The World Opinion

Tag: cyber security

  • Need To Balance Confidentiality With Cyber ​​Threat Intelligence Sharing: Center |

    New Delhi: There is an urgent need to balance confidentiality with threat intelligence sharing and secure digital applications by design amid evolving challenges in cyber security, the government said on Wednesday. Addressing an event here in the national capital, S. Krishnan, Secretary, MeitY, said there is a need to create independent information security verticals across organizations to act as watchdogs and first lines of defense.

    Krishnan stressed upon continuous learning to protect systems across government and society. The event, part of the ‘Cyber ​​Surakshit Bharat’ initiative, witnessed participation from over 250 CISOs, deputy CISOs, frontline IT officers, and senior officials from various ministries and state departments.

    Abhishek Singh, Additional Secretary, MeitY underlined the growing importance of cyber security as part of the ‘Digital India’ campaign and called for robust cyber crisis management plans, akin to disaster management frameworks. He introduced the ‘Cyber ​​Swachhata’ initiative, urging organizations to cleanse their systems of malware and likening the effort to the ‘Swachhata Abhiyan’.

    Nand Kumaram, President and CEO, National E-Governance Division (NeGD), underlined the vital role of conducting CISO Workshops, recognizing the continuous transformation organizations are undergoing in both hardware and software domains.

    According to Savita Utreja, Group Coordinator (Cybersecurity) at MeitY, with the rapid adoption of emerging technologies, all organizations are now directed to appoint CISOs. With a proactive approach, organizations must identify assets, detect threats, respond effectively, and improve resilience to stay ahead of cyber challenges, she added.

    The workshop on cyber security aimed to provide valuable insights and strategies that will help CISOs stay ahead in securing our digital landscapes. Launched in 2018, the CISO training program has been a successful collaboration between the government and the private sector under the Public-Private Partnership (PPP) model. It provides an essential platform to engage in discussions on the evolving challenges in cyber security, contributing to the development of a safer and more resilient digital landscape in India.

  • Indian Cyber ​​Agency Finds Multiple Bugs in Microsoft Edge, Advises Users to Update |

    New Delhi: The Indian Computer Emergency Response Team (CERT-In), which comes under the Ministry of Electronics & Information Technology, on Monday, warned users of multiple vulnerabilities in Microsoft Edge (Chromium-based) which could allow an attacker to compromise the targeted system.

    The affected software includes Microsoft Edge Stable versions prior to 125.0.2535.85. “Multiple vulnerabilities have been reported in Microsoft Edge (Chromium-based) which could allow an attacker to compromise the targeted system,” said the CERT-In advisory.

    According to the cyber agency, these vulnerabilities exist in Microsoft Edge (Chromium-based) due to ‘out of bounds’ memory access in keyboard inputs; out of bounds write in streams API; heap buffer overflow in WebRTC, use after free in dawn, media session and presentation API.

    An attacker could exploit these vulnerabilities by enticing a victim to open a specially crafted file, the agency mentioned. Cert-In advised users to apply appropriate security updates as mentioned by the company.

    Meanwhile, the cyber agency warned users of multiple vulnerabilities in Android which could allow an attacker to obtain sensitive information, gain elevated privileges and cause denial-of-service (DoS) conditions on the targeted system.

    As mentioned in the advisory, these vulnerabilities exist in Android due to flaws in the Framework, System, Google Play system updates, Kernel, Arm components, MediaTek components, Imagination Technologies and Qualcomm closed-source components.

  • Getting Fake Calls Threatening To Disconnect Your Mobile On Behalf Of DoT/TRAI? Report At These Numbers |

    New Delhi: Department of Telecommunications (DoT) has issued an advisory to citizens not to take fake calls being received by the citizens wherein callers are threatening to disconnect their mobile numbers, or their mobile numbers are being misused in some illegal activities. DoT said that it does not make calls to citizens threatening disconnection.

    The DoT had also issued advisory about WhatsApp calls from foreign origin mobile numbers (like +92-xxxxxxxxxxx) impersonating government officials and duping the people.

    Cyber ​​criminals through such calls try to threaten or steal personal information to carry out cyber-crime/financial frauds.

