Data Privacy

Popular Mac OSX Media Player Spreads Trojan Malware

Popular Mac OSX Media Player Spreads Trojan Malware

ESET security researchers recently reported that the Elmedia Player, a popular media app for Mac OSX, was spreading a remote access trojan (RAT) called Proton which experts say is designed specifically for spying and theft. It is said that the media player had already been downloaded by around 1 million users, which may now have their devices infected by Proton. A spokesman from Eltima revealed that the attackers may have planted the malware when they breached the company’s servers. The company added that the malware had been distributed starting October 19, and users are advised to take necessary measures to […]

NSA Won’t Comment on Prior Knowledge on “KRACK” WiFi Bug

NSA Won’t Comment on Prior Knowledge on “KRACK” WiFi Bug

The NSA declined to issue a response when asked if it had any prior knowledge about the KRACK WPA2 flaw which had surfaced earlier this week. According to the vulnerabilities equities process (VEP), the US government can determine whether to disclose or withhold information it has on a computer security vulnerability. Rumors online have floated the idea that the NSA might have known about, or even used the KRACK bug before it got discovered, with some pointing to a document leaked by Edward Snowden which mentions a tool called BADDECISION that can be used to hack WPA/WPA2 protocols. However, several […]

New Hardware Flaw Undermines RSA Encryption

New Hardware Flaw Undermines RSA Encryption

Last Tuesday, security researchers from various universities identified a vulnerability in security tokens, cryptographic smartcards, and chipsets produced by German manufacturer Infineon Technologies that could jeopardize software signing, account security, and token authentication for various computer products. The CVE-2017-15361 ROCA vulnerability, which was found in the implementation of RSA keypair generation in a cryptographic library,  allows an attacker to carry out a “practical factorization attack.” where a public key can be used to generate a private key. The experts found that RSA keys from the bugged hardware were not generated randomly, making them easy to crack. The team confirmed there […]

Sen. Aquino Says LP Senators Target of Identity Theft, Hacking

Sen. Aquino Says LP Senators Target of Identity Theft, Hacking

The office of LP Senator Paolo Benigno “Bam” Aquino IV recently reported incidents of identity theft and hacking to the National Bureau of Investigation (NBI) and the Armed Forces of the Philippines (AFP). The senator said in a press conference that the email accounts of some of his staff and the staff of Sen. Kiko Pangilinan had been hacked around March 21 to October 11, in an attempt to implicate the senators in a destabilization plot targeting President Duterte. He added that there were four incidents where suspicious emails and drafts were found in the accounts which prompted his office […]

Accenture Leaves Private Data Completely Exposed on S3 Servers

Accenture Leaves Private Data Completely Exposed on S3 Servers

Tech giant Accenture recently confirmed that they inadvertently left four of their cloud servers unsecured, exposing a massive trove of highly sensitive data that included passwords and decryption keys. Chris Vickery of cybersecurity UpGuard discovered the lapse around mid-September, which he relayed to the company privately. Vickery revealed that the servers had data so sensitive that were considered as the ‘keys to the kingdom’, and could have caused massive damage to the company and its customers had it gotten into the wrong hands. Security expert Kenneth White confirmed that it could have been ‘as bad as it gets’, had attackers […]

Apple Releases Emergency Update for Disk Encryption Utility Flaw

Apple Releases Emergency Update for Disk Encryption Utility Flaw

Last Wednesday, Apple issued an emergency update for a flaw that exposes the passwords of encrypted APFS volumes in macOS High Sierra. The vulnerability was identified by Leet Tech’s Matheus Mariano who published his findings in a YouTube video. The issue occurs when a new encrypted APFS volume is mounted in High Sierra. When the user clicks the password hint button, the password is revealed instead of the hint. Mariano immediately reported the bug to Apple, who quickly moved to provide a fix which included a patch for a bug in the Keychain app that similarly exposes app passwords. The […]

UK and EU Clash on Role of End-to-End Encryption

UK and EU Clash on Role of End-to-End Encryption

Recent events in the UK and EU have indicated that the two are at odds on the role of end-to-end encryption in keeping privacy and cybersecurity. At the Conservative party conference held last week, UK home secretary Amber Rudd said that E2EE is a tool that aids crooks in plotting crimes beyond the law’s reach. In line with the sentiments of a majority of Conservative politicians, she vowed to find a way to combat it and push for legislation limiting its usage.    However, the EU seems to be going in the opposite direction when its Parliament released a draft […]

Privacy International Crowdfunds Legal Costs in Fight Against UK State Hacking

Privacy International Crowdfunds Legal Costs in Fight Against UK State Hacking

Reports have revealed that Privacy International has turned to crowdfunding as a means of covering costs associated with their legal battle against UK’s state-sponsored hacking. The group alleges that the British government is using hacking to gather intelligence for the purposes of mass surveillance. It had been opposing this government action since 2014, where it additionally found that the government is not required to provide individual warrants to hack devices and services. Privacy International argued that this kind of untargeted hacking violates privacy and free speech according to Articles 8 and 10 of the European Convention on Human Rights.      […]

WhatsApp Serves as Paedophile Cover, UK Interior Minister Says

WhatsApp Serves as Paedophile Cover, UK Interior Minister Says

Last Tuesday, British interior minister Amber Rudd expressed her concerns regarding WhatsApp’s encryption, saying that it can allow criminals like paedophiles to operate beyond the law’s reach. Speaking to party activists in Manchester, she added that companies should be compelled to move with greater urgency to address such issues, especially since they have the resources to do so. Rudd also called on Facebook, Twitter, Google, Microsoft, and other tech giants to put in greater effort in combatting extremist content. Source: Reuters

NY Startup Says Decentralization is Key to Preventing “Equifax-like” Incidents

NY Startup Says Decentralization is Key to Preventing “Equifax-like” Incidents

New York-based cybersecurity startup HYPR announced that it recently closed an $8 million Series A funding round led by RRE Ventures. HYPR uses an authentication technology that secures biometrics, as well as traditional passwords. According to CEO George Avetisov, his startup is also creating a decentralized system that would prevent incidents such as the Equifax hack where the attackers were able breach an enterprise in one shot. He says that cybercriminals would have to go through the impossible task of hacking a multitude of devices to crack the system’s security and get to the data. Avetisov added that HYPR intends […]

Read more about the Data Privacy practice at Disini & Disini Law Office