Data Privacy

Android Researcher Wins $112,500 for Pixel Smartphone Bug

Android Researcher Wins $112,500 for Pixel Smartphone Bug

It was revealed earlier this week that Google had awarded $112,500 Qihoo 360 Alpha Team researcher Guang Gong for submitting two Pixel smartphone security bugs through the Android Security Rewards (ASR) program. This is the first working remote exploit ever to be submitted to the program. The two exploit chains, CVE-2017-5116 and CVE-2017-14904, were submitted last August 2017. The two bugs can be used by attackers to remotely inject code into Android’s system_server process when a user opens a malicious URL via Chrome. A patch for the vulnerability, along with 42 others, had already been included in Google’s December security […]

House Minority: China Telco May be Trojan Horse

House Minority: China Telco May be Trojan Horse

Last Wednesday, opposition members of the Philippine Congress expressed their concerns regarding the entrance of China Telecom Corp Ltd. in the Philippine’s telco sector. The state-run Chinese telco is slated to be named as the third telecoms provider in the first quarter of this year, breaking the duopoly held by PLDT Inc. and Globe Telecom Inc. President Rodrigo Duterte, known to have warm relations with Beijing, encouraged the Chinese entities to operate in the country. However, the deal has to contend with a history of mistrust due to China’s maritime assertiveness and repeated challenges to Philippine sovereignty. The House Minority […]

US Lawmaker Seeks Briefing from Intel, Chipmakers

US Lawmaker Seeks Briefing from Intel, Chipmakers

Last Tuesday, California Representative Jerry McNerney wrote to executives at Intel, ARM Holdings, and Advanced Micro Devices, seeking a briefing on the Meltdown and Spectre security vulnerabilities. McNerney said that he wanted more information on the dangers the flaws posed, and measures the companies will be taking to protect consumers. In a statement to Reuters, Intel said that the shared the Congressman’s interest and will continue to engage with Congressional and Executive Branch officials to address how the industry can best respond. ARM said that it had already responded to the Congressman’s request and expressed its appreciation to the lawmaker’s […]

AT&T Pushed to Cut Ties with Huawei by US Lawmakers

AT&T Pushed to Cut Ties with Huawei by US Lawmakers

Two congressional aides recently revealed that US lawmakers are pressuring AT&T to sever commercial ties with Chinese phone maker Huawei Technologies Co Ltd. The second largest wireless carrier in the US was warned of national security concerns and is apparently being ordered to block Huawei’s plans to enter the US telecom market. Prior to this, Congress already lobbied against a plan where AT&T offers Huawei devices to its customers. Observers have noted that the recent moves are in keeping with the harder line on policies taken by the Trump administration on issues ranging from Beijing’s role in restraining North Korea, […]

VR Porn App Exposes Names  of 20,000 Users

VR Porn App Exposes Names  of 20,000 Users

A flaw in an adult virtual reality app was recently found to have leaked the personal information of around 20,000 usernames and email addresses. The flaw in the porn game SinVR was discovered British cybersecurity firm Digital Interruption who immediately reported it to the US-based company. SinVR fixed the flaw and thanked the cybersecurity company. A spokesperson added that they will be increasing their security measures, and that passwords and credit card details were not included in the leak. Digital Interruption however, pointed out that it may still be embarrassing for users to have their details exposed by such a […]

Germany’s BSI Warns Against Fake Meltdown-Spectre Patches

Germany’s BSI Warns Against Fake Meltdown-Spectre Patches

Germany’s Federal Office for Security and IT (BSI) recently issued a warning against spam being circulated using the agency’s name. The spam appears to be an alert regarding the recent Meltdown and Spectre vulnerabilities, and directs the recipient to a fake website which hosts the malware disguised as a patch. While BSI did not give the URL of the website hosting the fake patches, security company Malwarebytes had already identified one of the pages the spammers were linking to. The phishing site has already been taken down. However it was noted that the spammers took the efforts to enable SSL […]

New Mac OS X Malware Hijacks DNS Settings

New Mac OS X Malware Hijacks DNS Settings

Security researcher Patrick Wardle recently spotted in the wild a variant of an old Windows DNS hijacker malware targeting Mac OS X systems. The hijacker dubbed MaMi, forcibly changes a user’s DNS entries to 82.163.143.172 and 82.163.142.174. Wardle initially came across the MaMi on Malwarebytes when a user encountered the DNS hijacking issue after installing a nuisanceware called “MyCoupon”. Evidence indicate that the malware is relatively new and unsophisticated. However, it also includes several other functionalities including screenshot capture, file upload and download,  generation of simulated mouse events, arbitrary code execution. The malware is also very persistent and installs a […]

Apple Health Data Used in German Murder Trial

Apple Health Data Used in German Murder Trial

It was reported that data from Apple’s Health App had provided crucial evidence in a recent trial involving a refugee accused of rape and murder. The police suggested that the steps recorded by the Health App in the suspect’s phone may help confirm his activity. Hussein K, the accused, is said to have dragged his victim down the River Dresiam and climbed back up. The refugee admitted to only some of the details in the rape and murder of 19-year old medical student Maria Ladenburger which happened in October 2016.      Source: BBC

Major Intel AMT Security Flaw Discovered, Allows Bypass of BIOS & Bitlocker Passwords

Major Intel AMT Security Flaw Discovered, Allows Bypass of BIOS & Bitlocker Passwords

A researcher from F-Secure recently found a flaw in Intel’s Active Management Technology (AMT) which can allow an attacker to bypass security measures such as BIOS passwords, BitLocker credentials, and TPM pins. The security bug can be used by attackers to gain access to corporate computers provisioned with Intel AMT, which is a CPU feature that allows system admins to perform remote out-of-band management without needing physical access to the device. The researcher, Harry Sintonen said that the attacker can select the Intel Management Engine BIOS Extension (MEBx) for the boot-up routine, to  bypass any previous BIOS, BitLocker, or TPM […]

Ant Financial Censured by China’s Cyber Watchdog Over Privacy Issue

Ant Financial Censured by China’s Cyber Watchdog Over Privacy Issue

It was been reported that the Cyberspace Administration of China (CAC) had berated Alibaba’s payment affiliate, Ant Financial, for compromising the privacy of Alipay service users who got enrolled automatically into the company’s credit scoring system without their consent. Some users were apparently unaware that they had to uncheck an opt out button on a financial analysis feature by Alipay. Data of users who did not opt out were collected by Sesame Credit and shared with its partners for analysis.   Nie Zhengjun, Ant Financial’s chief privacy officer, apologized for the breach and said that the company had already initiated […]

Read more about the Data Privacy practice at Disini & Disini Law Office