    Where To Report Fake Calls?

    The DoT/TRAI said it does not authorize anyone to make such calls on its behalf and has advised people to stay vigilant and report such fraud communications at ‘Chakshu – Report Suspected Fraud Communications’ facility of Sanchar Saathi portal (www.sancharsaathi.gov. in/sfc). Such proactive reporting helps DoT in prevention of misuse of telecom resources for cyber-crime, financial frauds, etc.

    The DoT also advises citizens to report at cyber-crime helpline number 1930 or www.cybercrime.gov.in in case of already a victim of cyber-crime or financial fraud.

    Various measures have been taken to combat suspected fraud communications and to curb cybercrime activities. Under CHAKSHU facility, 52 Principal Entities, involved in sending malicious and phishing SMSs to the citizens have been blacklisted. 700 SMS content templates have been deactivated. 348 mobile handsets blacklisted on pan-India basis across all telecom operators.

    10,834 suspected mobile numbers flagged for re-verification to the telecom operators out of which 8272 mobile connections disconnected failing re-verification till 30th April 2024. 1.86 lakh mobile handsets blocked on pan India basis for involvement in cybercrime/financial frauds.

    Advisories have been issued on a regular basis for the public to create awareness on fake notices impersonating DoT/TRAI, suspected fraud communications and malicious calls via press, SMS, and social media, said DoT.

  • boAt Hit With Massive Data Breach, Over 7.5 Million Customers At Risk Of Losing Personal Info |

    New Delhi: In a recent cyberattack, India’s leading audio brand, boAt, has suffered a data breach that has left the personal information of more than 7.5 million customers. This breach has exposed personal information, including names, addresses, contact numbers, email IDs, customer IDs, and more, putting users’ bank accounts and other private data at risk.

    Despite the severity of the situation, boAt has not yet released an official statement regarding the incident. Notably, Forbes initially reported on the breach.

    The breach was revealed by a hacker identifying as ShopifyGUY, who asserted to have breached boAt Lifestyle’s database on April 5. The hacker shared files containing the compromised data, reportedly comprising 7,550,000 entries, within a dark web forum. (Also Read: WhatsApp Call Scam Alert! Be Cautious If You Receive Calls From These Numbers, Government Warns)

    What Could Happen After This Breach:

    As you may know, if a hacker obtains access to the database, they can utilize your phone number and email ID to not only circumvent device security but also send phishing emails. These emails can be utilized to pilfer data or even money by infecting your devices with malware.

    These scammers may contact you, armed with all your information, and attempt to make them click on website links to download apps, or any other form to perform actions.

    boAt- Second Most Popular Brand

    boAt, established in 2016 by Aman Gupta and Sameer Mehta, has garnered recognition for its cost-effective audio products and wearable devices, emerging as the second most wearable brand in India. Despite the recent breach, the Gurugram-based company has experienced substantial growth, achieving sales exceeding Rs3,000 crore in March 2023. (Also Read: https://zeenews.india.com/technology/nothing-set-to-launch- nothing-ear-and-nothing-ear-a-earbuds-in-india-check-date-2737912.html)

    The homegrown consumer electronics company has filed its IPO documents in 2021 but postponed the offering owing to market fluctuations. It’s worth mentioning that boAt faces competition from brands such as Fire-Boltt, Noise, Xiaomi, and Samsung.

  • Cyber ​​Attack, Data Breach Among Top Risks For Businesses In India: Survey |

    New Delhi: Cyber ​​attacks and data breaches are the top business risks for organizations in India, according to the 2023 Global Risk Management Survey. Cyber ​​attacks and data breaches were placed seventh in the 2021 business risks survey.

    Global professional services firm Aon collected inputs from around 3,000 risk managers, c-suite leaders, treasurers, talent professionals, and other executives from 61 countries and territories to identify the most pressing business challenges. (Also Read: Free Aadhaar Update Deadline Extended: Check List Of Required Documents To Do The Same)

    The biennial survey said that India's dependence on technology is likely to increase with the widespread adoption of digital infrastructure like the Unified Payments Interface, Aadhaar, and Open Network for Digital Commerce. (Also Read: Poco X6 5G Gets A Significant Price Drop On Flipkart: Check Details)

    “With increasing digitisation, cybercrimes continue to become rampant with costs and complexities associated with such breaches forcing organizations to look at risk mitigation and transfer mechanisms to better manage cyber risks,” the survey noted.

