Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label TikTok. Show all posts
web3 technology
Blockchain Technology decentralized apps Technology TikTok web3 technology

How Trust Can Drive Web3 Adoption and Growth

 




Web3 technology promises to transform the internet, making it decentralized, secure, and transparent. However, many people hesitate to adopt it due to a lack of trust in the technology. Building this trust requires clear explanations, user-friendly experiences, and a solid infrastructure.  


Social Media: A Gateway to Web3  

Platforms like TikTok have become key tools for introducing users to Web3. For example, Hamster Kombat, a cryptocurrency-based game, attracted over 300 million players using TikTok. The platform made it easy for users to learn about the game by sharing tutorials, guides, and strategies, building trust among new players.  

Similarly, SonicX, a popular tap-to-earn game, onboarded over two million users through TikTok. The team behind the game, Sonic SVM, simplified the process for users by creating automatic wallets and removing transaction fees, making it feel like a traditional app. These efforts demonstrate how social media can act as a bridge between Web2 and Web3, helping more people understand and use these technologies.  


Why Strong Infrastructure Matters  

While social media helps with onboarding, a dependable Web3 infrastructure is essential for long-term success. Powerloom, for example, offers a decentralized network of over 5,300 nodes that collect and update blockchain data in real time. This ensures that decentralized applications (dApps) and smart contracts always operate with accurate information. By eliminating outdated data risks, Powerloom strengthens user confidence in Web3 platforms.  


Blockchain and dApps: Trust-Building Tools  

At its core, blockchain technology ensures security and transparency. It uses decentralized networks and cryptography to prevent tampering with data. This builds trust, as users can rely on the integrity of the system.  

Decentralized applications (dApps) also play a vital role. Take Uniswap, for instance. Its open-source code is accessible to anyone for verification, and regular security audits ensure its reliability. Users can trade or add liquidity without needing approval, reinforcing the trustworthiness of the platform.  


Reputation Through Tokenization  

Tokenization brings another layer of trust by rewarding users with reputation tokens for positive actions. These tokens serve as a record of reliability and contributions, discouraging malicious activity. In decentralized marketplaces, they enable peer-to-peer reviews without depending on centralized authorities, making the system fairer and more transparent.  

Web3 technology has immense potential, but its adoption depends on trust. Social media, combined with secure infrastructure, transparent dApps, and reputation systems, can make this next phase of the internet more accessible and trustworthy. By focusing on these elements, Web3 can achieve its vision of a decentralized and user-driven digital world.  


Read more »
Trojan
Cyber Security Google AMP Phishing Attacks RATs Russia TikTok Trojan

Hackers Use Russian Domains for Phishing Attacks

Hackers Use Russian Domains for Phishing Attacks

The latest research has found a sharp rise in suspicious email activities and a change in attack tactics. If you are someone who communicates via email regularly, keep a lookout for malicious or unusual activities, it might be a scam. The blog covers the latest attack tactics threat actors are using.

Malicious email escapes SEGs

Daily, at least one suspicious email escapes Secure Email Getaways (SEGs), like Powerpoint and Microsoft, every 45 seconds, showing a significant rise from last year’s attack rate of one of every 57 seconds, according to the insights from Cofense Intelligence’s third-quarter report.

A sudden increase in the use of remote access Trojans (RATs) allows hackers to gain illegal access to the target’s system, which leads to further abuse, theft, and data exploitation.

Increase in Remote Access Trojan (RAT) use

Remcos RAT, a frequently used tool among hackers, is a key factor contributing to the surge in RAT attacks. It allows the attacker to remotely manipulate infected systems, exfiltrate data, deploy other malware, and obtain persistent access to vulnerable networks.

According to the data, the use of open redirects in phishing attempts has increased by 627%. These attacks use legitimate website functionality to redirect users to malicious URLs, frequently disguised as well-known and reputable domains.

