Security News

"Attackers could have leveraged the vulnerability to hijack an account without users' awareness if a targeted user simply clicked a specially crafted link," Dimitrios Valsamaras of the Microsoft 365 Defender Research Team said in a write-up. Successful exploitation of the flaw could have permitted malicious actors to access and modify users' TikTok profiles and sensitive information, leading to the unauthorized exposure of private videos.

Microsoft found and reported a high severity flaw in the TikTok Android app in February that allowed attackers to "Quickly and quietly" take over accounts with one click by tricking targets into clicking a specially crafted malicious link."Attackers could have leveraged the vulnerability to hijack an account without users' awareness if a targeted user simply clicked a specially crafted link," Microsoft 365 Defender Research Team's Dimitrios Valsamaras said.

TikTok has joined Twitter in publishing new US midterm misinformation rules, with considerable crossover in scope and style. Eric Han, TikTok's head of US safety, shared in a blog post that the social video platform is taking a variety of steps to provide access to authoritative information and counter election misinformation.

The UK's Parliament has ended its presence on TikTok after MPs pointed out the made-in-China social media service probably sends data about its users back to Beijing. The existence of the account saw half a dozen MPs write to the presiding officers of the Houses of Lords and Commons - Lord McFall of Alcluith and Sir Lindsay Hoyle, respectively - to ask for the account to be discontinued.

TikTok's Global Chief Security Officer Roland Cloutier has "Transitioned" from his job into "a strategic advisory role focusing on the business impact of security and trust programs." Cloutier's change was revealed in a Saturday organizational update that starts with Cloutier himself signing off from the job on grounds that TikTok has "Made significant progress in delivering on the promises we've made to our global community, business partners, and governments around the world."

The reversal, reported by TechCrunch, comes a day after the Italian data protection authority - the Garante per la Protezione dei Dati Personali - warned the company against the change, citing violations of data protection laws. "The personal data stored in users' devices may not be used to profile those users and send personalized ads without their explicit consent," the Garante said.

Following heightened worries that U.S. users' data had been accessed by TikTok engineers in China between September 2021 and January 2022, the company sought to assuage U.S. lawmakers that it's taking steps to "Strengthen data security." "Employees outside the U.S., including China-based employees, can have access to TikTok U.S. user data subject to a series of robust cybersecurity controls and authorization approval protocols overseen by our U.S.-based security team," TikTok CEO Shou Zi Chew wrote in the memo.

One of the commissioners of the U.S. Federal Communications Commission has renewed calls asking for Apple and Google to boot the popular video-sharing platform TikTok from their app stores citing "Its pattern of surreptitious data practices." "It is clear that TikTok poses an unacceptable national security risk due to its extensive data harvesting being combined with Beijing's apparently unchecked access to that sensitive data," Brendan Carr, a Republican member of the FCC, wrote in a letter to Apple and Google's chief executives.

Reports that ByteDance-owned social media platform TikTok is harmful to children are under investigation by a number of US attorneys general. "Our children are growing up in the age of social media - and many feel like they need to measure up to the filtered versions of reality that they see on their screens," said California attorney general Rob Bonta.

Adults will have to hand over credit card or passport details before they can access social media sites, the British government threatened this morning. Internet use age verification - first floated and then abandoned via the country's 2017 Digital Economy Act - will return in the UK's Online Safety Bill, digital minister Chris Philp MP has vowed, linking the technology, widely criticised by privacy activists, to protecting children from pornography websites.