Clubhouse Security Woes Mount Following New Data Breaches

Sophisticated Silver Sparrow malware lacking payloads appears on 30,000 Macs, WhatsApp will delete users who don't accept the new privacy policy, Kroger pharmacy latest victim of Accellion hack, more

Feb 22

It’s the start of a new week and a great time to subscribe to Metacurity’s premium version, which gives you access to our archives and premium content.

Rapidly growing audio-based social media start-up Clubhouse has apparently suffered a data breach after a programmer in mainland China designed a now-banned open-source app that allowed Android smartphone users to access the invite-only, iPhone-only service.

In addition to this app, which appeared on Github, an unidentified user was also able to stream audio feeds over the weekend from “multiple rooms” into the person’s own third-party website but was then “permanently banned.” One of the alleged hacks involves bricking an iPhone, reverse-engineering the Clubhouse application, and then using a bot’s “malicious code” to access the various streams and share them, John Furrier, founder, and chief executive officer of SiliconANGLE Media said.

Finally, Clubhouse uses Shanghai-based backend infrastructure provider Agora to manage data traffic and audio production, which is required to provide the Chinese government with access to its data. (Duncan Riley / Silicon Angle)

Researchers at Red Canary discovered malware they dubbed Silver Sparrow on 30,000 Macs worldwide that mysteriously doesn’t deliver a payload.

The lack of a payload could mean that the malware might spring into action once an unknown condition is met. The malware also has the capability of removing itself, the sign of a stealth or sophisticated actor. (Dan Goodin / Ars Technica)

Binni Shah @binitamshah

New malware found on 30,000 Macs has security pros stumped : redcanary.com/blog/clipping-… credits @ForensicITGuy Arm'd & Dangerous - Malicious code, now native on apple silicon : objective-see.com/blog/blog_0x62… credits @patrickwardle

Rey Bango @reybango

New malware found on 30,000 Macs has security pros stumped "...and yet again shows the macOS malware is becoming ever more pervasive and commonplace, despite Apple’s best efforts." As @hackerfantastic says, "All computers are broken".

New malware found on 30,000 Macs has security pros stumpedWith no payload, analysts are struggling to learn what this mature malware does.arstechnica.com

Even as it deflects criticism for its suspiciously shifting privacy policy, Facebook-owned WhatsApp has said that users who do not agree with its new privacy policy by May 15 will start losing the app's full functionality and that inactive users will be deleted after 120 days.

The new privacy terms allow Facebook and WhatsApp to share payment and transaction data to better target ads. (Manish Singh / TechCrunch)

The European Union has preliminarily approved Britain’s post-Brexit data protection standards, giving the green light for Europeans’ personal information to continue flowing to the UK.

However, for the first time in an EU data flows deal, the decision will have to renew in four years. (Vincent Manancourt / Politico EU)

Cisco Talos researchers discovered that a credential stealer called MassLogger has resurfaced in a new phishing campaign aiming to steal credentials from Microsoft Outlook, Google Chrome, and instant messenger apps.

The attacks, which started in mid-January, primarily focused on users in Turkey, Latvia, and Italy. (Ravie Lakshmanan / The Hacker News)

An anonymous researcher discovered that the Tor mode in the privacy-oriented Brave browser was sending queries for .onion domains to public internet DNS resolvers rather than Tor nodes.

The greatest risk of sending the queries to public internet DNS resolvers is for users inside oppressive regimes who might be creating easily discovered public footprints. Brave said it had already patched the Brave Nightly version problem following a report more than two weeks ago. It plans to push it to a stable version of the browser with the next update. (Catalin Cimpanu / ZDNet)

Related: The Daily Swig, Bleeping Computer, Ramble

yan @bcrypt

tl;dr 1. this was already reported on hackerone, was promptly fixed in nightly (so upgrade to nightly if you want the fix now) 2. since it's now public we're uplifting the fix to a stable hotfix root cause is regression from cname-based adblocking which used a separate DNS query

James Kettle @albinowax

I just confirmed that yes, @brave browser's Tor mode appears to leak all the .onion addresses you visit to your DNS provider https://t.co/IMV97jWhZf https://t.co/jlcUGFigdR

One of the world’s top venture capital firms, Sequoia Capital, told their investors that some of their personal and financial information might have been accessed by a third party following a successful phishing event.

Sequoia said it has not yet seen any indication that compromised information is being traded or otherwise exploited. (Kia Kokalitcheva / Axios)

Related: Business Insider

Giant grocery store chain Kroger Co. told customers of its pharmacy and Little Clinic outlets it had suffered a security breach in which patient names and sensitive information was accessed.

Kroger said that an unauthorized person gained access to Accellion, a software company used by Kroger, to transfer files securely. Among the information accessed was a wealth of identifying information, including social security numbers, along with medical histories, prescription information, prescribing doctors, and medical tests taken. (Chris Mayhew / Cincinnati Enquirer)

Related: Wlwt, Kiro7, AJC, Wdtn, Bleeping Computer, Houston Chronicle, AP News

Safety certification company UL LLC, better known as Underwriters Laboratories, said it suffered a ransomware attack last weekend that caused it to shut down systems.

UL has decided not to pay the ransom and is restoring from backups instead, sources said. (Lawrence Abrams / Bleeping Computer)

Related: Forbes

Photo by Dmitry Mashkin on Unsplash