Recent Posts

PCC Publishes its Rules of Procedure

PCC Publishes its Rules of Procedure

The Philippine Competition Commission (PCC) has published its 2017 Rules of Procedure (Rules), which shall guide the PCC in the handling of complaints, referrals from regulatory agencies, and motu proprio inquiries, as well as in the conduct of its investigations. Under the Rules, the PCC, through the Enforcement Office, shall conduct a 90-day preliminary inquiry on the basis of a verified complaint, referral by a regulatory agency, or a directive from the Chairman and the Commissioners of the PCC 
(Commission), to determine whether there are reasonable grounds to conduct a full administrative investigation for any violation of the Philippine Competition […]

Asia Business Law Journal Interviews JJ Disini on Fintech

“Fintech”, short for financial technology, has become a major buzzword in recent years, especially in the most developed countries of the world. It is, however, still a relatively murky concept in some areas of the Asia-Pacific, even though it has already brought significant change to the economic landscape in the region. Many experts are seeing enormous fintech opportunities in the Asia-Pacific, and are also predicting the region to surpass the US and Europe in fintech innovations. Some say that government support, regulatory facilitation, consumer willingness, and easy access to capital are just a few of the reasons contributing to this […]

Security Expert Reveals MacOS Malware Capable of Synthetic Mouse Clicks

Security Expert Reveals MacOS Malware Capable of Synthetic Mouse Clicks

Patrick Wardle of Digita Security revealed at the recently-held DefCon in Las Vegas a malware that can perform synthetic clicks on MacOS, which can allow attackers to bypass permission prompts and compromise the user’s system. Wardle said that such a malware, which synthetically interacts with the user interface, can be used to bypass layers of security so the attacker can access the user’s location, steal their contacts or even take over the computer’s kernel core system to fully control the computer. Wardle added that he came across the “synthetic clicks“ bypass technique by incorrectly pasting code.   Source: Wired

Firmware Vulnerabilities Found in Big Brand Android Models

Firmware Vulnerabilities Found in Big Brand Android Models

Security researchers revealed at DefCon last week around 47 vulnerabilities in the firmware and apps of 25 Android smartphone models, some even belonging to big brands including ZTE, Sony, Nokia, LG, Asus, and Alcatel. Some of the flaws can permit the attacker to access or send text messages from the user’s phone, take screenshots, record videos of the device’s screen, access the user’s contacts list, force installation of third-party arbitrary apps without the user’s knowledge or consent, and even wipe user data. Angelos Stavrou, CEO of Kryptowire, said that the sheer number of phone models and firmware makes it very […]

11-Year Old Gives Hacking Demonstration of US Voting System  

11-Year Old Gives Hacking Demonstration of US Voting System  

In a recent hacking competition sponsored by non-profit R00tz Asylum, 11 year old Bianca Lewis showed how easy it was for hackers to compromise the infrastructure of the US voting system. The contest was part of the recently held Def Con conference in Las Vegas which was attended by more than 300 young hackers. By attacking a replica website, Lewis showed that it was possible to change the number of votes or even delete candidates off the system. It was noted that Congress last month rejected an amendment that would have allotted $380m for boosting electoral security for 2019. Source: […]

All-in-one Printers, Fax Machines Can be Used to Hack Company Networks, Researchers Warn

All-in-one Printers, Fax Machines Can be Used to Hack Company Networks, Researchers Warn

Check Point Software researchers warned this week that hackers can now take over company networks by exploiting a bug in fax machines and all-in-one printers. The researchers said that it is possible to steal company secrets just by faxing over lines of malicious code disguised as an image file. The file is then decoded and stored in the fax’s memory which the attacker can use to take over the machine. While HP said that they had already addressed the vulnerability, the researchers added that the new attack vector can still be used on faxes from other brands. Source: CNBC

Google Boosts Local Partnership for Return to China

Google Boosts Local Partnership for Return to China

A new report from the Wall Street Journal revealed that Google had been increasing its partnership with local companies in China for years in preparation for its re-entry into the market. It was revealed that CEO Sundar Pichai had been cultivating partnerships with developers who had been using Google’s infrastructure, as well as companies using Google Ads to reach customers outside of China. The search giant had also been engaging in talks with Tencent on jointly offering cloud computing services. The WSJ also pointed out that the partnerships should show the ruling Communist Party that Google is contributing to local […]

Facebook Drops Content on 3D Printing of Guns

Facebook Drops Content on 3D Printing of Guns

Facebook said this week that it has removed content related to the 3D printing of firearms on its platform. The move comes as the debate on gun control intensifies in the US. A spokesperson said that instructions on how to manufacture guns using 3D printers go against the social network’s Community Standards, but it was not clarified if only posts would be removed and not pages.   The company however assured that it will be sharing an updated policy on the restricted product shortly. Source: Reuters

Platform for Selling of Exploits, Zero-Day Vulnerabilities Launched

Platform for Selling of Exploits, Zero-Day Vulnerabilities Launched

Dubai-based exploit buyer Crowdfense announced this week the launch of its platform where researchers can sell zero-day security flaws and exploit chains. Scheduled to be opened on September 3, the company’s Vulnerability Research Platform will serve as a venue for the submission, discussion, and sales of vulnerabilities. The platform will also offer step-by-step guides, technical evaluations, pricing and follow-up communication channels. The company’s bug bounty program, which was launched earlier this year, offers researchers rewards from $500,000 up to $3 million for zero-day bugs and partial exploit chains. Source: ZDNet

Cortana Exploit Used to Bypass Windows 10 Security

Cortana Exploit Used to Bypass Windows 10 Security

Kzen Networks security researchers Amichai Shulman and Tal Be’ery, with Israel Institute of Technology’s Ron Marcovich and Yuval Ron, revealed this week a vulnerability in Microsoft’s Cortana which can allow attackers to bypass the security of a locked Windows 10 computer. The bug, CVE-2018-8140, allows attackers to use a limited range of vocal commands to Cortana even when the keyboard is locked. However, activating the voice assistant unlocks the keyboard, allowing the attacker to launch local commands without the need for authentication or user validation.   The researchers said that using this method, it was possible to retrieve data from […]

North Korean Hackers Reuse Old Code in New Attacks

North Korean Hackers Reuse Old Code in New Attacks

McAfee and Intezer revealed this week that North Korean hackers may be re-using old malware and computer infrastructure which leave evidence that could be used to trace incidents back to them. McAfee senior principal engineer Christiaan Beek said that while the hackers do improve as time goes, the code that they use show a lot of overlap with other campaigns such as elements of the malware used in WannaCry. Intezer’s Jay Rosenberg says that the state-sponsored hacking groups’ reasons for re-using the code are likely the same as any other developer, which is to save time and resources to ensure […]

PCC to Set Rules on Grab to Ensure Fairness

PCC to Set Rules on Grab to Ensure Fairness

The Philippine Competition Commission (PCC) said this week that it will be strictly monitoring Grab to make sure that it follows rules to ensure fairness to consumers given its “virtual monopoly” on the local ride-sharing market. PCC chairman Arsenio Balisacan says that they will hold Grab to the commitments it has previously made, which include the improvement of fare transparency, higher acceptance rates for bookings and faster response time to complaints, and re-evaluation of drivers incentives. The watchdog said that Grab can face fines up to two million pesos per offense, and serious non-compliance can lead to the invalidation of […]