Convergence Plus
IT/Security
Saturday, September 19, 2020
Twitter Says Up To 8 Accounts May Have Had Private Messages Stolen

Pre-Bookings open for Samsung Galaxy S20, S20+, and S20 UltraTwitter has revealed that hackers may indeed have downloaded the private direct messages of up to eight individuals while conducting their Bitcoin scam, and were able to see "personal information" including phone numbers and email addresses from each account, in one of the biggest security lapses in the company's history this week.

The social media giant, on late Friday night (local time), said in a blog post that hackers had downloaded the data using a tool that includes an archive of private messages. As per CNN reports, the company said these eight accounts were not verified accounts.

The staggering hack compromised accounts belonging to VIPs ranging from former President Barack Obama and presumptive Democratic presidential nominee Joe Biden to billionaire businessmen Elon Musk and Jeff Bezos.

Twitter said 130 accounts had been targetted by the attackers. Of those, 45 accounts were successfully breached.

The company also said that several of its employees had been targeted by hackers to gain access to internal systems.

"The attackers successfully manipulated a small number of employees and used their credentials to access Twitter's internal systems, including getting through our two-factor protections. As of now, we know that they accessed tools only available to our internal support teams," the company said.

Members of US Congress, cybersecurity experts and Twitter itself have been searching for answers about how the hack happened.

Images circulating online purporting to show a screenshot of an internal Twitter control system connected to the hack are being looked at by federal investigators, law enforcement sources informed CNN.

The tool appeared to include the ability to change the email address associated with a Twitter account, which could potentially allow a Twitter account to be taken over.

Twitter has removed tweets with the images from its platform, according to people who have posted them. A Twitter spokesperson told CNN Friday it was removing images that included personal or private information.

The company has been in touch with the Federal Bureau of Investigation (FBI), the spokesperson added. (Source: Economic Times)

50 per cent of India companies concerned about hybrid cloud security: Barracuda Report

Telcos Estimate AGR Dues at Half the DoT DemandBarracuda Networks, a leading provider of cloud-enabled security solutions, highlighted key findings from its commissioned report titled Secure SD-WAN: The LaunchPad into the Cloud. The research surveyed global IT decision-makers to know about their opinions on Software-Defined Wide-Area Network (SD-WAN) adoption, along with data about acquisition preferences, variations by industry, and a variety of related issues.

It revealed that a fully-integrated, secure SD-WAN is the preferred technology solution for 90 per cent of Indian respondents who have either already deployed a software-defined wide area network (SD-WAN) to secure their public cloud or expect to do so within a year.

The survey, conducted by independent market researcher Vanson Bourne, includes responses from 750 executives, individual contributors, and team managers with responsibility for or knowledge of their organization’s cloud infrastructure. They came from organizations of all sizes and across a broad range of sectors, in EMEA, APAC, and the US, company mentioned in the report.

The report specifies that nearly 62 per cent of India’s organizations have experienced an increase in their network flexibility, 51 per cent achieved improved overall connectivity and 57 per cent increased their network security after deploying SD-WAN.

It also indicates that in using hybrid cloud, nearly 50 per cent of India organizations are concerned about its security, 41 per cent are concerned about securing the data in transit and 38% feel that it would be difficult in integrating cloud with legacy technology.

Speaking on the research results, Mr. Murali Urs, Country Manager, India of Barracuda Networks said about the survey: “As more organizations are shifting to the public cloud, they are looking at achieving a smoother and securely-integrated network for cloud deployments. They fear to be subject to any cyberattacks and losing on sensitive and mission-critical data. SD-WAN technology is a critical part of securing these cloud deployments. By deploying an all-in-one, secure SD-WAN solution natively built into the public cloud network, organizations can reap the full benefits of public cloud.” Organizations around the world, including India are consistent in their desire to acquire an SD-WAN solution from a cloud provider with 58 per cent giving it a nod. In comparison, 18 per cent prefer to get SD-WAN from an independent vendor, while 10 per cent would opt for a telecommunications partner, and 14 per cent would choose a value-added reseller.

