Security News > 2023 > June

YouTube is currently running what it describes as a "Small experiment globally," warning users to toggle off their ad blockers and avoid being limited to only three video views. As first spotted by a Reddit user on Wednesday, YouTube now displays a pop-up that notifies ad blocker users targeted by this test that "Video player will be blocked after 3 videos."

DOUG. Emergency Apple patches, justice for the 2020 Twitter hack, and "Turn off your phones, please!". DOUG. As luck would have it, we have a long list of things you can do other than just turning off your phone for five minutes.

Security analysts have discovered a previously undocumented remote access trojan named 'EarlyRAT,' used by Andariel, a sub-group of the Lazarus North Korean state-sponsored hacking group. In a more recent report from WithSecure, it was discovered that a North Korean group using a newer variant of DTrack, possibly Andariel, gathered valuable intellectual property for two months.

What is new is the extent to which the balloon was driven by US hardware, which unnamed sources told the Wall Street Journal was "Crammed" with off-the-shelf components that could have easily been purchased online. In February, US officials added six Chinese companies to its trade-restricting Entity List over their work with the Chinese government to develop high-altitude balloons like the one in question.

Microsoft announced today that an early preview of its AI-powered Windows Copilot personal assistant is rolling out to Insiders in the Windows 11 Dev Channel. "Once open, the Windows Copilot side bar stays consistent across your apps, programs and windows, always available to act as your personal assistant", said Panos Panay, Microsoft's head of Windows and Devices, in May. "It makes every user a power user, helping you take action, customize your settings and seamlessly connect across your favorite apps."

MITRE shared today this year's list of the top 25 most dangerous weaknesses plaguing software during the previous two years.Software weaknesses encompass a wide range of issues, including flaws, bugs, vulnerabilities, and errors in software solutions' code, architecture, implementation, or design.

The Iranian state-sponsored group dubbed MuddyWater has been attributed to a previously unseen command-and-control framework called PhonyC2 that's been put to use by the actor since 2021. "MuddyWater is continuously updating the PhonyC2 framework and changing TTPs to avoid detection."

The project was launched by a pro-Russian hacktivist group known as "NoName057(16)" last summer, quickly reaching 400 active members and 13,000 users on its Telegram channel. In a new report released today, Sekoia analysts say that the DDoSia platform has grown significantly over the year, reaching 10,000 active members contributing firepower to the project's DDoS attacks and 45,000 subscribers on its main Telegram channel.

Proton AG has announced the global availability of Proton Pass, an open-source and free-to-use password manager available as a browser extension or mobile app on Android and iOS.manager. Proton has been offering various privacy-focused products and services for some time, including the end-to-end encrypted Proton Mail email service, the Proton VPN service, and the Proton Drive cloud storage service.

As part of the FTC v. Microsoft hearing, Sony supplied a document from PlayStation chief Jim Ryan that includes redacted details on the margins Sony shares with publishers, its Call of Duty revenues, and even the cost of developing some of its games. It looks like someone redacted the documents with a black Sharpie but when you scan them in, it's easy to see some of the redactions.