Hacking, Security & Privacy News - Page 4

Microsoft has swiftly deployed emergency fixes for a security flaw in Windows 11 that affected the Snipping Tool (and the Snip & Sketch app in Windows 10, too).

Those screenshot-grabbing and editing utilities were blighted by an issue whereby cropped data in PNG image files wasn't being properly overwritten, playfully named the "acropalypse" bug.

In other words, when users crop a file, the part of the picture discarded could potentially be recovered and scrutinized by someone exploiting the flaw.

Over the past couple of days, the big news was that Linus Tech Tips, a huge YouTube channel with over 15 million subscribers, was hacked. The hackers were able to change the channel name and live stream a fake Elon Musk video trying to get viewers to send Bitcoin to them.

Thankfully, Google helped Linus and his team recover his channel. Still, I can only imagine it would have been an incredibly stressful and nightmare-type situation while the recovery was in process. And it's not just Linus Tech Tips that was hacked. A few weeks ago, Andy from eTeknix suffered the same fate after being conned by a fake video sponsorship scheme where the victim is tricked into opening what appears to be an agreement PDF - the "PDF" file is the malware.

Once opened, the malware sends the user's data to the hacker. It does not matter how strong your password is or if you have enabled two-factor authentication. It's not entirely clear which data is sent, but the critical data we know that is sent includes the user's browser data, including actively logged-in session tokens and cookies. Once obtained, the hacker can carefully plan an attack on the unsuspecting victim, usually when they are asleep.

UPDATE: It looks like the Linus Tech Tips channel has been restored, with the channel re-appearing literally moments after this story went live. Here's the original article.

Popular and long-running tech-focused YouTube channel Linus Tech Tips (and those associated with the Linus Media Group) was hacked overnight and used as a platform to promote crypto scams. After a few tumultuous hours, the account was ultimately delisted.

The channel is still down, though a statement released by channel owner Linus Sebastian notes that "we are now on top of it with Google's team now." Adding that "we are getting to the bottom of the attack vector with the (hopeful) goal of hardening their security around YouTube accounts and preventing this sort of thing from happening to anyone in the future."

The NBA has warned about a data breach that has resulted in the theft of some personal details.

That personal data was stolen from what's described as a third-party newsletter service. Those affected have reportedly been contacted by the NBA and notified of the breach, and that some personal info was leaked, including names and email addresses.

However, the NBA clarified that its own systems had not been hacked, and that usernames, passwords, and suchlike have not been compromised.

Taiwanese computer company Acer has confirmed that it has experienced a massive data breach. However, its investigation into the hack indicates that customer data has not been stolen and is limited to things found on a server for repair technicians. The confirmation arrives after a hacker put up the data for auction on a popular hacker forum - claiming that 160GB of data had been stolen.

The hacker claims that the data includes "confidential" internal slides and presentations, staff documentation for technical support, Windows images, product information across various devices, "tons of BIOS stuff," and other files. The threat actor shared screenshots of schematics for an Acer display and other confidential documents to prove the data theft was real.

There isn't a price set other than the data will go to the highest bidder with the condition that payment is made via the hard-to-trace cryptocurrency Monero.

Windows 11 just got a raft of security fixes in the latest round of monthly patching from Microsoft, including some crucial ones.

In fact, there are three fixes for zero-day vulnerabilities provided, meaning bugs in Windows 11 which are public knowledge. And in this case, these security flaws are being actively exploited by nefarious types - so they represent a clear potential danger to Windows 11 users.

In total, there are 77 vulnerabilities fixed by Microsoft's February patch for Windows 11 PCs, and nine are labeled as 'critical.'

The US airline CommuteAir reportedly left a federal "No Fly List" on an unsecured server that was then accessed by a Swiss hacker.

The exclusive report comes from The Daily Dot that claims US airline CommuteAir left an unsecured server open that contained a large quantity of sensitive information. This server was accessed by a Swiss hacker that goes by "maia arson crimew" who wrote a blog post titled "how to completely own an airline in 3 easy steps," where they explained that they stumbled across the sensitive server by accident and through boredom.

Essentially, the hackers were just looking around through a search engine called Shodan when they discovered the server and a file titled "NoFly.csv". The file was opened, and the hackers discovered a 2019 version of a federal No Fly list that includes first and last names as well as dates of birth. The Daily Dot reports the list contained the names and aliases of many high-profile people, such as the recently-freed Russian arms dealer Viktor Bout and his 16 aliases.

Malware in the form of an advertisement in Google or other search engine results is not uncommon. We recently reported on a case involving a shady ad impersonating AMD for a user simply looking to update their graphics driver.

As spotted by a user on the Linus Tech Tips forums, the FBI posted a new Public Service Announcement (PSA) earlier this month, explicitly calling out this issue.

As per the PSA.

Norton LifeLock, a very well-known provider of identity protection and cybersecurity services, recently revealed in an announcement that thousands of its customers had their accounts compromised.

The parent company of Norton LifeLock, Gen Digital, states that the likely cause of the hack was a "credential stuffing" attack, which is when previously exposed or breached credentials of accounts are used to break into other accounts on different sites and services that have the same passwords. The company notes that it detected a "large volume" of failed logins to customer accounts on December 12, which led them to discover that the intruders had compromised accounts dating back to December 1.

The company sent notices to about 6,450 Norton customers whose accounts were affected by the breach. In the data breach notice, Gen Digital states that the unauthorized third party may have viewed customers' first names, last names, phone numbers, and mailing addresses. The company also said that it could not rule out that the intruders also accessed some customers' saved passwords.

A few days ago, on the popular PCMR subreddit, a user warned others that when he searched for "amd driver" the top result was an advertisement for a malicious website claiming to offer precisely that.

Of course, this wasn't a legitimate search result, but appearing above their search results, it was an ad made to look like the real thing. In our testing, it seems like the search result and site have both been removed, which is good to see.

Still, according to multiple sources, it was host to a dubious .exe download titled "Auto-Detect and Install Driver Updates for AMD Radeon Series Graphics and Ryzen Chipsets", which sounds legitimate. Until you take a closer look at the URL and realize it would definitely not do that. The site even featured AMD branding and AMD IP, a tactic that isn't new in the world of malware.