Organizations prefer Microsoft Azure the most for their public-cloud platform than Amazon AWS Web Services (AWS) and Google GCP Cloud Platform (GCP). Azure also gets the top scores when it comes to security and being user friendly as security is the biggest blocker for moving to the public cloud. Overall, the study indicates that while adoption rates for public cloud continue to grow, improved flexibility and security of the network remain key roadblocks considering the volume and variety of threats organizations face today.

SD-WAN solutions are being used to address connectivity and security concerns of their public cloud. IT professionals realize that a cloud provider’s native security solutions may not provide sufficient capabilities and they are looking for third-party providers to help overcome adoption barriers. (Source: The Hindu Businessline)

Twitter cites security processes for temporarily restricting Amul account

Sony India Feels the Heat from Chinese Cos, Cuts Over 120 Jobs A day after it briefly restricted Amul’s account sparking public outrage, Twitter on Saturday said the account was restricted after being caught in the microblogging platform’s security processes.

Gujarat Co-operative Milk Marketing Federation (GCMMF) - which makes Amul brand of food products - found its Twitter account blocked on June 4 evening. The account was restored on June 5.

On accessing the account, a message saying “This account is temporarily restricted. You’re seeing this warning because there has been some unusual activity from this account. Do you still want to view it?” was displayed.

“Safety and security of the accounts is a key priority for us and to ensure an account has not been compromised sometimes we require the account owner to complete a simple reCAPTCHA process. These challenges are simple for authentic account owners to solve, but difficult (or costly) for spammy or malicious account owners to complete,” a Twitter spokesperson said in an emailed statement.

Once the account clears this security step, the account regains full access, the statement added. “To protect the accounts, we routinely require them to clear this security key for login verification,” the spokesperson said.

Amul Managing Director R S Sodhi said the company’s Twitter account was blocked on the night of June 4, and restored on June 5 morning when the issue was taken up with Twitter.

“Our Twitter account was blocked on the night of June 4 and restored on June 5 morning when we again took up process of reactivation with Twitter. We have asked Twitter why it blocked our account. We are waiting for the reply,” he said.

Twitter was abuzz with several users expressing shock, while many questioned its move to restrict the account. Twitteratis linked the restriction of Amul’s account with the brand’s campaign, supporting boycott of Chinese products. The brand figured among trending topics in India even on Saturday with over 11,500 tweets.

In the campaign, Amul’s iconic girl in white and red polka dots dress is seen fighting a dragon that is carrying a ‘Made in China’ placard. The picture mentions TikTok (a Chinese short video platform). The creative carries a tagline ‘Amul Made In India’ referring to Prime Minister Narendra Modi’s call for self-reliant India.

“As far as the cartoon is concerned, it is not Amul’s comment. Amul butter girl comments on mood of the nation and the topics which are in discussions among the common people,” Sodhi said. (Source: The Hindu Businessline)

Reliance Jio’s Covid-19 tracker tool user data exposed online due to a security lapse: Report

Airtel, Vodafone Idea, Tata Tele likely to pay AGR dues on Monday: DoT source A security lapse in Reliance Jio’s Covid-19 self checker tool has led to one of the tool’s core database being exposed to the internet without a password, TechCrunch reported on Sunday.

The security issue was first detected by cybersecurity researcher Anurag Sen who found the database on May 1, right after it was first exposed, the report said. After TechCrunch notified the company, Jio immediately pulled the system offline. There is no specification as to how many people have accessed the database before the system was taken offline.

“The logging server was for monitoring performance of our website, intended for the limited purpose of people doing a self-check to see if they have any COVID-19 symptoms,” said Jio spokesperson Tushar Pania as quoted by TechCrunch.

What the tool does
Reliance Jio had rolled out the online tool back in March. The self-checker is meant to help people self-assess their symptoms in order to map their risk of contracting Covid-19.

The self-test is a list of questions at the end of which the AI-driven tool figures out the test taker’s risk level, from high to low.

The questionnaire begins with basic questions, including who the test is for and the age and gender of the person. It then asks the respondent about their health conditions, their travel history apart from if the user or their family have come in contact with a Covid-positive person.

