Latest news with #CERT-In
Indian Express
a day ago
- Business
- Indian Express
Microsoft SharePoint hack: CERT-In flags ongoing threat, follow these steps to secure your systems
CERT-In, India's nodal cybersecurity agency, has flagged multiple vulnerabilities in Microsoft SharePoint Server that have been actively exploited by hackers to access sensitive user data or compromise systems through spoofing attacks. SharePoint Server 2019 and SharePoint Enterprise Server 2016 as well as the subscription edition of the platform deployed by organisations on-premises have been affected in the hack, according to a CERT-In advisory issued on Tuesday, July 22, with a 'Critical' severity rating. SharePoint is a web-based collaboration and document management platform developed by Microsoft. It allows organisations to create, manage, and share content and applications in a centralised environment. All end-user organisations and individuals using affected Microsoft SharePoint Server installations are at risk of unauthorized access to sensitive data, remote code execution, and potential disruption of services, the cybersecurity watchdog said. 'A remote attacker could exploit these vulnerabilities by sending specially crafted requests to the targeted system. Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary code, access sensitive data, or perform spoofing attacks on the targeted system,' CERT-In said, adding that the vulnerabilities are being actively exploited in the wild. CERT-In has published Vulnerability note on its website (22-07-2025) Multiple vulnerabilities in Microsoft SharePoint Serverhttps:// — CERT-In (@IndianCERT) July 22, 2025 The warning comes a day after researchers on Monday, July 21, uncovered a sweeping cyber espionage operation targeting Microsoft server software that has resulted in at least 100 organisations being compromised, according to a report by Reuters. Most of the affected organisations are located in the United States and Germany, as per the Shadowserver Foundation, a California-based non-profit cybersecurity organisation. Microsoft on July 19, issued an alert about 'active attacks' on self-hosted SharePoint servers. However, SharePoint instances run off of Microsoft servers were unaffected. 'Attackers were able to exploit the flaw, now identified as CVE-2025-53770, to steal MachineKey configuration details from vulnerable SharePoint Servers, which include both a validationKey and a decryptionKey. These details can be used by attackers to create specially crafted requests that could be used to gain unauthenticated remote code execution,' Satnam Narang, Senior Staff Research Engineer at Tenable, said in a statement to It is not clear who is behind the ongoing 'zero-day' attack, which is a hack that is carried out by exploiting a vulnerability that was previously undisclosed. However, Google researchers have tied at least some of the hacks to a 'China-nexus threat actor.' In response, Microsoft has rolled out security updates and CERT-In, in its advisory, encouraged customers to install them in order to address the vulnerabilities. According to Narang, organisations can find out if their systems have been compromised in the hack by searching for indicators such as 'a file created on the vulnerable servers called In addition to applying the security updates, CERT-In suggested the following mitigation measures for affected organisations: – Rotate the MachineKey values (ValidationKey and DecryptionKey) after applying the updates to invalidate any compromised credentials. – Enable AMSI (Antimalware Scan Interface) integration in SharePoint to enhance detection of malicious activity. – Deploy Microsoft Defender Antivirus or a compatible endpoint protection solution with updated signatures. – Scan SharePoint directories (e.g., LAYOUTS folder) for unauthorized ASPX files such as – Monitor systems for suspicious process activity such as spawning or – Restrict external access to on-premises SharePoint servers where feasible until patched.
