Search This Blog

Showing posts with label IT Security. Show all posts

How ChatGPT May Act as a Copilot for Security Experts


Security teams have been left to make assumptions about how generative AI will affect the threat landscape since ChatGPT-4 was released this week. Although it is now widely known that GPT-3 may be used to create malware and ransomware code, GPT-4 is 571X more potent, which could result in a large increase in threats. 

While the long-term effects of generative AI are yet unknown, a new study presented today by cybersecurity company Sophos reveals that GPT-3 can be used by security teams to thwart cyberattacks. 

Younghoo Lee, the principal data scientist for Sophos AI, and other Sophos researchers used the large language models from GPT-3 to create a natural language query interface for looking for malicious activity across the telemetry of the XDR security tool, detecting spam emails, and examining potential covert "living off the land" binary command lines. 

In general, Sophos' research suggests that generative AI has a crucial role to play in processing security events in the SOC, allowing defenders to better manage their workloads and identify threats more quickly. 

Detecting illegal activity 

The statement comes as security teams increasingly struggle to handle the volume of warnings generated by tools throughout the network, with 70% of SOC teams indicating that their work managing IT threat alerts is emotionally affecting their personal lives. 

According to Sean Gallagher, senior threat researcher at Sophos, one of the rising issues within security operation centres is the sheer amount of 'noise' streaming in. Many businesses are dealing with scarce resources, and there are just too many notifications and detections to look through. Using tools like GPT-3, we've demonstrated that it's possible to streamline some labor-intensive proxies and give defenders back vital time. 

Utilising ChatGPT as a cybersecurity co-pilot 

In the study, researchers used a natural language query interface where a security analyst may screen the data gathered by security technologies for harmful activities by typing queries in plain text English. 

For instance, the user may input a command like "show me all processes that were named powershelgl.exe and run by the root user" and produce XDR-SQL queries from them without having to be aware of the underlying database structure. 

This method gives defenders the ability to filter data without the usage of programming languages like SQL and offers a "co-pilot" to ease the effort of manually looking for threat data.

“We are already working on incorporating some of the prototypes into our products, and we’ve made the results of our efforts available on our GitHub for those interested in testing GPT-3 in their own analysis environments,” Gallagher stated. “In the future, we believe that GPT-3 may very well become a standard co-pilot for security experts.” 

It's important to note that researchers also discovered GPT-3 to filter threat data to be significantly more effective than utilising other substitute machine learning models. This would probably be faster with the upcoming version of generative AI given the availability of GPT-4 and its greater processing capabilities. Although these pilots are still in their early stages, Sophos has published the findings of the spam filtering and command line analysis experiments on the SophosAI GitHub website for other businesses to adapt.

A Majority of Security Experts Prioritize Prevention Over Detection

As per a recent report finding, a majority of organizations prefer prevention over detection when it comes to safeguarding their systems. However, a large number of businesses are consequently witnessing data breaches and other cyberattacks, with the severity of these incidents worsening day by day. 

In a survey of 500 IT security experts, Exabeam researchers discovered that nearly two-thirds of their respondents (65%) prioritize prevention over detection as their number one endpoint security objective. For the remaining third (33%), detection remained their utmost priority. 

Late to the Party 

To make the situation worse, the businesses actually act on this idea. The majority (59%) allocate the same amount to detection, investigation, and response, while nearly three-quarters (71%) spend between 21% and 50% of their IT security resources on prevention. 

According to Steve Moore, chief security strategist at Exabeam, the issue with this strategy is that the businesses concentrate on prevention while threat actors are already there, rendering their efforts useless. 

“As is well known, the real question is not whether attackers are on the network, but how many there are, how long they have had access and how far they have gone[…]Teams need to raise awareness of this question and treat it as an unwritten expectation to realign their investments and where they need to perform, paying due attention to adversary alignment and response to incidents. Prevention has failed,” says Moore. 

