Security News

Following heightened worries that U.S. users' data had been accessed by TikTok engineers in China between September 2021 and January 2022, the company sought to assuage U.S. lawmakers that it's taking steps to "Strengthen data security." "Employees outside the U.S., including China-based employees, can have access to TikTok U.S. user data subject to a series of robust cybersecurity controls and authorization approval protocols overseen by our U.S.-based security team," TikTok CEO Shou Zi Chew wrote in the memo.

One of the commissioners of the U.S. Federal Communications Commission has renewed calls asking for Apple and Google to boot the popular video-sharing platform TikTok from their app stores citing "Its pattern of surreptitious data practices." "It is clear that TikTok poses an unacceptable national security risk due to its extensive data harvesting being combined with Beijing's apparently unchecked access to that sensitive data," Brendan Carr, a Republican member of the FCC, wrote in a letter to Apple and Google's chief executives.

Reports that ByteDance-owned social media platform TikTok is harmful to children are under investigation by a number of US attorneys general. "Our children are growing up in the age of social media - and many feel like they need to measure up to the filtered versions of reality that they see on their screens," said California attorney general Rob Bonta.

Adults will have to hand over credit card or passport details before they can access social media sites, the British government threatened this morning. Internet use age verification - first floated and then abandoned via the country's 2017 Digital Economy Act - will return in the UK's Online Safety Bill, digital minister Chris Philp MP has vowed, linking the technology, widely criticised by privacy activists, to protecting children from pornography websites.

Scammers are taking full advantage of the launch of Google's new TikTok competitor, YouTube Shorts, which has turned out to be an awesome tool for feeding billions of engaged viewers stolen content. Narang analyzed 50 different YouTube channels and found as of December, they had racked up 3.2 billion views across at least 38,293 videos stolen from TikTok creators.

Most modern chat systems are entirely proprietary: proprietary clients, talking proprietary protocols to proprietary servers. There's no need for this: there are free open standards for one-to-one and one-to-many comms for precisely this sort of system, and some venerable clients are still a lot more capable than you might remember.

Researchers have observed a new phishing campaign primarily targeting high-profile TikTok accounts belonging to influencers, brand consultants, production studios, and influencers' managers. In some cases seen by Abnormal Security, the actors impersonate TikTok employees, threatening the recipient with imminent account deletion due to an alleged violation of the platform's terms.

A recently discovered phishing scam tried to takeover more than 125 high-profile user accounts on TikTok. Researchers at cloud email security provider Abnormal Security detected the scams that attempted to take over people's accounts by sending emails impersonating TikTok and asking users to verify their log-in information.

The latest TikTok attacks are getting served to gamers on the platform disguised as "Free" or "Hacked" versions of games like Among Us, free Steam accounts and more, according to a new report from Malwarebytes Labs. Considering games like Among Us are largely played by tweens and teenagers, the emerging TikTok landscape could be a potent tool for threat actors to launch offensives against kids, researchers pointed out.

As more businesses rely on open-source software for mission-critical infrastructure, HackerOne, along with sponsors including Elastic, Facebook, Figma, GitHub, Shopify and TikTok, announced they are throwing a new round of resources behind an Internet Bug Bounty Program to lure threat hunters' attention to open-source supply chains. Following a spate of spectacular software supply-chain breaches, market leaders have decided to throw in some cash to fund the IBB to incentivize bug hunters to take a closer look at open-source code.