Tag Archive for: Breaches

Cyber security breaches are up multiple times as Internet penetration grows

/in




With the rise in Internet penetration and use of digital banking in the country, the number of cyber attacks or cyber security incidents in India have gone up multiple times over the last few years.


 


Data accessed by IANS said that cyber security incidents related to government institutions have increased significantly, particularly in 2022.


As many as 54,314, 48,285 and 1,92,439 cyber security incidents related to government agencies, institutions and undertakings were observed during the years 2020, 2021 and 2022, respectively.


According to official data, total number of cyber security incidents tracked by Indian Computer Emergency Response Team (CERT-In) during the year 2019 was 3,94,499, which spiked to 11,58,208 in 2020 and further increased to 14,02,809 in 2021. Similarly, 13,91,457 cyber security incidents were observed in 2022.


The cyber attack, which put the All India Institute of Medical Sciences (AIIMS) in Delhi out of order on November 23 was one such example. Multiple agencies were roped in to resolve the issues.


Similarly, cyber attackers on December 1 briefly hacked the Ministry of Jal Shakti’s Twitter handle. This was the second major cyber attack on a government site after AIIMS Delhi’s server was majorly hacked.


A Parliamentary standing committee in its report observed that with the advancement of technology, cyber crimes have emerged as a major issue across the globe. The cyber crimes transcend geographical boundaries, which make it tough to track the criminals.


The Committee expressed its deep concerns over the rising trend of cyber crimes in the country. It felt that on this issue, both the Central and state governments need to get together on the same boat to tackle the growing menace of cyber crime.


“The committee observed that traditional training of the police personnel is not sufficient to deal with cyber crimes as these criminals are tech-savvy and are following new modus-operandi on a regular basis,” said the report ‘Police -Training, Modernisation and Reforms’ tabled in the Parliament this month.


The committee in the…

Source…

New report describes numerous security breaches at the Supreme Court

/in


Supreme Court building.

Supreme Court building. Stock Photo via Getty Images

Supreme Court justices have often used their personal email accounts in lieu of secure servers to transmit sensitive data about cases, according to a report from CNN published Saturday. The revelation is one of many breaches of security protocol at the court described by CNN.

According to the report, unnamed Supreme Court justices would send sensitive emails about ongoing cases on their personal accounts, despite the fact that the court had set up private servers for this very purpose. The report claims many justices pushed back on using these secure servers “because some justices were slow to adopt to the technology and some court employees were nervous about confronting them to urge them to take precautions.”

“This has been going on for years,” one former employee told CNN.

Beyond issues with emails, CNN described numerous other lapses in security. This includes “burn bags” — pouches meant to hold sensitive documents that will eventually be destroyed — reportedly being left unattended in the hallway. This is in part because there is no uniform rule for handling burn bags, CNN reported, and “the justices each have their own protocols.”

Another issue was the reported fact that employees with remote access could, in theory, use any printer they wanted to print sensitive documents. “Employees who had VPN access could print documents from any computer, making it difficult to track copies,” CNN reported.

These alleged security lapses come following scrutiny of the high court over a leaked draft of the opinion overturning Roe v. Wade last year. The court investigated the leak and published a report on their findings this past January, but CNN noted that none of these security issues were documented in the report.

You may also like

Republicans vote to oust Rep. Ilhan Omar from House committee

Japanese restaurants fight back against viral ‘sushi terrorism’ trend

China has cloned 3 ‘super cows’ that produce more milk than average

Source…

Why Is No One Ever Penalised for Data Breaches in India?

/in


Indian software service companies are some of the most profitable entities in the world. They provide technology solutions that power Fortune 500 companies and governments across the world, but is their code always secure?

The answer is never a simple binary response but more complex in the real world. The online website of Wired has reported a large-scale breach of millions of students and teachers’ private information through the Digital Infrastructure for Knowledge Sharing app (DIKSHA) app of the government of India.

This is not the first time data breaches have been reported at this scale and this won’t be the last either, but will this change even with the Digital Personal Data Protection law in place?

Wired and the researchers who discovered the security flaw with the DIKSHA app, tried to report it to the Ministry of Education and received no response. They were only able to get the issue fixed when they contacted the organisation that built DIKSHA – EkStep, a foundation co-founded by IT billionaire Nandan Nilekani.

Deepika Mogilishetty, the chief of policy and partnerships at EkStep, told Wired that while EkStep does support the development of DIKSHA, the responsibility of data and its security lies with the Union Ministry of Education.

This is not the first time that organisations linked directly to Nandan Nilekani are involved in data breaches, with their direct involvement in Aadhaar and security issues around its design. It is Nilekani’s organisations that have successfully lobbied how the government of India should be building and collecting Indians’ personal data, as designed in his TAG-UP report

Ideally when the security researcher reached out to the DIKSHA team, the Union education ministry should have alerted CERT-IN (the Indian Computer Emergency Response Team) and the flaw should have been fixed. CERT-IN is also ideally required to do a forensics analysis and determine whether the security flaws have been exploited by anyone. But unfortunately it takes more than having a privacy policy to actually follow it and secure information of people, especially when they are children.

CERT-IN, like the Ministry of Education, has been ignoring its…

Source…

Breaches, patches, leaks and tweaks! [Audio + Text] – Naked Security

/in


Latest epidode – listen now.

DOUG.  Breaches, breaches, patches, and typios.

All that, and more, on the Naked Security podcast.

[MUSICAL MODEM]

Welcome to the podcast, everybody.

I am Doug Aamoth; he is Daul Pucklin…

…I’m sorry, Paul!

DUCK.  I think I’ve worked it out, Doug.

“Typios” is an audio typo.

DOUG.  Exactly!

DUCK.  Yes… well done, that man!

DOUG.  So, what do typos have to do with cybersecurity?

We’ll get into that…

But first – we like to start with our This Week in Tech History segment.

This week, 23 January 1996, version 1.0 of the Java Development Kit said, “Hello, world.

Its mantra, “Write once, run anywhere”, and its release right as the web’s popularity was really reaching a fever pitch, made it an excellent platform for web-based apps.

Fast-forward to today, and we’re at version 19, Paul.

DUCK.  We are!

Java, eh?

Or “Oak”.

I believe that was its original name, because the person who invented the language had an oak tree growing outside his office.

Let us take this opportunity, Doug, to clear up, for once and for all, the confusion that lots of people have between Java and JavaScript.

DOUG.  Ooooooh…

DUCK.  A lot of people think that they are related.

They’re not related, Doug.

They’re *exactly the same* – one is just the shortened… NO, I’M COMPLETELY KIDDING YOU!

Java is not JavaScript – tell your friends!

DOUG.  I was, like, “Where is this going?” [LAUGHS]

DUCK.  JavaScript basically got that name because the word Java was cool…

…and programmers run on coffee, whether they’re programming in Java or JavaScript.

DOUG.  Alright, very good.

Thank you for clearing that up.

And on the subject of clearing things up, GoTo, the company behind such products as GoToMyPC, GoToWebinar, LogMeIn, and (cough, cough) others says that they’ve “detected unusual activity within our development environment and third party cloud storage service.”

Paul, what do we know?

GoTo admits: Customer cloud backups stolen together with decryption key

DUCK.  That was back on the last day of November 2022.

And the (cough, cough) that you mentioned earlier, of course, is GoTo’s…

Source…