Security News

India has revealed the identities of companies that have applied to build semiconductor manufacturing facilities on its soil under a $10 billion subsidy scheme - and none are substantial chipmakers. As The Register reported last week, a consortium of Taiwan's Foxconn and Indian firm Vedanta committed to build a plant under the scheme, despite neither company having any previous experience in the field.

The deputy governor of the Reserve Bank of India, T Rabi Sankar, has delivered an extremely unflattering assessment of cryptocurrencies - worse than Ponzi schemes, wreckers of economies, and richly deserving of a ban within India. Speaking at the Indian Banks' Association's 17th Annual Banking Technology Conference, Sankar argued that cryptocurrencies are poorly named, as unlike fiat currencies they "Do not have an issuer, they are not an instrument of debt, nor commodities, nor do they have any intrinsic value."

The Reserve Bank of India has warned the nation's finance sector that outsourcing information technology jobs could "Expose them to significant financial, operational and reputational risks." A quick reminder: since the late 1990s, India has championed outsourcing IT services and profited mightily as a result.

Sri Lanka has decided to adopt a national digital identity framework based on biometric data and will ask India if it can implement that nation's Aadhaar scheme. The island nation had previous indicated it would work with the Modular Open Source Identity Platform, an organisation based in India that offers tools governments can use to create and manage digital identities.

Most modern chat systems are entirely proprietary: proprietary clients, talking proprietary protocols to proprietary servers. There's no need for this: there are free open standards for one-to-one and one-to-many comms for precisely this sort of system, and some venerable clients are still a lot more capable than you might remember.

India's Supreme Court has taken the unusual step of commissioning a Technical Committee to investigate whether the national government used the NSO Group's "Pegasus" spyware on its citizens. Discomfort with India's use of Pegasus has bubbled along ever since, helped by several petitions that sought to determine the extend of government spyware usage, and whether or not it was constitutional.

A new malware campaign targeting Afghanistan and India is exploiting a now-patched, 20-year-old flaw affecting Microsoft Office to deploy an array of commodity remote access trojans that allow the adversary to gain complete control over the compromised endpoints. The attacks work by taking advantage of political and government-themed lure domains that host the malware payloads, with the infection chains leveraging weaponized RTF documents and PowerShell scripts that distribute malware to victims.

Taiwanese PC maker Acer has not only admitted servers it operates in India and and Taiwan were compromised but that only those systems in India contained customer data. The miscreants who claimed to be behind the network breaches boasted they stole gigabytes of information from the servers, and suggested other Acer operations around the world are also vulnerable to information theft.

Taiwanese computer giant Acer has confirmed that its after-sales service systems in India were recently breached in what the company called "An isolated attack." "Upon detection, we immediately initiated our security protocols and conducted a full scan of our systems. We are notifying all potentially affected customers in India," an Acer Corporate Communications spokesperson told BleepingComputer.

Blackberry's Research and Intelligence Team has uncovered three phishing schemes targeting Indian nationals, and says a Chinese state-sponsored malware gang is the culprit. Blackberry identified the responsible party as APT41 - a prolific Chinese state-sponsored cyberthreat group that has carried out what Fireye called "Espionage activity in parallel with financially motivated operations" since at least 2012.