Last week, Felix Krause, a Viennese researcher, made news when he published that TikTok can record any user’s keystroke in certain situations. He found that TikTok inserts code into a 3rd party website when the user clicks on an external link. The code essentially acts as a keystroke logger.
What does this mean? Personal information may be recorded if you click on a website from within TikTok and type any information. The keystrokes can be recorded even if you enter the information and do not press Submit. In an interview with Forbes, Krause says, “This is a non-trivial engineering task. This does not happen by mistake or randomly.”
Krause confirmed he has only tested the iOS version of the app and not the Android version.
Does this mean that you should abandon TikTok? That is a personal choice. It is up to the user to understand the potential that exists and take the necessary precaution. Based on this information, extra care is needed when accessing third-party websites directly from TikTok.
Nomad is the latest cryptocurrency trading firm to be hit with a significant theft of its crypto assets. Last week they announced a $190 million theft of their digital assets. Nomad is not alone. In a report by blockchain analytics firm, Chainalysis, over $1.7 billion of cryptocurrency was stolen this year through May.
There is a false sense of security regarding safeguarding crypto assets as they reside on the blockchain, which has long been touted as secure. Although the blockchain is relatively secure, many software applications automate the trading of cryptocurrencies. These applications are the weak spot for many blockchain operations. This opens the door for hackers to steal large amounts of assets without leaving a trace.
“In 2019 alone, an estimated $4.26 billion in cryptocurrencies was lost due to hacks, cybertheft, scams, misappropriation or insider fraud, up about 250% from 2018.” Fraudsters have upped efforts to attack cryptocurrencies in recent years.
Fraudsters are using schemes such as: embezzlement, Ponzi schemes, phishing and ransomware.
Unlike other frauds, if a person loses cryptocurrency, there is no recourse or way to recover it.
Juice jacking is ability for cybercriminals to replace legitimate, public USB chargers with devices that have the capability to download data from your phones. Just this month, the Los Angeles District Attorney’s Office warned travelers of the potential dangers of using USB charging ports in public places.
However, when asked, the DA’s office said they have had no official reports of Juice-jacking taking place in the area. In short, many believe this cyberattack is feasible, but not widespread.
My advice is to use either power packs or plug into an electrical outlet if at all possible. Even though this isn’t widespread to date, caution should still be exercised.
There is a global cybersecurity skills crisis. The threat continues to grow as there is a shortage of experts to reduce cyber attacks.
One expert believes the field is changing too fast that this issue will not be solved in the classroom. Certifications and other static methods lag behind the latest techniques used by hackers.
The most important skills for a cybersecurity to develop is creativity and curiosity, as well as thinking on one’s feet, skills that are rarely honed while in the classroom. The best learning will be by doing as real attacks are occurring.
RSA 2048-bit encryption is the standard. The time to break the code for encryption is currently so long, this is the standard for most systems. All banking, email systems, etc use 2048-bit as the primary encryption method.
Now comes the new computers called quantum computers. The processing times on these systems are a fraction of traditional computers. Experts predict RSA 2048-bit encryption may be broken in 8 hours or less.
Scientists have found a new encryption method which would not be able to be broken, but it is far becoming the standard.
With the cost of a data breach reaching over $2 million per instance, the C-suite can no longer leave cybersecurity solely to IT. CFOs are becoming more involved with defining strategy for data security with the technology leaders.
Read Jeff Thompson’s, Institute of Management Accountants CEO, article on how financial executives are taking a more proactive role when it comes to data security.
It seems that every merchant has some type of rewards cards. At first it was just airlines and hotels that had these programs, now the local yogurt shop has joined into the trend. With more and more of these rewards programs online and accessible through apps, they are a new target for hackers.
See this article in the New York Times for more details: