Data Privacy

Apple Health Data Used in German Murder Trial

Apple Health Data Used in German Murder Trial

It was reported that data from Apple’s Health App had provided crucial evidence in a recent trial involving a refugee accused of rape and murder. The police suggested that the steps recorded by the Health App in the suspect’s phone may help confirm his activity. Hussein K, the accused, is said to have dragged his victim down the River Dresiam and climbed back up. The refugee admitted to only some of the details in the rape and murder of 19-year old medical student Maria Ladenburger which happened in October 2016.      Source: BBC

Major Intel AMT Security Flaw Discovered, Allows Bypass of BIOS & Bitlocker Passwords

Major Intel AMT Security Flaw Discovered, Allows Bypass of BIOS & Bitlocker Passwords

A researcher from F-Secure recently found a flaw in Intel’s Active Management Technology (AMT) which can allow an attacker to bypass security measures such as BIOS passwords, BitLocker credentials, and TPM pins. The security bug can be used by attackers to gain access to corporate computers provisioned with Intel AMT, which is a CPU feature that allows system admins to perform remote out-of-band management without needing physical access to the device. The researcher, Harry Sintonen said that the attacker can select the Intel Management Engine BIOS Extension (MEBx) for the boot-up routine, to  bypass any previous BIOS, BitLocker, or TPM […]

Ant Financial Censured by China’s Cyber Watchdog Over Privacy Issue

Ant Financial Censured by China’s Cyber Watchdog Over Privacy Issue

It was been reported that the Cyberspace Administration of China (CAC) had berated Alibaba’s payment affiliate, Ant Financial, for compromising the privacy of Alipay service users who got enrolled automatically into the company’s credit scoring system without their consent. Some users were apparently unaware that they had to uncheck an opt out button on a financial analysis feature by Alipay. Data of users who did not opt out were collected by Sesame Credit and shared with its partners for analysis.   Nie Zhengjun, Ant Financial’s chief privacy officer, apologized for the breach and said that the company had already initiated […]

Adobe Issues Fix for Information Leak Bug

Adobe Issues Fix for Information Leak Bug

In a security update posted last Tuesday, Adobe informed its users of a new patch for Flash Player that addresses an information leak issue. The CVE-2018-4871 is a security vulnerability which can be exploited by hackers to extract leaked sensitive information from a system. The bug impacts computers running Windows, Linux, and Mac OS, as well as those that use Chrome, Edge, and Internet Explorer 11. Adobe encouraged users not to decline the automatic updates. Source: ZDNet

WPA3 to Replace Decades Old WPA2 WiFi Protocol

WPA3 to Replace Decades Old WPA2 WiFi Protocol

Last Monday, the Wi-Fi Alliance announced that its next-generation wireless security protocol WPA3, is ready to replace its decades-old predecessor WPA2. The Alliance, which includes Apple, Microsoft, and Qualcomm as its members, revealed that WPA3 will use individualized data encryption. This is expected to solve a common security problem with open Wi-Fi networks by scrambling the connection between a device and the router. WPA3 will also be able to protect against brute-force dictionary attacks and will block attackers after a number of failed password attempts. It is said that the new protocol could not have come soon enough, since a […]

Apple: All Macs, iPhones, iPads Affected by Spectre and Meltdown

Apple: All Macs, iPhones, iPads Affected by Spectre and Meltdown

Apple recently confirmed that Meltdown and Spectre, the two chip-level security vulnerabilities, also affect all Macs, iPhones, and iPads. Patches for the Meltdown bug has already been released, but it may take a few days before a fix for Spectre is released. However, Apple owners were assured in a blog post that there were no known exploits that can affect customer in the meantime. As the vulnerabilities affect almost any device that use an Intel or ARM processors, Google, Microsoft, and other companies have already released their respective fixes. A security researcher also published a list of online antivirus products. […]

Tech Giants Hurriedly Take Measures Against CPU Vulnerability

Tech Giants Hurriedly Take Measures Against CPU Vulnerability

The recent discovery of a vulnerability in Intel CPUs have roused tech giants Microsoft, Amazon, and Google into action to prevent the exploitation of the hardware-level security bug. In reaction to the Meltdown and Spectre flaws which were publicly revealed last Tuesday, Microsoft said that they have deployed mitigations to cloud services and rolled out security updates for Windows, Edge and Internet Explorer browsers, and Surface devices. Google, who first alerted Intel about the vulnerability, said that it had already updated its public cloud service without the need for forced restarts or maintenance windows. Meanwhile, Amazon informed its customers that […]

Facial Recognition Tech Used on Ashes Spectators on Sydney

Facial Recognition Tech Used on Ashes Spectators on Sydney

It was recently revealed that a number of high tech security measures had been installed in Sydney Cricket Ground. The system is said to include around 820 cameras equipped with facial recognition technology which is linked to the Transport Management Centre and the NSW Police operations centre. SCG Trust chief executive Jamie Barkley said that they have invested significantly on security technology to provide airport-style levels of safety for sports fans. SCG security manager Luke Schibeci meanwhile said that they wish to further understand how the technology can better protect venues, workers, and patrons from terrorism. Source: ZDNet

Microsoft Releases Fixes for Spectre and Meltdown Vulnerabilities

Microsoft Releases Fixes for Spectre and Meltdown Vulnerabilities

Late last Thursday, Microsoft issued emergency fixes for two major security flaws found in processors released since 1995. The “Meltdown” and “Spectre” can be exploited by attackers to access information in the computer’s memory. However, the attacks have not been seen in the wild, and researchers say that they are impossibly difficult to leverage. Software and hardware companies however, have already acted and released fixes for both, although Microsoft warned that their fixes may be incompatible with some antiviruses and may lead to BSODs. Source: Bleeping Computer

Major Security Flaw in Intel Processors Confirmed

Major Security Flaw in Intel Processors Confirmed

Last Wednesday, security researchers revealed two critical flaws in Intel processors that are said to have been present as early as 20 years ago. The two CPU bugs, called “Meltdown” and “Spectre” affects almost every system that uses Intel chips since 1995. In a paper, the researchers established that an attacker can use the vulnerabilities to steal data from the memory of running apps, including sensitive information such as password managers, browsers, emails, and photos and documents.   Linux developers have announced that they are planning a redesign to deal with the vulnerabilities, while AMD released a statement saying that […]

Read more about the Data Privacy practice at Disini & Disini Law Office