The majority of responders said yes when asked if they are confident, they can prevent attacks. In fact, 97% of respondents indicated they felt confident in the ability of their tools and processes to detect and stop attacks and data breaches. 

Only 62% of respondents agreed when asked if they could easily inform their boss that their networks were not compromised at the time, implying that over a third were still unsure. 

Exabeam explains that security teams are overconfident and have data to support it. The company claims that 83% of organizations experienced more than one data breach last year, citing industry reports. 

Among the many approaches implemented in order to combat security affairs, most organizations appear to be inclined towards the prevention-based strategy. The reason is, it strives to make systems more resistant to attack. Contrary to detection-based security, this approach is more effective in a variety of situations. 

Implementing a preventive approach could aid a company in significantly reducing the risk of falling prey to a potential cyberattack if it applies appropriate security solutions like firewalls and antivirus software and patches detected vulnerabilities.

SEC Amends Cyber Incident Disclosure, Raises Concerns

SEC taking a tough stand on cyber threats 

Due to rise in breaches among its members and on its systems, the Security and Exchange Commission (SEC) is thinking how it can tackle the problem of cyber threats. 

The SEC suggested new amendments in March to supervise how investment firms and public companies under its purview should strengthen their IT security management and incident reporting. 

Throughout the years, SEC's disclosure regime has advanced to highlight evolving risks and investor needs. 

Current Cyber Security Landscape 

Today, cybersecurity is an emerging risk with which public issuers increasingly must contend. Investors want to know more about how issuers are managing those growing risks. A lot of issuers already provide cybersecurity disclosure to investors. I think companies and investors alike would benefit if this information were required in a consistent, comparable, and decision-useful manner, said SEC Chair Gary Gensler.

SEC being rough on incident reporting and identity theft programs

In July, the SEC thrashed JP Morgan & Co, UBS and online stock-trader TradeStation with having deficient customer identity programs, all these programs have violated the Identity Red Flag rules, or regular S-ID between between January 2017 and October 2019. 

Regulation S-ID aims to protect investors from identity threat risks. All the three financial organizations have agreed to: 1.Cease and desist from violations in future, 2. Getting censored, 3. Pay fines of $1.2 Million, $925,000, and $425,000, respectively. 

Besides these commitments, the SEC's proposed amendments will need the financial institutions to provide current report regarding material cybersecurity cases and periodic reporting to give updates about earlier reported cybersecurity incidents. 

The SEC in March issued that:  

“proposed rule defines a cybersecurity incident as an unauthorized occurrence on or conducted through a registrant’s information systems that jeopardizes the confidentiality, integrity, or availability of a registrant’s information systems or any information residing therein.”  Under the new rule, it considered "information systems" in a broad sense, especially when the financial firm made use of a cloud- or host based systems. 

SEC in the amendment says:

"The proposal also would require periodic reporting about a registrant’s policies and procedures to identify and manage cybersecurity risks. The registrant’s board of directors' oversight of cybersecurity risk, and management’s role and expertise in assessing and managing cybersecurity risk and implementing cybersecurity policies and procedures." 

Car Rental Giant Sixt Hit by Cyberattack, Operations Shut Down

Rental car giant Sixt, a company based in Germany announced that it has been hit by a cyberattack that resulted in large-scale inconvenience in Sixt's global operations. In April, the company closed down some parts of its IT infrastructure to restrict a cyberattack. 

Only important systems were operating, like the company website and mobile applications. Sixt said that the disturbance for employees and customers was expected, it believes that the disruption was contained to great extent. 

According to the company, it has offered business continuity to its customers, but the temporary disruptions in customer care centers and few branches can be expected for some time. "As a standard precautionary measure, access to IT systems was immediately restricted and the pre-planned recovery processes were initiated. Many central Sixt systems, in particular, the website and apps were kept up and running," said Sixt in a statement. Sixt did most of the car bookings with pen and paper last week, and systems that were not important have been shut down after the cyberattack. 