    Business interruption and failure to attract or retain top talent were marked as the second and third biggest risks facing organizations in India, respectively.

    “There is a compelling need for Indian businesses to leverage advanced data analytics and experts to understand and manage the dynamics of integrated risks,” said Nitin Sethi, Chief Executive Officer of Talent Solutions in India at Aon.

    Failure to meet customer needs, rapidly changing market trends, supply chain disruptions, and personal liabilities were marked down the list as other critical challenges for businesses in India.

  • Well being ministry approaches CERT-In over try to hack its web site

    By way of PTI

    NEW DELHI:  The Union well being ministry has requested the Indian Laptop Emergency Reaction Staff (CERT-In) underneath the Ministry of Electronics and Knowledge Generation to seem into the reported try of hacking of its web site allegedly by means of a Russian hacker workforce.

    Cyber safety mavens from CloudSEK have claimed that the Russian hacker workforce ‘Phoenix’ focused the web site and controlled to get get entry to to the ministry’s Well being Control Knowledge Gadget portal, which has main points of the entire hospitals of India and workers and physicians.

    “We’ve got sought main points and requested the CERT-In to seem into the alleged hacking of the well being ministry’s web site. They’ll post a document,” an legit supply instructed PTI.

    CERT-In is the nationwide nodal company for responding to laptop safety incidents and gives prevention and reaction services and products to executive departments and personal our bodies.

    In keeping with a document by means of CloudSEK, the crowd discussed that the assault is “a result of India’s settlement over the oil worth cap and sanctions of G20 over the Russia-Ukraine struggle”.

    ALSO READ| Russian workforce hacked web site of well being ministry, says document

    “The purpose at the back of this goal was once the sanctions imposed towards the Russian Federation the place Indian government made up our minds to not violate the sanctions in addition to conform to the fee ceiling for Russian oil authorized by means of G7 international locations,” CloudSEK stated.

    “This choice ended in a couple of polls at the Telegram channel of the Russian Hacktivist Phoenix asking the fans for his or her votes,” it said.

    CloudSEK said that Phoenix has been energetic since January 2022 and is understood for phishing scams and has a historical past of concentrated on hospitals founded in Japan and the United Kingdom, a US-based healthcare organisation serving the USA army and DDoS assault at the web site of the Spanish international ministry, amongst others.

    NEW DELHI:  The Union well being ministry has requested the Indian Laptop Emergency Reaction Staff (CERT-In) underneath the Ministry of Electronics and Knowledge Generation to seem into the reported try of hacking of its web site allegedly by means of a Russian hacker workforce.

    Cyber safety mavens from CloudSEK have claimed that the Russian hacker workforce ‘Phoenix’ focused the web site and controlled to get get entry to to the ministry’s Well being Control Knowledge Gadget portal, which has main points of the entire hospitals of India and workers and physicians.

    “We’ve got sought main points and requested the CERT-In to seem into the alleged hacking of the well being ministry’s web site. They’ll post a document,” an legit supply instructed PTI.googletag.cmd.push(serve as() googletag.show(‘div-gpt-ad-8052921-2’); );

    CERT-In is the nationwide nodal company for responding to laptop safety incidents and gives prevention and reaction services and products to executive departments and personal our bodies.

    In keeping with a document by means of CloudSEK, the crowd discussed that the assault is “a result of India’s settlement over the oil worth cap and sanctions of G20 over the Russia-Ukraine struggle”.

    ALSO READ| Russian workforce hacked web site of well being ministry, says document

    “The purpose at the back of this goal was once the sanctions imposed towards the Russian Federation the place Indian government made up our minds to not violate the sanctions in addition to conform to the fee ceiling for Russian oil authorized by means of G7 international locations,” CloudSEK stated.

