The Army Bans TikTok

Credit to Author: Brian Barrett| Date: Sat, 04 Jan 2020 14:00:00 +0000

A million-dollar email scam, a Chinese hacking campaign, and more of the week's top security news.

Happy New Year! Well, it was for a day or two, anyway. But after the US assassinated Iranian military leader Qasem Soleimani in a drone strike, experts warned that the likely retaliation could include disruptive cyberattacks, along with more traditional strikes. It's an alarming start to the year, especially as tensions continue to escalate.

Elsewhere in the world, TikTok released its first transparency report this week, including the surprising and perhaps unlikely assertion that the Chinese government hadn't requested any user information from the viral app in the first half of 2019. A similar-sounding app called ToTok turned out to be an alleged spy app from the United Arab Emirates. And we took a look at the military lessons of Star Wars: The Rise of Skywalker. Chaos is king!

We also got retrospective, cataloging decade's most dangerous people on the internet and its worst hacks. It was also the decade that email scams leveled up, turning into a multibillion dollar industry.

And that's not all! Every Saturday we round up the security and privacy stories that we didn’t break or report on in-depth but think you should know about nonetheless. Click on the headlines to read them, and stay safe out there.

Speaking of TikTok! The US Army closed out the year by banning TikTok on government phones, citing it as a "cyber threat." The Navy has taken the same step, following Pentagon guidance to "uninstall TikTok to circumvent any exposure of personal information." This doesn't mean that TikTok is actively spying on its users, or that you should also purge it. But it's always healthy to be aware of what data apps are collecting from you and where they send it. In the case of TikTok, that means China, which means government employees are probably right to take extra precautions.

A 2018 indictment detailed how China's elite APT10 hackers used access to so-called managed service providers to steal intellectual properly from dozens of companies. As bad as it seemed at the time, the Wall Street Journal has shared fresh details that make clear how much worse things actually got. Companies like Hewlett Packard Enterprise were "so overrun that the cloud company didn’t see the hackers re-enter their clients’ networks," the report says. By breaking into one company that provides services over the internet to several clients, APT10's hacking spree was brutally efficient, even by China's high standards.

You literally hate to see it. When a Reddit user tried to stream images from his Xiaomi camera to his Google Nest Hub, the display instead showed what appeared to be still photos from other people's homes. It appears to be an isolated incident, and Google has suspended its Google Home and Assistant integraton with Xiaomi until it figures out what happened. Starting to feel like "smart home" was a pretty serious misnomer.

Remember that thing about email scamming becoming a big business over the last few years? Still is! Fraudsters tricked officials in the town of Erie, Colorado to send $1.01 million of payments intended for a construction company to an unauthorized bank account instead. From there, the funds were wired out of the country. It's not the biggest so-called BEC score in recent memory, but every one of them hurts.

https://www.wired.com/category/security/feed/