Calling customers were provided an automated notification "due to a technical problem, we are currently unavailable." No more details are available as of now, Sixt said that it has launched an inquiry into the issue, however, didn't disclose any information on how the attack happened. Sixt is requesting its customers to be patient until the issue is resolved. No ransomware group has claimed the responsibility for the attack as of now, however, the chances of ransomware are highly likely. 

According to Bleeping Computer, ransomware groups are targeting companies like Sixt because of the upcoming tourism season. Vacations are easy money for car rental companies. Ransomware groups generally operate during high traffic periods to increase the chances of damage to the targets. 

The greater the damage, the easier the ransom payment. Sixt said "impacts on the company, its operations and services have been minimized to provide business continuity for customers. However, temporary disruptions, in particular in customer care centers and selective branches, are likely to occur in the short term."

About 84% of Russian companies have vulnerable IT system

More than 80% of companies in Russia neglect the basic means of protecting information systems and data, as a result of which 84% of companies have vulnerabilities in their IT systems that can be exploited, including by novice hackers who do not have a high level of programming skills.

According to Ekaterina Kilyusheva, head of the research group of the information security analytics department at Positive Technologies, companies suffer from inexperienced hackers in about 10% of cases.

Based on the testing of 19 large companies from different sectors of the economy, it turned out that in 58% of cases, companies have at least one security breach that can be hacked by publicly available software for hackers.

It is noted that most often in Russian companies, security gaps are associated with the use of outdated software, the vulnerabilities of which are already known.

As noted by ESET security specialist Tony Anscomb, in addition to outdated software, companies often have poorly configured network infrastructure and operating systems, lack of encryption and two-factor authentication, which also increases the likelihood of a system being compromised.

It is noted that the best protected are companies in the financial sector and energy industry, which process large amounts of personal information and where the high dependence of business development on the stability of the IT direction, explained the head of Analytics and special projects InfoWatch Andrey Arsentiev.

Pavel Durov called on Apple to oblige to install different application stores

Apple should allow users to install apps not only from its own App Store. This opinion was expressed by the founder of Telegram messenger Pavel Durov. According to him, Tim Cook (CEO of Apple) should be obligated to this at the legislative level.

The day before, high-ranking Telegram Manager, Vice President of the company founded by Pavel Durov, Ilya Perekopsky, spoke at a panel discussion with Russian Prime Minister Mikhail Mishustin and representatives of the IT industry in Innopolis. He said that Apple and Google are holding back the development of startups by charging a tax of a 30 percent Commission from app developers. Almost simultaneously with Perekopsky's speech, Durov published an article in which he called for Apple to be legally obliged to install an alternative App Store on the iPhone.

Durov is sure that if this is not done, then app developers, in particular, from Russia, will be forced to sell their startups for little money. At the same time, Apple's capitalization will only grow.
“Preventing two supranational corporations from collecting taxes from all of humanity is not an easy task. Corporations employ thousands of lobbyists, lawyers, and PR agents, and their budgets are unlimited. At the same time, app developers are scattered and scared, as the fate of their projects depends entirely on the favor of Apple and Google," wrote Pavel Durov.

The head of the TelecomDaily information and analytical agency Denis Kuskov noted that changing the market is quite difficult because these two companies are leading it. Therefore, Durov needs to accept this fact.

Durov recalled that in 2016, Apple banned the Telegram team from launching its own game platform: "We had to remove the telegram games catalog that we had already created and almost the entire platform interface, otherwise Apple threatened to remove Telegram from the AppStore." According to Durov, in a similar way the iPhone manufacturer does with many other developers.

Coronavirus will double the number of leaks of personal data of users, says security experts

The coronavirus epidemic around the world has affected not only electronics factories, but many companies are also transferring their employees to remote mode. But, according to experts, such a measure will negatively affect the entire field of data storage. Following a four-fold increase in the number of phishing mailings in Russia, analysts predict a significant increase in the number of leaks of personal user information.

