Security concerns arise over popular Clubhouse app after ties to China-based company revealed on February 25, 2021, 7:35 AM PST The Stanford Internet Observatory alleged that the Chinese government may have had access to audio data from Clubhouse. Here s what users should know. Getty Images/iStockphoto
More about cybersecurity
Stanford s Cyber Policy Center confirmed on Feb. 12 that tools from Shanghai-based company Agora were serving as the backbone of Clubhouse, which has gained thousands of new users in recent months thanks to celebrity speakers like Elon Musk, Oprah, Aston Kutcher and other business leaders.
Additionally, the observatory found that a user s unique Clubhouse ID number and chatroom ID are transmitted in plaintext, and Agora would likely have access to users raw audio, potentially providing access to the Chinese government.
Tax (fraud) season is here. Rogue insiders, data breaches, and a comment on biometrics.
Summary
Yandex investigates insider s theft and sale of user data.
Data breach reported at Syracuse University.
Brazilian authorities investigate apparent telco data breach.
Data breach at Canadian car rental company.
Notes on US Customs and Border Protection s facial recognition trials.
Nothing is certain except death, taxes, and data theft.
As April approaches, Americans find themselves drowning in the annual slog of tax season. Further complicating matters, the US Internal Revenue Service has issued a warning that identity thieves are taking advantage of the rush to file tax returns by attempting to steal tax preparers’ Electronic Filing Identification Numbers (EFINs), reports Bleeping Computer. A phishing campaign using emails with the subject line Verifying your EFIN before e-filing is attempting to convince tax officials to email cybercriminals documents containing their tax cred
The Washington State Capitol Building in Olympia. (Pastajosh, CC BY-SA 4.0, via Wikimedia Commons)
Malicious actors last Dec. 25 stole millions of unemployment applicantsâ data from the Washington State Auditorâs Office (SAO) via a zero-day vulnerability in a 20-year-old file transfer service from Accellion, Inc. The incident and its aftermath serve as an example of the discord and miscommunications that can transpire between a third-party software provider and its users when something goes wrong.
The attack also demonstrates not only the critical importance of securing sensitive data on the move, but also the potential risks of using legacy applications that are nearing end of life.