Tag Archive for: telecom

CERT-In detects over 14L cyber security incidents in 2021, Telecom News, ET Telecom

/in


CERT-In detects over 14L cyber security incidents in 2021New Delhi: The Central government on Friday told Rajya Sabha that the Indian Computer Emergency Response Team (CERT-In) has observed over 14 lakh cyber security incidents during 2021.

Responding to a question asked by the Biju Janata Dal MP Sujeet Kumar, Minister for Information Technology, Rajeev Chandrashekhar said: “The Indian Computer Emergency Response Team (CERT-In) is mandated to track and monitor cyber security incidents in India. CERT-In has reported that a total number of 14,02,809 cyber security incidents were reported during the year 2021.”

Kumar wanted to know the number of cyber-attacks tracked and reported by the CERT-In in 2021.

Chandrashekhar further said that the CERT-In has reported cyber security incidents across various sectors such as E-commerce, energy, finance, government, healthcare, information technology, manufacturing, telecom, transportation, etc.

The CERT-In is the national nodal agency for responding to computer security incidents as and when they occur.

Talking about the steps taken by the Ministry to prevent cyber security incidents and keep cyber space free from such nuisance, the Minister said CERT-In issues alerts and advisories regarding latest cyber threats or vulnerabilities and countermeasures to protect computers and networks on a regular basis.

“The government is committed to ensure that the internet in India is open, safe and trusted, and accountable for all users. CERT-In is mandated to track and monitor cyber security incidents in India,” the Minister further said.

CERT-In issues alerts and advisories about the latest cyber threats/vulnerabilities and countermeasures on a regular basis to protect computers and networks on a regular interval.

CERT-In has empanelled 96 security auditing organisations to support and audit implementation of Information Security Best Practices and it has formulated a Cyber Crisis Management Plan for countering cyber-attacks and cyber terrorism for implementation by all Ministries/ Departments of Central government, state/UT governments and their organisations and critical sectors, the Minister added in the written reply.

Source…

dot: Telecom companies told to keep call data, internet-use records for 2 years

/in


NEW DELHI: Department of Telecom (DoT) has extended the duration of archiving call data and internet usage records of subscribers to two years from one year due to security reasons.
The amendments in the licences were issued on December 21 and extended to other forms of telecom permits on December 22.
“The licensee shall maintain all commercial records/call detail record/exchange detail record/IP detail record with record to the communications exchanged on the network. Such records shall be archived for at least two years for scrutiny by the licensor for security reasons…,” the DoT circular said.
Telecom companies may destroy the data stored thereafter if there is no direction from the DoT thereafter. The circular said the amendment is necessary in “public interest or in the interest of the security of the state or for the proper conduct of the telegraphs”.
The amendment mandates telecom companies to maintain internet data records of subscribers, including login and logout details of all subscribers for services provided such as internet access, e-mail, internet telephony services like calls made from mobile applications or wifi calling for at least two years.
Earlier, the rules of the telecom department mandated the archival of call data and internet usage records for at least 1 year.
The order was issued because of security reasons. Earlier, the rules mandated that call data and internet-usage records be saved for a year.

Source…

What is latest internet threat Log4j? How bad it is and what’s at stake, Telecom News, ET Telecom

/in


Log4Shell, an internet vulnerability that affects millions of computers, involves an obscure but nearly ubiquitous piece of software, Log4j. The software is used to record all manner of activities that go on under the hood in a wide range of computer systems.

Jen Easterly, director of the U.S. Cybersecurity & Infrastructure Security Agency, called Log4Shell the most serious vulnerability she’s seen in her career. There have already been hundreds of thousands, perhaps millions, of attempts to exploit the vulnerability.

So what is this humble piece of internet infrastructure, how can hackers exploit it and what kind of mayhem could ensue?

What does Log4j do?
Log4j records events – errors and routine system operations – and communicates diagnostic messages about them to system administrators and users. It’s open-source software provided by the Apache Software Foundation.

A common example of Log4j at work is when you type in or click on a bad web link and get a 404 error message. The web server running the domain of the web link you tried to get to tells you that there’s no such webpage. It also records that event in a log for the server’s system administrators using Log4j.

Similar diagnostic messages are used throughout software applications. For example, in the online game Minecraft, Log4j is used by the server to log activity like total memory used and user commands typed into the console.

How does Log4Shell work?
Log4Shell works by abusing a feature in Log4j that allows users to specify custom code for formatting a log message. This feature allows Log4j to, for example, log not only the username associated with each attempt to log in to the server but also the person’s real name, if a separate server holds a directory linking user names and real names. To do so, the Log4j server has to communicate with the server holding the real names.

Unfortunately, this kind of code can be used for more than just formatting log messages. Log4j allows third-party servers to submit software code that can perform all kinds of actions on the targeted computer. This opens the door for nefarious activities such as stealing sensitive information, taking control of the targeted system and slipping malicious…

Source…

Pakistan Telecom Authority asked to suspend mobile phone services in Islamabad as security measure for OIC meeting | Indiablooms

/in


Islamabad/IBNS: The Pakistan Telecommunication Authority (PTA) has been directed to suspend cellular services in certain areas of Islamabad city ahead of the   Organisation of Islamic Cooperation (OIC) conference from Dec 17 to 19, according to media reports.

Moreover, the capital administration on the recommendation of the Foreign Office may announce a local holiday on Monday (Dec 20), reports Dawn News.

The interior ministry has asked the PTA to suspend mobile phone service and it is likely that the service will be suspended around routes the delegates will be using and adjacent to areas where they will be staying, the newspaper reported.

The Red Zone will remain sealed as a security measure for the conference.

Officials of the local administration and police told Dawn News that the Red Zone will be sealed for foolproof security of visiting delegates from 62-member states of the OIC.

Well-equipped policemen along with personnel of paramilitary troops and army are being deployed to the entry points of the Red Zone, they added.

Source…