According to experts of the Russian company Internet search, the danger of data being leaked to third parties often comes from the company's own employees. Employees working at home are not monitored by either colleagues or CCTV cameras, and the effectiveness of special software is often not enough to prevent leaks.

"It's scary to imagine that banks or IT giants will be unprepared for a new threat — working from home. All last year we observed how weaknesses in building the information security of the largest companies in the country led to catastrophic leaks of user data and other protected information. Now we ask employees to work from home and give them all the necessary access," said Igor Bederov, head of the company.

The expert noted that employees of various organizations at home are not protected from spam attacks and phishing, as well as from hacking their work computers. According to him, cybercriminals have already flooded the e-mail of many users with messages containing malicious codes.

Earlier, experts warned of a sharp increase in the number of leaks of personal and corporate data due to the mass transition to remote work. According to experts, the number of leaks in the near future may grow at least twice.

The e-voting system in Moscow has passed the first tests

On Thursday, July 11, the first stage of testing the e-voting system was completed, which will be used during the experiment in the elections of deputies of the Moscow City Duma on September 8.

According to Artem Kostyrko, the head of the Information Technologies Department of the capital of the Russian Federation, 178 attempts were made to replace the bulletins.

“Several attempts were recorded to find a link to a unique anonymized bulletin during the test voting. The attacks were professional,” Kostyrko said.

Kostyrko explained that it was not a system failure, but a data output failure. However, it happened 3 hours before the end of the voting. By this time, 75% of all participants voted.

He noted that the system was ready for attacks and they were fixed to be sent to the e-voting monitoring group for study.

Moreover, 1253 students took part in the testing and pointed out the shortcomings. "We conducted the first testing with students for a reason, because they are advanced users of gadgets, they can compare with applications and point out shortcomings," Kostyrko added.

Kostyrko noted that several more public tests are planned. "IT professionals will test e-voting system next week. We will ask hackers to try to hack the system, put a fake voice and so on."

In addition, a hacker who can hack the electronic voting system will be offered a cash prize of 1.5 million rubles (23 800 $). He added, “if hackers manage to hack the system, it doesn't mean it's bad. This means that our colleagues gave us an opportunity that we did not see. And we will say thank you to them!”

Recall that the idea of conducting an experiment with the blockchain elections to the Moscow City Duma at the end of February was proposed by a group of Russian State Duma deputies representing United Russia and the Liberal Democratic Parties. The Russian State Duma supported the proposed bill, and on May 29, Russian President Vladimir Putin signed the relevant law. On September 8, electronic voting will be held in three electoral districts, and voters will be able to decide in what form they will vote in traditional or online.

Yandex announced the prevention of a large and very dangerous cyber attack

Greg Abovskii, the operational and financial Director of Yandex, spoke about the prevention of planned and dangerous cyber attacks on the Internet company. According to him, it was planned for a very long time and was very dangerous.

Yandex specialists managed to find and suspend the actions of the attackers, working together with Kaspersky Lab specialists.

Abovskii said, "Only by working together we were able to prevent, identify, isolate a cyber attack."

According to him, it is important for the Department of Information Security that the experts work together, cooperate with each other.

The press service of Yandex reported, "Sometimes these attacks are well-prepared, but we care about the security of user data and use all available tools to protect, including cooperation with specialists. We can’t disclose details of this attack, but we can say that user data were not affected.”

It is worth noting that this week it became known that the Federal Security Service (FSB) demanded encryption keys of services Yandex.Disk and Yandex.Mail. This happened a few months ago, but Yandex still has not fulfilled the requirements of the security forces.

The Russian Deputy Prime Minister Maxim Akimov promised that the Government would protect Yandex from excessive administrative pressure. According to the official, the Government will do everything possible to ensure that Russian companies, which are global leaders in some important areas, are not affected. He noted that Yandex is important not only for the national but also for the global economy.

