Found 3 bookmarks
Custom sorting
TikTok Faces Fresh European Privacy Investigation Over China Data Transfers
TikTok Faces Fresh European Privacy Investigation Over China Data Transfers
The Irish Data Privacy Commission announced that TikTok is facing a new European Union privacy investigation into user data sent to China. TikTok is facing a fresh European Union privacy investigation into user data sent to China, regulators said Thursday. The Data Protection Commission opened the inquiry as a follow up to a previous investigation that ended earlier this year with a 530 million euro ($620 million) fine after it found the video sharing app put users at risk of spying by allowing remote access their data from China. The Irish national watchdog serves as TikTok’s lead data privacy regulator in the 27-nation EU because the company’s European headquarters is based in Dublin. During an earlier investigation, TikTok initially told the regulator it didn’t store European user data in China, and that data was only accessed remotely by staff in China. However, it later backtracked and said that some data had in fact been stored on Chinese servers. The watchdog responded at the time by saying it would consider further regulatory action. “As a result of that consideration, the DPC has now decided to open this new inquiry into TikTok,” the watchdog said. “The purpose of the inquiry is to determine whether TikTok has complied with its relevant obligations under the GDPR in the context of the transfers now at issue, including the lawfulness of the transfers,” the regulator said, referring to the European Union’s strict privacy rules, known as the General Data Protection Regulation. TikTok, which is owned by China’s ByteDance, has been under scrutiny in Europe over how it handles personal user information amid concerns from Western officials that it poses a security risk. TikTok noted that it was one that notified the Data Protection Commission, after it embarked on a data localization project called Project Clover that involved building three data centers in Europe to ease security concerns. “Our teams proactively discovered this issue through the comprehensive monitoring TikTok implemented under Project Clover,” the company said in a statement. “We promptly deleted this minimal amount of data from the servers and informed the DPC. Our proactive report to the DPC underscores our commitment to transparency and data security.” Under GDPR, European user data can only be transferred outside of the bloc if there are safeguards in place to ensure the same level of protection. Only 15 countries or territories are deemed to have the same data privacy standard as the EU, but China is not one of them.
#securityweek.com#EN#2025#tiktok#legal#RGPD#China#Data#Transfers#Privacy#InvestigationEU
·securityweek.com·
TikTok Faces Fresh European Privacy Investigation Over China Data Transfers
North Korea Infiltrates U.S. Remote Jobs—With the Help of Everyday Americans
North Korea Infiltrates U.S. Remote Jobs—With the Help of Everyday Americans
A LinkedIn message drew a former waitress in Minnesota into a type of intricate scam involving illegal paychecks and stolen data Christina Chapman looked the part of an everyday American trying to make a name for herself in hustle culture. In prolific posts on her TikTok account, which grew to more than 100,000 followers, she talked about her busy life working from home with clients in the computer business and the fantasy book she had started writing. She posted about liberal political causes, her meals and her travels to see her favorite Japanese pop band. Yet in reality the 50-year-old was the operator of a “laptop farm,” filling her home with computers that allowed North Koreans to take jobs as U.S. tech workers and illegally collect $17.1 million in paychecks from more than 300 American companies, according to federal prosecutors. In a June 2023 video, she said she didn’t have time to make her own breakfast that morning—“my clients are going crazy,” she said. Then she describes the açaí bowl and piña colada smoothie she bought. As she talks, at least 10 open laptops are visible on the racks behind her, their fans audibly whirring, with more off to the side. In 2023, Christina Chapman posted a TikTok that had racks of laptops visible in the background. The Wall Street Journal highlighted the laptops in this clip of the video. Chapman was one of an estimated several dozen “laptop farmers” that have popped up across the U.S. as part of a scam to infiltrate American companies and earn money for cash-strapped North Korea. People like Chapman typically operate dozens of laptops meant to be used by legitimate remote workers living in the U.S. What the employers—and often the farmers themselves—don’t realize is that the workers are North Koreans living abroad but using stolen U.S. identities. Once they get a job, they coordinate with someone like Chapman who can provide some American cover—accepting deliveries of the computer, setting up the online connections and helping facilitate paychecks. Meanwhile the North Koreans log into the laptops from overseas every day through remote-access software. Chapman fell into her role after she got a request on LinkedIn to “be the U.S. face” for a company that got jobs for overseas IT workers, according to court documents. There’s no indication that she knew she was working with North Koreans.
#wsj#EN#2025#North-Korea#US#LinkedIn#Infiltrates#Jobs#TikTok#company#work#fake
·wsj.com·
North Korea Infiltrates U.S. Remote Jobs—With the Help of Everyday Americans
TikTok Videos Promise Pirated Apps, Deliver Vidar and StealC Infostealers Instead
TikTok Videos Promise Pirated Apps, Deliver Vidar and StealC Infostealers Instead
Trend™ Research uncovered a campaign on TikTok that uses videos to lure victims into downloading information stealers, a tactic that can be automated using AI tools. Trend Research uncovered a new social engineering campaign using TikTok to deliver the Vidar and StealC information stealers. This attack uses videos (possibly AI-generated) to instruct users to execute PowerShell commands, which are disguised as software activation steps. TikTok’s algorithmic reach increases the likelihood of widespread exposure, with one video reaching more than half a million views. Businesses can be affected by data exfiltration, credential theft, and potential compromise of sensitive systems as a result of this threat. Reinforcing security awareness, especially against AI-generated content, is crucial. Monitoring for unusual command execution involving PowerShell or other system utilities also helps identify malicious activity early. Trend Vision One™ detects and blocks the IOCs discussed in this blog. rend Vision One customers can also access hunting queries, threat insights, and threat intelligence reports to gain rich context and the latest updates on this campaign Trend Research has uncovered a novel social engineering campaign using TikTok’s vast user base to distribute information-stealing malware, specifically Vidar and StealC. Unlike the prevalent Fake CAPTCHA campaign — which relies on fake CAPTCHA pages and clipboard hijacking to trick users into running malicious scripts — this new campaign pivots to exploiting the popularity and viral nature of TikTok. Threat actors are now using TikTok videos that are potentially generated using AI-powered tools to socially engineer users into executing PowerShell commands under the guise of guiding them to activate legitimate software or unlock premium features. This campaign highlights how attackers are ready to weaponize whichever social media platforms are currently popular to distribute malware. This report details the observed tactics, techniques, and procedures (TTPs), indicators of compromise (IoCs), and the potential impact of this trend.
#trendmicro#EN#2025#TikTok#Videos#Promise#Pirated#App#StealC#Infostealers
·trendmicro.com·
TikTok Videos Promise Pirated Apps, Deliver Vidar and StealC Infostealers Instead