Using TikTok and Google AMP

TikTok and Google AMP are frequently used to carry out these attacks, leveraging their worldwide reach and widespread use by unknowing users.

The use of malicious Office documents, particularly those in.docx format, increased by roughly 600%. These documents frequently include phishing links or QR codes that lead people to malicious websites.

Microsoft Office documents are an important attack vector due to their extensive use in commercial contexts, making them perfect for targeting enterprises via spear-phishing operations.

Furthermore, there has been a substantial shift in data exfiltration strategies, with a rise in the use of.ru and.su top-level domains (TLDs). Domains with the.ru (Russia) and.su (Soviet Union) extensions saw usage spikes of more than fourfold and twelvefold, respectively, indicating cybercriminals are turning to less common and geographically associated domains to evade detection and make it more difficult for victims and security teams to track data theft activities.

Read more »
Zero Click Attacks
Cyber Attacks Personal Data Social Media TikTok Zero Click Attacks

Stay Secure: How to Prevent Zero-Click Attacks on Social Platforms

Stay Secure: How to Prevent Zero-Click Attacks on Social Platforms

While we have all learned to avoid clicking on suspicious links and be wary of scammers, this week we were reminded that there are some silent threats out there that we should be aware of zero-click assaults.

Recent Incidents

As Forbes first reported, TikTok revealed that a few celebrities' accounts, including CNN and Paris Hilton, were penetrated by simply sending a direct message (DM). Attackers apparently used a zero-day vulnerability in the messaging component to run malicious malware when the message was opened. 

The NSA advised all smartphone users to turn their devices off and back on once a week for safety against zero-click assaults, however, the NSA accepts that this tactic will only occasionally prevent these attacks from succeeding. However, there are still steps you can take to protect yourself—and security software such as the finest VPNs can assist you.

TikTok’s Vulnerability: A Case Study in Zero-Click Exploits

As the name implies, a zero-click attack or exploit requires no activity from the victim. Malicious software can be installed on the targeted device without the user clicking on any links or downloading any harmful files.

This feature makes these types of attacks extremely difficult to detect. This is simply because a lack of engagement significantly minimizes the likelihood of hostile activity.

Cybercriminals use unpatched vulnerabilities in software code to carry out zero-click exploits, known as zero-day vulnerabilities. According to experts at security firm Kaspersky, apps with messaging or voice calling functions is a frequent target because "they are designed to receive and interpret data from untrusted sources"—making them more vulnerable.

Once a device vulnerability has been properly exploited, hackers can use malware, such as info stealers, to scrape your private data. Worse, they can install spyware in the background, recording all of your activity.

The Silent Threat

This is exactly how the Pegasus spyware attacked so many victims—more than 1,000 people in 50 countries, according to the 2021 joint investigation—without them even knowing it.

The same year, Citizen Lab security experts revealed that utilizing two zero-click iMessage bugs, nine Bahraini activists' iPhones were successfully infiltrated with Pegasus spyware. In 2019, attackers used a WhatsApp zero-day vulnerability to inject malware into communications via a missed call.

As the celebrity TikTok hack story shows, social media platforms are becoming the next popular target. Meta, for example, recently patched a similar vulnerability that could have let attackers to take over any Facebook account.

Protective Measures

Stay Updated
  • Regularly update your operating system, apps, and firmware. Patches often address known vulnerabilities.
  • Enable automatic updates to stay protected without manual intervention.
App Store Caution
  • Download apps only from official app stores (e.g., Google Play, Apple App Store). Third-party sources may harbor malicious apps.
  • Remove unused apps to reduce your attack surface.
Multi-Factor Authentication (MFA)
  • Enable MFA for all your accounts, especially social media platforms. Even if an attacker gains access to your password, MFA adds an extra layer of security.
  • Use authenticator apps or hardware tokens instead of SMS-based codes.
Beware of DMs
  • Be cautious when opening DMs, especially from unknown senders.
  • Avoid clicking on links or downloading files unless you’re certain of their legitimacy.
Media Files Scrutiny
  • Treat media files (images, videos, audio) with suspicion.
  • Avoid opening files from untrusted sources, even if they appear harmless.
No Jailbreaking or Rooting
  • Modifying your device’s software (jailbreaking/rooting) weakens security.
  • Stick to the official software to maintain robust defenses.
Read more »
TikTok
IPO Rubrik Startups Technology TikTok

The Tech Landscape: Rubrik, TikTok, and Early-Stage Startups


The idea that the public markets are not as exclusive to tech firms as some believed was reinforced by Rubrik's aggressive IPO pricing and the positive response it received from the public markets following its listing. If Rubrik's outcome is insufficient to end the deadlock, perhaps there is another issue at hand.

1. Rubrik’s IPO Triumph

Rubrik, a data management company, recently made waves by going public through an initial public offering (IPO). The reception was nothing short of remarkable, signaling a shift in sentiment toward tech startups. For years, the public markets seemed somewhat closed to these fledgling companies, but Rubrik’s success challenges that notion.

The IPO process is a litmus test for any company. It involves transparency, financial scrutiny, and investor confidence. Rubrik’s strong pricing and positive market response indicate that investors are willing to embrace tech startups, provided they demonstrate robust fundamentals and growth potential.

As Rubrik’s stock ticker symbol blinks across trading screens, it serves as a beacon for other startups eyeing the public markets. The message is clear: If you have a compelling product, a solid business model, and a vision for the future, the IPO route is viable.

2. TikTok’s Regulatory Quandary

TikTok, the viral short-form video platform, has been on a rollercoaster ride. Loved by millions for its entertaining content, it also faces regulatory hurdles. The United States government has demanded that TikTok divest from its parent company or face a ban. This move underscores the geopolitical complexities surrounding tech companies.

Why the scrutiny? TikTok’s Chinese ownership raises concerns about data privacy, national security, and censorship. As the app continues to captivate users globally, governments grapple with how to balance innovation and security. The TikTok saga serves as a cautionary tale for tech companies operating in a globalized world.

For startups, understanding regulatory landscapes is crucial. Navigating legal frameworks, data protection laws, and geopolitical tensions requires strategic foresight. TikTok’s experience highlights the need for transparency, compliance, and proactive engagement with regulators.

3. TechCrunch Early Stage Event

Tech Crunch hosted its annual Early Stage event. This gathering brought together startups, investors, and industry experts. The event’s focus? Empowering early-stage companies to thrive.

In Boston, where the event took place, entrepreneurs pitched their ideas, networked, and absorbed insights from seasoned veterans. The buzz around early-stage startups was palpable. Investors scouted for promising ventures, and founders honed their pitches.

Why does this matter? Early-stage support is the lifeblood of innovation. Startups need mentorship, capital, and exposure to flourish.

Read more »
Western nations
Cyber Security Cybersecurity Safety concerns threat TikTok Western nations

Tiktok Ban: China Criticizes a Proped Bill in the US Congress

China has criticized a proposed bill in the US Congress that could potentially lead to the banning of TikTok in the United States, labeling it as unfair. This action marks the latest development in a longstanding dispute over safety concerns regarding the popular app, which is owned by a Chinese company. Authorities, politicians, and security personnel in numerous Western nations have already been prohibited from installing TikTok on official devices.

Addressing three major cyber concerns surrounding TikTok, the first revolves around its data collection practices. Critics frequently accuse TikTok of gathering excessive amounts of user data, a claim supported by a cyber-security report published by Internet 2.0, an Australian firm, in July 2022. This report, based on an analysis of TikTok's source code, highlighted what it described as "excessive data harvesting," including details such as location, device specifications, and installed apps. However, contrasting studies suggest that TikTok's data collection practices are not significantly different from other social media platforms, with similar types of data being collected for user behavior tracking.