Yandex.Mail and Yandex.Disk are included in the register of organizers of information distribution. Under the law of the Russian Federation, special services can obtain data to decrypt messages from their users upon request. There are 10 days to fulfill such requirements.

On June 4, the press service of Yandex stated that the company is against the violation of data privacy.

Recall that in 2018, the Court blocked the Telegram Messenger on the territory of Russia for refusing to provide encryption keys to Russian security agencies.

Half of the online Banks in Russia does not have enough security

More than half of the Internet applications of Russian Banks were not sufficiently protected. According to the research of Positive Technologies, attackers can view some programs and also edit the information in them.

Cybersecurity Experts analyzed dozens of applications. In their opinion, 61 percent of programs have extremely low or low levels of protection.

It turned out that every second online Bank (54 percent) allows attackers to make fraudulent transactions and theft of money. For example, scammers can spoil the number to which the auto payment is set up or steal the victim's card number.

In addition, according to researchers, almost 80 percent of Banks carry out many operations without additional protection. You can transfer funds or disable the sending of one-time passwords without confirmation by SMS.

Earlier it became known that 85 percent of all ATMs are vulnerable to attacks aimed at stealing money. It turned out that Banks prefer not to update the ATM software, as it requires additional costs.

Information security Experts note that radical measures are needed to correct the situation.

Voice messages of social network Vkontakte were in the open access

Part of the voice messages of users of the Russian popular social network Vkontakte (Vk) was in the open access.

On Monday, users of the social network reported that they can find personal voice messages of other users in the "Documents" section. It was noted that messages could be found on the search request “audiocomment.3gp”.

Representatives of the social network stressed that it is not a vulnerability in the mechanism of the site, as all voice messages in the Vk application protected and only participants can access the correspondence materials.

According to the Vk Press Service, audio records could get into open access if users downloaded them through third-party unofficial applications.

The Vk administration also added that the social network does not use the audio format audiocomment.3g. The company recommended using official Vk applications to avoid such leaks. At the moment, the Vk Team quickly removed from public access about two thousand audio messages.

76 percent Indian companies were hit by cyber attacks in 2018

A survey conducted by a UK-based IT security provider Sophos has found out that over 76 percent Indian companies were hit by cyber attacks in 2018.

India stands at third spot of highest number of cyber attacks in 2018 after Mexico and France. Meanwhile, 68 percent organizations in the world admitted of being a victim of the cyber attacks last year.

Managing director sales at Sophos India & SAARC, Sunil Sharma  told Business Today,  "In India, most of the attacks are happening where the money is, which means the financial services, oil and gas and energy sectors. These are the places where cyber-criminal can make most of his money and they are hit most by them."

The survey was carried out in 12 countries which includes US, Canada, Mexico, Colombia, Brazil, the UK, France, Germany, Australia, Japan, India and South Africa, and there were about  3,000 IT decision-makers from mid-sized businesses.

"Server security stakes are at an all-time high with servers being used to store financial, employee, proprietary and other sensitive data. Today, IT managers need to focus on protecting business-critical servers to stop cyber criminals from getting on to the network," Sharma further added.

"They can't ignore endpoints because most cyber attacks start there, yet a higher than expected amount of IT managers still can't identify how threats are getting into the system and when."

The survey report reveals that in India, 39 percent of the cybercrimals are detected at the server, 35 percent are on the network, and 8 per cent are found on endpoints.

"It has been found that the visibility is not there. We don't know what kind of attack. We don't know how many modes it has actually traveled. We don't know how the attack is damaging, which are the endpoints, where it has actually made damage. All that visibility is not available and it is also not helping them to take right decisions," Sharma said.

According to the survey report,  97 per cent IT managers admitted that cyber security is the greatest challenge in India.

