The wildly popular social media app Clubhouse suffered a data breach, as a third-party developer designed an open-source app that allowed Android smartphone customers to break into the iPhone-only service.
Clubhouse has confirmed that a user was able to stream audio from the app on their website. The audio-only social networking app, launched in March 2020, allows people to gather online in public or private audio chatrooms.
The unidentified user managed to stream live Clubhouse audio feed from multiple rooms simultaneously on their third-party website. What’s concerning is that the unidentified user manager to do this even though they were not an invited member of those chatrooms. Following the incident, a spokeswoman said, “This individual’s account has been permanently banned from the service and we have added additional safeguards to prevent people from doing this in the future.”
According to BlueVoyant’s Cybersecurity in higher education report, the number of ransomware attacks against universities increased by 100% year-on-year in 2020. The company compiled data from 2702 universities across 43 countries, covering the period January 2019 to September 2020. It went on to say that average payouts were totaling nearly $450,000.
The company claims that the rise in ransomware attacks against universities was due to them being forced to adopt remote teaching and learning methods. 22% of all analyzed universities and colleges had open or unsecured remote desktop ports (RDPs), and 66% lacked protocols like SPF, DKIM, and DMARC to help guard against phishing. The company said that these are the primary contributing factors. The report also stated that the second most types of attacks were data breaches, which accounted for half of all cyberattacks in 2019.
“This is an industry that has had to rapidly pivot to online learning, changing standard methods of learning, practically overnight. The education sector is also under huge financial and regulatory pressure,” says Jim Rosenthal, the CEO of BlueVoyant. He went on to say that “Threat actors know that there are vulnerabilities to be exploited and they are taking advantage of these vulnerabilities at every opportunity, making it imperative for universities to adopt a solid cybersecurity threat posture to ensure that the wealth of sensitive data is properly defended against adversaries.”
In 2020, half of all phishing emails used Microsoft Office-themed content to lure in unsuspecting victims and swipe their credentials, according to a Tuesday report by Cofense. The company analyzed millions of attack-related emails and concluded that 57% of the mails were phishing emails with the intent to steal credentials, while the rest were used for planting malware in the user’s systems or as business email compromise (BEC) attacks.
Cofense researchers said that 45% of those phishing emails were Microsoft themed as they were banking on the increase in organizations migrating to Office 365. “With the number of organizations migrating to Office 365, targeting these credentials allows the threat actor to gain access to the organization as a legitimate user to go undetected,” the researchers from the company told Threatpost. They further went on to recommend the use of multi-factor authentication (MFA) to secure Microsoft Office logins.
The researchers also said that apart from Microsoft products and solutions that tie-in with Microsoft, other company names have also been used to lure in victims. “Other popular brands we observed asking for credentials were other various cloud hosting services such as Adobe, Dropbox, Box, DocuSign or WeTransfer,” the researchers said.