Decennial special: Apple unveils iPhone X

New Delhi, Jul 18: India's national cybersecurity agency CERT-in, has warned people of credit card skimming spreading across the world through e-commerce platforms.

Attackers are typically targeting e-commerce sites because of their wide presence, popularity and the environment LAMP (Linux, Apache, MySQL, and PHP), the Computer Emergency Response Team (CERT-In) said in a notice on Thursday.

Recently, attackers targeted sites which were hosted on Microsoft's IIS server running with the ASP.NET web application framework, it said.

Some of the sites affected by the attack were found to be running ASP.NET version 4.0.30319, which is no longer officially supported by Microsoft and may contain multiple vulnerabilities, CERT-In said.

The notice also included a list of best practices for website developers including the use of the latest version of ASP.NET web framework, IIS web server and database server.

The advisory is based on research by Malwarebytes which found that this skimming campaign likely began sometime in April this year.

Credit card skimming has become a popular activity for cybercriminals over the past few years, and the increase in online shopping during the pandemic means additional business for them, too, Malwarebytes said in a blog post, adding that attackers do not need to limit themselves to the most popular e-commerce platforms.

Researchers from global cybersecurity and anti-virus brand Kaspersky had warned in December last year that more cybercriminal groups will target online payment processing systems in 2020. 

It said that over the past couple of years, so-called JS-skimming (the method of stealing of payment card data from online stores), has gained immense popularity among attackers. 

Kaspersky researchers in their report said they are currently aware of at least 10 different actors involved in these type of attacks.

Their number will continue to grow during the next year, the report said, adding that the most dangerous attacks will be on companies that provide services such as e-commerce as-a-service, which will lead to the compromise of thousands of companies.

New Delhi, Jun 18: Vodafone Idea on Thursday told the Supreme Court that it has incurred Rs 1 lakh crore losses as it insisted it is not in a position to furnish bank guarantees.

A bench comprising Justices Arun Mishra, S. Abdul Nazeer, and M.R. Shah, taking up the adjusted gross revenue (AGR) matter through video conferencing, directed the telecom companies to submit their financial documents and books for the last 10 years.

Asking Vodafone if it was a foreign company, the bench said that how can the company say it would not furnish any bank guarantee.

"What if you fly away overnight in future without paying anything?" it asked.

Senior advocate Mukul Rohatgi, representing Vodafone Idea, denied his client is a completely foreign firm and cited before the bench its tie-ups and investments.

Vodafone owes over Rs 58,000 crore as AGR dues and so far, has paid close to Rs 7,000 crore.

Rohatgi contended before the court that the telecom company is in a tough situation, and cannot furnish any fresh bank guarantee, as profits have eluded the company in past many quarters. He submitted before the bench that Rs 15,000 crore bank guarantees are lying with the government, and his client's losses are over Rs 1 lakh crore.

"I cannot offer any more surety," he informed the bench.

Justice Mishra noted that this is public money and these dues should be recovered. "Do not tell us that you will pay if you were to make profits... the money must come," he noted.

Justice Shah observed that the telecom industry is the only industry which earned during the Covid-19 pandemic. "After all, this money will be used for public welfare", he said.

Rohatgi argued that his client would have to fold up if orders were issued to clear dues tomorrow. "11,000 employees will have to go without notice, as we cannot pay them," he added.

Senior advocate Abhishek Manu Singhvi, appearing for Bharti Airtel, contended before the court that out of Rs 21,000 crore AGR dues, the company has already deposited a sum of Rs 18,000 crore.

He argued that his client has given a bank guarantee, in excess of demand, to DoT, and supported the proposal for phased repayment of remaining AGR dues. He insisted that the company needs to sit down with the government and calculate the dues. Airtel owes Rs 25,976 crore after paying Rs 18,000 crore, as per the government.

Senior advocate Arvind Datar, representing Tata Telecom, informed the bench that his client has paid Rs 6,504 crore in AGR dues so far, and furnishing a bank guarantee may adversely impact investments in the sector.

The total AGR dues are close to Rs 1.5 lakh crore.

The top court will now take up the matter in the third week of July.

Cybersecurity researchers on Monday warned of a Trojan malware campaign which is targeting India's co-operative banks using COVID-19 as a bait.

Seqrite, the enterprise arm of IT security firm Quick Heal Technologies, detected the new wave of Adwind Java Remote Access Trojan (RAT) campaign.

Researchers at Seqrite warned that if attackers are successful, they can take over the victim's device to steal sensitive data like SWIFT logins and customer details and move laterally to launch large scale cyberattacks and financial frauds.

According to the researchers, the Java RAT campaign starts with a spear-phishing email which claims to have originated from either the Reserve Bank of India or a nationalised bank.

The content of the email refers to COVID-19 guidelines or a financial transaction, with detailed information in an attachment, which is a zip file containing a JAR based malware.

Upon further investigation, researchers at Seqrite found that the JAR based malware is a Remote Access Trojan that can run on any machine which has Java runtime enabled and hence it can impact a variety of endpoints, irrespective of their base operating system.

Once the RAT is installed, the attacker can take over the victim's device, send commands from a remote machine, and spread laterally in the network.

In addition, this malware can also log keystrokes, capture screenshots, download additional payloads, and extract sensitive user information, Seqrite said, adding that such attack campaigns can effectively jeopardise the privacy and security of sensitive data at the co-operative banks and result in large scale attacks and financial frauds.

To prevent such attacks, users need to exercise ample caution and avoid opening attachments and clicking on web links in unsolicited emails.

Banks should also keep their operating systems updated and have a full-fledged security solution installed on all the devices, Seqrite advised.