Latest news with #Cert-In
Hindustan Times
4 days ago
- Business
- Hindustan Times
Cert-In issues advisory after data breach of 16 billion credentials, asks people to change passwords
NEW DELHI: Indian Computer Emergency Response Team (Cert-In) has issued a fresh advisory asking people to follow good cybersecurity hygiene following reports of a massive data breach involving 16 billion online credentials. FILE - The breach, first reported by the website Cybernews, includes usernames, passwords, authentication tokens, and metadata leaked from multiple platforms. (AP) The breach, first reported by the website Cybernews, includes usernames, passwords, authentication tokens, and metadata leaked from platforms such as Apple, Google, Facebook, Telegram, GitHub, and several VPN services. 'This appears to be a consolidated dataset, and some of the credentials may be outdated or already changed. However, we're issuing the advisory to urge people to follow good cybersecurity hygiene,' a senior official at Cert-In, the country's nodal agency for cybersecurity incident response, said. The advisory was first released on Monday. The agency has urged individuals to update their passwords immediately, enable multi-factor authentication (MFA), and switch to passkeys wherever possible. The advisory also recommends running antivirus scans and keeping systems up to date to protect against malware. The cybersecurity agency advised organisations to enforce MFA, limit user access, and use intrusion detection systems (IDS) and Security Information and Event Management (SIEM) tools to detect suspicious activity. It also recommended that companies check that their database aren't publicly exposed and ensure that sensitive data is encrypted. The massive dataset, which is believed to be available on the dark web, has been reportedly compiled from 30 different sources, mostly through infostealer malware. The dataset could enable attackers to carry out phishing, account takeovers, ransomware attacks, and business email compromises, said the Cert-In advisory. 'This is a systemic red flag,' said Gaurav Sahay, cybersecurity expert and founding partner at Arthashastra Legal. 'The breach is decentralised, harder to detect, and much more difficult to fix. We're likely to see a wave of account takeovers, especially on cloud/email services, banking or fintech apps, developer platforms, and government portals.' Sahay added that password reuse remains rampant, and the lack of MFA on many accounts makes even older credentials dangerous. 'This is a watershed moment in cybersecurity, a reminder that the human element remains the weakest link in digital security.'
&w=3840&q=100)
Business Standard
20-06-2025
- Business Standard
Meity on alert to find Indian data in global breach; asks Cert-In to probe
Taking cognizance of an alleged global data breach, the Union government is taking steps to identify the quantum of Indian data in it, it is learnt. In what is being considered one of the biggest breaches globally, user names, passwords, and other sensitive personal information of around 16 billion digital accounts were leaked recently. The Ministry of Electronics and Information Technology (Meity) has asked the Indian Computer Emergency Response Team (Cert-In) to seek an appropriate response from intermediaries, data centres, corporate bodies, and government organisations on the Indian data present in the global data leak and report back with details. 'Given the proportion of the global leak, it is very likely that the data of Indian citizens might be on the dataset,'' an official said. Cert-In is looking into it, he pointed out, adding that Indian firms too will have to look into it and report according to cyber incidents norms. Earlier this week, media reports suggested that data of nearly 16 billion accounts of Apple, Facebook, Google, GitHub, Telegram, and various government services were leaked. A Cybernews researcher team, led by Vilius Petkauskas, found, through an investigation beginning in January 2025, that the new records were scattered across 30 different databases and were most likely stolen by various infostealers. 'The datasets that the team uncovered differ widely. For example, the smallest, named after malicious software, had over 16 million records. Meanwhile, the largest one, most likely related to the Portuguese-speaking population, had over 3.5 billion records. On average, one dataset with exposed credentials had 550 million records,' Cybernews said in a report. Emails sent to Apple, Meta, Google and Microsoft did not yield any response on whether they had sent any instructions to users on the alleged breach, and if data of Indian users was also found in the said breach. 'While the exact nature of these leaks remains unclear as investigations unfold, the critical takeaway for users and enterprises alike is unequivocal: reactive password resets are no longer enough. Proactive adoption of strong multi-factor authentication (MFA), particularly biometric verification, is now essential. It creates a critical layer of security that stolen credentials alone cannot compromise,' said Vijender Yadav, co-founder and chief executive officer of cybersecurity firm Accops. In 2022, Meity had issued comprehensive guidelines on the timelines by which any cyber incidents would have to be reported to Cert-In, along with the details of the nature of the attack, the systems, the quantum of data compromised, and whether the users had been informed about the compromise of the datasets. As per the norms then issued, the ministry had also mandated that all companies should maintain a 180-day rolling log of all of their information technology and computer systems and keep that data within India. As and when demanded by Cert-In, this data would have to be furnished in cases of cyber incidents.
