Yahoo says one billion accounts exposed in newly discovered security breach

New Delhi, Jul 18: India's national cybersecurity agency CERT-in, has warned people of credit card skimming spreading across the world through e-commerce platforms.

Attackers are typically targeting e-commerce sites because of their wide presence, popularity and the environment LAMP (Linux, Apache, MySQL, and PHP), the Computer Emergency Response Team (CERT-In) said in a notice on Thursday.

Recently, attackers targeted sites which were hosted on Microsoft's IIS server running with the ASP.NET web application framework, it said.

Some of the sites affected by the attack were found to be running ASP.NET version 4.0.30319, which is no longer officially supported by Microsoft and may contain multiple vulnerabilities, CERT-In said.

The notice also included a list of best practices for website developers including the use of the latest version of ASP.NET web framework, IIS web server and database server.

The advisory is based on research by Malwarebytes which found that this skimming campaign likely began sometime in April this year.

Credit card skimming has become a popular activity for cybercriminals over the past few years, and the increase in online shopping during the pandemic means additional business for them, too, Malwarebytes said in a blog post, adding that attackers do not need to limit themselves to the most popular e-commerce platforms.

Researchers from global cybersecurity and anti-virus brand Kaspersky had warned in December last year that more cybercriminal groups will target online payment processing systems in 2020. 

It said that over the past couple of years, so-called JS-skimming (the method of stealing of payment card data from online stores), has gained immense popularity among attackers. 

Kaspersky researchers in their report said they are currently aware of at least 10 different actors involved in these type of attacks.

Their number will continue to grow during the next year, the report said, adding that the most dangerous attacks will be on companies that provide services such as e-commerce as-a-service, which will lead to the compromise of thousands of companies.

With the scrapping of Mitron and Remove China Apps from its Play Store gaining a lot of attention in India, Google on Thursday said that it removed a video app "for a number of technical policy violations", while adding that it also does not allow an app that "encourages or incentivizes users into removing or disabling third-party apps".

Both the apps became immensely popular in India within a short span of time due to the prevailing anti-China sentiment amid border tensions between India and China in Ladakh and calls by Indian activists to boycott Chinese products.

Reports suggested that the Mitron app is a repackaged version of TicTic, which is a TikTok clone.

The Remove China Apps was designed to help users identify applications of Chinese origin.

Without naming the apps, Google hinted that the Mitron app may make a comeback on the Play Store once it fixes some technical issues, but the chances of the Remove China Apps are thin.

"We have an established process of working with developers to help them fix issues and resubmit their apps. We've given this developer (of the video app) some guidance and once they've addressed the issue the app can go back up on Play," Sameer Samat, Vice President, Android and Google Play, said in a statement.

Google said that its Android app store was designed to provide a safe and secure experience for the consumers while also giving developers the platform and tools they need to build sustainable businesses.

Samat said that Google Play recently suspended a number of apps for violating the policy that it does not allow an app that "encourages or incentivizes users into removing or disabling third-party apps or modifying device settings or features unless it is part of a verifiable security service".

"This is a longstanding rule designed to ensure a healthy, competitive environment where developers can succeed based upon design and innovation. When apps are allowed to specifically target other apps, it can lead to behaviour that we believe is not in the best interest of our community of developers and consumers," Samat said.

"We've enforced this policy against other apps in many countries consistently in the past - just as we did here," he added.

New Delhi, Jul 15: The employees union of state-run telecom operator BSNL will stage protests across the country on Thursday on a host of issues including the cancellation of its 4G tender and non-payment of salaries.

All major unions are organising ‘lunch-hour black-flag' demonstrations throughout the country under the banner of All Unions and Association of BSNL (AUAB), said a statement by AUAB. These demonstrations will be organised, by maintaining social distancing and by taking other precautions, like wearing of masks. The BSNL employees will also wear black-badges the whole day on July 16.

The employees body would demand that BSNL should immediately be allowed to roll out its 4G services and the tender should be issued immediately. Further, they want that in the matter of procuring new equipment and upgradation, there should not be any discrimination between BSNL and other private telecom service providers.

Recently, the Centre cancelled the 4G upgradation tender for BSNL as it had decided to come up with fresh specifications for the upgrade process, in a move to keep Chinese technology companies at bay as the border tussle escalated with the northern neighbour.

The Department of Telecommunications (DoT) would issue a fresh tender for the same, and people in the know said that Chinese companies may not be allowed to participate.

"The agitational programme is being organised to express the deep anguish and resentment of the employees against cancellation of BSNL's 4G tender, cancellation of BSNL's proposal for upgradation of its 49,300 BTSs to 4G, abnormal delay in issuing ‘Add on Order' for 4G equipments, inordinate delay in the implementation of BSNL's Revival Package and against the non-settlement of the burning problems of the employees," said the statement.

The umbrella body of BSNL's employees' unions noted that rolling out of 4G services is the backbone for the revival of this telecom PSU, but the recent cancellation of the tender floated by BSNL for procuring 4G equipment at a cost of Rs 9,300 crore, has brought the company back to square one.

It said that BSNL is already having 49,300 base transceiver stations (BTS), which are 4G compatible and through minor upgradation, all these equipment can be converted into 4G BTSs with an investment of about Rs 1,500 crore.

In addition to this, BSNL could have added another 15,000 BTSs, by placing an Add on Order to the existing mobile tender, it added.

Noting that in October 2019, the PSU could have rolled out pan-India 4G services, AUAB said: "Being the sole owner of the company, the Government of India also cannot shirk its responsibility in this matter."

"Adding insult to injury, the tender floated by BSNL to procure 4G equipment, has been cancelled by the government, based on a complaint from the Telecom Equipments and Services Promotional Council (TEPC)," it said.

AUAB said that BSNL is already lagging four years behind the private operators, in terms of 4G and the cancellation of the tender is going to inordinately delay the company's 4G launch.

Saying that TEPC's contention has been to bar foreign companies from participating in BSNL's tender, AUAB statement pointed out that when private operators are procuring equipment from multinationals, "why BSNL alone should be compelled to procure 4G equipments from domestic vendors, whose 4G technology is not tested or proven so far."

It alleged a conspiracy to destabilise BSNL by disrupting its rolling out of 4G services.

AUAB further said that even after the lapse of nine months, the implementation of the much publicised BSNL's Revival Package is moving at a snail's pace.

"Except the swift retrenchment of 79,000 BSNL employees under VRS, all other assurances given in BSNL's Revival Package have been put in cold storage."

The management should ensure that the salary payment of the employees is made on the last working day of every month. Deductions made from employees' salary, on account of "society dues", should immediately be remitted, it said.

Regarding the monetisation of the company's assets under the revival package, the organisation said that the land asset should not be handed over to corporates, at "throwaway" prices.

"These lands should be sold in a transparent manner and at the prevailing market rates. They should not be sold at book value or at circle rates. The AUAB will strictly monitor these dealings," it said.