Security News

PLUS: DOGE web design disappoints; FBI stops crypto scams; Zacks attacked again; and more! Infosec In Brief A security researcher has found that Google could leak the email addresses of YouTube...

Google has fixed two vulnerabilities that, when chained together, could expose the email addresses of YouTube accounts, causing a massive privacy breach for those using the site anonymously. [...]

Malicious Google ads are a well known threat, but malvertising can also be found on other popular online destinations such as Facebook, LinkedIn, and YouTube. Case in point: an enduring campaign that aims to infect Facebook users with the SYS01 information stealer, which grabs everything the attackers need to carry on with it endlessly.

YouTube reportedly now injects ads directly into video streams to make it more difficult for ad blockers to block advertisements. Currently, YouTube performs client-side ad injection, where JavaScript scripts and the video player on a user's device load and display ads.

The issue began yesterday, and although it does not appear to impact everyone, it is far from isolated, with affected users reporting that it affects all YouTube videos. The reports come from users of ad blockers on both Chrome and Firefox, like Adblock Plus, as well as web browsers that have integrated ad-blocking systems, such as OperaGX. A first reported by 9to5Google, many users are accusing YouTube of intentionally causing this problem, as Google has begun cracking down on the use of ad blockers on YouTube over the past year.

Google fixes yet another Chrome zero-day exploited in the wildFor the eighth time this year, Google has released an emergency update for its Chrome browser that fixes a zero-day vulnerability with an in-the-wild exploit. GitHub fixes maximum severity Enterprise Server auth bypass bugA critical, 10-out-of-10 vulnerability allowing unrestricted access to vulnerable GitHub Enterprise Server instances has been fixed by Microsoft-owned GitHub.

The threat research team discovered a significant spike in scams leveraging sophisticated tactics such as using deepfake technology, AI-manipulated audio synchronization, and hijacking of YouTube and other social channels to disseminate fraudulent content. While all social media is a natural breeding ground for scams, YouTube has become a significant channel for crime.

Google is adding a new feature to Google Chrome that allows publishers to add video chapters to videos embedded on websites, similar to how chapters work on YouTube. Video chapters break a video into different sections, each with its own preview, helping viewers find and rewatch specific parts easily.

YouTube announced yesterday that third-party applications that block ads while watching YouTube videos violates its Terms of Service, and it will soon start taking action against the apps. Google exposes numerous APIs allowing developers to integrate YouTube into their applications, showing videos or retrieving data about videos hosted on the platform.

YouTube is no longer showing recommended videos to users logged out of a Google account or using Incognito mode, making people concerned they are being bullied into always being signed into the service. This change, which is now rolling out, shows a simple YouTube homepage without any videos or tips on what to watch.