In response to today’s IT outage which has caused significant global disruption, we have published this statement, including advice on how to defend against phishing attempts 👇
https://t.co/k29nKVF7dB
tl;dr don't read TikTok dms ¯\_(ツ)_/¯
Today is was announced an unknown Threat Actor(s) had discovered an exploit in TikTok which allows users to hijack accounts.
Details are scarce – however it has been noted that the payload (as it is being described) is delivered through TikTok direct messages. The payload is executed when the direct message is read. However, it does not require any external files be executed, the user does not need to respond to the message, etc.
No details have been unveiled on whether or not this is platform specific (i.e. Android or iOS).
The unknown Threat Actor(s) have compromised Paris Hilton, CNN, and Sony. It is claimed other high-profile and/or celebrity accounts have been compromised, but no other 'high-profile' accounts have been disclosed other than the ones previously noted. The TikTok security team is aware of the issue and has confirmed the legitimacy of the exploit with Forbes.
TikTok representatives stated to Forbes that a small number of users were compromised. No exact numbers were given. TikTok representatives have not stated if the exploit is still valid, how users can protect themselves, or what the attackers have done with the compromised accounts.
This is a wild ride. Snowflake breached and scraped of over 400 companies data.
Ticketmaster and Santander leaks this week seem to be tied to this.
@vxunderground and @GossiTheDog putting out great content on it.
Criminals are launching a variety of scams targeting Muslims around the world who are planning on making the Hajj pilgrimage to Mecca, according to researchers at Resecurity. https://t.co/Y5YnSmVxmK
⚠️@actionfrauduk received more than 630 reports from victims of fraudsters targeting WhatsApp group chats this year.
👇 How to keep hackers out of your WhatsApp account:
✅Set up two-step verification (2SV) to give an extra layer of protection to your account. Tap Settings > Account > Two-step verification > Enable.
✅CALL. If a family member or friend makes an unusual request on WhatsApp, always call the person outside of WhatsApp to confirm their identity.
✅Report spam messages or block a sender within WhatsApp. Press and hold on the message bubble, select ‘Report’ and then follow the instructions.
https://t.co/6jXorJYSh1
#CyberProtect
In the Phishing by Industry Benchmarking Report, we analyzed a data set of 12.5 million users across 35k organizations with over 32 million simulated phishing security tests. Download the report now to learn how your organization compares to your peers! https://t.co/l7hopYoKUj
New breach: 200k records with 77k unique email allegedly obtained from a Facebook Marketplace contractor were posted online this month. Data also included name, phone, FB profile ID and geographic location. 84% were already in @haveibeenpwned. Read more: https://t.co/4T0IGFOd9T
.@Tobias_Ellwood the council has to make cuts somewhere 🤷♂️ and community paddling pools, while much loved, are not a mandatory service. Now then, if central government would increase funding for local councils, perhaps these much loved facilities could remain available?
Please join me in sending a message to the BCP Council not to close our much loved community paddling pools…
How you can help 👇🏻
https://t.co/IUYKNqNUnE
@hantsconnect@ROMANSE @hantshighways @BCPCouncil Won't last long unless the continual flooding of that road by blocked drains (?) is sorted out! Hopefully they'll fix that while they're at it?