cert-in | Breaking Cybersecurity News | The Hacker News

India's computer and emergency response team, CERT-In, on Thursday published new guidelines that require service providers, intermediaries, data centers, and government entities to compulsorily report cybersecurity incidents, including data breaches, within six hours. "Any service provider, intermediary, data center, body corporate and Government organization shall mandatorily report cyber incidents [...] to CERT-In within six hours of noticing such incidents or being brought to notice about such incidents," the government  said  in a release. The types of incidents that come under the ambit include, inter alia, compromise of critical systems, targeting scanning, unauthorized access to computers and social media accounts, website defacements, malware deployments, identity theft, DDoS attacks, data breaches and leaks, rogue mobile apps, and attacks against servers and network appliances like routers and IoT devices. The government said it was taking these steps to ens

The IT threat landscape has changed dramatically over the last three-four years. With no shortage of threat actors, from hacktivists to nation-states, criminals to terrorists, all of them are now after something new. It's no more just about stealing your money, credit cards and defacing websites, as now they are after the intellectual property, mass attacks and most importantly, our critical infrastructures. We have long-discussed nightmare scenarios of cyber attacks against nation's critical infrastructure, but now these scenarios have come to the real world, and we have seen many such incidents in the past years. The latest example is cyber attacks against Ukrainian power grid . Just two weeks back, Ukraine's national power company Ukrenergo confirmed that electricity outage on 17-18th December last year was caused by a cyber attack. Such sophisticated cyber attacks have revealed the extent of vulnerabilities in the systems that are operating the most critic

As a vCISO, you are responsible for your client's cybersecurity strategy and risk governance. This incorporates multiple disciplines, from research to execution to reporting. Recently, we published a comprehensive playbook for vCISOs, "Your First 100 Days as a vCISO – 5 Steps to Success" , which covers all the phases entailed in launching a successful vCISO engagement, along with recommended actions to take, and step-by-step examples.  Following the success of the playbook and the requests that have come in from the MSP/MSSP community, we decided to drill down into specific parts of vCISO reporting and provide more color and examples. In this article, we focus on how to create compelling narratives within a report, which has a significant impact on the overall MSP/MSSP value proposition.  This article brings the highlights of a recent guided workshop we held, covering what makes a successful report and how it can be used to enhance engagement with your cyber security clients.

Last month we reported a worm targeting Skype users with spam messages designed to infect machines with the Dorkbot ransomware has been discovered. This malware is spreading through a question/ phrase sent to the users by someone and the question is: " lol is this your new profile pic? " Same spam now targeting most of the Indian skype users, Indian CERT (Computer Emergency Response Team) issue a warning about this ongoing spam attack via advisory. A number of Indians use 'Skype' to communicate with their friends, relatives and other contacts within and outside the country. " A malicious spam campaign is on the rise targeting Skype users by sending instant message which appears to come from friends in the Skype contact list ," the advisory reads. Security researchers from Avast had intercepted this Darkbot malware campaign, and they estimate that this affecting millions of Skype users. " The worm is reported as stealing user credentials, engaging in click fraud activities

India has mandated that all government ministries and departments secure their websites with proper certification. This directive follows the hacking of the Central Bureau of Investigation (CBI) website by a group calling themselves the "Pakistani Cyber Army." The National Informatics Centre has been instructed to host websites only after these ministries and departments provide security certification and comply with government guidelines, according to India's Press Information Bureau (PIB). The CBI website was defaced by hackers over a week ago. The attackers claimed their actions were in retaliation for similar hacks on Pakistani websites. A CBI spokeswoman stated that the site would undergo a thorough security audit and fix all vulnerabilities before being restored. Importantly, the agency's internal IT systems remained uncompromised. As of Wednesday morning, the CBI site had not yet been restored. India's Minister of State for Communications and IT, Sachin