Muhammed Taskiran, a 20-year-old researcher based in Germany, informed TikTok in late August that a URL parameter on tiktok.com was “reflecting its value without being properly sanitized.”
The issue is related to the PerformTicketSignature registry subkey value in CVE-2020-17049, a security feature bypass bug in Kerberos KDC that Microsoft fixed in November 2020 Patch Tuesday.
Security researchers have detected a new strain of Android malware being currently distributed in the wild, primarily targeting users located in Southeast Asia via WAP billing fraud.
Two Android applications belonging to Chinese tech giant Baidu have been removed from the official Google Play Store at the end of October after they’ve been caught collecting sensitive user details.
The France-based entertainment firm reportedly became a victim of a ransomware attack where hackers accessed and stole sensitive details of employees, including bank details and home addresses.
Law In Order, an Australian supplier of document and digital services to law firms, suffered a ransomware infection over the weekend that is believed to be the Netwalker malware.
According to the agency, “unattributed cyber actors” are registering domains designed to spoof legitimate websites pertaining to the FBI, “indicating the potential for future operational activity.”
A hacker has leaked this month the data of more than 4.2 million users registered on Peatix, an event organizing platform, currently ranked among the Alexa Top 3,500 most popular sites on the internet.
US-based software engineer Kevin Traver found two large groups of short-term loan websites that were giving up sensitive personal information via separate vulnerabilities.
Within a short span of its discovery, the Egregor ransomware has been linked to alleged attacks against organizations such as GEFCO, Crytek, Ubisoft, and Barnes & Noble, with the latest being Cencosud.