Security News

Reports that ByteDance-owned social media platform TikTok is harmful to children are under investigation by a number of US attorneys general. "Our children are growing up in the age of social media - and many feel like they need to measure up to the filtered versions of reality that they see on their screens," said California attorney general Rob Bonta.

Adults will have to hand over credit card or passport details before they can access social media sites, the British government threatened this morning. Internet use age verification - first floated and then abandoned via the country's 2017 Digital Economy Act - will return in the UK's Online Safety Bill, digital minister Chris Philp MP has vowed, linking the technology, widely criticised by privacy activists, to protecting children from pornography websites.

Scammers are taking full advantage of the launch of Google's new TikTok competitor, YouTube Shorts, which has turned out to be an awesome tool for feeding billions of engaged viewers stolen content. Narang analyzed 50 different YouTube channels and found as of December, they had racked up 3.2 billion views across at least 38,293 videos stolen from TikTok creators.

Most modern chat systems are entirely proprietary: proprietary clients, talking proprietary protocols to proprietary servers. There's no need for this: there are free open standards for one-to-one and one-to-many comms for precisely this sort of system, and some venerable clients are still a lot more capable than you might remember.

Researchers have observed a new phishing campaign primarily targeting high-profile TikTok accounts belonging to influencers, brand consultants, production studios, and influencers' managers. In some cases seen by Abnormal Security, the actors impersonate TikTok employees, threatening the recipient with imminent account deletion due to an alleged violation of the platform's terms.

A recently discovered phishing scam tried to takeover more than 125 high-profile user accounts on TikTok. Researchers at cloud email security provider Abnormal Security detected the scams that attempted to take over people's accounts by sending emails impersonating TikTok and asking users to verify their log-in information.

The latest TikTok attacks are getting served to gamers on the platform disguised as "Free" or "Hacked" versions of games like Among Us, free Steam accounts and more, according to a new report from Malwarebytes Labs. Considering games like Among Us are largely played by tweens and teenagers, the emerging TikTok landscape could be a potent tool for threat actors to launch offensives against kids, researchers pointed out.

As more businesses rely on open-source software for mission-critical infrastructure, HackerOne, along with sponsors including Elastic, Facebook, Figma, GitHub, Shopify and TikTok, announced they are throwing a new round of resources behind an Internet Bug Bounty Program to lure threat hunters' attention to open-source supply chains. Following a spate of spectacular software supply-chain breaches, market leaders have decided to throw in some cash to fund the IBB to incentivize bug hunters to take a closer look at open-source code.

Douyin, the Chinese app known as TikTok outside the Middle Kingdom, has imposed limits on usage time for kids. In a weekend post to Tencent-operated portal qq.com, Douyin's owner ByteDance revealed that it has moved all users who have authenticated with their real names, and are under 14 years of age, into "Youth mode".

The Dutch Data Protection Authority announced Thursday that it has imposed a fine of €750,000 on TikTok "For violating the privacy of young children". More specifically, TikTok failed to provide a privacy statement in the Dutch language, making it difficult for young children to understand what would happen to their data.