Security News

Adults will have to hand over credit card or passport details before they can access social media sites, the British government threatened this morning. Internet use age verification - first floated and then abandoned via the country's 2017 Digital Economy Act - will return in the UK's Online Safety Bill, digital minister Chris Philp MP has vowed, linking the technology, widely criticised by privacy activists, to protecting children from pornography websites.

Scammers are taking full advantage of the launch of Google's new TikTok competitor, YouTube Shorts, which has turned out to be an awesome tool for feeding billions of engaged viewers stolen content. Narang analyzed 50 different YouTube channels and found as of December, they had racked up 3.2 billion views across at least 38,293 videos stolen from TikTok creators.

Most modern chat systems are entirely proprietary: proprietary clients, talking proprietary protocols to proprietary servers. There's no need for this: there are free open standards for one-to-one and one-to-many comms for precisely this sort of system, and some venerable clients are still a lot more capable than you might remember.

Researchers have observed a new phishing campaign primarily targeting high-profile TikTok accounts belonging to influencers, brand consultants, production studios, and influencers' managers. In some cases seen by Abnormal Security, the actors impersonate TikTok employees, threatening the recipient with imminent account deletion due to an alleged violation of the platform's terms.

A recently discovered phishing scam tried to takeover more than 125 high-profile user accounts on TikTok. Researchers at cloud email security provider Abnormal Security detected the scams that attempted to take over people's accounts by sending emails impersonating TikTok and asking users to verify their log-in information.

The latest TikTok attacks are getting served to gamers on the platform disguised as "Free" or "Hacked" versions of games like Among Us, free Steam accounts and more, according to a new report from Malwarebytes Labs. Considering games like Among Us are largely played by tweens and teenagers, the emerging TikTok landscape could be a potent tool for threat actors to launch offensives against kids, researchers pointed out.

As more businesses rely on open-source software for mission-critical infrastructure, HackerOne, along with sponsors including Elastic, Facebook, Figma, GitHub, Shopify and TikTok, announced they are throwing a new round of resources behind an Internet Bug Bounty Program to lure threat hunters' attention to open-source supply chains. Following a spate of spectacular software supply-chain breaches, market leaders have decided to throw in some cash to fund the IBB to incentivize bug hunters to take a closer look at open-source code.

Douyin, the Chinese app known as TikTok outside the Middle Kingdom, has imposed limits on usage time for kids. In a weekend post to Tencent-operated portal qq.com, Douyin's owner ByteDance revealed that it has moved all users who have authenticated with their real names, and are under 14 years of age, into "Youth mode".

The Dutch Data Protection Authority announced Thursday that it has imposed a fine of €750,000 on TikTok "For violating the privacy of young children". More specifically, TikTok failed to provide a privacy statement in the Dutch language, making it difficult for young children to understand what would happen to their data.

A fourth suspect has been arrested today for his role in the Twitter hack last year that gave attackers access to the company's internal network exposing high-profile accounts to hijacking. The United States Department of Justice announced that Joseph O'Connor, a 22-year old UK national, was detained in Spain on several charges related to the Twitter hack in July 2020.