Security News

India's central bank on Wednesday proposed a requirement for dynamically generated second authentication factors for most digital payments. "Reserve Bank of India had mandated additional factor of authentication for all transactions undertaken using cards, prepaid instruments and mobile banking channels," explained the central bank.

The official Microsoft India account on Twitter, with over 211,000 followers, was hijacked by cryptocurrency scammers to impersonate Roaring Kitty, the handle used by notorious meme stock trader Keith Gill. Microsoft India's X account has a gold check as an officially verified organization on the platform, lending the hijackers' posts more legitimacy.

About Bruce Schneier I am a public-interest technologist, working at the intersection of security, technology, and people. I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

An active Android malware campaign dubbed eXotic Visit has been primarily targeting users in South Asia, particularly those in India and Pakistan, with malware distributed via dedicated websites...

The Indian government says it rescued and repatriated 250 citizens who sought jobs in Cambodia, only to be forced into conducting cybercrime once they arrived. India Today reports that there are at least 5,000 more held captive in Cambodia and forced to launch scams that have generated nearly $60,000,000 in the last six months.

Cybercriminals are using a network of hired money mules in India using an Android-based application to orchestrate a massive money laundering scheme. The malicious application, called XHelper, is...

The global government affairs team at X has suspended some accounts and posts in India after receiving executive orders to do so from the country's government, backed by threat of penalties including significant fines and imprisonment. The team revealed its actions on Thursday, writing "In compliance with the orders, we will withhold these accounts and posts in India alone; however, we disagree with these actions and maintain that freedom of expression should extend to these posts." X has appealed the order and notified impacted users.

The Reserve Bank of India announced on Thursday it would make its digital currency programmable, and ensure it can be exchanged when citizens are offline. Indian media report that governor Shaktikanta Das outlined scenarios for the programmable digital rupee, including allowing government agencies to ensure payments to citizens are only used for defined benefits.

India's government has granted its Computer Emergency Response Team, CERT-In, immunity from Right To Information requests - the nation's equivalent of the freedom of information queries in the US, UK, or Australia. Reasons for the exemption have not been explained, but The Register has reported on one case in which an RTI request embarrassed CERT-In. That case related to India's sudden decision, in April 2022, to require businesses of all sizes to report infosec incidents to CERT-in within six hours of detection.

Multiple top leaders of India's opposition parties and several journalists have received a notification from Apple, saying that "Apple believes you are being targeted by state-sponsored attackers who are trying to remotely compromise the iPhone associated with your Apple ID.". For India to uphold fundamental rights, authorities must initiate an immediate independent inquiry, implement a ban on the use of rights-abusing commercial spyware, and make a commitment to reform the country's surveillance laws.