GajShield Security News - 5th December 2018

5th December 2018   Since 2002

Most of us would have seen the movie, Mr. India during our childhood. If not, do watch the movie. It is one of India’s first well directed science fiction movie. In short, the story is about Mogambo who wants to conquer India. He is looking for a secret formula using which an invidiual can become invisible. Fortunately for us Indians, the secret formula lands with Aruna Verma (Anil Kapoor), the hero of this movie and he saves us from Mogambo. What would have happened, if Mogambo would have got access to the secret formula of invisibility? He would have destroyed us as how would our arm forces or police machinary fought an invisible enemy. An iconic movie and very relevant for the security industry.

Unlike Mr. India, in cyber security, Mogambo has always had the secret formula of invisibility. Not only he, but his attacks too are invisible to us. They breach our network and data, easily without us even being aware of it. Existing firewalls are fighting an invisible enemy without having the tools to idenitfy these threats and defend against them. Like Mr. India, we need a red glass through which we can see these threats. A tool, which will help in providing visibility and bring context to the data that is flowing through our network, enhancing our capibility to identify external and internal threats.

Click here for more details.....

 

Security going too far

SECURITY THIS WEEK

Quora Announces Data Breach Affecting 100 Mn Users Globally: 20.7% visitors are from India 

US-based question and answer platform Quora announced that personal data of almost 100 Mn Quora users was breached with a “malicious” third party gaining unauthorised access to one of the company’s systems. 

Read more at: https://inc42.com/buzz/quora-announces-data-breach-affecting-100-mn-users-globally/

Bug in new app, HDFC bank returns to old 

HDFC Bank on Monday said it is restoring its old mobile banking on IOS and Google Play after its new app crashed and was not available for more than a week. HDFC Bank clarified there has been no data breach, loss of customer data or security issues with the mobile application. 

Read more at: https://timesofindia.indiatimes.com/business/india-business/bug-in-new-app-hdfc-bank-returns-to-old/articleshow/66929769.cms

SEBI releases cyber security framework for brokers, depositories

The Securities and Exchange Board of India (SEBI) on Monday came out with a cyber security framework for stock brokers and depositories. The guidelines would come into force on April 1, 2019, SEBI said in a circular. "As part of the operational risk management framework to manage risk to systems, networks and databases from cyber attacks and threats, stock brokers/depository participants should formulate a comprehensive cyber security and cyber resilience policy document encompassing the framework," the circular said.

Read more at: https://www.moneylife.in/article/sebi-releases-cyber-security-framework-for-brokers-depositories/55852.html

 
 
Toll Free: 1800 2200 32 | 022 6660 7450 | This email address is being protected from spambots. You need JavaScript enabled to view it. | www.gajshield.com

GajShield Security News - 26th November 2018

26th November 2018   Since 2002

Security is a serious business. Organisations keep security as their last priority and do not make it a part of their business process, ending up giving it the least priority. It is always implemented as an after thought. Data protection has assumed tremendous importance. According to security firm, Gemalto, about 3.24 million records across industries were stolen, in India in the year 2017. Failure to protect data can prove fatal to enterprises.

Security is often compared with Health industry, where actions are taken only post a fatal event. Doctors are consulted when it becomes utmost important, till than no decisions are made. Same goes with security. As ignoring health can prove fatal to your life, ignoring security can prove fatal to your business. Government of India has proposed a persoanl data protection bill. If passed, it can bring serious cost implication for data breaches. 

Click here for more details.....

 

SECURITY THIS WEEK

Amazon breach may have hit Indian users 

The data breach that hit Amazon globally is likely to have impacted customers in India as well, as per industry experts, given that it had a global impact, with users in Europe and the US reporting having received alert mails from the company. 

Read more at: https://economictimes.indiatimes.com/small-biz/startups/newsbuzz/amazon-breach-may-have-hit-indian-users/articleshow/66759564.cms

Higher penalty on cards for not reporting data breaches 

The government wants to impose higher penalties on companies that fail to immediately report incidents of data breach of Indian users to the authorities, a senior government official has said adding that the current ones are too low. 

Read more at: https://economictimes.indiatimes.com/tech/internet/higher-penalty-on-cards-for-not-reporting-data-breaches/articleshow/66728419.cms

Beware! This Flaw in Google Maps Could Cost You Money!

It has been found that a flaw in Google Maps has allowed scammers in Maharashtra to edit the contact details and addresses of major banks, by which they have been able to scam bank customers into revealing their bank details like CVV and ATM PINs. According to Google’s User Generated Content policy, any user can edit the numbers and details on the platform.

Read more at: https://www.thequint.com/tech-and-auto/tech-news/google-maps-loophole-allows-bank-of-india-fraud

 
 
Toll Free: 1800 2200 32 | 022 6660 7450 | This email address is being protected from spambots. You need JavaScript enabled to view it. | www.gajshield.com

Security is a Serious business !!!

Security is a Serious Business - GajShield

 

Security is a serious business. Organisations keep security as their last priority and do not make it a part of their business process, ending up giving it the least priority. It is always implemented as an after thought. Data protection has assumed tremendous importance. According to security firm, Gemalto, about 3.24 million records across industries were stolen, in India in the year 2017. Failure to protect data can prove fatal to enterprises.

