New China AppStore Regulations - can I have your homework?
If you’ve ever considered launching an app on chinesee AppStore then I propose rethinking it. According to the latest regulations, every app has to be registered. And that’s fine as long the government has interest in enhancing supervision and ensuring user safety in digital world. Buuuuuut…in case of launching an app company must provide detailed corporate information and other office stuff in case of passing the review of relevant departments. That’s the moment when developer might think that creating that app was not that hard comparing to the registration process. Chinese developers might be in ‘easier’ situation as they’re kinda used to that process and even if not, then they know someone, or someone that knows someone eligible for conducting registration process. On the other hand, foreign developers might consider leaving Chinese market as amount of work and probability of failure is quite high and not so lucrative. So, what’s the problem? Unfortunately, because that process is really demotivating foreign developers to launch their apps in China AppStore, there are malicious actor who have seized the opportunity and are flooding market with fake apps. ChatGPT? Nah man, have you heard of ChatG4o?
Improving safety of user and enhancing supervision of Internet content seems to be far away from the actual situation.
Source: https://www.gov.cn/zhengce/zhengceku/202308/content_6897341.htm
PESEL Withhold and Why You Should Do That?
Since 1st of June banks, notaries and telecoms located in Poland are obliged to respect PESEL number withhold. What does it mean? It means that once you’ve done it no one can on your behalf:
- buy or sell property
- take loan, credit ot leasing
- get SIM card copy and those are only some of the benefits. Sure, you won’t able to perform some actions, like withdrawing amount of money larger than triple minimal payment but in such case you can always undo withholding, wait around 30 minutes and perform the action. There’s no catch, just make it for your safety. Any doubts will be dispelled in the source statute.
Source: https://isap.sejm.gov.pl/isap.nsf/download.xsp/WDU20230001394/T/D20231394L.pdf
Ticketmaster - Data Breach
On May 20, 2024, Live Nation Entertainment, Inc. (the “Company” or “we”) identified unauthorized activity within a third-party cloud database environment containing Company data (primarily from its Ticketmaster L.L.C. subsidiary) and launched an investigation with industry-leading forensic investigators to understand what happened. On May 27, 2024, a criminal threat actor offered what it alleged to be Company user data for sale via the dark web.
If you got free $500k you can easily become an owner of Ticketmaster’s users database. Wait…you want it twice? Uhm, sure let me think about it.
Luckily for you we go a super promo so, yes, you can buy it twice. Shout out to Spidey!
Ticketmaster’s data breach has been topic of discussion for past week. Not only because of it’s amount or price but speculations. Some people undermine the reality of this breach pointing at special forces’ trap. For now there’s nothing sure besides the fact that external cloud database has been hacked. Let’s hope next week will reveal little bit more details.
Source: https://www.sec.gov/Archives/edgar/data/1335258/000133525824000081/lyv-20240520.htm Source: https://www.malwarebytes.com/blog/news/2024/05/data-leak-site-breachforums-is-back-boasting-live-nation-ticketmaster-user-data-but-is-it-a-trap
TikTok - It’s OUR Private Chat
TikTok has found itself in hot water yet again with a security mishap, where hackers have taken over high-profile accounts, including those of CNN and Paris Hilton, simply by sending a malicious direct message. This zero-click exploit, which doesn’t require any interaction from the user, leverages a zero-day vulnerability in TikTok’s messaging system. Once the message is opened, the malware executes, allowing the hackers to seize control of the account.
Reports by Semafor and Forbes uncovered this sneaky campaign, highlighting that even major brand accounts like Sony have fallen victim. TikTok’s Alex Haurek confirmed the incidents and mentioned that the platform is working closely with affected users to regain control of their accounts. Despite the gravity of the situation, TikTok assures that only a “very small” number of accounts were compromised and that measures are being taken to prevent future attacks.
This isn’t TikTok’s first rodeo with security breaches. Previous issues included vulnerabilities that could have led to large-scale data harvesting and account takeovers through a single click on a malicious link. For example, a flaw disclosed by Microsoft in 2022 and another by Imperva over a year ago exposed users to serious privacy risks.
Additionally, hackers have exploited TikTok’s viral trends to spread malware. One incident involved the Invisible Challenge, which attackers used to distribute information-stealing malware. Last year, around 700,000 accounts in Turkey were compromised through insecure SMS channels, showcasing the persistent threat landscape TikTok faces.
So, if you’re an avid TikTok user, perhaps it’s best to give your DMs a break for now. Better safe than sorry!
Additional interesting articles:
- https://samcurry.net/hacking-millions-of-modems
- https://www.kb.cert.org/vuls/id/520827
- https://cdn-dynmedia-1.microsoft.com/is/content/microsoftcorp/microsoft/final/en-us/microsoft-brand/documents/MTAC_Report_Russian_Influence_and_Paris_2024.pdf
- https://www.trendmicro.com/en_no/research/24/f/commando-cat-a-novel-cryptojacking-attack-.html