IT security firm Trustwave sued for Failing to Stop Data Breach

IT security firm Trustwave has been accused of failing to properly investigate the card breach suffered by the Las Vegas-based casino operator Affinity Gaming in 2013.

Affinity Gaming filed a complaint in the district court of Nevada in December alleged Trustwave of misrepresenting themselves and failed to perform the adequate investigation, identify the breach, and falsely misinform them about the correction of the breach.

In December 2013, Affinity Gaming suffered a security breach that penetrated their payment card systems. They called Trustwave to investigate the matter.

According to the complaint filed “Trustwave informed the company that the malware was removed from its systems and that the breach was contained.”

After Trustwave completed its investigation, Affinity Gaming called Ernst & Young to conduct penetration testing. While penetration testing testers identified suspicious activity associated with a piece of malware.

Now Affinity Gaming  called FireEye-owned forensic specialist Mandiant  for further investigation.

The complaint was filed based on the latest investigation done by Mandiant.

“Trustwave had failed to diagnose that the data breach actually was the result of unidentified outside persons or organizations who were able to compromise Affinity’s data through Affinity Gaming’s Virtual Private Network (VPN), and that the ‘backdoor’ these persons/organizations had created — which Trustwave had speculated may have existed but concluded was ‘inert’ — was very real and accessible,” reads the complaint.

“Mandiant also determined that the unauthorized access and renewed data breach occurred on a continuous basis both before and after Trustwave claimed that the data breach had been contained,” it continues.

Affinity is looking for damages in excess of $100,000 / €92,000.

Google accused of abusing dominance in India

The Competitive Commission of India have received queries from business giants like Flipkart, Facebook, Nokia's maps division, and several other companies that US Internet giant Google abused its dominant market position in procuring search results.

The CCI director-general last week filed a report that accuses Google of abusing its dominant position to rig search outcomes, which includes actual search results as well as sponsored links, as seen in the responses from 30 businesses spanning search, social networks, ecommerce, travel and content sites. This marks the first case globally where an antitrust body is formally raising such charges against Google.

This was first initiated when Bharat Matrimony and a Jaipur-based not-for-profit, Consumer Unity and Trust Society, lodged their complaints against the search giant. The Economic Times has highlighted Microsoft's extensive submission on Google's alleged abuse of dominance. Others who responded to CCI include, Hungama Digital and GroupM.

The company has been asked to present itself in front of a seven-member committee headed by chairman Ashok Chawla, a week prior to which it has to submit a report consisting its findings regarding the complaints. The proceeding can go on for several hearings before the commission makes a decision, which can be challenged in the Supreme Court. If the commission finds Google guilty, it can ask the company to make changes in the way it does business.

There is possibility that  CCI might impose a fine up to 10% of Google's income. The CCI could also pursue against top Google executives. Google posted a net income of more than $14 billion on revenue of $66 billion in 2014.

"We're currently reviewing this report from the CCI's ongoing investigation," a Google spokesman said in an email to ET. "We continue to work closely with the CCI and remain confident that we comply fully with India's competition laws. Regulators and courts around the world, including in the US, Germany, Taiwan, Egypt and Brazil, have looked into and found no concerns on many of the issues raised in this report."

The report finds that the prominence of the search result is dependent on a quality score. The score itself says the report is calculated ambiguously. It highlights that Google modifies its search algorithms without informing users and changes results in dramatic changes. It cites the example of a UK website, Ciao!, which slipped to the second page of search results from one of the top results overnight. As a result of this the organisation lost substantial business. "As a result of Google policy, it is unavoidable for the trademark owners to participate and outbid third parties in the auction process for their ads to appear above others in response to search queries on their own trademark keywords," said the report

Graham Central Station compromised with Empolyees' personal documents

4 Investigates found a pile of records wound up in three giant dumpsters at Graham Central Station  in Albuquerque.The records includes social security number, date of birth and driver’s license number.

