YouTube Attempts to nudge users towards premium services by blocking viewership to those using Ad blockers

In a recent experiment, YouTube has been testing out blocking the viewership of customers who refuse to disable their ad-blockers. The experiment was first spotted by a Reddit user earlier this week, who noted that YouTube was displaying a pop-up warning to some users that “ad blockers are not allowed.”

Upon receiving this notification, users will have two options: to either disable their ad-blocker to allow YouTube ads or consider subscribing to YouTube Premium to get rid of all advertisements. The notification states, “You can go ad-free with YouTube Premium, and creators can still get paid from your subscription.”

In a statement to BleepingComputer, a YouTube spokesperson confirmed the existence of this experiment. “We’re running a small experiment globally that urges viewers with ad-blockers enabled to allow ads on YouTube or try YouTube Premium.”

The experiment rides on the back of YouTube’s Music and Premium services’ unprecedented success, with the platform surpassing 80 million subscribers in November 2022. According to a Variety report, more than 30 million users have subscribed to the platform in a little over a year.

Over the last several years, YouTube’s strategy has been to make ads longer, with a rising percentage of these ads becoming increasingly unskippable, in an attempt to push viewers to sign up for YouTube Premium’s ad-free experience.

Read: https://www.bleepingcomputer.com/news/technology/youtube-tests-blocking-videos-unless-you-disable-ad-blockers/

Meta’s security team warns that hackers are using ChatGPT’s popularity to spread malware on its platform

Meta’s security team has warned that hackers are exploiting the general public’s increased interest in ChatGPT to spread novel malware on its platform to hijack accounts. This new campaign follows a predictable trend of bad actors exploiting high-engagement topics to distribute malware.

“This is not unique to the generative AI space,” Meta’s security report stated. “As an industry, we’ve seen this across other topics popular in their time, such as crypto scams fueled by the interest in digital currency.”

Since March 2023, Meta has discovered, blocked, and reported over 1,000 unique ChatGPT-themed malicious web addresses. While some malicious applications that claim to offer ChatGPT-based tools do indeed have some working features, they also include malicious code that infects users’ devices.

“We’ve seen threat actors create malicious browser extensions available in official web stores that claim to offer ChatGPT-related tools,” Meta researchers Duc H Nguyen and Ryan Victory said in a blog post. According to the Meta security report, the malicious applications stole saved credentials to hijack accounts and run unauthorized ads.

In fact, 10 malware strains, including Ducktail and NodeStealer, have been discovered to be impersonating ChatGPT across Meta’s social networks. According to the researchers, Ducktail malware hijacked logged-in sessions, browser cookies, account information, location data, and two-factor authentication codes to compromise accounts and access Facebook ad accounts. Meta has attributed the Ducktail malware to Vietnamese threat actors, who it served with cease-and-desist letters and reported to relevant law enforcement authorities.

Similarly, NodeStealer extracted saved login information to compromise online accounts such as Facebook, Gmail, and Outlook by targeting browsers on the Windows operating system. “NodeStealer is custom written in JavaScript and bundles the Node.js environment,” Meta said. “We assessed the malware to be of Vietnamese origin and distributed by threat actors from Vietnam.”

Read: https://www.cpomagazine.com/cyber-security/hackers-are-using-chatgpt-themed-lures-to-spread-sophisticated-malware-on-meta/

Facebook investor suit over user data privacy incidents refused by Delaware judge

A judge in Delaware recently denied a motion to dismiss a lawsuit brought by shareholders against Facebook. Officers and directors of the company are accused of violating their fiduciary duties by failing to protect user data. Vice Chancellor J. Travis Laster dismissed the defense’s argument that the plaintiffs should have first demanded that Facebook’s board take legal action before filing their own suit. Delaware law requires shareholders to either demand improvement or demonstrate that such an action would be futile since most directors have self-interested interests, lack independence, or are potentially liable.

According to the complaint, Facebook executives repeatedly and continuously disobeyed a 2012 consent order with the Federal Trade Commission, under which the business agreed to stop gathering and sharing personal information about platform users and friends without their consent.

