Data Privacy

Tech Firms Move to Oppose India’s Proposed Data Law

Tech Firms Move to Oppose India’s Proposed Data Law

Global companies such as Facebook, Mastercard, and Paypal are reportedly planning to lobby against India’s new legislation that would require such organizations to store the data of Indians within the country. In a letter to India’s information technology minister, the firms said that restricting cross-border data flow would make an impact on both Indian and global companies. Organizations such as the U.S.-India Strategic Partnership Forum, the Washington-based Information Technology Industry Council (ITI), London-based techUK, and India’s NASSCOM have expressed their support of the message. However, an IT ministry official said that data localization was a necessity to prevent breaches and […]

Tech Giants to Face US Senate Over Data Privacy on Sept 26

Tech Giants to Face US Senate Over Data Privacy on Sept 26

Lawmakers in the US Senate are scheduled to hear the testimony of executives from major US tech companies such as Google, Twitter, Amazon, Apple, AT&T, and Charter Communications over matters concerning consumer data privacy on September 26. Republican U.S. Senate Commerce Committee Chairman John Thune said that during the discussion, the US panel will be giving the tech companies and carriers the opportunity to explain their approaches to privacy, and how they plan to comply with the new European Union and California laws. They can also give their suggestions on how the Congress can help to to promote clear privacy […]

Malicious Code Used in British Airways Hack Found

Malicious Code Used in British Airways Hack Found

A researcher from cybersecurity firm RiskIQ said that he had discovered a “skimming script” on the British Airways website which may have been used by hackers to steal financial data. The airline was recently hit by a breach that compromised the data of around 380,000 customers. The code was said to have been customized to take advantage of British Airways’ payment page, which suggests that the hackers carefully planned how to attack the website. It was also pointed out that it is common practice for large websites to embed chunks of code from third-parties and other sources, and the malicious […]

Swiss Data Management Company Exposes 445 Million Records

Swiss Data Management Company Exposes 445 Million Records

Swiss data management services provider, Veeam, reportedly left a database with over 200 GB of sensitive data on a MongoDB server which was completely unsecured and viewable to the public. The leak was discovered by security researcher Bob Diachenko who immediately warned the company. The vulnerable trove of data which included around 445 million customer records got taken offline four days later. Experts pointed out that leaks in the past had often been caused by misconfigured instances of MongoDB, which was initially used for access from local networks.     Source: Bleeping Computer

Trend Micro Apps Removed from Mac App Store for Leaking User Data

Trend Micro Apps Removed from Mac App Store for Leaking User Data

Apple had reportedly removed several apps under Trend Micro’s developer account, including Dr. Antivirus, Dr. Cleaner, and Dr. Unarchiver for silently collecting information from the user’s system. A number of researchers had found that the top-rated apps were hardcoded to exfiltrate user information such as browser history, serial number, and OS version. One of the researchers, Privacy_1, further revealed that apps from Chinese developers such as Adware Doctor, Komros Adware Cleaner, Open Any Files and Adblock Master exhibited the same behavior. TrendMicro, meanwhile, said that their apps merely collected browser snapshots for security purposes, but the behavior had been disclosed […]

Australia’s Anti-Encryption Law Still Allows for Backdoors, Expert Says

Australia’s Anti-Encryption Law Still Allows for Backdoors, Expert Says

In a blog post last week, University of Melbourne’s Dr. Chris Culnane said that Australia’s Assistance and Access Bill will not really prevent the creation of ‘backdoors’. Culnane, who is a lecturer at the university’s School of Computing and Information Systems, said that the bill will merely create an alternative entry point into a protocol or target system. He added that the bill contains a description of what sounds like a backdoor, albeit a ‘keyed’ backdoor. The bill will still have to undergo public consultation before being tabled in parliament. However, it is said that the government is expediting work […]

Google Fixes Chrome WiFi Vulnerability

Google Fixes Chrome WiFi Vulnerability

Google said that Chrome version 6.9, which was released yesterday, includes a fix for a vulnerability which an attacker could exploit to steal a user’s WiFi logins. The flaw, called Wi-Jacking, was developed by UK security researcher Elliot Thompson of SureCloud. Thompson said that he was able to steal WiFi login data with the complex multi-step attack, which is something that Chrome does not handle in the first place. While the Opera browser is said to be susceptible to the attack as well, Firefox, Edge, and Internet Explorer are not affected.       Source: ZDNet

EU Security Researchers Find Banking Trojans on Google Play

EU Security Researchers Find Banking Trojans on Google Play

Security researchers from EU-based companies tweeted this week that a number of banking trojans and shady apps can still be found on Google Play. Lukas Stefanko from ESET said that he found three astrology apps that had the functionality to steal and send SMS, steal callLogs and banking credentials, and download and install apps. Meanwhile, Nikolaos Chrysaidos of Avast discovered five malicious apps that claimed to improve the performance of the user’s device, but were part of a banking malware campaign that was identified in the first week of August. Source: Bleeping Computer

Researchers Develop New Technique to Steal Unlock Patterns

Researchers Develop New Technique to Steal Unlock Patterns

Researchers from UK’s Lancaster University and Linköping University in Sweden have developed a new technique called SonarSnoop which can be used to steal unlock patterns on smart devices such as phones and tablets. The technique works by turning a smartphone’s built-in speaker and microphone into a sonar system. An attacker do this by infecting the target device with a malware that can make it emit sounds inaudible to humans. The sound waves bouncing off the user’s finger when unlocking the phone can then be picked up by the device’s microphone. The researchers said that the technique does not yield a […]

Russia Tries to Block Telegram with Experimental Technology

Russia Tries to Block Telegram with Experimental Technology

The Russian government is reportedly trying out a more precise technology that can block individual services to prevent the use of Telegram in the country. Sources say that a technology called Deep Packet Inspection that analyzes data flows online is being tested, but results have been unsuccessful so far as it still affected other unrelated services. As of today, Telegram is still available in the region. Russia’s earlier attempts to block the popular encrypted app back in April hit a wall after it brought down access to a number of other services such as Viber calls, Volvo’s cloud-based apps, and […]

Read more about the Data Privacy practice at Disini & Disini Law Office