According to the tipster, “Driving down the alley, I noticed all the trash cans were full of boxes with what looked like files kind of spilling out the top of them.”

The 4 Investigates team collected the records and  attempted to contact every one of the former employees listed. There’s assurance that if the records had already been compromised or not, but investigative team alerted every one about the possible risk.

The blame game has started. Graham Central Station’s president, based in Texas, Roger Gearhart, refused to answer questions, but sent a statement through his attorney, "Graham Central Station was upset to learn that its landlord... recently discarded dozens of its personnel files into a public dumpster. Ross Plaza One evicted Graham Central Station from its building and offices in November 2014 and changed the locks, which prevented Graham Central Station from accessing its records for a period of months. Although Ross Plaza One assured Graham Central Station that its records would be destroyed, that apparently did not happen."

However, emails from the landlord’s attorney offer a different perspective. The final letter from the landlord to Graham Central Station, which went unanswered, was: “I would like to confirm that Graham is aware that we intend to destroy and dispose of all the boxes…”

Those people who worked at Graham Central Station, need not to worry as  their records are now in safe hands. 

Graham Central Station was famous for having more than one club under one roof, but after eleven years in business, the club was closed down.

SEBI comes up with cyber security policy for stock exchanges, depositories and clearing corporations

Securities and Exchange Board of India (SEBI), which established in 1988 to regulate the securities market in India, asked stock exchanges, depositories and clearing corporations to put in place a system that would prevent systems, networks and databases from cyber attacks and improve its resilience.

According to a report published on LiveMint, the SEBI said these Market Infrastructure Institutions (MIIs) need to have a robust cyber security framework to provide essential facilities and perform systemically critical functions of trading, clearing and settlement in securities market.

“As part of the operational risk management framework to manage risk to systems, networks and databases from cyber attacks and threats, the MII should formulate a comprehensive cyber security and cyber resilience policy document to put in place such a framework,” the SEBI said.

It is said that the SEBI also asked the MII to restrict access controls in the time of necessary.
As per which no one will have any intrinsic right to access confidential data, applications, system resources or facilities.

The SEBI has asked it to deploy additional controls and security measures to supervise staff with elevated system access entitlements.

According to the news report, the SEBI Chairman UK Sinha said that attackers are attacking in a more sophisticated manner.  

“We are worried over state-sponsored cyber attacks. There are worries that the vulnerability in markets are increasing. We need to create a framework for future plan of action on securities market resilience,” he added.

The exchanges and other the MIIs would also have to submit quarterly reports to the SEBI, containing information on cyber attacks and threats experienced by them and measures taken to mitigate vulnerabilities, threats and attacks including information on bugs, vulnerabilities and threats that may be useful for other the MIIs.

Along with this, the MIIs have to share the useful details among themselves in masked and anonymous manner using a mechanism to be specified by the regulator from time to time, to identify critical assets based on their sensitivity and criticality for business operations, services and data management.

Likewise, it should maintain up-to-date inventory of its hardware and systems, software and information assets (internal and external), details of its network resources, connections to its network and data flows.

The SEBI asked market stakeholders to establish baseline standards to facilitate consistent application of security configurations to operating systems, databases, network devices and enterprise mobile devices within the IT environment and also to restrict physical access to the critical systems to minimum. 

CSPF comes up with modsecurity rules to protect servers from hacker

Cyber Security and Privacy Foundation (CSPF), a non-profit organisation which provides solution to tackle cyber security and privacy issues, has developed a set of rules to protect servers from malicious hackers.

It has come up with modsecurity rules for public, wrote Manish Tanwar and Suriya Prakash of CSPF.

Although, OWASP Core Rule Set (CRS), a project which aims to provide an easily pluggable set of generic attack detection rules that provide a base level of protection for any web application, has been solving several kind of vulnerabilities, it has failed to protect backdoor’s attacks and latest bypasses.

So, CSPF's rules are aimed to protect against the latest bypasses and back doors. It is all set to release the rules for the public.