Laster dismissed insider trading accusations against several defendants, with the exception of Zuckerberg, while allowing the plaintiffs to proceed with their allegations that Zuckerberg and several other defendants violated their fiduciary duties to the firm. The plaintiffs are asking for corporate governance reforms, disgorgement of earnings they claim were obtained through insider trading, and damages granted to the business.

Read: https://www.securityweek.com/delaware-judge-refuses-to-dismiss-facebook-shareholder-suit-over-user-data-privacy-breaches/

British citizen Joseph James O’Connor confesses to cybercrime accusations, extradited to US for trial

British citizen Joseph James O’Connor has confessed to several cybercrime accusations, including charges of stalking, extortion, and swatting. O’Connor’s crimes date back to 2020, when he hijacked several famous Twitter accounts to defraud victims—including the account of future Twitter CEO Elon Musk. As reported by the Department of Justice (DoJ), O’Connor, 23, was extradited from Spain to New York to face charges in connection with the exploitation of social media accounts, online extortion, and cyberstalking.

In July 2020, O’Connor confessed to hijacking 130 Twitter accounts with two co-conspirators, including those of Elon Musk, former President Barack Obama, and Kanye West. He and his co-conspirators also defrauded Twitter users out of more than $100,000 using Bitcoin scams.

According to the DoJ, in August 2020, O’Connor pivoted to a SIM-swapping scam where he hijacked high-profile TikTok accounts to post what authorities characterize as “self-promotional” videos where his voice is audible. O’Connor also used SIM-swapping to steal sensitive materials from an unnamed public figure’s Snapchat account and threatened to release those materials publicly unless they posted messages promoting the defendant’s online persona.

Finally, over June and July 2020, O’Connor confessed to being behind several so-called “swatting” attacks against a minor, whereby the perpetrator calls in a false emergency to the victim’s address, the DoJ said.

O’Connor’s guilty plea has been hailed by the FBI’s Assistant Director of Cyber Division, Bryan Vorndran, as evidence of success in their counter-cybercrime efforts. “It shows what can be accomplished when our partners and we cooperate closely to bring these offenders to justice,” he said.

Read: https://www.darkreading.com/attacks-breaches/twitter-hacker-cops-to-cybercrimes-extradited-to-us-for-trial-

Hackers leak details of over 200M Twitter accounts, says cybersecurity firm

Hackers have leaked the private data of over 200 million Twitter accounts onto an online hacking forum, cybercrime intelligence company Hudson Rock told Insider on Friday. The breached personal data includes email addresses, phone numbers, and account handles.

Co-founder and Chief Technology Officer at Hudson Rock, Alon Gal, said the following in a statement to Insider: “This is one of the most significant data leaks in history and will unfortunately lead to a lot of accounts getting hacked, targeted with phishing, and doxed. I urge…Twitter to acknowledge this breach as soon as possible.” Insider was unable to independently verify the authenticity of the data Hudson Rock said had been leaked.

The social media giant did not immediately respond to Insider’s request for comment, and the social-media giant is yet to publicly acknowledge such a breach in the first place. Gal has warned that hackers will take advantage of the database to hack “high profile accounts,” “crypto Twitter accounts,” and “political accounts.” Hudson Rock has linked the earlier hacking of British TV personality Piers Morgan’s Twitter account to this leak.

According to the technology site Bleeping Computer, hackers have been selling and circulating large amounts of both public and private data from Twitter profiles since July 2022. The data is likely to have stemmed from a flaw in Twitter’s API, which allowed hackers to discover what Twitter handles matched registered email addresses and phone numbers. That allowed scammers to compile a database and potentially identify users who tweet anonymously. Twitter has said it resolved the API issue in January 2022.

Troy Hunt, creator of the website Have I Been Pwned, told Bleeping Computer that the leak has been added to his website. Visitors to the HIBP website can use it to check if their email is part of the Twitter leak.

Read: https://www.businessinsider.com/hackers-stole-over-200-million-emails-from-twitter-security-firm-2023-1