Issue
The database that was accessed by Sen contained millions of logs and records starting April 17 till the time that it was pulled offline.

As mentioned by Pania the server was meant to monitor the website performance and contained a running log of website errors and other system messages. However, it also contained a database of a huge number of user data who had taken the self-test. The data also led back to who the test was taken for, information about the user’s browser version and their operating system.

It also had the individual records of users who had signed up on the website to create a profile which allowed them to update their symptoms over time. The database contained the user’s answers to each question.

According to the report, certain records also contained a user’s precise geolocation if the user allowed the symptom checker access to their browser or phone’s location data. TechCrunch was able to identify user’s homes using the location data found.

Majority of the location data is clustered around cities such as Mumbai and Pune. However, data of users in locations such as the United Kingdom and North America were also found.

The company has not yet specified if it will inform users of the symptom tracker about the security lapse. (Source: The Hindu Businessline)

Ransomware attack causes service disruption for Cognizant Tech

Pre-Bookings open for Samsung Galaxy S20, S20+, and S20 UltraThe attack caused service disruption to some clients of Cognizant Technology Solutions. A ransomware attack has caused service disruption to some of the clients of Cognizant Technology Solutions.

The attack comes in the midst of thousands of its employees in India and the Philippines working from homes during the lockdown caused by Covid-19.

In a press release, Cognizant confirmed the security breach in their internal systems. It was attributed it to a Maze ransomware and has caused service disruptions to some of its clients.

“Our internal security teams, supplemented by leading cyber defense firms, are actively taking steps to contain this incident. Cognizant is also engaged with the appropriate law enforcement authorities,” the release added.

“We are in ongoing communication with our clients and have provided them with indicators of compromise and other technical information of a defensive nature,” it said. (Source: The Hindu Businessline)

Home Ministry suggests cyber security tips for people working from home

Pre-Bookings open for Samsung Galaxy S20, S20+, and S20 UltraKeep the remote access disable until and unless required, suggests Home Ministry. The Ministry of Home Affairs, along with Indian Cyber Crime Coordination Centre have come out with some cyber security tips, as most of the people are working from home.

For instance, it has urged people to use computers/ laptops provided by the company, instead of personal system, wherever possible. The Ministry also suggest that they do not use same devices for work and leisure activities.

"Keep the remote access disable until and unless required. If required, it should be used with proper security. Use secure network for accessing office systems," it said.

Also, change all the default passwords and keep strong password for all devices and online accounts. It also urged not to share meeting links publicly or via social media platforms. "Use trusted apps/ as approved by your employer for video conferencing/ collaborative work. Keep all operating system, antivirus, applications updated," it said.

Lastly, it urged to avoid open/free Wi-Fi network and change default password of home Wi-Fi and admin passwords, and strictly adhere to the guidelines issued by the employer.

"Be careful of phishing e-mails which may be disguised as similar to your superior mail ID. Check the link properly before opening it," the Ministry added.(Source: The Hindu Businessline)

Social commerce to hit $70-billion mark this decade, says study

Pre-Bookings open for Samsung Galaxy S20, S20+, and S20 UltraIndustry growing at almost twice the rate of the overall online retail market: Wizikey. Social media is expected to hit the $70-billion mark over the next 10 years.

Social commerce start-ups and new-age social media platforms such as Sharechat and TikTok, as well as social media giants such as Twitter, Snapchat, Facebook and Instagram, have seen a huge increase in their user base with the signing up of first-time internet users.

New concept

While e-commerce, too, has benefited from increasing internet penetration, social commerce has emerged as a relatively new concept, currently accounting for 15-20 per cent of the online retail market, according to a study by Wizikey.

Anshul Sushil, founder and CEO of Wizikey, a communication platform, said Indian consumers are used to various shopping experiences, “one of which is social and highly interactive shopping”. “Our study shows social commerce has emerged as a new category with different players coming into play with interesting trends. This industry has the potential to disrupt and is on track to be the next revolution in the online retail industry,” he added.

