Clubhouse Security Woes Mount Following New Data Breaches

Sophisticated Silver Sparrow malware lacking payloads appears on 30,000 Macs, WhatsApp will delete users who don't accept the new privacy policy, Kroger pharmacy latest victim of Accellion hack, more

It’s the start of a new week and a great time to subscribe to Metacurity’s premium version, which gives you access to our archives and premium content.

Rapidly growing audio-based social media start-up Clubhouse has apparently suffered a data breach after a programmer in mainland China designed a now-banned open-source app that allowed Android smartphone users to access the invite-only, iPhone-only service.

In addition to this app, which appeared on Github, an unidentified user was also able to stream audio feeds over the weekend from “multiple rooms” into the person’s own third-party website but was then “permanently banned.” One of the alleged hacks involves bricking an iPhone, reverse-engineering the Clubhouse application, and then using a bot’s “malicious code” to access the various streams and share them, John Furrier, founder, and chief executive officer of SiliconANGLE Media said.

Finally, Clubhouse uses Shanghai-based backend infrastructure provider Agora to manage data traffic and audio production, which is required to provide the Chinese government with access to its data. (Duncan Riley / Silicon Angle)

Related: Bloomberg, The Verge, Stanford Internet Observatory

Researchers at Red Canary discovered malware they dubbed Silver Sparrow on 30,000 Macs worldwide that mysteriously doesn’t deliver a payload.

The lack of a payload could mean that the malware might spring into action once an unknown condition is met. The malware also has the capability of removing itself, the sign of a stealth or sophisticated actor. (Dan Goodin / Ars Technica)

Related: Reddit - cybersecurityBleeping ComputerSecurity AffairsMacRumors9to5MacAppleInsiderSlashdotArs Technica, Red Canary, ZDNet SecurityTelecomlive.comCISO MAGSecurity AffairsSlashGear » securitySlashGear » securityHardwarezoneTechJuiceSiliconANGLEFudzillaThe Hacker NewsNews.com, The Register - Security, The Verge

Binni Shah @binitamshah
New malware found on 30,000 Macs has security pros stumped :
redcanary.com/blog/clipping-… credits @ForensicITGuy Arm'd & Dangerous - Malicious code, now native on apple silicon : objective-see.com/blog/blog_0x62… credits @patrickwardle

Even as it deflects criticism for its suspiciously shifting privacy policy, Facebook-owned WhatsApp has said that users who do not agree with its new privacy policy by May 15 will start losing the app's full functionality and that inactive users will be deleted after 120 days.

The new privacy terms allow Facebook and WhatsApp to share payment and transaction data to better target ads. (Manish Singh / TechCrunch)

Related: FuturismMacRumorsPocketnowBusiness InsiderRT NewsBusiness InsiderPogoWasRight.org

The European Union has preliminarily approved Britain’s post-Brexit data protection standards, giving the green light for Europeans’ personal information to continue flowing to the UK.

However, for the first time in an EU data flows deal, the decision will have to renew in four years. (Vincent Manancourt / Politico EU)

Related: Baker Data CounselData Protection ReportInfosecurity MagazineTechTarget, City A.M. - TechnologyBloomberg

Follow Us on Twitter

Cisco Talos researchers discovered that a credential stealer called MassLogger has resurfaced in a new phishing campaign aiming to steal credentials from Microsoft Outlook, Google Chrome, and instant messenger apps.

The attacks, which started in mid-January, primarily focused on users in Turkey, Latvia, and Italy. (Ravie Lakshmanan / The Hacker News)

Related: BGRSecurity AffairsHackReadCISO MAGPC GamerSensors Tech ForumE Hacking News, Cisco Talos, ZDNet, Tom’s Guide

An anonymous researcher discovered that the Tor mode in the privacy-oriented Brave browser was sending queries for .onion domains to public internet DNS resolvers rather than Tor nodes.

The greatest risk of sending the queries to public internet DNS resolvers is for users inside oppressive regimes who might be creating easily discovered public footprints. Brave said it had already patched the Brave Nightly version problem following a report more than two weeks ago. It plans to push it to a stable version of the browser with the next update. (Catalin Cimpanu / ZDNet)

Related: The Daily SwigBleeping Computer, Ramble

One of the world’s top venture capital firms, Sequoia Capital, told their investors that some of their personal and financial information might have been accessed by a third party following a successful phishing event.

Sequoia said it has not yet seen any indication that compromised information is being traded or otherwise exploited. (Kia Kokalitcheva / Axios)

Related: Business Insider

Giant grocery store chain Kroger Co. told customers of its pharmacy and Little Clinic outlets it had suffered a security breach in which patient names and sensitive information was accessed.

Kroger said that an unauthorized person gained access to Accellion, a software company used by Kroger, to transfer files securely. Among the information accessed was a wealth of identifying information, including social security numbers, along with medical histories, prescription information, prescribing doctors, and medical tests taken. (Chris Mayhew / Cincinnati Enquirer)

Related: WlwtKiro7AJCWdtn, Bleeping ComputerHouston ChronicleAP News

Safety certification company UL LLC, better known as Underwriters Laboratories, said it suffered a ransomware attack last weekend that caused it to shut down systems.

UL has decided not to pay the ransom and is restoring from backups instead, sources said. (Lawrence Abrams / Bleeping Computer)

Related: Forbes

Photo by Dmitry Mashkin on Unsplash