Month: February 2023

The European Commission (EC) and the European Council, the two largest policy bodies in the EU, are the latest government entities to implement a TikTok ban for their staff. The EU bodies requested that their staff remove the TikTok app from their work devices, as well as from their personal devices that contain work-related apps installed. An alternative option that was offered to the staff is to delete work-related apps from their personal phones if they want continues to use TikTok.

A similar move was adopted by the US Government, banning the use of TikTok on all government devices by the end of February 2023 due to national security concerns.

In 2020, India banned TikTok, among dozens of other China-developed apps.

In anticipation of the EU ban, TikTok has gone on a major PR offensive, including infrastructure investments that includes opening three local data centers in Europe for its EU user’s data.

TikTok, developed by Chinese firm ByteDance, has over 1 billion active users across 154 countries. It has come under close scrutiny in the US and other countries for its alleged ties to the Government of China.

Read more about it here.

Web hosting giant GoDaddy disclosed on February 17, 2023 a multi-year security breach that enabled unknown threat actors to install malware on its servers and exfiltrate source code related to some of its services.

The threat actors have breached its cPanel shared hosting environment.

The malware installed on the systems of the company was intermittently redirecting random customer websites to malicious websites, stated the company.

The security breach was discovered in December 2022 after customers reported that this, however the attackers had access to GoDaddy’s network for several years.

The company says that previous breaches disclosed in November 2021 and March 2020 are also linked to this multi-year campaign.

Read more about it here.

PayPal has recently filed with the US Maine Attorney General’s Office notice of a data breach, after learning that confidential consumer information was compromised following what appears to have been a credential stuffing attack. The incident resulted in an unauthorized party gaining access to consumers’ names, addresses, Social Security Numbers, individual Tax Identification Numbers, and dates of birth. After confirming that consumer data was leaked, PayPal began sending out data breach notification letters to all 34,942 individuals – who were impacted by this data security incident.

Credential stuffing is a type of attack in which hackers “stuff” the login page with numerous credentials taken elsewhere until one eventually works. This method relies on people using the same passwords across multiple online services so that if one gets breached, all are at risk.

To protect its users, PayPal reset the passwords for the affected users, and “enhanced security controls”, requiring users to set up a new account on their next login. The affected users were also given two years free identity monitoring services through Equifax.

Read more about it here.