Linus Sebastian, owner of popular YouTube channel Linus Tech Tips, has revealed how he woke at 3am in the morning to find his channel hacked. 
 
Linus Tech Tips is a YouTube channel which delivers technology-based content to over 15 million subscribers. Driven by Sebastian’s passion for technology, the channel has been running for 15 years and proven to be wildly successful. So, not surprisingly, it made a tempting target for hackers. As well as Linus Tech Tips, two other channels associated with Sebastian – TechLinked and Techquickie – were also compromised in this attack. 
 
While your organization may not run a YouTube channel, the method in which Linus Tech Tips was hacked could be applied to any IT system. Therefore, it’s crucial that we learn about session hijacking. 

What Happened to Linus Tech Tips

Alarm bells started ringing for Sebastian when he was woken at 3am to reports of his channels being hacked. New videos had been loaded and were being streamed as live events. But, far from being productions sanctioned by Sebastian, they were rogue videos featuring crypto scam videos apparently endorsed by Elon Musk. 

Desperately, Sebastian repeatedly tried to change his passwords, but it made no difference; the videos continued to be streamed. Sebastian was equally puzzled as to why the associated 2FA processes hadn’t been activated. Eventually, he discovered the attack was the result of session hijacking. 

A member of Sebastian’s team had downloaded what appeared to be a PDF relating to a sponsorship deal, but the file was laced with malware. Not only did the malware start stealing data, but it also retrieved session tokens. You may not be familiar with session tokens but, effectively, these are the authorization files which keep you logged into websites. So, when you return to that website, you don’t have to re-enter your login credentials each time. Unfortunately, for Sebastian, it gave the threat actors full and unauthorized access to his YouTube channels. 

How Do You Prevent Session Hijacking? 

Once it had been established that compromised session tokens were behind the breach, YouTube was able to swiftly secure Sebastian’s channels. Nonetheless, the ease with which the threat actors managed to bypass login credentials and 2FA is troubling. This means it’s vital you follow these best practices to protect against session hijacking: 

  • Understand what malware is: the attack on Linus Tech Tips was the result of malware and social engineering combining to deliver a sucker punch. Accordingly, educating your staff through comprehensive and regular refresher courses should be a priority. This will allow your staff to identify threats before they are activated and protect your IT systems from being compromised. 

For more ways to secure and optimize your business technology, contact your local IT professionals. 


Read More


IT documentation is seen by many businesses as a labor-intensive task with little value. However, this is a big mistake as IT documentation is essential. 

The complexity of even the most basic IT infrastructure is vast. Therefore, it makes sense for all organizations to record details about their systems. This can take in simple details such as ID numbers for individual workstations all the way through to more complex configurations including SSL certificates and firewall settings. With this information at your disposal, you will have a much better understanding of your IT infrastructure. While it’s recommended to maintain digital copies of your IT documentation, it also makes sense to keep printed copies in case of an IT emergency. 

Why Do You Need IT Documentation? 

As we’ve already stated, IT documentation isn’t taken very seriously by all organizations. They are, after all, often busy focusing on other objectives. But this outlook can come back to haunt you when there’s a major IT failure within your infrastructure. And, once you’ve done the hard work of establishing a documentation system, maintaining it is relatively straightforward. 

So, for those of you who still need convincing, here are the main reasons that IT documentation is crucial: 

  • Acts as a useful inventory: any modern business will be aware of the need for IT equipment, but managing the sheer number of devices is often difficult. In fact, ask most businesses how many PCs and laptops they own, and they’ll struggle to give you a solid answer. Consequently, this can cause overspending when organizations believe new equipment is required, but readily available equipment has simply been lost in the system. But, with all your inventory recorded, you can make better purchasing decisions. 

For more ways to secure and optimize your business technology, contact your local IT professionals. 

Read More


Your server room should act as the heartbeat for all your day-to-day IT operations. But it will only support your productivity if it’s maintained correctly. 

The complexities of a server room are numerous. Not only is there the wide range of technical equipment which needs to be connected, but there are also several health and safety requirements which need to be met. This means that keeping a server room operating is hard work, but it’s a task which is crucial for any modern business. 

Why Do You Need to Maintain a Server Room? 

A well-maintained server room is essential for preserving the reliability of your computer networks and overall IT infrastructure. By providing a secure, controlled environment, you will ensure your server room is optimized for housing IT equipment such as servers, routers, data storage and back-up power supplies. Failing to maintain a server room will jeopardize the long-term health of all your IT operations. Therefore, maintaining your server room is vital for your business to remain operational and productive. 

