Cyber security firm finds 'multiple vulnerabilities' in Tik Tok security

abc6onyourside | January 15, 2020

A cybersecurity firm tested the security of Tik Tok and found "multiple vulnerabilities" in the app's code, allowing for security loopholes and hacking accounts. Check Point Research published their findings on the app, showing the security concerns. The firm's research shows they were able to manipulate code to mess with accounts' contents, delete and upload videos without the account owner's consent, make previously "hidden" videos public, and access personal information like email addresses. Researchers at Check Point say they were even able to exploit a feature where users can text themselves a link to download Tik Tok and use it to send malware to any phone number.

Spotlight

The growing complexity of activities, a changing workforce, regulatory requirements, and dependencies on third parties has dramatically impacted the operational risk profile for many organizations. This white paper offers practical guidance to achieve an effective operational risk management strategy with GRC technology.

Spotlight

The growing complexity of activities, a changing workforce, regulatory requirements, and dependencies on third parties has dramatically impacted the operational risk profile for many organizations. This white paper offers practical guidance to achieve an effective operational risk management strategy with GRC technology.

Related News

DATA SECURITY

Veza, the Data Security Platform Built on the Power of Authorization, Announces Partnership with Google Cloud

Veza | July 20, 2022

Veza, the data security platform built on the power of authorization, announces today that the company has entered a partnership with Google Cloud, including product integration that enables Google Cloud customers to harness the capabilities of Veza’s data security platform across their multi-cloud ecosystem. Veza, which recently launched in April 2022 after two years of building in stealth, makes it easy to understand, manage, and control who can and should take what action on what data. With this new integration, Google Cloud customers can now directly access the capabilities of Veza’s authorization-based data security platform integrated with Google Cloud Policy Analyzer to identify, manage, and control external identities and service accounts to Google Cloud services (Looker, BigQuery, and more). This partnership furthers the relationship between Google and Veza, which began in 2021 when GV led the Series B investment in Veza and GV Partner Karim Faris joined Veza Board of Directors. “The cloud is quickly becoming the primary footprint for organizations. By prioritizing and investing in security, Google Cloud has earned a differentiated position in the market,” said Tarun Thakur, Co-founder and CEO, Veza. “The initial product integration between Veza and Google Cloud, publicly demonstrated at the Google Cloud Security Summit in May this year, is a powerful example of how intelligence from Veza’s Authorization Graph can bolster the data security of Google Cloud customers. It shows how identity-to-data relationship insights from the Veza platform can be pulled directly into the Google Cloud Policy Analyzer, allowing customers to secure both Google Cloud data (Looker, BigQuery, Google Storage Buckets, etc.) to which multi-cloud identities (AD, Azure AD, Okta, etc.) have permissions and multi-cloud data (AWS, Snowflake, etc.) that is being accessed by Google Cloud identities.” “Securing cloud environments and data from cybercrime and threats is a key priority of organizations across the globe. “With Veza’s platform now available alongside Google Cloud’s secure and global infrastructure, customers will be able to quickly deploy the solutions they need to better understand, control, and securely take action on their data across their multi-cloud environments.” Sunil Potti, General Manager and Vice President, Cloud Security, Google Cloud Veza’s data security platform aggregates identity information from humans, service accounts, and cloud IAM entities, and authorization data from apps and data systems, giving organizations a centralized, SaaS-based control plane to visualize, manage, and control data access controls through Veza’s Authorization Graph. Veza integrates with cloud identity providers, SaaS and custom apps, and data systems, and translates system-specific entitlements and permissions into a common, human-understandable business language, visualized in the platform as effective permissions. The platform brings a novel approach to data security by enabling organizations to address key data security use cases across access reviews and certifications for SaaS apps and data systems, privileged access management to data and apps, data lake security and governance, management of cloud entitlements, and much more. It delivers prioritized insights, provides access workflows, and actionable recommendations for remediation of over-privileged accounts, enabling security and IT teams to correct anomalies and right-size their organization’s permissions to protect against ransomware and other data breaches. As organizations continue to adapt to the evolving demands of hybrid remote and in-office work, multi-cloud and hybrid-cloud environments — those with multiple providers of disparate data, app, compute, and infrastructure systems — are becoming the norm. According to the Flexera 2022 State of the Cloud Report, 89% of companies surveyed are multi-cloud, with only 2% operating in single private clouds and 9% in single public clouds. This trend is leading to a distributed web of data, relationships, and access points that are changing and difficult to track and secure. Veza and Google Cloud already have a number of joint customers deployed across the industries of SaaS software, marketing technology, and media, including Vox Media. “To support Vox Media’s growth and increasing M&A activity without compromising security, we need to ensure that across all of our brands, the right users have access only to the data they need access to, and that we have full visibility over what they can do with that data,” says Ateeb Ahmad, Senior Director, IT Infrastructure, Vox Media. With Veza and Google Cloud working together, we’ve been able to seamlessly manage access controls over our data for our largest merger to date, and tightly scope identity-to-data permissions even as our footprint with Google Cloud and other technologies grows.” “The greatest gifts of the multi-cloud and the generational architectural shift of the modern data systems are also its greatest risks: securing data, scalability, flexibility, and seamless collaboration,” says Thakur. “When organizations enable workers to reach from one cloud to another to leverage data across their entire multi-cloud ecosystem, they foster growth, enable more intelligence, and promote agility. However, such apps and data systems are also more porous and are at increased risk of cybercrime and ransomware. We purpose-built Veza’s Core Authorization Platform for the multi-cloud so that organizations can implement strong access governance policies - Veza continuously evaluates these policies and enables both automated workflows for access reviews, automated access removal for toxic and stale combinations, and facilitates access grant and request for any app, data, and service.” About Veza Veza is the data security platform built on the power of authorization. Our platform is purpose-built for hybrid multi-cloud environments to help you use and share your data safely. Veza makes it easy to understand, manage, and control who can and should take what action on what data. We organize authorization metadata across identity providers, data systems, cloud service providers, and SaaS applications — all to address the toughest data security challenges of the modern era. Founded in 2020, the company is funded by top-tier investors including Accel, Bain Capital, Ballistic Ventures, Blackstone, GV, Norwest Venture Partners, and True Ventures

