Riding Hood Solutions Weekly Threat Brief, Week of April 28, 2025

1. TikTok Alleged Data Breach: 927,000 Passwords at Risk

A hacking group claims to have breached TikTok, potentially exposing nearly a million user passwords. The attackers allege that they warned TikTok about the vulnerability but received no response, prompting them to leak the data. TikTok has questioned the legitimacy of these claims, but users are advised to remain vigilant. ​

Action Steps:

• Change your TikTok password immediately.

• Enable two-factor authentication (2FA) for added security.

• Monitor your account for any suspicious activity.​

  
  

2. WooCommerce Users Targeted in Phishing Campaign

Cybercriminals are conducting a large-scale phishing campaign targeting WooCommerce users. The attackers send fake security vulnerability alerts, tricking users into providing credentials or installing malicious plugins, granting them backdoor access to WordPress websites. ​

Action Steps:

• Verify the authenticity of any security alerts received.

• Avoid clicking on links from unsolicited emails.

• Keep your WordPress plugins and themes updated.​

  
  

3. Second Phone Number iOS App Leaks User Messages

An iOS app offering virtual phone numbers has exposed user data, including messages. The breach raises concerns about the security of apps that handle sensitive communication data. ​

Action Steps:

• If you use such apps, review their privacy policies and security measures.

• Consider using apps with end-to-end encryption.

• Regularly update apps to their latest versions to patch security vulnerabilities.​

  
  

4. Employee Monitoring App Exposes 21 Million Screenshots

A security lapse in an employee monitoring application has led to the exposure of 21 million screenshots, potentially revealing sensitive personal and corporate information. ​

Action Steps:

• If your employer uses monitoring software, inquire about data protection measures in place.

• Be cautious about the information displayed on your screen during work hours.

• Employers should ensure that monitoring tools are securely configured and regularly audited.​

  
  

5. FBI Reports $16 Billion Lost to Cybercrime in 2024

The FBI has reported a record $16 billion loss due to cybercrime in the United States for the year 2024. Notably, "grandparent scams," where fraudsters impersonate relatives in distress to extract money, have seen a significant rise. ​

Action Steps:

• Educate elderly family members about common scams.

• Establish a family code word to verify identities during emergencies.

• Report any suspected scams to the authorities promptly.​

  
  

🔐 Quick Cybersecurity Tip

Regularly Update Your Passwords: Ensure that you change your passwords periodically and avoid reusing the same password across multiple platforms. Consider using a reputable password manager to generate and store complex passwords securely.​