ByteDance | Breaking Cybersecurity News | The Hacker News

Popular video-sharing social network TikTok has officially gone dark in the United States, as a federal ban on the app comes into effect on January 19, 2025. "We regret that a U.S. law banning TikTok will take effect on January 19 and force us to make our services temporarily unavailable," the company said in a pop-up message. "We're working to restore our service in the U.S. as soon as possible, and we appreciate your support. Please stay tuned." An immediate outcome of the ban means that existing users will no longer be able to access TikTok content, and new users won't be able to download the app from the official app stores for Android and iOS. Other apps from its parent company ByteDance, including CapCut, Lemon8, and Gauth, have become unavailable as well. The development comes days after the U.S. Supreme Court ruled unanimously to uphold a law requiring that its ByteDance sell TikTok or see it be effectively blocked in the country due to nation...

The Canadian government on Wednesday ordered ByteDance-owned TikTok to dissolve its operations in the country, citing national security risks, but stopped short of instituting a ban on the popular video-sharing platform. "The decision was based on the information and evidence collected over the course of the review and on the advice of Canada's security and intelligence community and other government partners," François-Philippe Champagne, Minister of Innovation, Science and Industry, said in a statement. The government said it does not intend to block Canadians' access to the app itself or curtail their ability to create new content, stating the use of a social media application is a "personal choice." The use of the app has already been banned on Canadian government devices since February 2023. That having said, it urged Canadians to adopt good cyber security practices and assess the possible risks that could arise from using social media platforms,...

Intro: Why hack in when you can log in? SaaS applications are the backbone of modern organizations, powering productivity and operational efficiency. But every new app introduces critical security risks through app integrations and multiple users, creating easy access points for threat actors. As a result, SaaS breaches have increased, and according to a May 2024 XM Cyber report, identity and credential misconfigurations caused 80% of security exposures. Subtle signs of a compromise get lost in the noise, and then multi-stage attacks unfold undetected due to siloed solutions. Think of an account takeover in Entra ID, then privilege escalation in GitHub, along with data exfiltration from Slack. Each seems unrelated when viewed in isolation, but in a connected timeline of events, it's a dangerous breach. Wing Security's SaaS platform is a multi-layered solution that combines posture management with real-time identity threat detection and response. This allows organizations to get a ...

Popular short-form video-sharing service TikTok is revising its  privacy policy  for European users to make it explicitly clear that user data can be accessed by some employees from across the world, including China. The ByteDance-owned platform, which currently stores European user data in the U.S. and Singapore, said the revision is part of its ongoing data governance efforts to limit employee access to users in the region, minimize data flows outside of it, and store the information locally. The privacy policy update applies to users located in the U.K., the European Economic Area (EEA), and Switzerland, and goes into effect on December 2, 2022, according to  The Guardian . "Based on a demonstrated need to do their job, subject to a series of robust security controls and approval protocols, and by way of methods that are recognised under the GDPR, we allow certain employees within our corporate group located in Brazil, Canada, China, Israel, Japan, Malaysia, Phili...

Popular short-form social video service TikTok denied reports that it was breached by a hacking group, after it claimed to have gained access to an insecure cloud server. "TikTok prioritizes the privacy and security of our users' data," the ByteDance-owned company told The Hacker News. "Our security team investigated these claims and found no evidence of a security breach." The denial follows alleged reports of a hack that surfaced on the Breach Forums message board on September 3, with the threat actor noting that the server holds 2.05 billion records in a humongous 790GB database. "Who would have thought that TikTok would decide to store all their internal backend source code on one Alibaba Cloud instance using a trashy password?," the hacking group known as BlueHornet (aka  AgainstTheWest )  tweeted  over the weekend. Bob Diachenko, threat intelligence researcher at Security Discovery,  said  the breach is "real" and that the data i...

Following heightened worries that U.S. users' data had been accessed by TikTok engineers in China between September 2021 and January 2022, the company sought to assuage U.S. lawmakers that it's taking steps to "strengthen data security." The admission that some China-based employees can access information from U.S. users came in a letter sent to nine senators, which further noted that the procedure requires the individuals to clear numerous internal security protocols. The contents of the letter, first  reported  by The New York Times, shares more details about TikTok's plans to address data security concerns through a multi-pronged initiative codenamed "Project Texas." "Employees outside the U.S., including China-based employees, can have access to TikTok U.S. user data subject to a series of robust cybersecurity controls and authorization approval protocols overseen by our U.S.-based security team," TikTok CEO Shou Zi Chew wrote in the m...