Read More

SOFTWARE SECURITY

McAfee and Telstra Partner to Bring Privacy, Identity and Security Solutions to Customers Across Australia

McAfee | July 11, 2022

Today, McAfee Corp., a global leader in online protection, announced a multi-year partnership with Telstra, Australia’s leading telecommunications and technology company, to deliver comprehensive protection to safeguard the privacy and identity of consumers across activities, devices, and locations. The partnership will grant new and existing Telstra customers easy access to McAfee’s leading security solutions to deliver holistic security and privacy protection through its integrated suite of services including Antivirus, Parental Controls, Identity Protection, Secure VPN and more, to protect and secure multiple devices including mobiles, PCs and laptops. “A recent McAfee study found 27% of Australians surveyed reported attempted account theft and 23% had experienced financial account information leaks. “As the proliferation of life online accelerates, we are thrilled to be partnering with Telstra who are showing through this collaboration, a commitment to innovation and to their customers by investing in new infrastructure and technologies that safeguard their mobile and broadband subscribers.” Pedro Gutierrez, Senior Vice President of Global Sales and Operations at McAfee McAfee’s integrated consumer security platform offers a wide array of mobile security solutions to protect customers’ privacy and identity while blocking viruses, malware, spyware, and ransomware attacks. This partnership allows Telstra’s customers to take advantage of these capabilities and protect themselves from additional threats including potential hacks, identity theft and broader gaps in online and mobile security so they can live life confidently online. “In today’s increasingly connected world the risk of cyber threats continues to grow. To counter the risk, Telstra is committed to providing our customers with the safety and security features needed to protect them online,” said Matthew O’Brien, Cyber Security Executive and Group Owner at Telstra. “This partnership with McAfee helps drive our mission to build a safe and secure connected future where everyone can thrive, and further complements Telstra’s T25 ambition to extend our network leadership position by delivering greater value to our customers.” To activate Device Security, Telstra customers can simply go in-store, online or to their MyTelstra app. The full suite of McAfee features supported include Antivirus/System Scan, Safe Browsing, Protection Center, Identity Protection, Password Manager, Parental Controls, Protection Score and Secure VPN. All eligible Telstra customers can try Device Security for three months on Telstra, then auto-roll onto $10/month after. About McAfee McAfee Corp. is a global leader in online protection. Focused on protecting people, not just devices, McAfee’s solutions adapt to users’ needs in an always online world, empowering them to live securely through integrated, intuitive solutions that protect their families and communities with the right security at the right moment.

Read More

SOFTWARE SECURITY

Foresite Cybersecurity Begins XDR & Compliance Platform

Foresite Cybersecurity | June 02, 2022

Foresite Cybersecurity, a leading cybersecurity and compliance provider, announced today that it is transitioning from technical services to a product-led Open XDR SaaS platform. The platform will provide a distinct edge for mid-market enterprises by allowing them to consolidate security data from several sources into a single spot to acquire a holistic view of their security and policy compliance maturity. "Our strategy is to provide our customers with an open, extensible platform to enable them to understand their risk and compliance posture. The ProVision Open XDR platform will deliver on the single vision of our customers security posture, allowing not only discovery, response, and remediation, but also providing real-time risk and maturity scores." Matt Gyde, Chairman and CEO of Foresite Cybersecurity Mid-market organizations have battled for years to achieve adequate cybersecurity due to a lack of in-house experience or funding, with many not understanding where to start. The growing trend of remote employment has only made things more complicated. Duane Shugars, Foresite Cybersecurity Chief Technology Officer said that "The market demanded an easier, more simplified model to be protected from cyberattacks and compliant to support business supply chain requirements. We are developing our Open XDR platform to easily absorb all log data, use advanced data science techniques, proprietary machine learning and natural language models, and supply chain illumination to simplify cybersecurity, maturity and compliance." ProVision Open XDR is a cloud-native platform that will be available in Q3 2022 and will employ machine learning to enable insight across the whole IT ecosystem. In the case of an attack, the vendor-agnostic platform allows any cybersecurity technology in the customer's ecosystem, including firewalls, EDR, NDR, and many more, to monitor events, resulting in quicker remediation and reduced economic damage.

Read More