    “This choice ended in a couple of polls at the Telegram channel of the Russian Hacktivist Phoenix asking the fans for his or her votes,” it said.

    CloudSEK said that Phoenix has been energetic since January 2022 and is understood for phishing scams and has a historical past of concentrated on hospitals founded in Japan and the United Kingdom, a US-based healthcare organisation serving the USA army and DDoS assault at the web site of the Spanish international ministry, amongst others.

  • How cyber protected are China-made good automobiles

    By way of Devvrat Pandey: Hackers and cybercriminals are continuously discovering new tactics to milk vulnerabilities in laptop techniques, cell gadgets, cloud networks, and device, inflicting important losses and harm. Whilst there’s normal consciousness in regards to the safety of laptop and cell phone gadgets, the rising IoT (Web of Issues)-enabled automotive marketplace stays in large part omitted.

    As era continues to advance, the sophistication and frequency of cyberattacks are anticipated to extend, making it crucial for people and organizations to take proactive measures to offer protection to themselves. Amid the rise in good automotive imports within the Australian marketplace, a dialog has arisen in regards to the doable safety risk they pose to people, as highlighted via an Australian suppose tank.

    As automobiles develop into extra technologically complex, they’ve necessarily develop into cell computer systems. Fashionable automobiles are supplied with cameras, and sensors, and related to the cyber web to accomplish duties corresponding to device updates. Those automobiles gather records, together with location, using routes, telephone contacts, and calls made via drivers. This information may well be exploited, posing a possibility to nationwide safety if a automotive proprietor drives to a protected facility, as an example. Researchers and hackers have proven that they are able to remotely prevent the engines, lock and unencumber automobiles made via quite a lot of producers, monitor car places, and accumulate drivers’ monetary main points.

    Reviews counsel that China turned into Australia’s fourth-largest supply of vehicle imports within the car business in 2022, Chinese language-made automotive gross sales surged 61% from the former yr, crossing 122K gadgets, trailing best Japan, Thailand, and South Korea.

    In style Chinese language manufacturers corresponding to MG, Nice Wall Motor, Haval, and LDV have develop into ubiquitous on Australian roads and are most likely supplied with IoT capability. Tesla and Polestar electrical good automobiles delivered in Australia also are made in China.

    SECURITY CONCERNS AROUND MODERN CARS

    Automobiles with IoT capability may just pose a significant risk to people, as advised via researchers who explored the protection vulnerabilities of good automobiles that have been hacked. Hackers might attempt to hack into digital, or “cloud” automobiles and browse the car id quantity (VIN), start-off, open doorways and deploy the airbag—all over the controller space community (CAN) bus, which permits microcontrollers and gadgets to keep in touch with each and every different and not using a host laptop. Any other trick hackers are in all probability to compromise is the ‘key fob’- it comprises a short-range radio transmitter/radio frequency id (RFID) chip and antenna. It makes use of radio frequencies to ship a definite coded sign to a receiver unit within the tool. This receiver additionally comprises an RFID tag, which is a few type of saved knowledge.

    The emerging ubiquity of Chinese language automobiles, enabled via Web of Issues (IoT) capability, has raised issues relating to records privateness. Chinese language automobiles supplied with IoT capability are more likely to gather person records and transmit quite a lot of records, together with location, using behavior, and private knowledge, the use of it for his or her functions, corresponding to focused promoting and profiling.

    This information can also be accessed via the Chinese language govt below the Nationwide Intelligence Regulation, which raises issues about records privateness and safety. An expanding presence of Chinese language automobiles enabled via IoT capability within the Indian marketplace raises a number of issues associated with records privateness, nationwide safety, financial pageant, and cybersecurity.

    In January 2023, an incident used to be exposed in the United Kingdom, the place a “Chinese language surveillance tool” used to be detected in a central authority car. As reported via iNews, a UK information outlet, safety body of workers came upon a SIM card having the ability to transmit location records all over a seek of presidency and diplomatic automobiles.

    The automobiles have been meticulously tested, and it used to be concluded that the tool used to be almost certainly positioned in a sealed compartment imported from a Chinese language provider and put in within the car with out being opened because of quite a lot of warranties and business agreements between the producer and providers.