The second concern focuses on the potential for TikTok to be exploited by the Chinese government for espionage purposes. TikTok asserts its independence and denies providing user data to the Chinese government, emphasizing that such actions would not be entertained if requested. However, critics remain wary due to the app's ownership by ByteDance, a Beijing-based tech company. Allegations raised by former US President Donald Trump in a 2020 executive order suggested that TikTok's data collection could enable China to engage in espionage activities, although concrete evidence supporting these claims remains elusive.

The third concern revolves around the possibility of TikTok being utilized as a tool for "brainwashing" users. TikTok defends its community guidelines, stating that they prohibit misinformation and harmful content. However, concerns have been raised regarding the platform's recommendation algorithm and its potential susceptibility to influence operations. Comparisons with Douyin, TikTok's sister app available only in China, highlight disparities in content censorship. While Douyin reportedly promotes wholesome and educational content, TikTok's approach appears less stringent in terms of political censorship.

Overall, these concerns primarily exist as theoretical risks rather than concrete evidence of wrongdoing. Critics argue that TikTok could potentially serve as a covert instrument during times of conflict, akin to a "Trojan horse." However, decisions to ban TikTok, as seen in India in 2020, or restrict Chinese tech companies like Huawei from participating in 5G infrastructure development, are often based on these theoretical risks rather than tangible evidence. Conversely, China does not face similar concerns regarding US-based apps, as access to such platforms has been blocked for Chinese citizens for several years.
Read more »
WhatsApp
Apple Cyber Crime Cyberattacks CyberCrime DMA Compliant E2EE iMessage Messenger Meta Privacy Protocol Technology Fusion TikTok WhatsApp

Signal Protocol Links WhatsApp, Messenger in DMA-Compliant Fusion

 


As part of the launch of the new EU regulations governing the use of digital "gatekeepers," Meta is ready to answer all of your questions about WhatsApp and Messenger providing end-to-end encryption (E2EE), while also complying with the requirements outlined in the Digital Markets Act (DMA). A blog post by Meta on Wednesday detailed how it plans to enable interoperability with Facebook Messenger and WhatsApp in the EU, which means users can message each other if they also use Signal's underlying encryption protocol when communicating with third-party messaging platforms. 

As the Digital Markets Act of Europe becomes more and more enforced, big tech companies are getting ready to comply with it. In response to the new competition rules that took effect on March 6, Google, Meta, and other companies have begun making plans to comply and what will happen to end users. 

There is no doubt that the change was not entirely the result of WhatsApp's decision. It is known that European lawmakers have designated WhatsApp parent company Meta as one of the six influential "gatekeeper" companies under their sweeping Digital Markets Act, giving it six months to allow others to enter its walled garden. 

Even though it's just a few weeks until the deadline for WhatsApp interoperability with other apps approaches, the company is describing its plans. As part of the first year of the regulation, the requirements were designed to support one-to-one chats and file sharing like images, videos, or voice messages, with plans for these requirements to be expanded in the coming years to include group chats and calls as well. 

In December, Meta decided to stop allowing Instagram to communicate with Messenger, presumably to implement a DMA strategy. In addition to Apple's iMessage app and Microsoft's Edge web browser, the EU has also made clear that the four parent companies of Facebook, Google, and TikTok are "gatekeepers," although Apple's parent company Alphabet and TikTok's parent company ByteDance are excluded. 

ETA stated that before the company can work with third-party providers to implement the service, they need to sign an agreement for interoperability between Messenger and WhatsApp. To ensure that other providers use the same security standards as WhatsApp, the company requires them to use the Signal protocol. 

However, if they can be found to meet these standards, they will accept others. As soon as another service sends a request for interoperability, Meta is given a window of three months in which to do so. The organization warns, however, that functionality may not be available for the general public to access immediately. 

