Security News

India's Home Ministry has asked state governments to crack down on illegal lending apps it says have led to "Multiple suicides by citizens owing to harassment, blackmail, and harsh recovery methods." A letter sent last week states: "Large numbers of complaints have been reported across India pertaining to illegal digital lending apps that provide short-term loans or micro credits at exorbitant interest rates with processing or hidden charges, especially to vulnerable and low-income people and use the borrower's confidential personal data like contacts, location, photos/videos for blackmail/harassment."

India's minister of state for electronics and information technology, Rajeev Chandrasekhar, has hinted strongly that he will again extend the deadline to comply with sweeping new information security reporting rules that were imposed as an essential national defence mechanism. After the deadline they were required to report many types of infosec incidents - even trivial ones like port scanning and phishing attempts - to India's Computer Emergency Response Team within six hours of detection.

India's Central Bureau of Investigation on Monday disclosed that it has detained a Russian national for allegedly hacking into a software platform used to conduct engineering entrance assessments in the country in 2021. "The said accused was detained by the Bureau of Immigration at Indira Gandhi International Airport, Delhi while arriving in India from Almaty, Kazakhstan," the primary investigating agency said in a press release.

India's government last week released a draft telco law that defines all over-the-top services as telecoms providers and therefore makes them subject to the same regulations imposed on carriers. The draft Indian Telecommunication Bill, 2022 [PDF] defines a telecommunications service as including "Broadcasting services, electronic mail, voice mail, voice, video and data communication services" delivered over fixed or mobile networks.

Akasa Air, India's newest commercial airline, exposed the personal data belonging to its customers that the company blamed on a technical configuration error. The bug was identified on August 7, 2022, the same day the low-cost airline commenced its operations in the country.

The government of India has scrapped the Personal Data Protection Bill it's worked on for three years, and announced it will - eventually - unveil a superior bill. The bill, proposed in 2019, would have enabled the government to gather user data from companies while regulating cross-border data flows.

Google has brought its Street View service - which offers photographs of most locations on Google Maps - back to India, six years after the nation rejected it as an invasion of privacy and a threat to national security. India blocked Street View in 2016 due to national security authorities feeling that freely available photography could assist terrorists.

India's Ministry of Electronics and Information Technology and the local Computer Emergency Response Team have extended the deadline for compliance with the Cyber Security Directions introduced on April 28, which were due to take effect yesterday. The Directions were purported to improve the security of local organisations, and to give CERT-In information it could use to assess threats to India.

From Radware, a hacktivist group called DragonForce Malaysia, "With the assistance of several other threat groups, has begun indiscriminately scanning, defacing and launching denial-of-service attacks against numerous websites in India." In addition to DDoS, their targeted campaign - dubbed "OpsPatuk" - involves advanced threat actors "Leveraging current exploits, breaching networks and leaking data." DragonForce Malaysia - best known for their hacktivism in support of the Palestinian cause - have turned their attention on India this time, in response to a controversial comment made by a Hindu political spokesperson about the Prophet Mohammed.

Surfshark announced today they are shutting down its VPN services in India in response to the new requirements in the country that demand all providers to keep customer logs for 180 days. VPN services aim to provide privacy to internet users by encrypting their network traffic and hiding their actual IP addresses behind those assigned to servers hosted at providers worldwide.