June 5, 2024 at 03:16PM High-profile TikTok accounts are being exploited and hijacked in a takeover campaign, with threat actors sending malware-infested direct messages. The malware allows account hijacking without the victim clicking on links or downloading files. TikTok is collaborating with account holders to resolve the issue and prevent future attacks. Notable accounts targeted … Read more
June 4, 2024 at 05:59PM Multiple high-profile TikTok accounts were hijacked by attackers exploiting a zero-day vulnerability in the platform’s direct messages feature. Victims included Sony, CNN, and Paris Hilton. The exploit required targets to open a malicious message, without needing to download a payload or click on embedded links. TikTok is working to restore … Read more
January 11, 2024 at 12:35PM Mandiant’s investigation of the takeover of its X account revealed a successful brute-force attack due to a change in two-factor authentication policy. The use of SMS-based 2FA was removed, leaving accounts vulnerable. The compromise led to a scam pushing CLICKSINK drainer-as-a-service, highlighting the rise of such attacks targeting valuable cryptocurrency … Read more