Data Privacy

Ant Financial Censured by China’s Cyber Watchdog Over Privacy Issue

Ant Financial Censured by China’s Cyber Watchdog Over Privacy Issue

It was been reported that the Cyberspace Administration of China (CAC) had berated Alibaba’s payment affiliate, Ant Financial, for compromising the privacy of Alipay service users who got enrolled automatically into the company’s credit scoring system without their consent. Some users were apparently unaware that they had to uncheck an opt out button on a financial analysis feature by Alipay. Data of users who did not opt out were collected by Sesame Credit and shared with its partners for analysis.   Nie Zhengjun, Ant Financial’s chief privacy officer, apologized for the breach and said that the company had already initiated […]

Adobe Issues Fix for Information Leak Bug

Adobe Issues Fix for Information Leak Bug

In a security update posted last Tuesday, Adobe informed its users of a new patch for Flash Player that addresses an information leak issue. The CVE-2018-4871 is a security vulnerability which can be exploited by hackers to extract leaked sensitive information from a system. The bug impacts computers running Windows, Linux, and Mac OS, as well as those that use Chrome, Edge, and Internet Explorer 11. Adobe encouraged users not to decline the automatic updates. Source: ZDNet

WPA3 to Replace Decades Old WPA2 WiFi Protocol

WPA3 to Replace Decades Old WPA2 WiFi Protocol

Last Monday, the Wi-Fi Alliance announced that its next-generation wireless security protocol WPA3, is ready to replace its decades-old predecessor WPA2. The Alliance, which includes Apple, Microsoft, and Qualcomm as its members, revealed that WPA3 will use individualized data encryption. This is expected to solve a common security problem with open Wi-Fi networks by scrambling the connection between a device and the router. WPA3 will also be able to protect against brute-force dictionary attacks and will block attackers after a number of failed password attempts. It is said that the new protocol could not have come soon enough, since a […]

Apple: All Macs, iPhones, iPads Affected by Spectre and Meltdown

Apple: All Macs, iPhones, iPads Affected by Spectre and Meltdown

Apple recently confirmed that Meltdown and Spectre, the two chip-level security vulnerabilities, also affect all Macs, iPhones, and iPads. Patches for the Meltdown bug has already been released, but it may take a few days before a fix for Spectre is released. However, Apple owners were assured in a blog post that there were no known exploits that can affect customer in the meantime. As the vulnerabilities affect almost any device that use an Intel or ARM processors, Google, Microsoft, and other companies have already released their respective fixes. A security researcher also published a list of online antivirus products. […]

Tech Giants Hurriedly Take Measures Against CPU Vulnerability

Tech Giants Hurriedly Take Measures Against CPU Vulnerability

The recent discovery of a vulnerability in Intel CPUs have roused tech giants Microsoft, Amazon, and Google into action to prevent the exploitation of the hardware-level security bug. In reaction to the Meltdown and Spectre flaws which were publicly revealed last Tuesday, Microsoft said that they have deployed mitigations to cloud services and rolled out security updates for Windows, Edge and Internet Explorer browsers, and Surface devices. Google, who first alerted Intel about the vulnerability, said that it had already updated its public cloud service without the need for forced restarts or maintenance windows. Meanwhile, Amazon informed its customers that […]

Facial Recognition Tech Used on Ashes Spectators on Sydney

Facial Recognition Tech Used on Ashes Spectators on Sydney

It was recently revealed that a number of high tech security measures had been installed in Sydney Cricket Ground. The system is said to include around 820 cameras equipped with facial recognition technology which is linked to the Transport Management Centre and the NSW Police operations centre. SCG Trust chief executive Jamie Barkley said that they have invested significantly on security technology to provide airport-style levels of safety for sports fans. SCG security manager Luke Schibeci meanwhile said that they wish to further understand how the technology can better protect venues, workers, and patrons from terrorism. Source: ZDNet

Microsoft Releases Fixes for Spectre and Meltdown Vulnerabilities

Microsoft Releases Fixes for Spectre and Meltdown Vulnerabilities

Late last Thursday, Microsoft issued emergency fixes for two major security flaws found in processors released since 1995. The “Meltdown” and “Spectre” can be exploited by attackers to access information in the computer’s memory. However, the attacks have not been seen in the wild, and researchers say that they are impossibly difficult to leverage. Software and hardware companies however, have already acted and released fixes for both, although Microsoft warned that their fixes may be incompatible with some antiviruses and may lead to BSODs. Source: Bleeping Computer

Major Security Flaw in Intel Processors Confirmed

Major Security Flaw in Intel Processors Confirmed

Last Wednesday, security researchers revealed two critical flaws in Intel processors that are said to have been present as early as 20 years ago. The two CPU bugs, called “Meltdown” and “Spectre” affects almost every system that uses Intel chips since 1995. In a paper, the researchers established that an attacker can use the vulnerabilities to steal data from the memory of running apps, including sensitive information such as password managers, browsers, emails, and photos and documents.   Linux developers have announced that they are planning a redesign to deal with the vulnerabilities, while AMD released a statement saying that […]

MIT Warns of Ransomware Attacks on Cloud Computing in 2018

MIT Warns of Ransomware Attacks on Cloud Computing in 2018

MIT Technology Review recently predicted that cloud services may be the next target of ransomware attacks, since these are huge stores of valuable data for companies. They added that smaller cloud providers are likelier targets since bigger companies such as Google, Amazon, and IBM have ample resources and experience to fend off attackers. MIT also said that cyber attackers may increasingly leverage AI technologies such as machine learning models and neural networks. The prediction is supported by McAfee Labs in their Threat Predictions Report 2018, where they said that attackers may use machine learning to disrupt detection models and exploit […]

ISC Presidents Says IIoT Needs Better Security, Communication Standards

ISC Presidents Says IIoT Needs Better Security, Communication Standards

Internet Society of China (ISC) president Wu Hequan recently called for better communication standards and security in the field of Industrial Internet of Things (IIoT). Wu said that developments in IIoT were being hampered by the inefficiencies in communication technologies. The Field bus bar, which was initially used, had too many standards, while industrial Ethernet has too many incompatibilities. He added that the constant connectivity of IIoT makes it vulnerable to data breaches, and urged for the adoption of information security technologies such as user recognition, real-time network monitoring and early warning, decentralized authentication and experimental models, distributed sensing for […]

Read more about the Data Privacy practice at Disini & Disini Law Office