Cybersecurity

Kaspersky Defends Against NSA Breach Accusations

Kaspersky Defends Against NSA Breach Accusations

Antivirus company Kaspersky recently responded to accusations regarding its role in the NSA breach involving the exposure of sensitive files from the computer of a worker from the agency. An article from WSJ alleged that Russian hackers used the Kaspersky software to steal files from the NSA employee’s computer. It was later on confirmed that the company did obtain a copy of the files in question. However, Kaspersky said that it did not steal the said files from the computer, but rather it was detected as a malware by their product and was sent back to them automatically. Furthermore, the […]

Unsecured Australian Broadcasting Corporation S3 Causes Data Leak

Unsecured Australian Broadcasting Corporation S3 Causes Data Leak

Kromtech Security Center recently disclosed a sensitive data leak at The Australian Broadcasting Corporation (ABC) caused by two unsecured Amazon Web Services (AWS) S3 repositories. The discovery was confirmed by the ABC who said that their IT teams acted immediately after being informed of the leak last November 16. According to Kromtech CIO Bob Diachenko, included in the leak were files which contained login credentials and access keys to a various ABC products, services, and other repositories. This is not the first time the organization had sensitive data exposed. The government-backed broadcaster already had an accidental leak in 2010, and […]

McAfee Unwittingly Exposes Users to Banking Malware

McAfee Unwittingly Exposes Users to Banking Malware

Security company McAfee recently spread a malware to their users via a domain associated with their email protection service. The service, McAfee ClickProtect, claims to protect businesses from hacking, which includes email malware. However, it was the company’s own safe link “cp.mcafee.com” that directed users to a malicious Word document that had the Emotet banking malware. Emotet is able to siphon sensitive information such as passwords and credentials which are often used to hack and steal funds from accounts. McAfee issued a statement on the matter, saying that has started an investigation and has identified the web property as a […]

New EU Consumer Protection Cooperation Law Includes “Vaguely-worded” Clause on Website Blocking

New EU Consumer Protection Cooperation Law Includes “Vaguely-worded” Clause on Website Blocking

Last Tuesday, the EU passed a new Consumer Protection Cooperation regulation which grants additional powers to the consumer protection agencies in the bloc. However, it also included a vague clause that would allow the agencies to take down websites without judicial review, as explained by EU Parliament member Julia Reda in a post on her blog. According to CPC documents, the regulation is intended as a measure against scam websites or those that violate EU consumer protection laws. However, MEP Reda pointed out that the regulation could be abused since it does not require any mandatory oversight. Opinions on social […]

Swedish Data Protection Authority Launches Investigation into Piracy Settlement Letters

Swedish Data Protection Authority Launches Investigation into Piracy Settlement Letters

Sweden’s Datainspektionen is currently investigating complaints of Swedish internet account holders regarding threat letters from ‘copyright trolls’, or companies which seek to turn a profit by hounding users suspected of piracy. Reports from Swedish Radio revealed that the said companies have contacted a number of Swedes, demanding them to pay up. The Swedish Data Protection Authority will now have to make a determination whether the letters can be considered as a debt collection measure. Njord Law, a firm representing international copyright trolls, has already moved to find identities behind thousands of IP addresses suspected of piracy. However, copyright professor Sanna […]

Cyber-Flaw Disclosure Rules Released by Trump Administration

Cyber-Flaw Disclosure Rules Released by Trump Administration

White House cybersecurity coordinator Rob Joyce recently revealed that the set of rules governing the disclosure of cybersecurity flaws has just been published on Whitehouse.gov. Created under the previous administration, the Vulnerability Equities Process dictated how flaws discovered by intelligence agencies were supposed to be handled. The process is said to balance law enforcement and the government’s intelligence gathering efforts thru device hacking, but security experts have criticized it as being overly secretive and anti-disclosure. Joyce, however, assures that around 90% of the flaws will be disclosed under the revised rules. He also said that it is currently the most […]

Australian IoT Alliance to Introduce Certification Tick

Australian IoT Alliance to Introduce Certification Tick

The Internet of Things Alliance Australia (IoTAA) recently announced that it is currently working on a security framework for the country’s IoT ecosystem. Last Wednesday, IoTAA principal consultant Geof Heydon revealed that they have gotten the support of the Prime Minister’s Industry 4.0 Taskforce for a process that certifies IoT devices, networks, and suppliers. Heydon adds that a certification “tick” would help tell consumers that a particular device can be secure if operated as recommended. He also clarified that the mark is not meant to indicate that a device is completely “secure”, because there is no such thing.  Source: ZDNet

“Engineer Mode” in Oneplus Phones Can Root Device, May Be Used as Backdoor

“Engineer Mode” in Oneplus Phones Can Root Device, May Be Used as Backdoor

A mobile security researcher recently divulged in a tweet that most, if not all, OnePlus mobile phones come with an app called ‘EngineerMode’ which can be used to root the device. The researcher, which goes by the handle “Elliot Alderson” said that the EngineerMode APK had all the features of a diagnosis app that only OnePlus engineers would have access to. Alderson added that given its permissions, the app can potentially be converted into a backdoor by attackers which can lead to catastrophic consequences. OnePlus CEO Carl Pei thanked the researcher via Twitter and assured that the company will be […]

EU Cookie Consent Script Loads In-Browser Crypto-miner

EU Cookie Consent Script Loads In-Browser Crypto-miner

It was reported last Tuesday that the website of one of Netherlands largest supermarket chain loaded an in-browser cryptocurrency miner on its visitor’s computer using a cookie consent popup script. Dutch security researcher Willem de Groot found that the website of Albert Heijn had an infected file named “cookiescript.min.js” that came from cookiescript.info, a website that provides the cookie consent service. He discovered that the block of code generated by the service contained a Monero miner called Crypto-Loot. Although the admins of cookiescript.info have already removed the hidden miner, De Groot says that there are around 243 websites still deploying […]

Singapore Government to Further Refine Upcoming Cybersecurity Bill

Singapore Government to Further Refine Upcoming Cybersecurity Bill

In a recent joint statement, Singapore’s Ministry of Communications and Information (MCI) and Cyber Security Agency (CSA) said that the proposed Cybersecurity bill will be refined further to incorporate the public’s feedback into the upcoming licensing framework. The MCI and CSA received a total of 92 submissions from 9 major institutions in the tech industry including telco’s M1, StarHub, and Singtel, consulting firms PricewaterhouseCoopers Risk Services and KPMG, and tech vendors Amazon Web Services, FireEye, Microsoft, and Palo Alto Networks.     Included in the feedback were requests for clearer definition of systems to be considered part of critical information infrastructures […]