Maruti hikes select model prices by up to Rs 10,000

New Delhi, Jul 18: India's national cybersecurity agency CERT-in, has warned people of credit card skimming spreading across the world through e-commerce platforms.

Attackers are typically targeting e-commerce sites because of their wide presence, popularity and the environment LAMP (Linux, Apache, MySQL, and PHP), the Computer Emergency Response Team (CERT-In) said in a notice on Thursday.

Recently, attackers targeted sites which were hosted on Microsoft's IIS server running with the ASP.NET web application framework, it said.

Some of the sites affected by the attack were found to be running ASP.NET version 4.0.30319, which is no longer officially supported by Microsoft and may contain multiple vulnerabilities, CERT-In said.

The notice also included a list of best practices for website developers including the use of the latest version of ASP.NET web framework, IIS web server and database server.

The advisory is based on research by Malwarebytes which found that this skimming campaign likely began sometime in April this year.

Credit card skimming has become a popular activity for cybercriminals over the past few years, and the increase in online shopping during the pandemic means additional business for them, too, Malwarebytes said in a blog post, adding that attackers do not need to limit themselves to the most popular e-commerce platforms.

Researchers from global cybersecurity and anti-virus brand Kaspersky had warned in December last year that more cybercriminal groups will target online payment processing systems in 2020. 

It said that over the past couple of years, so-called JS-skimming (the method of stealing of payment card data from online stores), has gained immense popularity among attackers. 

Kaspersky researchers in their report said they are currently aware of at least 10 different actors involved in these type of attacks.

Their number will continue to grow during the next year, the report said, adding that the most dangerous attacks will be on companies that provide services such as e-commerce as-a-service, which will lead to the compromise of thousands of companies.

Consumer watchdog Which? has claimed that more than one billion Android phones and tablets are vulnerable to hackers as they no longer supported by security updates.

According to the research report, the most at-risk phones are any that run Android 4 or older and those smartphones running Android 7.0 which can not be updated are also at risk.

Based on data from Google analysed by Which?, two in five android device users around the world are no longer receiving the important updates. Currently, those devices are unlikely to have issues, but the lack of security leaves them open to attack.

"It is very concerning that expensive Android devices have such a short shelf life before they lose security support, leaving millions of users at risk of serious consequences if they fall victim to hackers," Kate Bevan editor Which? said in a statement.

"Google and phone manufacturers need to be upfront about security updates with clear information about how long they will last and what customers should do when they run out. The government must also push ahead with planned legislation to ensure manufacturers are far more transparent about security updates for smart devices and their impact on consumers," Kate added.

Android phone released around 2012 or earlier, including popular models like the Samsung Galaxy S3 and Sony Xperia S, are particularly at risk to hackers.

Which? has made suggestions to Android users on what to consider if they have an older phone that may be at risk.

Any Android device which is more than two years old, check whether it can be updated to a newer version of the operating system. If it is on an earlier version than Android 7.0 Nougat, try to update via Settings> System>Advanced System update.

In case a user is not able tto update the phone, the device could be at risk of being hacked if it is running a version of Android 4 or lower.

A user also need to be careful about downloading apps outside the Google Play store and should also install a mobile anti-virus via an app.

New Delhi, Jul 15: The employees union of state-run telecom operator BSNL will stage protests across the country on Thursday on a host of issues including the cancellation of its 4G tender and non-payment of salaries.

All major unions are organising ‘lunch-hour black-flag' demonstrations throughout the country under the banner of All Unions and Association of BSNL (AUAB), said a statement by AUAB. These demonstrations will be organised, by maintaining social distancing and by taking other precautions, like wearing of masks. The BSNL employees will also wear black-badges the whole day on July 16.

The employees body would demand that BSNL should immediately be allowed to roll out its 4G services and the tender should be issued immediately. Further, they want that in the matter of procuring new equipment and upgradation, there should not be any discrimination between BSNL and other private telecom service providers.

Recently, the Centre cancelled the 4G upgradation tender for BSNL as it had decided to come up with fresh specifications for the upgrade process, in a move to keep Chinese technology companies at bay as the border tussle escalated with the northern neighbour.

The Department of Telecommunications (DoT) would issue a fresh tender for the same, and people in the know said that Chinese companies may not be allowed to participate.

"The agitational programme is being organised to express the deep anguish and resentment of the employees against cancellation of BSNL's 4G tender, cancellation of BSNL's proposal for upgradation of its 49,300 BTSs to 4G, abnormal delay in issuing ‘Add on Order' for 4G equipments, inordinate delay in the implementation of BSNL's Revival Package and against the non-settlement of the burning problems of the employees," said the statement.

The umbrella body of BSNL's employees' unions noted that rolling out of 4G services is the backbone for the revival of this telecom PSU, but the recent cancellation of the tender floated by BSNL for procuring 4G equipment at a cost of Rs 9,300 crore, has brought the company back to square one.

It said that BSNL is already having 49,300 base transceiver stations (BTS), which are 4G compatible and through minor upgradation, all these equipment can be converted into 4G BTSs with an investment of about Rs 1,500 crore.

In addition to this, BSNL could have added another 15,000 BTSs, by placing an Add on Order to the existing mobile tender, it added.

Noting that in October 2019, the PSU could have rolled out pan-India 4G services, AUAB said: "Being the sole owner of the company, the Government of India also cannot shirk its responsibility in this matter."

"Adding insult to injury, the tender floated by BSNL to procure 4G equipment, has been cancelled by the government, based on a complaint from the Telecom Equipments and Services Promotional Council (TEPC)," it said.

AUAB said that BSNL is already lagging four years behind the private operators, in terms of 4G and the cancellation of the tender is going to inordinately delay the company's 4G launch.

Saying that TEPC's contention has been to bar foreign companies from participating in BSNL's tender, AUAB statement pointed out that when private operators are procuring equipment from multinationals, "why BSNL alone should be compelled to procure 4G equipments from domestic vendors, whose 4G technology is not tested or proven so far."

It alleged a conspiracy to destabilise BSNL by disrupting its rolling out of 4G services.

AUAB further said that even after the lapse of nine months, the implementation of the much publicised BSNL's Revival Package is moving at a snail's pace.

"Except the swift retrenchment of 79,000 BSNL employees under VRS, all other assurances given in BSNL's Revival Package have been put in cold storage."

The management should ensure that the salary payment of the employees is made on the last working day of every month. Deductions made from employees' salary, on account of "society dues", should immediately be remitted, it said.

Regarding the monetisation of the company's assets under the revival package, the organisation said that the land asset should not be handed over to corporates, at "throwaway" prices.

"These lands should be sold in a transparent manner and at the prevailing market rates. They should not be sold at book value or at circle rates. The AUAB will strictly monitor these dealings," it said.