India.com
13-05-2025
- India.com
Indian Govt Issues ‘High Risk' Warning For Apple iPhone, iPad Users --What Are The Software Affected? Check Details
New Delhi: The Indian Computer Emergency Response Team (Cert-In) has issued a high-risk warning concerning several vulnerabilities found in Apple Products. According to their latest security advisory dated 12 March 2025, identified as CIVN-2025-0094, the government research team has disclosed that these vulnerabilities are deemed high-risk and present substantial threats to Apple iPhone, iPad Users. Threat to Apple iPhone, iPad Users: What are the risks involved? The risk associated with these vulnerabilities in Apple's iOS and iPadOS may allow certain malicious applications to cause affected devices to become unresponsive or non-functional until restored. Apple iPhone, iPad Users: What are the Software Affected? Cert-In has said that the following Software are Affected - iOS versions prior to 18.3 (for iPhone XS and later) - iPadOS versions prior to 17.7.3 (for iPad Pro 12.9-inch 2nd generation, iPad Pro 10.5-inch, and iPad 6th generation) - iPadOS versions prior to 18.3 (for iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later) Cert-In has said that Darwin notifications are a low-level messaging system within the CoreOS layer, enabling processes to broadcast and receive system-wide event notifications. The vulnerability arises due to the fact that any iOS application can transmit sensitive system-level Darwin notifications without needing special privileges or entitlements. Successful exploitation of these vulnerabilities could allow malicious applications to cause affected devices to become unresponsive or non-functional until restored, it added. Cert-In has advised that users should Apply appropriate fixes as mentioned in the Apple Security Advisory.
India Today
09-05-2025
- Business
- India Today
Finance Minister to review cyber readiness of banks, financial institutions
Finance Minister Nirmala Sitharaman is set to chair a review meeting on Friday evening to assess the cybersecurity preparedness of India's banks and financial institutions. This comes at a time when there are growing concerns about the potential threat of cyber attacks, especially considering the rising tensions between India and meeting will bring together representatives from several key institutions, including public and private banks, the Reserve Bank of India (RBI), the National Payments Corporation of India (NPCI), the Bombay Stock Exchange (BSE), the National Stock Exchange (NSE), and the Indian Computer Emergency Response Team (Cert-In).Cert-In has been actively working with different sectors to ensure that critical infrastructure, including financial services, is protected from cyber IS THIS MEETING IMPORTANT?The review meeting is being held amid heightened fears that India's vital systems, including the banking and financial sectors, could become targets of cyber countries engage in conflicts, there is always the risk that cyber operations could be used as a form of retaliation or disruption. India has been strengthening its cybersecurity measures in response to this, and the Finance Minister's meeting reflects the importance the government is placing on ensuring that the financial infrastructure remains attacks can take various forms, ranging from data breaches to system disruptions. For financial institutions, even a minor disruption can cause significant financial and reputational damage, affecting everything from transactions to customer Ministry of Finance, along with other key agencies, is taking this threat seriously and ensuring that the country's financial systems are resilient in the face of possible cyber TENSIONS BETWEEN INDIA AND PAKISTANThe timing of the review meeting is linked to the growing tensions between India and Pakistan. On Thursday night, reports emerged that the Pakistan Armed Forces launched drone attacks along India's western border and violated ceasefire agreements in Jammu and Kashmir. These escalations followed India's targeted strikes on nine locations in Pakistan and Pakistan-occupied Kashmir (PoK), increasing the possibility of further military these developments are military in nature, they have wider implications for security, including the potential risk of cyber warfare. Cyber attacks can be a form of indirect retaliation in such conflicts, which is why India is proactively preparing for any such threats to its critical infrastructure, including the financial Watch advertisement
