Recent Posts

New Hardware Flaw Undermines RSA Encryption

New Hardware Flaw Undermines RSA Encryption

Last Tuesday, security researchers from various universities identified a vulnerability in security tokens, cryptographic smartcards, and chipsets produced by German manufacturer Infineon Technologies that could jeopardize software signing, account security, and token authentication for various computer products. The CVE-2017-15361 ROCA vulnerability, which was found in the implementation of RSA keypair generation in a cryptographic library,  allows an attacker to carry out a “practical factorization attack.” where a public key can be used to generate a private key. The experts found that RSA keys from the bugged hardware were not generated randomly, making them easy to crack. The team confirmed there […]

Cyberspies Attack APAC Banks to Steal Funds for Operations

Cyberspies Attack APAC Banks to Steal Funds for Operations

Reports last Tuesday revealed that cyber espionage organizations based in Asia Pacific (APAC) have began targeting banks to pilfer credit to their operations. According to Yury Namestnikov of Kasperky Lab’s Research Centre of Global Research and Analysis Team (GReAT), they found that the APT (Advanced Persistent Threat) groups attack APAC banks that are easy to infect. The research team named active cyberespionage groups like Cobalt Goblin and Lazarus that were responsible for hacking financial institutions in Hong Kong, Bangledesh, Philippines, Malaysia, and South Korea. Though Kaspersky was not able to determine how much money the banks lost, they were able […]

Google Adds Anti-virus Feature to Windows Chrome Browser

Google Adds Anti-virus Feature to Windows Chrome Browser

Last Tuesday, Google officially added three new security features in its Chrome browser for Windows. The updates are intended to strengthen Chrome’s anti-malware inspection and removal functions. The updated browser will automatically recognize if unauthorized changes have been made on the settings, and will prompt users to restore the primary settings. Google also improved Chrome’s Cleanup application to provide an easier way to recover default settings in an infected browser. Engineers have redesigned the Cleanup alerts to let users know which software to delete. Finally, Google added an ESET anti-virus malware detection engine that works with the Chrome sandbox feature. […]

Microsoft Discreetly Patches KRACK Bug Last Week

Microsoft Discreetly Patches KRACK Bug Last Week

According to news last Tuesday, Microsoft snuck in the Krack WPA2 vulnerability fix into last week’s October 10 Patch security updates. Microsoft quietly slipped the patch while other vendors were busy releasing updates this week. The tech giant’s patch delivery was not publicly announced until this Tuesday. The patch was sent through an additive update that came with more than 25 other updates. Only users who have read the associated knowledge basic article, or clicked the “more info” button to read the last bullet, would be aware of the fix. A representative from Microsoft stated that the tech giant indeed […]

Data Breach Exposes 30 Million South African’s Private Information

Data Breach Exposes 30 Million South African’s Private Information

It was reported last Tuesday that information security researcher Troy Hunt unveiled a major data breach involving personal information of over 30 million South Africans. The breached data includes unique ID numbers, employment history, income, and owned property as revealed by Hunt, who also established the popular security website HaveIBeenPwned.com. The leaked information contains files that date as far back as the 1990s. Several other reports say that the breach must have occurred sometime in March of this year. The massive data leak was found together with several other data breaches which had a personal address that were traced back […]

Federal Agencies Instructed to Ramp Up Cybersecurity Measures

Federal Agencies Instructed to Ramp Up Cybersecurity Measures

In an effort to increase cybersecurity in all areas of the government, the US Homeland Security has instructed federal agencies to use greater web and email security features. According to a binding operational directive, the agencies will be given 3 months to deploy email validation system DMARC on their networks, and 4 months to use HTTPS web encryption. Democratic Senator Ron Wyden lauded the effort, calling it a “good, basic step”. He added that using STARTTLS encryption and DMARC is a cheap, yet effective way to secure one’s email, and he hopes that other government agencies and the private sector […]

BSP Releases New Cryptocurrency Guidelines

BSP Releases New Cryptocurrency Guidelines

Said to be the first of its kind in the region, a circular by the Bangko Sentral ng Pilipinas on cryptocurrency has recently been discussed in the news, particularly because of the rapid surge in Bitcoin prices in the past week. According to BSP deputy director Melchor Plabasan, millions in cryptocurrency are being traded in the country each day, and the guidelines seek to balance the interests of harnessing innovation with managing risks. He added that virtual currencies can easily be used for money laundering which cannot be countered by anti-money laundering laws and KYC practices. Meanwhile, Satoshi Citadel Industries […]

Russia Plans to Issue Its Own Cryptocurrency

Russia Plans to Issue Its Own Cryptocurrency

In the wake of the country’s hard stance on cryptocurrency, a report by CoinTelegraph revealed that Russia may soon issue its own digital currency to be called the “CryptoRuble”. According to scarce details gathered from Russian news agencies, the currency will be blockchain-based. However, it cannot be mined and can only be issued by by the government, and will be tracked like any ordinary currency. Some say that this practically defeats the purpose of this kind of currency, which is traded primarily because it is unhindered by government regulation.   It was said that the Russian government’s minister of communications, […]

IBM to Speed Up Cross-Border Payments Using Blockchain

IBM to Speed Up Cross-Border Payments Using Blockchain

IBM recently announced a partnership with blockchain startup Stellar, and payment company Kickex, on a system which uses blockchain technology to increase the efficiency of cross-border payments. Blockchain, the technology underpinning cryptocurrency, will be used to reduce the time and costs associated with global payments, according to IBM. At present, it takes days to weeks to complete international transactions, and while services like TransferWise already exists, it only remains accessible to small businesses and savvy consumers. IBM adds that the blockchain solution would also lessen errors while allowing banks heightened transparency and flexibility. The system is already being used in […]

“Krack” Bug a Serious Breakdown of WPA2 WiFi Security

“Krack” Bug a Serious Breakdown of WPA2 WiFi Security

News of the WiFi security bug known as “Krack” surfaced earlier this week after being confirmed by US-CERT, Homeland Security’s cyber-emergency unit. First revealed by computer security academic Mathy Vanhoef around 2 months ago, the ‘Key Reinstallation Attack’ vulnerability affects the WPA2 security protocol which is used by most wireless networks. Experts have called the Krack flaw a “complete breakdown“ of the protocol since it can allow attackers to intercept and decrypt network traffic, and even inject content into the stream. The vulnerable device has to be in close proximity for the attack to be successful, and no attacks have […]