The SolarWinds Hack, Clubhouse, Vulnerable Agora SDKs, Microsoft — Some Cybersecurity News You May Have Missed this Week

In this episode of the Futurum Tech Webcast, host Shelly Kramer joined by fellow analyst Fred McClimans for a conversation about some cybersecurity news you may have missed during the week when unexpected weather across the south, horrifying power grid problems and beyond have captured the attention of the nation. The conversation started with a quick overview of Clubhouse, the current darling of social apps. In a nutshell, Clubhouse, an invitation only social audio app, is powered by Agora, a Chinese-based software company. Other companies using Agora’s software include Bilibi, a $53Bn Chinese video-sharing app with 170M plus users and considered the nearest thing China has to YouTube, New Oriental Education, a $33B Chinese ed tech firm and Yalla, a $5.6 billion Chinese-owned app called the Clubhouse of the Middle East. Note the theme: Chinese connections to Agora. So, Agora. And Chinese connections, and cybersecurity — that’s what the conversation comes back to including the following: Agora’s reported SDK vulnerability that could have allowed an attacker to spy on private video and audio calls. The flaw in Agora’s SDK that is used by dating apps like eHarmony, Plenty of Fish, MeetMe, and Skout. It was also found in healthcare apps like Talkspace, Practo, and Dr. First’s Backline. McAfee disclosed the flaw in April of 202 and it took Agora seven months to release a new SDK to remediate the threat. The cybersecurity conversation then shifted to the SolarWinds hack and the update figures released by the White House. As of today, it believes (so far), that 9 federal agencies and 100 private sector companies have been impacted. The conversation also explore the news that although the hack remains considered of Russian origin, it’s likely that the hackers launched their attack from inside the US. The cybersecurity conversation wrapped with some good news post SolarWinds hack from Microsoft. On Thursday, Microsoft announced in a blog post on its Security Response Center published that its internal investigation has concluded into the activity of the threat actor and that there was no evidence of access to production services or customer data. The investigation also found there were no indications that their systems at Microsoft were used to attack others.