Worrying YouTube security flaw exposed billions of user emails
Experts have warned that any email from a YouTube account could be pulled from Google with a ‘relatively simple exploit’. A researcher who goes by Brutecat managed to leverage several vulnerabilities across Google products to access the email address of any YouTube user, CyberNews reports. Google has now patched the flaw, but this does represent a serious risk to the privacy of users, and could put them in danger of phishing attacks. Around 1 billion hours of YouTube is watched daily, with almost 2.5 billion users and 51 million channels – so privacy is important, here’s what we know.
Virginia Attorney General’s Office Struck by Cyberattack Targeting Attorneys’ Computer Systems
The Virginia Attorney General’s office, the state’s top prosecutorial agency led by Jason Miyares, was struck by a cyberattack this week that forced officials off the office’s computer systems. According to the Richmond Times-Dispatch, the chief deputy attorney general of the agency sent an email on Wednesday that said nearly all of is computer systems were offline, and that Virginia State Police and other law enforcement officials were investigating the attack. “Nearly all systems are offline, including but not limited to Net Docs, Outlook, Teams, OAG Fileshare, our VPN access, and internet connectivity via the OAG network,” Chief Deputy Attorney General Steven Popps said in an email to staff, according to the Times-Dispatch.
South Korea blocks downloads of DeepSeek from local app stores
South Korean officials on Saturday temporarily restricted Chinese AI Lab DeepSeek’s app from being downloaded from app stores in the country pending an assessment of how the Chinese company handles user data. The Personal Information Protection Commission (PIPC) said the Chinese app would be available to be downloaded once it complies with Korean privacy laws and makes the necessary changes. The restrictions will not affect usage of the existing app and web service in the country. However, the data protection authority said it “strongly advises” current users to avoid entering personal information into DeepSeek until its final decision is made.
Fintech giant Finastra notifies victims of October data breach
Financial technology giant Finastra is notifying victims of a data breach after their personal information was stolen by unknown attackers who first breached its systems in October 2024. London-based Finastra provides financial services software applications to more than 8,100 financial institutions across 130 countries, including 45 of the world’s top 50 banks. As the company warned in breach notification letters sent to those impacted by the breach, the security incident was first detected on November 7 after Finastra identified malicious activity on some of its systems.
Got a Microsoft Teams invite? Storm-2372 Gang Exploit Device Codes in Global Phishing Attacks
Security experts have warned that a cybercriminal group has been running a malicious and inventive phishing campaign since August 2024 to break into organizations across Europe, North America, Africa, and the Middle East. The Russian group, known as Storm-2372, has targeted government and non-governmental organisations (NGOs), as well as firms working in IT, defence, telecoms, health, and the energy sector. What makes the campaign particularly notable is the way that it attempts to lure unsuspecting victims through the use of device codes from WhatsApp and Microsoft Teams.
