cyber security Archives -

pradeep@brainguru.in +91 9810953232

Update Your WhatsApp Now

0 Comments

Update Your Mobile Apps Now, As WhatsApp admitted a major cybersecurity breach. Every once in a while a major bug, vulnerability or security scare will spark panic. In most cases, it’s absolutely unnecessary panic.

Israeli hacking outfit NSO Group, a developer of malware typically used by governments, was caught using a hack targeting WhatsApp that allowed the attackers to remotely spy on the victim’s phone.  The only indication that a phone might have been hacked is a missed call, often later deleted from the call log.

WhatsApp owner Facebook said it detected the hack and pushed out a fix to the app stores last night. WhatsApp didn’t mention the attack in its release notes, sparking criticism from some security experts for downplaying the risk of the vulnerability.

There was just one small missing piece of information from most reports: You probably weren’t a target.

Unless you’re a nuclear scientist or a government spy — or in this case a human rights lawyer — you’re probably not of any interest.

Exploits like the ones used in WhatsApp require a lot of time and effort to develop. They also have to be effective, undetected and reusable. Every time an exploit is used against a target runs the risk that someone finds out — the very opposite of covert surveillance.

“No software is 100% secure,” said Woodward. “As long as you practice good security hygiene such as keeping your passwords secure and your apps up to date, the vast majority should be quite safe from this attack, even if you are a target.”

Steps to update WhatsApp on Android Devices

Open the Google Play store
Tap the menu at the top left of the screen
Tap My Apps & Games
If WhatsApp has recently been updated, it will appear in the list of apps with a button that says Open
If WhatsApp has not been automatically updated, the button will say Update. Tap Update to install the new version
The latest version of WhatsApp on Android is 2.19.134

Steps to update WhatsApp on iOS Devices

Open the App Store
At the bottom of the screen, tap Updates
If WhatsApp has recently been updated, it will appear in the list of apps with a button that says Open
If WhatsApp has not been automatically updated, the button will say Update. Tap Update to install the new version
The latest version of WhatsApp on iOS is 2.19.51

#WhatsAppUpdate



Biggest Cyber Attack of India Tecnimont loses 130 crore through eMail

0 Comments

Biggest Cyber Attack of India Chinese fraudsters has reportedly siphoned off Rs. 130 crore through eMail from the Indian arm of Italian company Tecnimont SpA by taking native managers into confidence that the cash was needed for a buying deal, one in all the most important cyber heists within the country.

Currently being termed jointly of the most important cybersecurity breaches within the country, the Indian arm of the Italian company, Tecnimont SpA has been hit by a cyberheist of Rs. 130 crore.

The Chinese hackers sent emails to the Indian arm, impersonating because the cluster chief executive officer, asking to transfer cash required for a buying deal, and were convincing enough to form them believe that the cash couldn’t are transferred through Italy thanks to restrictive problems.

As email is that the largest vector of communication for any enterprise around 93% of cyber attacks as well as information breaches, ransomware, malware and cyber heists like this one started at the Human Layer wherever the worker wasn’t able to differentiate a phishing email to a real one.

The tech-savvy criminals sent emails to the chief of Tecnimont Pvt Ltd, the Indian subsidiary of Italy-based Tecnimont SpA, through Associate in a Nursing email account that appeared misleadingly like that of cluster chief officer (CEO) Pierroberto Folgiero.

The report mentioned that the hackers then organized multiple conference calls to speak a few doable “secretive” and “highly confidential” acquisition in China. As per the criticism lodged by Tecnimont Pvt Ltd to the Bombay Police’s crime unit, a lot of individuals compete varied fallacious roles throughout these telecommunication conferences, concealment behind fakes identities, pretense to be the cluster chief executive officer, a position Switzerland-based attorney and alternative senior members of the corporate.

The hackers persuaded the Bharat chief that the fund couldn’t be sent from Italy as a result of sure restrictive problems. He then transferred the cash in 3 tranches throughout one week in Nov. the cash that was sent — USD five.6 million, USD 9.4 million and USD three.6 million — from Bharat to the banks in the city was taken out, inside a couple of minutes. The impostors tried for a fourth transfer, however, by then the fraud had been unearthed. In Dec, it became obvious once Tecnimont SpA chairman El Caudillo Ghiringhelli visited Bharat, the report mentioned.

The hackers conjointly organized a series of conference calls throughout this method, impersonating as representatives of the cluster chief executive officer and an attorney talking concerning a buying deal arrange in China that created the chieftain believe additional firmly into this story.

The money daily quoted a senior govt attentive to the matter as locution that rhetorical scrutiny was done by the firm. conjointly hiring a Mumbai-based law company, the report mentioned that the US-based security firm Kroll is additionally trying into the matter.

