Afternoon Dessert - 2022-09-05

Welcome to another Afternoon Dessert breakout:

TikTok denies hack following leak of user data, source code
TikTok denies recent claims it was breached, and source code and user data were stolen, telling BleepingComputer that data posted to a hacking forum is "completely unrelated" to the company. [...]
Read more....

Chrome fixes 0-day security hole reported anonymously – update now!
This time, the crooks got there first - only 1 security hole patched, but it's a zero-day.
Read more....

QNAP: New DeadBolt ransomware attacks exploit Photo Station bug
QNAP is warning customers of ongoing DeadBolt ransomware attacks that started on Saturday by exploiting a zero-day vulnerability in Photo Station. [...]
Read more....

Interpol dismantles sextortion ring, warns of increased attacks
A transnational sextortion ring was uncovered and dismantled following a joint investigation between Interpol's cybercrime division and police in Singapore and Hong Kong. [...]
Read more....

New EvilProxy service lets all hackers use advanced phishing tactics
A reverse-proxy Phishing-as-a-Service (PaaS) platform called EvilProxy has emerged, promising to steal authentication tokens to bypass multi-factor authentication (MFA) on Apple, Google, Facebook, Microsoft, Twitter, GitHub, GoDaddy, and even PyPI. [...]
Read more....