Security is often compared with Health industry, where actions are taken only post a fatal event. Doctors are consulted when it becomes utmost important, till than no decisions are made. Same goes with security. As ignoring health can prove fatal to your life, ignoring security can prove fatal to your business. Government of India has proposed a persoanl data protection bill. If passed, it can bring serious cost implication for data breaches. 

Among other things, the bill ensures that organisations implement proper security safeguards and review them constantly, including preventing misuse and unauthorized access to personal data. Notification to the authority would be required incase of any breach to personal data. Among other things, authorities can direct that a notification is made to the person who is impacted by this breach. Data audits would have to be regularly done along with an appointment of Data Security Officer. It remains to be seen on what would be the final bill which gets approved by parliament as it would bring far reaching ramifications for enterprises who work with personal data in India.

Any leak of data, not only leads to a loss of trust and confidence among its stake holders, but the bill also has severe penalties going into crores of rupees. It is high time that security officers and CIOs, take a holistic view of security, where their data is stored, various threat vectors and implement a multi-layered security. On the face of it, this sounds overwhelming, but if properly designed, it is easy to implement too.

Security is not about implementing an anti virus or a firewall solution, it is also about ensuring that these solutions adhere to your requirement of securing data. It is a continuous process, where managers will need to look at the threat landscape and rework their strategies. As in real life, it is not enough to earn money, but is also important to manage it. 

 

British airways: How was it hacked?

British airways has warned customers that about 3 lakh 80 thousand card payments on its website and app were compromised. According to BA, the breach relates to bookings made between 10:58 pm on 21st August 2018 and 9:45pm on 5th September.

If you have booked a ticket during the above period of breach, British Airways said it is in the process of contacting all effected customers and advising them to contact their bank or card provider and follow their advice. Accordingly to British Airways the incident has been resolved and all systems are working normally.

Though British Airways has not revealed any technical details about this breach, but security experts do have some suggestions on possible methods used.

Personal information including name, email addresses, credit card details, which include credit card number, expiry date and the three digits CVV code where stolen by the hacker. But how could this be possible?

Since the CVV code was stolen, it can be deduced that the breach could have happened at the point of entry, since CVV codes are not meant to be stored by companies and are only used during verification of a transaction. One of a possible way in which this could have been done is by using a script on the website which managed to intercept all the above data.

Websites have been increasingly embedding code from third party suppliers to run payment authorization, for authentication, chat, placing ad etc, it could be possible that one of these scripts, which had access to the above data could be vulnerable or compromised. It could also be possible that an insider, who had access to the system, may have tampered with the website and placed the malicious code.

The real reason of compromise will only be known once British Airways reveals the details. Such details could help other enterprises to re-audit their security and improve it.

GajShield Security team will keep you updated with the latest details on the British Airways breach and also guide on how enterprises can improve their security to prevent such breaches.

Read More

Cyber security risks to watch out for before streaming FIFA 2018 matches!

Fifabanner

With the start of FIFA World Cup on June 14, many fans around the world are already looking for streaming websites to watch the action in live! Seldom do they understand the risks that come with it. Today we, at GajShield decode different security risks that many fans will be exposed to, when looking for streaming sites where they can watch the matches taking place at Russia 2018.

Several websites that fans may click on to, for streaming are illegal with pirated content and many others are used by cybercriminals to compromise on user’s devices and personal information. These scams go beyond invasive advertisements which by the way, these webpages are populated with! These campaigns are spread by email to compromise user’s devices. Various malicious campaigns are designed to take advantage of the anxiety of many soccer fans around the world who are looking for various ways to view matches and when caught up in World Cup fever, they become more exposed to risks as their desire to watch the matches easily overtakes their common sense.

Annoying advertisements : Annoying Advertisements appear in plenty on such websites. Clicking on such ads can prompt a direct download of unwanted, malicious software into the browser which may spy on your activities, or could even take you through to pages that still look like livestreaming services but instead, download malware onto your computer.

Botnets: Botnets, though may go undetected, but are found at large on such streaming websites. Botnets are a collection of software robots, or bots, that can create an army of infected computers which are also known as zombies and are remotely controlled by the originator. Botnets can send spam emails with viruses attached, they spread all types of malware and use your computer as part of a denial of service attack against other systems without even you knowing about it!

Wi-Fi Eavesdropping

WiFi eavesdropping is another dangerous method used by many cyber criminals to capture personal information. WiFi eavesdropping involves virtual “listening in” of your personal information that is shared over an unsecure WiFi network that is not encrypted. This method can potentially access your computer with the right equipment and easily steal your personal information including logins and passwords.

Worms

Worms are a very common threat to the Internet and computers worldwide. A worm, unlike a virus, goes to work on its own without attaching itself to files or programs. It lives in your computer memory, it does not damage or change the hard drive and it can easily propagate by sending itself to other computers in a network, within the company or the Internet itself.

These Worms can cause a tremendous amount of damage by shutting down parts of the Internet, thereby wreaking havoc on an internal network and costing companies enormous amounts of lost revenue.

Miners on Streaming sites

You can also find various websites whose main purpose isn’t streaming matches but mining crypto currency This is a growing phenomenon where sports and movie streaming sites have been used with increasing frequency.

While these are just few of the many threats to your personal information, and devices when watching a simple soccer match, we strongly advise you to stay protected with a security solution to avoid the threats to take better advantage of you.

Stay secured with GajShield.