Indian Express
09-05-2025
- Business
- Indian Express
India-Pakistan tensions: Nirmala Sitharaman to chair meeting with banks, financial institutions on cyber readiness
Finance Minister Nirmala Sitharaman will chair a review meeting on cybersecurity preparedness of banks and financial institutions on Friday evening, amid heightened concerns that the country's critical infrastructure could be hit by cyber attacks amid the ongoing tensions between India and Pakistan. Representatives from various public and private banks, the Reserve Bank of India (RBI), National Payments Corporation of India (NPCI), NSE, BSE, and the Indian Computer Emergency Response Team (Cert-In), among others are expected to attend the meeting. Cert-In has been coordinating with various critical sector entities to ensure their cybersecurity preparedness. The development comes as the Pakistan Armed Forces launched multiple attacks using drones and other munitions along the entire Western Border of India on Thursday night while also resorting to numerous ceasefire fire violations (CFVs) along the Line of Control in Jammu and Kashmir. The Indian Army said that the 'drone attacks were effectively repulsed and befitting reply was given to the CFVs'. The Pakistani escalation came a day after India carried out targeted strikes on nine sites in Pakistan and PoK. On May 7, The Indian Express had reported that following 'Operation Sindoor,' agencies and organisations which are in charge of India's critical infrastructure, such as the Power Ministry, financial institutions including banks, and telecom operators were asked to be on 'high alert' after having faced a number of cyber attacks following the Pahalgam terror attack last month. 'There have been some DDoS attacks on some infrastructure, but we have contained them. Now we are on high alert because such attempts will certainly be made,' a senior government official had said earlier. A DDoS (Distributed Denial of Service) attack is a cyberattack where an attacker overwhelms a website, server, or network with malicious traffic from multiple sources, making it slow or inaccessible to legitimate users. The Indian Express had reported on Wednesday that soon after news about Operation Sindoor broke, social media platforms such as X were flooded with misinformation related to India's strikes on nine sites in Pakistan and Pakistan-occupied Kashmir (PoK). The ministries of IT and Information and Broadcasting sprung into action and decided that the government will dip into its legal powers of blocking any content or account they feel is propagating misinformation related to the strikes. On Thursday, social media platform X said that it received executive orders from the Indian government requiring the company to block over 8,000 accounts in India, including those belonging to 'international news organisations and prominent X users'. It said that falling foul of the executive orders could subject the company to potential penalties including significant fines and imprisonment of its local employees. Soumyarendra Barik is Special Correspondent with The Indian Express and reports on the intersection of technology, policy and society. With over five years of newsroom experience, he has reported on issues of gig workers' rights, privacy, India's prevalent digital divide and a range of other policy interventions that impact big tech companies. He once also tailed a food delivery worker for over 12 hours to quantify the amount of money they make, and the pain they go through while doing so. In his free time, he likes to nerd about watches, Formula 1 and football. ... Read More Aanchal Magazine is Senior Assistant Editor with The Indian Express and reports on the macro economy and fiscal policy, with a special focus on economic science, labour trends, taxation and revenue metrics. With over 13 years of newsroom experience, she has also reported in detail on macroeconomic data such as trends and policy actions related to inflation, GDP growth and fiscal arithmetic. Interested in the history of her homeland, Kashmir, she likes to read about its culture and tradition in her spare time, along with trying to map the journeys of displacement from there. ... Read More