According to the organization, these can be easily expanded.

Here are the functions of the rules:

-          The rules can block sensitive files and folders from being accessed.
-          The rules can block b374k shell variants along with some other popular shells.
-          The rules also disable directory listing and phpinfo.
-          The rules block SQL Injection.
1.       Normal SQL Injection
2.       Blind and Time Based SQL Injection
3.       All types of SQLI

You can get the rules and procedure to use them from here:

Cisco fixes remote code flaw in its UCS Central software

Cisco System Inc, an American multinational corporation,  has released an advisory to address remote code execution vulnerability in its Unified Computing System (UCS) Central software, a networking giant which integrates processing, networking and storage into one system.

The company said that it could exploit by remote attackers to execute arbitrary commands on affected systems.

“Successful exploitation of the vulnerability may permit unauthenticated access to sensitive information, allow arbitrary command execution on the Cisco UCS Central operating system or impact the availability of the affected device,” Cisco wrote in its advisory on May 6.

“An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device," said the advisory. An exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of the root user.”

According to the advisory, the vulnerability was caused by the improper input validation (CVE-2015-0701) which allows an unauthenticated remote attacker to execute arbitrary commands on the underlying operating system with root privileges.

However, the company has failed to validate user input via its web framework, exposing the platform to remote attack in versions 1.2.

The company added that it is not aware of any public exploits as it hasn’t found any evidence to prove it.

The advisory said that the users can fix the vulnerability by updating the software which is provided by Cisco.

The company has urged its users to update to UCS Central software version 1.3. It has assigned the vulnerability its highest severity score of 10.

Earlier, Cisco released security updates for several of its products. Like Cisco Adaptive Security Appliance (ASA), Cisco Small Business SPA300 and SPA500 series IP phones, and IOS software.

Google launches 'Password Alert' to protect its users from phishing attacks

Google on April 29 launched a new extension, ‘Password Alert’, which warns people whenever they type in their Google password on any site that is not a Google sign-in page.

Drew Hintz, security engineer and Justin Kosslyn, Google Ideas, posted on the Google’s Online Security Blog, that the Password Alert, which is now available on the Chrome Web Store, is aimed to prevent phishing attacks. However, it also aims to minimize the over use of Google password.

They wrote that it is designed to alert people while they use their Google password on those sites which are not operated by Google.

According to them, if anyone enters his/her password on a website that’s imitating and aims to get personal details, he/she will receive a warning. It also provides people time to change their password before it gets misused.

It works by checking the HTML of the page to identify whether it’s a legitimate Google sign-in page or not.

According to Google, the password hacking is known as “phishing” which represents two percent of all Gmail messages.

The new tool is believed to be an additional attempt of security for Google’s users. The Password Alert sits among a number of tools which are aimed to safeguard user accounts. Other methods include two-step authentication and security key.

AT & T fined $25 million over customer data thefts

(photo courtesy-

The Federal Communications Commission (FCC) has fined AT & T Inc with $25 million over data breaches at call centers in Mexico, Colombia and The Philippines. The FCC said that at least two employees confessed stealing of private information belonging to thousands of US customers which included their names, full and partial social security numbers and account-related data, known as customer proprietary network information (CPNI).

According to a senior FCC official, the details of about 280,000 people were taken during the data breaches. These series of data thefts took place in 2013 and 2014. The data was used by call center employees to request handset-unlock codes for AT&T phones and shared with third parties involved in trafficking stolen cell phones.

After this incident, AT&T has informed with all the affected customers and it has also terminated its business deal with the companies that operated the call centers where the data was stolen.

The company also quoted that it has changed its policies and strengthened operations to ensure that a similar data breach doesn’t occur.

The investigations began by the FCC in Mexico, last May, after it was given information about data going missing.

The $25 million fine is the highest that the FCC has ever issued for data security and privacy violations.