We brought together the most important news of the week from the world of cyber security.

Bill Murray fell victim to a hacker after a charity NFT auction ended

On the night of September 2, an unknown person stole 119.2 ETH (about $185,000 at the time of the incident) from Bill Murray’s cryptocurrency wallet. The actor collected these funds the day before at a charity NFT auction.

According to Etherscan, the movement of funds started around 02:00 Kyiv time. Then, the entire amount went to wallets associated with the Binance exchange and the Union Chain platform.

An unknown person also tried to steal 800 NFTs from Murray’s personal collection. However, Project Venkman, the company responsible for the security of its famous funds, moved the tokens to a third-party address using a script.

Upon learning of the incident, one of the auction participants sent 120 ETH (approximately $187,500 at the time of the transaction) to Chive Charities to recover the stolen funds.

Murray’s team has contacted the police and is working with analysts from Chainalysis to identify the hacker.

Media: Unidentified people put up for sale classified NATO documents stolen from the Portuguese military

The Portuguese Armed Forces General Staff was subjected to a hacker attack in which the attackers managed to steal secret NATO documents. Local media have been put up for sale on the darknet, citing their own sources.

According to them, the General Staff learned about the incident after samples of the stolen data were posted on the network.

The first to notice the hackers’ announcement were American cyber intelligence agents who reported their discovery to the US embassy in Lisbon. They also informed the Portuguese government about the leak.

Experts from the National Security Office and Portugal’s National Cyber ​​Security Center are currently investigating what happened.

“It was a covert cyberattack that used programmed bots to detect such documents and then was stolen, spread, and in several stages,” said one of the sources close to the investigation.

He added that the leaked documents were “extremely serious” and that their spread could lead to a real crisis of confidence in NATO in Portugal.

Official statements about the incident have not yet been received from the Portuguese authorities.

Norton Labs: More than 80% of popular sites share user search information with advertisers

About eight out of ten sites with a search bar forward their visitors’ queries to online advertisers. This was reported by security researchers from Norton Labs.

This practice involves violating user privacy and then leaking information to a large network of third parties who may use it to serve targeted advertisements or track online behavior.

Data is distributed among network members or sold to more organizations, causing users to be unable to stop distribution.

While some sites may state this in their Usage Policies, visitors often don’t read it assuming their search queries are isolated from big data intermediaries.

For the study, Norton Labs built a Chrome-based browser that collected all the traffic after a search and tested it on 1 million sites. As a result, the user request was found on third-party sites in 81.3% of cases.

Most leaks were via the referring header (75.8%) and URL (71%), and the payload included the search phrase in 21.2% of the cases examined.

In terms of privacy policy disclosures of data sharing practices, the browser found that only 13% specifically mentioned “search terms” and 75% included the general phrase “sharing user information with third parties”.

Norton Labs warned that the only way to prevent the leak is to prevent the browser from loading third-party trackers on sites the user visits. In privacy-focused search engines like DuckDuckGo or Brave Search, they recommended using built-in fields whenever possible.

Crypto video released on YouTube channel of hacked South Korean government

On September 3, hackers hacked the South Korean government’s YouTube channel and posted a video about cryptocurrencies on it. This was reported by local media.

The attackers renamed the account SpaceX Invest and began posting an interview with Elon Musk on it.

After 2.5 hours the hack was discovered and then the account was restored. Presumably, malicious people used the stolen login and password.

Group-IB records record number of database leaks by Russian companies

In the summer of 2022, the number of public databases of Russian companies doubled compared to the spring.

According to Group-IB analysts, over the course of three summers, 140 databases entered the network, the anti-record fell in August – 100 leaks from 75 Russian companies. During this period, the total number of lines published by hackers reached 304 million.

Among the victims were Internet delivery services, transportation, construction and medical companies, online cinemas, telecom operators and others.

The relevance of most published databases coincides with the spring-summer period of 2022. It includes customers’ names, phone numbers, addresses, dates of birth. Some also include hashed passwords, passport details, order details, and other personal information.

Also on ForkLog:

What to read on the weekend?

Read the exclusive ForkLog article on how the social rating system works in China and the peculiarities of life in the digital dystopia.

Read ForkLog bitcoin news in our Telegram – cryptocurrency news, courses and analysis.