    The United Kingdom Intelligence company takes this spying incident as a serious assault on its sovereignty and a limiteless safety breach of its officers’ secrecy. Of their contemporary cupboard evaluate, all govt automobiles would move below deep evaluate to entirely read about for this sort of apparatus or device included into the automobiles and cloud home equipment.

    As well as, the highest providers of luxurious automobiles for the United Kingdom govt corresponding to BMW, Volkswagen, Volvo and Jaguar Land Rover may even go through additional assessments and inspections. They’ve partnered with ‘China Unicom’ to construct 5G connectivity inside of automobiles to keep in touch real-time knowledge via infrastructure, automobiles and cloud-based products and services. In January 2022, the BBC revealed a piece of writing on the United States for an important safety and intelligence breach sanctioned ‘China Unicom’.

    CONCERNS IN INDIA

    As Chinese language IoT-enabled automotive producers develop within the Indian marketplace, there are issues over the protection and privateness of the information accrued via those automobiles and the possibility of Chinese language firms to realize get right of entry to to delicate knowledge.

    Col Ret. (Dr) Inderjeet Singh, Ex-Director of Army intelligence MI-13, Ministry of defence, expressed his issues about the upward push of Chinese language automobiles within the section, which might pose important threats to shoppers. “The Chinese language Nationwide Regulation of 2017 can have important implications for the operations of Chinese language automotive producers in India, records privateness of Indian shoppers, and the competitiveness of the Indian car business within the world marketplace,” Singh stated.

    He added that China’s Other people’s Liberation Military (PLA) has shut ties with Chinese language firms and their keep watch over over corporations has raised issues amongst overseas governments too.

    In keeping with reputable business records, prior to Covid-19, imports of motor automobiles/automobiles from China to India rose to 40 million USD. On the other hand, because of the pandemic, those imports lowered considerably to twenty.6 million USD all over the yr 2021-22. In 2019, the preferred automotive logo MG Motor, owned via Shanghai Car Business Company (SAIC), entered India. MG Motor offered Chinese language IoT-enabled automobiles, in particular the MG Hector, which has won important recognition amongst Indian shoppers. The auto’s internet-enabled options permit shoppers to connect to voice instructions and real-time monitoring. In step with the preferred car platform Group-BHP, as many as 2400 gadgets of MG Hector automobiles have been offered in India in June 2022.

    As well as, there may well be crises over the prospective have an effect on at the home auto business in India, as Chinese language producers can have an unfair benefit because of decrease prices and govt subsidies. General, the expanding presence of Chinese language IoT-enabled automobiles in India has raised a number of vital problems and demanding situations that want to be addressed. As the usage of IoT capability in automobiles will increase, there’s a rising possibility of cyberattacks that can jeopardize the security and safety of each automobiles and their customers, elevating cybersecurity issues.

    The fashion against data-heavy automobiles is expanding abruptly with the expansion of EVs and the improvement of self-driving era. Like every internet-connected tool, automobiles will have to go through scrutiny for his or her device safety. On the other hand, automobiles might require stricter exam since lives are at stake in regards to the fallibility of self-driving era.

    As reported via Stressed out in July 2022, China had banned Teslas from the streets of positive towns for main Communist Celebration occasions, army bases, and different places, possibly because of issues concerning the automobiles’ records being exploited. Beijing has now prohibited car corporations from transmitting that records out of doors of China.

    Professionals counsel that Indian regulators and policymakers will have to take a spread of measures to handle the demanding situations. “Indian regulators can put in force records privateness rules to make sure that person records is accrued with consent and isn’t shared with overseas governments with out prior approval,” Singh informed India These days.

    Expressing the will for enforcement on this section, he added “Indian policymakers can determine cybersecurity requirements for IoT-enabled automobiles to make sure the security and safety of Indian shoppers. This would come with atmosphere requirements for encryption, authentication, and get right of entry to keep watch over mechanisms to forestall cyberattacks and make sure the protection of person records.”

    Revealed On:

    Mar 15, 2023