AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 02/23/2021

Clubhouse Chats Are Breached, Raising Concerns Over Security

A week after popular audio chatroom app Clubhouse said it was taking steps to ensure user data couldn’t be stolen by malicious hackers or spies, at least one attacker has proven the platform’s live audio can be siphoned. An unidentified user was able to stream Clubhouse audio feeds this weekend from “multiple rooms” into their own third-party website, said Reema Bahnasy, a spokeswoman for Clubhouse. While the company says it’s “permanently banned” that particular user and installed new “safeguards” to prevent a repeat, researchers contend the platform may not be in a position to make such promises. Users of the invitation-only iOS app should assume all conversations are being recorded, the Stanford Internet Observatory, which was first to publicly raise security concerns on Feb. 13, said late Sunday. “Clubhouse cannot provide any privacy promises for conversations held anywhere around the world,” said Alex Stamos, director of the SIO and Facebook Inc.’s former security chief.


Chinese spyware code was copied from America’s NSA

Chinese spies used code first developed by the U.S. National Security Agency to support their hacking operations, Israeli researchers said on Monday, another indication of how malicious software developed by governments can boomerang against their creators.  Tel Aviv-based Check Point Software Technologies issued a report noting that some features in a piece of China-linked malware it dubs “Jian” were so similar they could only have been stolen from some of the National Security Agency break-in tools leaked to the internet in 2017. Yaniv Balmas, Checkpoint’s head of research, called Jian “kind of a copycat, a Chinese replica.” The find comes as some experts argue that American spies should devote more energy to fixing the flaws they find in software instead of developing and deploying malicious software to exploit it.


IRS Warns of Fresh Fraud Tactics as Tax Season Starts

As tax season begins, the Internal Revenue Service is warning that it’s seeing signs of fraudsters spoofing the agency’s domains and incorporating its logos and language into phishing campaigns. Meanwhile, security experts warn of other fraud campaigns spoofing government departments, with some using themes capitalizing on COVID-19 economic relief programs. Earlier this month, the IRS published a notification to tax professionals describing a phishing campaign that spoofs the agency’s likeness, with fraudsters attempting to steal Electronic Filing Identification Numbers. The IRS issues these numbers to individuals or firms that have been approved as authorized IRS e-file providers. In this phishing email scam, the fraudsters are trying to entice tax preparers to email documents that would disclose their identities and Electronic Filing Identification Numbers. The cybercriminals can then use this information to file fraudulent returns by impersonating the tax professional, the IRS notes.


Hackers are using Google Alerts to help spread malware

Hackers have managed to subvert a Google service into tricking unsuspecting users into installing malware. Cyber criminals have targeted the Google Alerts service, which the hackers have used to push fake updates to the now-defunct Adobe Flash Player. According to reports, hackers have created fake news stories with titles containing popular keywords that Google’s search engine then indexes. When this happens, Google Alerts pushes out notifications to people who follow these keywords. Since these “stories” come via Google Alerts, hackers hope victims will think the alert is legitimate and will click on the fake story. Doing so leads victims to a malicious site that pushes browser notification spam, unwanted extensions, or fake giveaways.


SpaceX Starlink satellite broadband speeds will double this year

SpaceX’s satellite broadband service Starlink will begin delivering download speeds of 300 Mbps, or double the top speeds users can currently get on the beta service, at some point this year, according to its CEO Elon Musk. The Starlink beta is advertised as having data speeds that vary from 50Mb/s to 150Mb/s and latency from 20ms to 40ms. It’s targeted at regional areas with poor coverage. Since October it’s been charging a fixed fee of $499 for the Wi-Fi router, power supply, cables and mounting tripod, and then a $99 monthly subscription for the satellite broadband service.  ZDNet sister site CNET notes that SpaceX CEO Elon Musk has now said that Starlink will double the available speeds within the next year.  Musk confirmed the speed boost in a tweet responding to a user who tapped Netflix’s broadband speed test site fast.com after installing the Starlink dish and reported a speed of 130 Mbps. 

Related Posts