How Do You Maintain a Server Room? 

Optimizing the performance of your server room is essential, but how do you go about maintaining it correctly? Well, the best way to get started is with the basics, so make sure you implement the following into your server room maintenance: 

  • Practice good cable practices: server rooms rely heavily on cables to connect equipment together, but cables can quickly become a tangled mess. This can cause two major problems: identifying specific cables becomes difficult and the risk of overheating increases significantly. Accordingly, you need to group cables together and label them to allow quick identification. The best way to group cables together is by using velcro straps and you can easily label cables by color coding them e.g. yellow for communication cables and blue for data. 

For more ways to secure and optimize your business technology, contact your local IT professionals. 

Read More


At the start of March 2023, a new National Cybersecurity Strategy was launched by the Biden administration. And it promises big things. 

The previous National Cybersecurity Strategy was released by the Trump administration in 2018. However, since then, the world and the internet has changed significantly. An updated strategy makes sense. But what exactly does it seek to change about the way in which we access and navigate our way through the internet? Well, for one thing, it starts by stating that the Biden administration will be investing $65 million in order to provide every American with access to high-speed internet. 

In terms of cybersecurity, however, the 2023 strategy tackles a much broader range of problems

The Ins and Outs of the 2023 National Cybersecurity Strategy 

The paper which outlines the 2023 National Cybersecurity Strategy is 35 pages long. It’s also a complex read. But this doesn’t mean the main takeaways are exclusive to high-level IT experts. This is why we’ve decided to help you by breaking down the five pillars that the paper covers: 

  1. One of the major priorities of the 2023 strategy is to secure our critical infrastructures. This means that essential systems and networks – such as energy grids and water supply systems – are at risk from cyberattacks. And, just imagine, if a group of threat actors disrupted power supplies, it would result in a major catastrophe. Therefore, the Biden administration is aiming to foster collaboration between government agencies and other stakeholders to identify and protect against any vulnerabilities. 
  1. Strengthening our cyber defenses and disrupting threat actors has been identified as a major area for the 2023 strategy to cover. This involves developing strong cybersecurity policies, ones which can quickly detect and respond to cyber-attacks. Once developed, these policies need to be implemented as seamlessly as possible to protect our networks. Naturally, investment in technology and skilled staff will feature heavily in the success of this second pillar. 
  1. The third pillar of the new National Cybersecurity Strategy seeks to make market forces drive security and resilience. This means that companies which own personal data will be expected to develop more secure storage systems, and existing laws will be updated to protect users against the risk of software vulnerabilities. The aim of this pillar is to ensure that developers need to foster higher standards of care. The result will be a safer digital landscape. 
  1. Investment is crucial in any area seeking to make improvements, and the internet always needs improvements. Accordingly, the Biden administration is seeking to improve three key areas: computing technology, clean energy technology and biotechnology/biomanufacturing. This pillar is also concerned with strengthening the US cyber workforce through enhanced education and digital awareness. 
  1. The final pillar in the 2023 strategy focusses on the importance of international partnerships to pursue shared goals. After all, the US alone cannot stop the rise of cybercrime. Common threats need to be addressed by sharing resources and pooling knowledge. The end objective is to deliver higher levels of assurance that digital systems and platforms are safe and secure. 

The latest National Cybersecurity Strategy continues the excellent foundations put in place over the last two decades. It’s a responsible step for the Biden administration to take and, at the very least, will provide peace of mind that the internet remains, on the whole, safe to use. 

For more ways to secure and optimize your business technology, contact your local IT professionals. 

Read More


Making notes is part and parcel of any working day, so it’s fantastic that we have apps such as Microsoft’s OneNote. Except when it opens you up to malware.

Part of the Microsoft Office suite, OneNote is an app which allows you to create notes and store them in one central location. Therefore, you can create text documents, drawings and tables on a blank canvas and then access them from any location. While it has proved popular with business users, it has also been readily adopted by threat actors for malicious means. And this is because OneNote also allows you to share its files – known as notebooks – with other users. Accordingly, malicious software has been able to spread.

How Has OneNote Been Compromised?

The malware risk with OneNote has been growing for some time and can be evidenced by the following attacks:

Staying Safe from OneNote Attacks

With OneNote’s notebooks becoming a popular method for cyber-attacks, it’s crucial you understand how to deal with them. Therefore, make sure you practice the following:

  • Block notebook files: If your organization doesn’t use OneNote files, the best thing to do is block notebook files in your email servers. This will minimize the risk of these attachments appearing in your employees’ inboxes and ensure the malware can’t be activated.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More