&w=3840&q=100)
Business Standard
2 days ago
- Business
- Business Standard
CoinDCX offers up to 25% recovery bounty after $44.2 mn crypto theft
CoinDCX offers up to 25% bounty after $44.2 mn theft. Firm seeks white-hat help in crypto recovery, amid rising cyberattacks on Indian exchanges New Delhi Cryptocurrency exchange platform CoinDCX has unveiled a recovery bounty initiative after a security breach that led to the theft of $44.2 million (around ₹378 crore) from its treasury. The platform will offer up to 25 per cent of recovered funds as a reward to those who assist in retrieving the stolen assets and identifying the culprits. The CoinDCX Recovery Bounty Programme, announced on Monday, invites ethical hackers, white-hat researchers, and ecosystem partners to collaborate in the investigation. The company said the aim is not only to recover funds but also to 'rally the Web3 community in the fight against cybercrime'. According to the statement, the potential bounty pool could amount to as much as $11 million, provided full recovery is achieved. Internal account breach, not customer wallets The breach, which was announced on Saturday (July 19), involved unauthorised access to one of CoinDCX's operational accounts used for liquidity provisioning on a partner exchange. Co-founder and CEO Sumit Gupta clarified that the compromised account was isolated and that customer funds were never at risk. 'The affected operational account is segregated from customer wallets. The entire loss will be absorbed by us using our treasury reserves,' said Gupta in a post on X. Announcing the @CoinDCX Recovery Bounty Program: Up to 25% of any recovered funds will be awarded to individuals or teams who can help trace and retrieve the stolen crypto. Just to give more context: -> We want to be upfront. The exposure was from our own reserves, and we have… — Sumit Gupta (CoinDCX) (@smtgpt) July 21, 2025 Co-founder Neeraj Khandelwal echoed the reassurance, saying, 'Our first and foremost objective throughout the day has been to secure assets. Coindcx Treasury will be bearing these losses.' Funds routed via Solana and Ethereum Preliminary investigations revealed that the stolen assets were moved through Solana-Ethereum bridges and later consolidated into 4,443 ETH (roughly $15.7 million) and 155,830 SOL (valued at $27.6 million). These funds are currently dormant, and CoinDCX is working with partners to freeze and recover them. As part of its response, the firm is collaborating with global cybersecurity experts, CERT-In (India's Computer Emergency Response Team), and partner exchanges. A detailed forensic report will be made public upon completion of the investigation. Following the attack, users reported issues accessing their portfolios, which CoinDCX attributed to server load caused by increased traffic. The firm has since scaled its server capacity, and access has been restored. 'We have significantly enhanced server capacity to serve users better,' Khandelwal said in a follow-up post. Part of a larger pattern? The CoinDCX incident follows a similar attack on WazirX, another Indian exchange, which suffered a $230–235 million breach in July 2024. In that case, WazirX proposed a socialised loss solution that returned only partial funds to users, drawing criticism from the crypto community. Founded in 2018, CoinDCX claims to have over 16 million users and recorded $492 million in spot trading volume in May 2025, with Bitcoin and Ethereum leading trades. CoinDCX has said that the breach is a moment of reckoning, not retreat. 'Every security incident is a learning experience. We will come out stronger and work with the community to secure the industry,' said Gupta.
&w=3840&q=100)
Business Standard
16-07-2025
- Business Standard
CERT-In issues warning for Microsoft Windows, Office products: Know why
Indian Computer Emergency Response Team (CERT-In) has issued a high-severity warning for users of Microsoft Windows and Office products. CERT-In, in an advisory, warned users regarding a range of security flaws in Microsoft products, which leave them vulnerable to cyberattacks. Since Microsoft Windows and Office products are used widely across the nation, the Central government agency has stated that this vulnerability exposes both individual users as well as enterprises to risk. What did CERT-In say? According to the advisory shared by CERT-In, security flaws have been identified in a range of Microsoft products that could allow attackers to gain elevated privileges, access sensitive data, execute remote code, and bypass existing security protocols. In some cases, they may also enable spoofing attacks, tampering with system configurations, or cause denial-of-service (DoS) disruptions. CERT-In has urged users and administrators to take prompt action to secure their systems and prevent potential exploitation. Affected software The vulnerabilities impact a broad range of Microsoft offerings, including: Microsoft Windows (all supported versions) Microsoft Office (Word, Excel, Outlook) Microsoft Dynamics Azure cloud services Microsoft SQL Server System Centre and Developer Tools Extended Security Update (ESU) programs for older Windows versions Microsoft Edge browser and other Microsoft apps If you use a Windows PC or use Microsoft Office or any related service, then it is possible that your system might be at risk. As per CERT-In, Microsoft has confirmed the presence of these security flaws and released a comprehensive advisory outlining the affected products and necessary patches. Fixes have been rolled out through the latest cumulative updates for Windows and other impacted services. While the company states there are no known cases of active exploitation at this time, it strongly urges users to apply the updates without delay. How to safeguard yourself? To safeguard your systems, CERT-In recommends the following steps: Make sure Windows and Office are fully updated Turn on automatic updates via system Settings Restart your device after applying updates Refrain from opening files or clicking on links from untrusted sources Keep your antivirus programs and firewalls up to date