The approach Meta has taken to interoperability is designed to meet the DMA requirements while also providing a feasible option for third-party providers looking to maximize security and privacy for their customers. For privacy and security, Meta will use the Signal Protocol to ensure end-to-end encrypted communication. This protocol is currently widely considered the gold standard for end-to-end encryption in E2EE.
Read more »
X
Adobe Amazon Artificial Intelligence Cyberattacks CyberCrime Microsoft Technology TikTok X

Corporate Accountability: Tech Titans Address the Menace of Misleading AI in Elections

 


In a report issued on Friday, 20 leading technology companies pledged to take proactive steps to prevent deceptive uses of artificial intelligence from interfering with global elections, including Google, Meta, Microsoft, OpenAI, TikTok, X, Amazon and Adobe. 

According to a press release issued by the 20 companies participating in the event, they are committed to “developing tools to detect and address online distributions of artificial intelligence content that is intended to deceive voters.” 

The companies are also committed to educating voters about the use of artificial intelligence and providing transparency in elections around the world. It was the head of the Munich Security Conference, which announced the accord, that lauded the agreement as a critical step towards improving election integrity, increasing social resilience, and creating trustworthy technology practices that would help advance the advancement of election integrity. 

It is expected that in 2024, over 4 billion people will be eligible to cast ballots in over 40 different countries. A growing number of experts are saying that easy-to-use generative AI tools could potentially be used by bad actors in those campaigns to sway votes and influence those elections. 

From simple text prompts, users can generate images, videos, and audio using tools that use generative artificial intelligence (AI). It can be said that some of these services do not have the necessary security measures in place to prevent users from creating content that suggests politicians or celebrities say things they have never said or do things they have never done. 

In a tech industry "agreement" intended to reduce voter deception regarding candidates, election officials, and the voting process, the technology industry aims at AI-generated images, video, and audio. It is important to note, however, that it does not call for an outright ban on such content in its entirety. 

It should be noted that while the agreement is intended to show unity among platforms with billions of users, it mostly outlines efforts that are already being implemented, such as those designed to identify and label artificial intelligence-generated content already in the pipeline. 

Especially in the upcoming election year, which is going to see millions of people head to the polls in countries all around the world, there is growing concern about how artificial intelligence software could mislead voters and maliciously misrepresent candidates. 

AI appears to have already impersonated President Biden in New Hampshire's January primary attempting to discourage Democrats from voting in the primary as well as purportedly showing a leading candidate claiming to have rigged the election in Slovakia last September by using obvious AI-generated audio. 

The agreement, endorsed by a consortium of 20 corporations, encompasses entities involved in the creation and dissemination of AI-generated content, such as OpenAI, Anthropic, and Adobe, among others. Notably, Eleven Labs, whose voice replication technology is suspected to have been utilized in fabricating the false Biden audio, is among the signatories. 

Social media platforms including Meta, TikTok, and X, formerly known as Twitter, have also joined the accord. Nick Clegg, Meta's President of Global Affairs, emphasized the imperative for collective action within the industry, citing the pervasive threat posed by AI. 

The accord delineates a comprehensive set of principles aimed at combating deceptive election-related content, advocating for transparent disclosure of origins and heightened public awareness. Specifically addressing AI-generated audio, video, and imagery, the accord targets content falsifying the appearance, voice, or conduct of political figures, as well as disseminating misinformation about electoral processes. 

Acknowledged as a pivotal stride in fortifying digital communities against detrimental AI content, the accord underscores a collaborative effort complementing individual corporate initiatives. As per the "Tech Accord to Combat Deceptive Use of AI in 2024 Elections," signatories commit to developing and deploying technologies to mitigate risks associated with deceptive AI election content, including the potential utilization of open-source solutions where applicable.

