Connect with us

Cyber Security

Vulnerabilities Allowed Hackers to Change Passwords of TikTok Accounts

Avatar

Published

on

TikTok

Vulnerabilities may have allowed hackers to alter TikTok account passwords.

After spotting a pair of glitches that might have been chained to hijack accounts, a researcher won almost $4,000 from TikTok.

In late August, Muhammed Taskiran, a 20-year-old German-based researcher, told TikTok that a URL parameter on tiktok.com “reflected its value without being properly sanitised.”

This implemented a mirrored cross-site scripting (XSS) vulnerability that may have been related to a Taskiran found cross-site request forgery (CSRF) bug.

An endpoint that allowed the researcher to set a new password for accounts that had used third-party applications to sign up to the social media site was affected by the CSRF problem. By merely getting the intended user to click on a malicious connection, an attacker may have manipulated the vulnerabilities to alter the password of an account.

Taskiran explained in a report sent to TikTok through the HackerOne forum, “I combined both vulnerabilities by creating a simple JavaScript payload – triggering the CSRF – which I injected into the vulnerable URL parameter from earlier, to archive a one click account takeover’.”

TikTok graded the problem as “high severity” and granted $3,860 for his results to the researcher. The organisation partly revealed the vulnerability analysis, disclosing only little technical details.

In recent months, Taskiran has also reported two other bugs against TikTok, including one that won him just over $500.

For high-severity vulnerabilities, TikTok provides between $1,700 and $6,900, and between $6,900 and $14,800 for critical vulnerabilities. To date, the organisation has paid out more than $80,000 for 85 vulnerability reports received to its bug bounty scheme recently launched.

Because of national security issues, the United States government has sought to block TikTok, but the Chinese corporation is not backing down and it has fought some legal battles already.

Source: https://cybersguards.com/vulnerabilities-allowed-hackers-to-change-passwords-of-tiktok-accounts/

Cyber Security

Microsoft Edge, Google Chrome Roll Out Password Protection Tools

Avatar

Published

on

The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter.

Source: https://threatpost.com/microsoft-edge-google-chrome-roll-out-password-protection-tools/163272/

Continue Reading

Cyber Security

Amazon Kindle RCE Attack Starts with an Email

Avatar

Published

on

The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter.

Source: https://threatpost.com/amazon-kindle-attack-email/163282/

Continue Reading

Cyber Security

ADT Tech Hacks Home-Security Cameras to Spy on Women

Avatar

Published

on

The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter.

Source: https://threatpost.com/adt-hacks-home-security-cameras/163271/

Continue Reading

Cyber Security

Discord-Stealing Malware Invades npm Packages

Avatar

Published

on

The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter.

Source: https://threatpost.com/discord-stealing-malware-npm-packages/163265/

Continue Reading
Amb Crypto4 hours ago

Tezos Price Analysis: 24 January

Amb Crypto4 hours ago

Is MicroStrategy’s Bitcoin bet the highlight of 2021?

Automotive5 hours ago

Tesla Model S “Refresh” spied track testing

Amb Crypto5 hours ago

How long will institutions pull the weight of Bitcoin’s price rally?

Automotive5 hours ago

SpaceX Falcon 9 rocket snags world record for most satellites launched at once

Amb Crypto5 hours ago

Cardano, Qtum, Ontology Price Analysis: 24 January

Amb Crypto6 hours ago

SushiSwap’s whales may push the price even higher, here’s why

AI7 hours ago

Plato had Big Data and AI firmly on his radar

Amb Crypto7 hours ago

Polkadot, Dash, Uniswap Price Analysis: 24 January

Amb Crypto8 hours ago

Will range-bound Bitcoin fuel an altcoin rally?

Automotive8 hours ago

Tesla FSD’s vision-based approach critiqued by Waymo CEO: ‘Our sensors are orders of magnitude better’

Amb Crypto8 hours ago

Bitcoin Price Analysis: 24 January

Amb Crypto9 hours ago

China’s DCEP to be tested in Beijing and Shanghai

Amb Crypto12 hours ago

Stellar Lumens Price Analysis: 24 January

Amb Crypto14 hours ago

Ethereum, Aave, Algorand Price Analysis: 24 January

Amb Crypto1 day ago

Stellar Lumens, Cosmos, Zcash Price Analysis: 23 January

Automotive1 day ago

Tesla Powerwalls selected for first 100% solar and battery neighborhood in Australia

Amb Crypto1 day ago

Why has Bitcoin’s brief recovery not been enough

Amb Crypto1 day ago

Bitcoin Cash, Synthetix, Dash Price Analysis: 23 January

Amb Crypto1 day ago

XRP Price Analysis: 23 January

Amb Crypto1 day ago

Binance Coin, Augur, Compound Price Analysis: 23 January

Automotive1 day ago

Tesla ruins David Einhorn’s near-perfect Q4 at Greenlight Capital

Amb Crypto1 day ago

Who pulls the trigger on Bitcoin’s volatility?

Amb Crypto1 day ago

Why now is the best time to buy Bitcoin, Ethereum

Amb Crypto1 day ago

Tron, Waves, Dogecoin Price Analysis: 23 January

Automotive1 day ago

What if Tesla doesn’t refresh the Model S or X?

Amb Crypto1 day ago

Ethereum Price Analysis: 23 January

Quantum1 day ago

Quantum connection is made by flying drones

AI1 day ago

This Week’s Awesome Tech Stories From Around the Web (Through January 23)

Amb Crypto1 day ago

Can XRP, XMR, other altcoin holders swing trade their way out of a bear market?

Trending