Even consumers living in tier-2 and -3 cities tend to shop through Facebook and WhatsApp, the report noted, with the majority of the population buying through networking sites.

China is one geography that has welcomed social commerce with open arms, the official added Sushil. “The way WeChat is being used to interact, explore, buy and sell is phenomenal. The industry is growing at almost twice the rate of the overall online retail industry,” he said.

Leveraging social behaviour

Akarsh Srivastava, Vice-President at SAIF Partners, said platforms such as Amazon and Flipkart have demonstrated that a large e-commerce business can be built in India. “However, these platforms and others, like BigBasket and Grofers, were built keeping in mind the earliest internet adopters. Most of these apps were started and scaled before the Jio phenomenon. Current online models rely on digital acquisition through Facebook and Google, and end up competing with other commerce services trying to target the same user with sops like discounts,” he added.

Social commerce aims to leverage the social behaviour of these users to facilitate transactions, he further said.

“The opportunity size can be gauged by the fact that WhatsApp has 400 million monthly active users, while the number of annual online shoppers is only about 100 million. Amazon and Flipkart have close to 80 million users though all of them are not necessarily transacting. A platform which bridges this divide can create a much larger business than any of the incumbents,” said Srivastava. (Source: The Hindu Businessline)

IT Ministry, Google tie up for 'Build for Digital India'

Ongoing efforts by Kerala Startup Mission (KSUM) to encourage production of socially beneficial products have got a fresh fillip and recognition, as the Union Government has joined hands with Google to mobilise engineering students for innovative solutions.

The Union Ministry of Electronics and Information Technology and Google India have tied up under a six-month programme that features learning and mentorship activities.

The programme, christened ‘Build for Digital India’, will see Google providing mentorship by its officials as well as other experts, said Siddhant Agarwal, Programme Coordinator, Google Developer Relations at the KSUM-organised IEDC (Innovation and Entrepreneurship Development Centre) Summit held at Kodakara near Thrissur.

The deadline for ‘Build for Digital India’ is October 31, he told the 4,000 delegates and 100 startups at the conclave in Sahrdaya College of Engineering and Technology. The details are available at http://bit.ly/buildfordigitalindia.

Agarwal noted that India has a good number of nascent firms that provide solutions for problems related to society at a large. He particularly lauded startups such Genrobotics that make the popular Spandan robotic scavenger (which can detect cardiac problems in advance) and the breast cancer-screening device called NIRAMAI besides AIR-INK that makes ink from gaseous effluents generated by air pollution due to incomplete combustion of fossil fuels.

Earlier in his inaugural address, KSUM Chief Executive Saji Gopinath said that entrepreneurship is in itself primarily driven by people’s knowledge and passion for innovation. The major secret behind the success of entrepreneurship such as Facebook and Amazon is that they addressed hidden problem that had been there for years. (Source: The Hindu Businesline)

IT Ministry, Google tie up for 'Build for Digital India'

Ongoing efforts by Kerala Startup Mission (KSUM) to encourage production of socially beneficial products have got a fresh fillip and recognition, as the Union Government has joined hands with Google to mobilise engineering students for innovative solutions.

The Union Ministry of Electronics and Information Technology and Google India have tied up under a six-month programme that features learning and mentorship activities.

The programme, christened ‘Build for Digital India’, will see Google providing mentorship by its officials as well as other experts, said Siddhant Agarwal, Programme Coordinator, Google Developer Relations at the KSUM-organised IEDC (Innovation and Entrepreneurship Development Centre) Summit held at Kodakara near Thrissur.

The deadline for ‘Build for Digital India’ is October 31, he told the 4,000 delegates and 100 startups at the conclave in Sahrdaya College of Engineering and Technology. The details are available at http://bit.ly/buildfordigitalindia.

Agarwal noted that India has a good number of nascent firms that provide solutions for problems related to society at a large. He particularly lauded startups such Genrobotics that make the popular Spandan robotic scavenger (which can detect cardiac problems in advance) and the breast cancer-screening device called NIRAMAI besides AIR-INK that makes ink from gaseous effluents generated by air pollution due to incomplete combustion of fossil fuels.