 Notably, Adobe, Amazon, Arm, Google, IBM, and Microsoft, alongside others, have lent their support to the accord, as confirmed in the latest statement.
Read more »
TikTok
Android Cyberattacks Cybersecurity Gaming Giant Nintndo iOS Microsoft Passwords Privacy TikTok

Gaming Giant Nintendo Embraces Passkeys for Enhanced Security and Convenience

 


As passkeys continue to be more widely used as authenticators for a variety of sign-in purposes, the path towards a passwordless future is being driven forward. There are reports that this authentication method will be part of Microsoft's Windows 11 operating system, which may apply to user accounts on Nintendo's game consoles, Twitter accounts, and the device switching feature of messaging giant WhatsApp, as well as other websites and applications. 

Passkeys are a form of password-less authentication which harnesses the power of fingerprint, face scan, and other biometric techniques to create a stronger foundation for logins while keeping their security. A passkey is now available for consumers to register with the company and use on multiple devices to sign in from anywhere. 

According to the company, all users who have compatible devices can use the biometric login to access their smart devices, especially those who use biometric logins to access their devices. It is possible to use Passkey on iOS and Android operating systems, and all users need to do is meet the minimum requirements in terms of software to accomplish that task.

Adding a passkey to a user's Nintendo account can be done by visiting accounts.nintendo.com from the device that they plan to use the passkey on. Upon logging into their Nintendo Account, go to the Sign-in and Security settings section > Passwords > Edit, and then follow the instructions. 

After that, select Register a new passkey and follow the steps to complete the setup process on the user's device by selecting the Register a new passkey option. For now, Nintendo does not support passkeys on devices with iOS 16 or later, iPadOS 16 or later, macOS 13 or later, and Android 9 or later, as well as devices that are running iOS 16 or later. It will also allow users to register up to 10 different passkeys for their Nintendo account, and it will also assist with logging in. 

The Nintendo support page can give them more information on how to use passkeys and other issues related to passkeys. Passkeys have become a more secure alternative to passwords among an increasing number of online services that support them as a safer substitute. As far as passkeys are concerned, TikTok has joined the likes of Apple, PayPal, and 1Password in fully supporting the technology this year. 

In addition to Google Chrome, Cloud, and Workspace accounts, users can now also sign in directly to their GitHub account. GitHub just announced a passwordless method of logging in today. Passkeys are a tangible example of Nintendo's commitment to the future of authentication using digital means. Such advancements must be made in the gaming, technology, and digital security industries as the lines between them continue to blur. 

The time has come for all the developers and product managers out there to gear up and dive into the world of passkeys to learn more about them. In the future, it is going to be seamless and secure, and it seems like it can't get any better than that. 

Nintendo's Passkey now supports online account logins. A NintendoSoup team member discovered that the company has also been working on integrating Passkeys with Nintendo Accounts as part of a recent security enhancement. With this technology used as an additional layer of authentication, the company may be able to enhance the security of its accounts.  

If the user registers a passkey with their Nintendo Account, there is an additional layer of security that can protect the account from unauthorized access. To sign in to their account, users have the option of using their passkey instead of their email address or the sign-in ID and password they normally use to sign in. 

In Nintendo's opinion, users' passkeys are stored in advance on their smartphones or other devices, so they can access that device when they are signing in, and it can be retrieved by logging onto the device.  Using passkeys to switch devices in the WhatsApp beta It was announced recently that WhatsApp has enabled the use of passkeys in its beta channel to facilitate sign-in for its popular messaging app as part of its ongoing efforts to strengthen security. 

When switching devices, or when setting up the app on a new phone, users can sign in using their face or fingerprint biometrics, or with their screen lock password or pattern while setting up the app on a new phone, according to Android Police.

A new feature has been in the works on the app owned by Meta since August, and today the app outlined that the feature will be available in the next few weeks to more users. There has been a recent addition by WhatsApp to its application that allows you to lock private chats using biometrics. 

There is now the option for users to register their Passkeys to their Nintendo Accounts via supported mobile devices, as long as they meet the following requirements:   iPhone with iOS 16 or newer iPad with iPad 16 or newer Mac computer with macOS 13 or newer Android devices with Android OS 9 or newer
Read more »
Subscribe to: Posts (Atom)