News18
15-07-2025
- News18
Indian Govt Issues Major Security Warning For Windows And Office Users: What The Alert Says
Last Updated: Windows and other Microsoft users have been warned about multiple security risks that needs their immediate attention. Windows and Microsoft Office have been warned about a critical security risk by the Indian government earlier this month. The alert comes via the Indian Computer Emergency Response Team or CERT-In in July 2025 and it will be alarming for millions of PC users who rely on Windows, and other Microsoft products like Office, Azure used by businesses and more. As you would assume, the new issues pose concerns for their systems and how hackers can manipulate them to extract data and other confidential content from the targeted PCs. The latest CERT-In alert comes with a high-severity rating and gives us more details about the security issues and how it can affect users. 'Multiple vulnerabilities have been reported in Microsoft Products, which could allow an attacker to gain elevated privileges, obtain sensitive information, conduct remote code execution attacks, bypass security restrictions, conduct spoofing attacks, cause denial of service conditions or tamper with system settings," the note says. All of these modes of attacks can become dangerous for all users, both personal and business segments. Exploiting the issues could make it easy for hackers to bypass the device security, steal data and even initiate system crashes. Microsoft Security Issue: Who Is Affected? If you have a Windows PC, you're at risk. If you use Office, Dynamics or even the Edge browser, there is risk and other enterprise tools like Azure are also in sight of the hackers. Microsoft has issued a detailed guide to fix these issues and the company has a wide array of updates ready to be installed by all these users. The company has pointed out that there are less chances of these issues being exploited yet, and hopefully the patch will protect all the users. We suggest you go to settings, enable auto-update Windows and reboot the system to have the new version installed to keep your PC safe. view comments First Published: July 15, 2025, 08:15 IST Disclaimer: Comments reflect users' views, not News18's. Please keep discussions respectful and constructive. Abusive, defamatory, or illegal comments will be removed. News18 may disable any comment at its discretion. By posting, you agree to our Terms of Use and Privacy Policy.
Entrepreneur
12-07-2025
- Business
- Entrepreneur
MeitY and BITS Pilani Launch Cybersecurity Training Programme for Professionals
The training is designed to address the increasing need for cybersecurity capabilities in the face of rising digital threats You're reading Entrepreneur India, an international franchise of Entrepreneur Media. The Ministry of Electronics and Information Technology (MeitY), through its cyber response arm CERT-In, has signed a Memorandum of Understanding (MoU) with BITS Pilani to roll out a professional development programme in cybersecurity. The initiative is aimed at upskilling professionals across government departments, public sector undertakings (PSUs), and the private sector. The eight-week programme is scheduled to begin on July 19, 2025, and will be conducted by BITS Pilani through its Centre for Research Excellence in National Security (CRENS) at the Hyderabad campus. Rapifuzz, a technology partner, will assist in delivering the course, while CERT-In will provide oversight and subject-matter guidance. The training is designed to address the increasing need for cybersecurity capabilities in the face of rising digital threats. It is open to professionals from diverse backgrounds, including those without prior technical or coding experience. According to CERT-In, the course content has been structured to reflect current and emerging cybersecurity challenges. The curriculum will cover areas such as cyber threats and vulnerabilities, network security, cryptography, incident management, and security practices in cloud and mobile environments. Participants who complete the programme will receive a joint certification from CERT-In and BITS Pilani. CERT-In Director General Sanjay Bahl noted that strengthening human resource capabilities is a critical component of India's broader digital security strategy. V. Ramgopal Rao, Group Vice-Chancellor of BITS Pilani, highlighted the relevance of academic and industry collaboration in addressing national cybersecurity needs. This marks one of the first formalised efforts by CERT-In to partner with an academic institution to provide structured cybersecurity education on a large scale.
