Data Privacy

Understanding KYC Compliance: Costs, Third-Party Reliance and Outsourcing

For banks and other financial institutions, adherence to regulatory guidelines and a natural aversion to unwarranted operational risks call for greater prudence. While this distinct brand of conservatism is apparent in the way financial institutions invest their depositors’ money, be it in the credit market or real estate, prudence is similarly manifested in the way banks deal with their clients both old and new by way of the know-your-customer policy, or simply KYC. KYC is a policy that makes it mandatory for banks and other financial institutions to establish the identity of individuals looking to transact with them and review […]

Popular Mac OSX Media Player Spreads Trojan Malware

Popular Mac OSX Media Player Spreads Trojan Malware

ESET security researchers recently reported that the Elmedia Player, a popular media app for Mac OSX, was spreading a remote access trojan (RAT) called Proton which experts say is designed specifically for spying and theft. It is said that the media player had already been downloaded by around 1 million users, which may now have their devices infected by Proton. A spokesman from Eltima revealed that the attackers may have planted the malware when they breached the company’s servers. The company added that the malware had been distributed starting October 19, and users are advised to take necessary measures to […]

NSA Won’t Comment on Prior Knowledge on “KRACK” WiFi Bug

NSA Won’t Comment on Prior Knowledge on “KRACK” WiFi Bug

The NSA declined to issue a response when asked if it had any prior knowledge about the KRACK WPA2 flaw which had surfaced earlier this week. According to the vulnerabilities equities process (VEP), the US government can determine whether to disclose or withhold information it has on a computer security vulnerability. Rumors online have floated the idea that the NSA might have known about, or even used the KRACK bug before it got discovered, with some pointing to a document leaked by Edward Snowden which mentions a tool called BADDECISION that can be used to hack WPA/WPA2 protocols. However, several […]

New Hardware Flaw Undermines RSA Encryption

New Hardware Flaw Undermines RSA Encryption

Last Tuesday, security researchers from various universities identified a vulnerability in security tokens, cryptographic smartcards, and chipsets produced by German manufacturer Infineon Technologies that could jeopardize software signing, account security, and token authentication for various computer products. The CVE-2017-15361 ROCA vulnerability, which was found in the implementation of RSA keypair generation in a cryptographic library,  allows an attacker to carry out a “practical factorization attack.” where a public key can be used to generate a private key. The experts found that RSA keys from the bugged hardware were not generated randomly, making them easy to crack. The team confirmed there […]

Research Exception under the Data Privacy Act

The Data Privacy Act of 2012 (herein after referred to as the “Act” or “DPA”) was enacted to bring the Philippines in line with international data protection standards to encourage investment and reinforce the Philippines’ position as a leading Information Technology and Business Process Outsourcing destination.1 The Act aims to reconcile the right to privacy with the efficient utilization of information. Under the policy statement of the Act, it is understood that even as the law guarantees the protection of an individual’s fundamental right to privacy, it also ensures the free flow of information for innovation, growth, and national development.2 The DPA, […]

Sen. Aquino Says LP Senators Target of Identity Theft, Hacking

Sen. Aquino Says LP Senators Target of Identity Theft, Hacking

The office of LP Senator Paolo Benigno “Bam” Aquino IV recently reported incidents of identity theft and hacking to the National Bureau of Investigation (NBI) and the Armed Forces of the Philippines (AFP). The senator said in a press conference that the email accounts of some of his staff and the staff of Sen. Kiko Pangilinan had been hacked around March 21 to October 11, in an attempt to implicate the senators in a destabilization plot targeting President Duterte. He added that there were four incidents where suspicious emails and drafts were found in the accounts which prompted his office […]

Accenture Leaves Private Data Completely Exposed on S3 Servers

Accenture Leaves Private Data Completely Exposed on S3 Servers

Tech giant Accenture recently confirmed that they inadvertently left four of their cloud servers unsecured, exposing a massive trove of highly sensitive data that included passwords and decryption keys. Chris Vickery of cybersecurity UpGuard discovered the lapse around mid-September, which he relayed to the company privately. Vickery revealed that the servers had data so sensitive that were considered as the ‘keys to the kingdom’, and could have caused massive damage to the company and its customers had it gotten into the wrong hands. Security expert Kenneth White confirmed that it could have been ‘as bad as it gets’, had attackers […]

Apple Releases Emergency Update for Disk Encryption Utility Flaw

Apple Releases Emergency Update for Disk Encryption Utility Flaw

Last Wednesday, Apple issued an emergency update for a flaw that exposes the passwords of encrypted APFS volumes in macOS High Sierra. The vulnerability was identified by Leet Tech’s Matheus Mariano who published his findings in a YouTube video. The issue occurs when a new encrypted APFS volume is mounted in High Sierra. When the user clicks the password hint button, the password is revealed instead of the hint. Mariano immediately reported the bug to Apple, who quickly moved to provide a fix which included a patch for a bug in the Keychain app that similarly exposes app passwords. The […]

UK and EU Clash on Role of End-to-End Encryption

UK and EU Clash on Role of End-to-End Encryption

Recent events in the UK and EU have indicated that the two are at odds on the role of end-to-end encryption in keeping privacy and cybersecurity. At the Conservative party conference held last week, UK home secretary Amber Rudd said that E2EE is a tool that aids crooks in plotting crimes beyond the law’s reach. In line with the sentiments of a majority of Conservative politicians, she vowed to find a way to combat it and push for legislation limiting its usage.    However, the EU seems to be going in the opposite direction when its Parliament released a draft […]

Privacy International Crowdfunds Legal Costs in Fight Against UK State Hacking

Privacy International Crowdfunds Legal Costs in Fight Against UK State Hacking

Reports have revealed that Privacy International has turned to crowdfunding as a means of covering costs associated with their legal battle against UK’s state-sponsored hacking. The group alleges that the British government is using hacking to gather intelligence for the purposes of mass surveillance. It had been opposing this government action since 2014, where it additionally found that the government is not required to provide individual warrants to hack devices and services. Privacy International argued that this kind of untargeted hacking violates privacy and free speech according to Articles 8 and 10 of the European Convention on Human Rights.      […]

Read more about the Data Privacy practice at Disini & Disini Law Office