exploit

After internal testing, Microsoft discovered an exploit in the Android version of TikTok that could have given attackers access to huge amounts of personal data with a single click. The vulnerability has already been fixed, and it does not appear that anyone has been affected by the exploit. The attackers could have used this vulnerability to access user profiles, allowing outside forces to publicize private videos, send messages, and even upload videos. The exploit took advantage of the way TikTok handles WebView…

A serious vulnerability found by Microsoft in the TikTok Android app could have allowed hackers to hijack millions of accounts. On Wednesday, the company’s detailed a one-click exploit it informed TikTok of in February. The good news is that the social media company promptly patched the vulnerability before today’s disclosure and Microsoft says it has no evidence of someone using it out in the wild. “We gave them information about the vulnerability and collaborated to help fix this issue,” Microsoft’s Tanmay Ganacharya…

HoYoverse is aware and working on a fix for a ransomware exploit tied to Genshin Impact, but there’s currently no word on when the problem will be solved. The ransomware exploit – which uses malware to essentially lock off computer files and hold them ransom for payment – apparently uses Genshin Impact’s anti-cheat to deploy itself. In terms of an incoming solution, HoYoverse recently responded to GamesRadar about the ransomware issue, explaining that it is currently looking into a fix and the best course of action. “The…

Win for Rainbow Bridge while a huge loss for a hacker, smart contracts are doing wonders in 2022 Rainbow Bridge is taking up the crypto market by messing up the crypto hacking strategies of hackers or cybercriminals. Rainbow Bridge is an essential part of Near Protocol that has again experienced an attempt from a hacker over the weekend in August 2022 after May 2022. The cybercriminals prevention strategy of this company has successfully blocked the cybercriminals from taking away cryptocurrencies within 31 seconds in…

Image: GettyThe vast majority of ransomware attacks begin with cyber criminals exploiting common cybersecurity errors, which – if correctly managed – could prevent most victims from falling prey to attacks. Microsoft analyzed anonymised data of real threat activity and, according to the company's new Cyber Signals report, found that over 80% of ransomware attacks can be traced to common configuration errors in software and devices. These include applications being left in their default state, allowing user-wide…

Image: Getty/MotortionCyber criminals are exploiting dormant Microsoft accounts to bypass multi-factor authentication (MFA) and gain access to cloud services and networks, researchers have warned.The technique has been detailed by cybersecurity researchers at Mandiant, who says the exploit is being used in hacking campaigns by APT29 – also known as Cozy Bear – a hacking and espionage operation widely believed to be linked to Russia's Foreign Intelligence Service (SVR). Other offensive cyber threat groups are thought…

Image: Hinterhaus Productions/ GETTYGoogle says it uses Linux in "almost everything" from Chromebooks to the cloud. Now it is increasing its rewards for security researchers who can spot flaws in the open-source operating system.Since 2020, Google has run an open-source Kubernetes-based Capture-the-Flag (CTF) project called kCTF which allows researchers to connect to its Google Kubernetes Engine (GKE) instances, and try to hack them to capture a flag. Every 'flag' caught so far has been a container breakout through a…

Solana, an increasingly popular blockchain known for its speedy transactions, has become the target of the crypto sphere’s latest hack after users reported that funds have been drained from internet-connected “hot” wallets. An unknown actor drained funds from 7,767 wallets on the Solana network as of 5am UTC on Wednesday, Solana’s Status Twitter account said. However, blockchain security firm SlowMist’s crypto tracker identified that more than 8,000 wallets had been drained. It’s estimated the loss so far is around…

Bungie has announced that text chat in Destiny 2 has been “temporarily disabled,” after an exploit that allowed players to crash their opponent’s game in a player versus player (PvP) match was discovered. On Saturday (June 30), Bungie announced that it was “investigating” an issue involving text chat in Destiny 2 (via PC Gamer). Just over 10 minutes later, the company added that it has “temporarily disabled text chat on all platforms in Destiny 2 while we investigate an issue causing Weasel errors.” We have temporarily…

Microsoft has published an analysis of Knotweed, a private-sector offensive actor (PSOA) that developed and used a malware called Subzero to attack Windows as well as Adobe customers by using multiple zero-day exploits. The company intends to use the analysis to inform customers and industry partners to improve detection of these attacks. The company says that the exploit, which included the one that was patched in the July 2022 security update, was used to target customers in Europe and Central America.The Microsoft…