#CyberSecurity #Tecnimont



Data Privacy And Cyber-security Issues In Mergers And Acquisitions

0 Comments

Data privacy and cyber-security issues play a progressively prominent role when evaluating a possible company merger or acquisition target. Knowing a way to manage these issues might mean the difference between a mergers and acquisitions ( M&A ) transaction and one that quickly turns into a liability nightmare for the customer. As data privacy, cybersecurity, and data breach risks are necessary due diligence problems in mergers and acquisitions. Post-acquisition discovery of security issues and even notifiable breaches could be a way too common situation.

Verizon’s acquisition of Yahoo in February 2017 provides a recent, high-profile example. Verizon ultimately determined to move forward with the acquisition, even after discovering that Yahoo had suffered 2 huge data breaches, compromising over one billion user accounts. The foremost extremely publicized example of a merger or acquisition-related cybersecurity downside was Verizon’s discovery of a prior data breach at Yahoo! When having executed an acquisition agreement to acquire the corporate.

Over a third (40%) of acquiring corporations engaged in a very merger and acquisition dealings aforesaid they found a cybersecurity downside throughout the post-acquisition integration of the acquired company. Thus, 80th of respondents aforementioned that cybersecurity issues became extremely necessary within the M&A due diligence method whereas 70th of respondents aforementioned compliance issues are one amongst the foremost common forms of cybersecurity problems uncovered throughout due diligence, whereas 400th aforementioned a lack of comprehensive security design is also common.

Even for those acquiring corporations that shall inspect data security problems as a part of the M&A due diligence method. More often than not, the lawyers ask a battery of routine, privacy-related queries of a corporation even when that company doesn’t collect or handle consumer personal data. The main focus on data privacy, and not security more generally, is due partially to a general lack of awareness of broader cybersecurity issues, and a hyperawareness of the risks related to data breaches. To a large degree, an emphasis on data breach risks isn’t shocking since corporations should publically disclose breaches of private data to customers, and also the media often focuses considerable attention on these breaches, particularly large-scale ones.

This summarizes the growing potential issues like legal, financial, reputational, and operationally associated with cybersecurity, and additionally provides practical solutions on the way to identify, understand, and mitigate those risks throughout the merger or acquisition due to diligence method.
Therefore, in any merger and acquisition deal, conducting a strong level of due diligence is merely the battle. Putting in place representations and warranties during a purchase agreement, significantly as it considerations data privacy and cyber-security matters, is turning into an increasingly vital measure in guaranteeing a smooth and safe transaction.



Cyber Security Check in Indian Banks !

0 Comments

The extent of data privacy norms in India is way less stringent versus those of the GDPR. Besides, the predomination for banks of public-sector that builds the impression of an implicit sovereign guarantee against the failure of such banks. This reduces the threat of reputation loss of public-sector banks because of cyber attacks.

In August 2018, When Cosmos Bank went through from cyber attack, resulting in approx. Rs 100 crore being siphoned off. In most developed countries similar attacks are rare. Such incidents need an outsized range of accounts to transfer the stolen money. Therefore, In most countries, direct money siphoning from banks through cyber-attacks are small-scale frauds through phishing attacks and stealing of payment cards or data.

Indian banks don’t have a lot of selection regarding a significant revamp of cybersecurity. Cyber attacks are global in nature and, with better cyber-risk preparation in OECD countries, hackers are increasingly specializing in vulnerabilities in emerging-market countries. this may produce existentialist issues for Indian banks. for instance, the money siphoned removed from Cosmos Bank is fourteen times the bank’s FY18 profit.
During 2008-17, banks in India faced 1,30,000 reported cases of cyber fraud involving an estimated Rs 700 crore. this is often comparable to simply 0.006% of the outstanding deposits of Indian banks. in contrast, a severe cyber attack may result in bank failure even once no money is lost directly.

In 2016, the rbi has asked banks to put in place board-approved, strong cyber-risk management systems. The regulator has additionally set norms that put losses because of cyber attacks nearly solely on banks. most significantly, the draft Personal Data Protection Bill, 2018, has projected that for breach of personal data protection, banks would face penalties the same as those under the GDPR.

As several of the ‘old’ private sector banks seem to be better prepared than their larger peers. Indian banks appear to focus a lot of on identification and prevention of cyber-attacks than breach detection, crisis management within the immediate aftermath of detection and corrective measures thenceforth. Quick breach detection and appropriate corrective actions decide the impact of such incidents on banks. Therefore, It is time that Indian banks get up to harsh cyber realities.

#CyberSecurity #cosmosbank #Cybersecuritybanks