Malware / Cyber Threat
Threat actors are resorting to YouTube videos featuring content related to cracked software in order to entice users into downloading an information stealer malware called Lumma. "These YouTube videos typically feature content related to cracked applications, presenting users with similar installation guides and incorporating malicious URLs often shortened using services like TinyURL and Cuttly," Fortinet FortiGuard Labs researcher Cara Lin  said  in a Monday analysis. This is not the first time pirated software videos on YouTube have emerged as an effective bait for stealer malware. At least since early 2023, similar attack chains have been observed delivering several kinds of stealers, clippers, and crypto miner malware. In doing so, threat actors can leverage the compromised machines for not only information and cryptocurrency theft, but also abuse the resources for illicit mining. In the latest attack sequence documented by Fortinet, users searching for cracked ver...
Want to Grow Vulnerability Management into Exposure Management? Start Here!

Want to Grow Vulnerability Management into Exposure Management? Start Here!

Dec 05, 2024Attack Surface / Exposure Management
Vulnerability Management (VM) has long been a cornerstone of organizational cybersecurity. Nearly as old as the discipline of cybersecurity itself, it aims to help organizations identify and address potential security issues before they become serious problems. Yet, in recent years, the limitations of this approach have become increasingly evident.  At its core, Vulnerability Management processes remain essential for identifying and addressing weaknesses. But as time marches on and attack avenues evolve, this approach is beginning to show its age. In a recent report, How to Grow Vulnerability Management into Exposure Management (Gartner, How to Grow Vulnerability Management Into Exposure Management, 8 November 2024, Mitchell Schneider Et Al.), we believe Gartner® addresses this point precisely and demonstrates how organizations can – and must – shift from a vulnerability-centric strategy to a broader Exposure Management (EM) framework. We feel it's more than a worthwhile read an...
Warning: AI-generated YouTube Video Tutorials Spreading Infostealer Malware

Warning: AI-generated YouTube Video Tutorials Spreading Infostealer Malware

Mar 13, 2023 Cyber Threat / Social Engineering
Threat actors have been increasingly observed using AI-generated YouTube Videos to spread a variety of stealer malware such as Raccoon, RedLine, and Vidar. "The videos lure users by pretending to be tutorials on how to download cracked versions of software such as Photoshop, Premiere Pro, Autodesk 3ds Max, AutoCAD, and other products that are licensed products available only to paid users," CloudSEK researcher Pavan Karthick M  said . Just as the ransomware landscape comprises core developers and affiliates who are in charge of identifying potential targets and actually carrying out the attacks, the information stealer ecosystem also consists of threat actors known as  traffers  who are recruited to spread the malware using different methods. One of the popular malware distribution channels is YouTube, with CloudSEK witnessing a 200-300% month-over-month increase in videos containing links to stealer malware in the description section since November 2022. These link...
cyber security

Innovate Securely: Top Strategies to Harmonize AppSec and R&D Teams

websiteBackslashApplication Security
Tackle common challenges to make security and innovation work seamlessly.
Hackers Stealing Browser Cookies to Hijack High-Profile YouTube Accounts

Hackers Stealing Browser Cookies to Hijack High-Profile YouTube Accounts

Oct 21, 2021
Since at least late 2019, a network of hackers-for-hire have been hijacking the channels of YouTube creators, luring them with bogus collaboration opportunities to broadcast cryptocurrency scams or sell the accounts to the highest bidder. That's according to a new report published by Google's Threat Analysis Group (TAG), which said it disrupted financially motivated phishing campaigns targeting the video platform with cookie theft malware. The actors behind the infiltration have been attributed to a group of hackers recruited in a Russian-speaking forum. "Cookie Theft, also known as 'pass-the-cookie attack,' is a session hijacking technique that enables access to user accounts with session cookies stored in the browser," TAG's Ashley Shen  said . "While the technique has been around for decades, its resurgence as a top security risk could be due to a wider adoption of multi-factor authentication (MFA) making it difficult to conduct abuse, and shif...
Google Fined $170 Million For Violating Kids' Privacy On YouTube

Google Fined $170 Million For Violating Kids' Privacy On YouTube

Sep 06, 2019
Google has finally agreed to pay $170 million fine to settle allegations by the Federal Trade Commission and the New York attorney general that its YouTube service earned millions by illegally harvesting personal information from children without their parents' consent. The settlement requires Google to pay $136 million to the FTC and an additional $34 million fine to New York state for allegedly violating the Children's Online Privacy Protection Act (COPPA) Rule. The COPPA rule requires child-directed websites and online services to explicitly obtain parental consent before collecting personal information from children under the age of 13 and then using it for targeted advertising. However, an FTC investigation [ PDF ] against Google's video service for children, called YouTube Kids, revealed that it had illegally gathered kids' data under 13. The data also includes children' persistent identification codes used to track a user's Internet browsing hab...
Expert Insights / Articles Videos
Cybersecurity Resources