Earlier in his inaugural address, KSUM Chief Executive Saji Gopinath said that entrepreneurship is in itself primarily driven by people’s knowledge and passion for innovation. The major secret behind the success of entrepreneurship such as Facebook and Amazon is that they addressed hidden problem that had been there for years. (Source: The Hindu Businesline)

Kaspersky to set up data centre, transparency facility in India next year

To conform to the provisions of likely cyber security policy. Moscow-headquartered cyber security solutions company Kaspersky will set up a data centre and a Transparency Centre in India to conform to the likely cyber security policy that will mandate firms to store and process data locally.

“We will study the policy and will plan the data centre accordingly. The proposed centre will be on the lines of the one it set up in Zurich (Switzerland),” Stephan Neumeier, Managing Director of Kaspersky (Asia Pacific), has said.

Talking to reporters on the sidelines of a conference focussed on the security for the healthcare sector here, Stephan said India, actually, was considered as a top-2 prospective location for APAC’s first Transparency Centre. “We recently set it up in Kaula Lumpur (Malayasia). But the new upcoming Indian policy on cyber security would require us to invest on a facility to store and process the data that we generate locally,” he said.

The APAC centre is the third for Kaspersky after Zurich and Madrid. The proposed centre will help Kaspersky’s clients to see the source code and have a look at its products, software updates and threat detection rules. It will also throws light on its data processing practices.

Enterprise market
The firm, which is a top-2 cyber security provider in the consumer market in India, has increased its focus on the enterprise segment. “We are among the top-4 players in the business-to-business segment. In the small and medium sector space, we are number 3,” he said.

“The share of consumer business, which used to be about 70 per cent three years ago, is about 50 per cent now in South Asia after our focus on enterprise increased. In India, we have emerged as a strong alternative to the Western players in the space,” he said.

With regard to solutions to the healthcare industry, he said the firm is in talks with top hospitals in South India to provide cyber security protection. “We are working with vendors of Internet of Things players, mobile and router makers to embed its protection solutions,” he said. (Source: The HindubusinesLine)

LocalCircles Highlights Data Misuse Worries

Platform says govt can have right over data only in event of law and order situation, enforcement matter. LocalCircles, a community social media platform that claims to host over 30,000 startups and entrepreneurs, has written to the Ministry of Electronics and IT (MeitY) about some “confusion” over which ministry is working on the anonymised data policy.

It was earlier in correspondence with the commerce ministry regarding the data policy.

In a letter sent last week, LocalCircles said the government can have a right over the aggregate data of businesses only in the event of a law and order situation, an investigation or an enforcement matter. For routine matters, the government should not have access to either the aggregate data or the algorithms used by a business as “such an access can be easily misused or compromised,” it said in the letter, which ET has reviewed.

MeitY sought select stakeholder comments last month on the contours of a proposed policy governing public, community or anonymised data. “Businesses spend significant amounts of resources to collect data, build products and services and a market, and for many businesses aggregate data is the core of it and they must protect it to protect their value proposition and the business itself,” it said in the letter.

LocalCircles has conducted surveys on the issues in which 6,000 startups had participated and the contents of the letter reflect their majority opinion, its chief Sachin Taparia wrote.

In the latest request for feedback sent in August, MeitY had asked if there was a case to mandate free access to community, anonymised or ecommerce data, among others. It asked whether the Data Protection Authority should be the regulator in respect of all non-personal data. It also sought feedback on storing personal data in India and gave stakeholders a week to respond.

ET has learnt that some stakeholders have responded by asking the government not to club non-personal data with the personal data protection bill and to hold wide-scale public consultation before coming up with a policy on such a complicated subject. They have asked the government not to force businesses to share such data and instead create incentives for companies to share it voluntarily. “India’s business or anonymised data policy must be such that it enables Indian startups to benefit from aggregate data of government, communities and large corporations,” the letter by LocalCircles added. (Source: Economic Times)

asiavideosummit
aviasif
convergence plus