TikTok Sued by US Government, Dark Angels Receives Record-Breaking $75M Demand: Your Cybersecurity Roundup

Cybersecurity news banner, TikTok sued, Dark Angels lawsuit.

TikTok Sued by US Government for Violating Children's Privacy

TikTok is facing a lawsuit from the US Department of Justice and the Federal Trade Commission for violating children’s privacy laws. The lawsuit alleges that TikTok knowingly allowed children to create accounts and collect their personal information without parental consent, despite a previous agreement to comply with child privacy regulations.

The lawsuit also accuses TikTok of misleading parents about the safety of the platform and failing to delete children’s data upon request. TikTok denies the allegations and claims to have implemented measures to protect children’s privacy.

This is not the first time TikTok has faced scrutiny over its handling of children’s data. Regulators have also fined the company in Europe for similar violations.

The outcome of this lawsuit could have significant implications for TikTok’s future in the US, as well as for other social media platforms that collect data on children.

Dark Angels Receives Record-Breaking $75M Ransomware Demand

The unprecedented $75 million ransom paid to the Dark Angels ransomware gang marks a watershed moment in the evolution of cybercrime. This cybercriminal group has redefined the ransomware playbook, prioritising high-value targets, massive data exfiltration, and minimal operational disruption.

Unlike many of their counterparts that rely on a spray-and-pray approach, Dark Angels exhibits surgical precision, focusing on organizations with deep pockets and critical infrastructure. By stealing vast quantities of sensitive data, they significantly increase their leverage, compelling victims to pay exorbitant ransoms to prevent data breaches and reputational damage. 

Moreover, Dark Angels’ strategic decision to often abstain from encrypting systems is a counterintuitive yet highly effective tactic. By minimizing business disruption, they create a more conducive environment for negotiation and increase the likelihood of payment. This approach underscores the group’s sophisticated understanding of victim psychology and their willingness to adapt to evolving threat landscapes.

The success of Dark Angels serves as a stark reminder of the escalating sophistication of cyber threats. Organizations must recognize that traditional security measures may be insufficient to counter these advanced adversaries. A multifaceted approach, encompassing robust data protection, incident response planning, and employee training, is essential to mitigate the risks posed by groups like Dark Angels.

Critical Flaw Found in Rockwell Automation ControlLogix Devices

A severe security vulnerability has been discovered in Rockwell Automation’s ControlLogix 1756 devices. This flaw, identified as CVE-2024-6242, allows attackers to bypass security measures and potentially execute malicious commands on the industrial control system (ICS). 

The vulnerability bypasses the trusted slot feature, a security mechanism designed to protect the PLC CPU from untrusted network cards. Successful exploitation could enable attackers to modify user projects, configure devices, and even download arbitrary logic to the PLC CPU. 

Rockwell Automation has released updates to address the issue, and users are strongly advised to apply the patches as soon as possible.

This discovery highlights the ongoing challenge of securing critical infrastructure against cyber threats.

Toronto Police Bust SIM Swap Fraud Ring

Toronto police have successfully dismantled a sophisticated SIM swap fraud ring responsible for compromising over 1,500 cellular accounts across Canada.

The year-long investigation, dubbed Project Disrupt, led to the arrest of 10 individuals and the laying of 108 charges. The fraudsters targeted victims by taking over their phone numbers and granting them access to personal information and financial accounts.

The scheme resulted in over $1 million in losses for victims, telecommunications companies, and financial institutions.

Police are urging the public to remain vigilant against phishing attempts and to strengthen their account security measures, including using strong, unique passwords and enabling two-factor authentication.