Security News

India's Ministry of Electronics and Information Technology and the local Computer Emergency Response Team have extended the deadline for compliance with the Cyber Security Directions introduced on April 28, which were due to take effect yesterday. The Directions were purported to improve the security of local organisations, and to give CERT-In information it could use to assess threats to India.

It describes areas for which companies prioritize information security and compliance, which leaders control information security spending, how compliance has shifted the overall security strategy of the organization, and the solutions and tools on which organizations are focusing their technology spending. The findings cover three critical areas of an organization's security and compliance posture: information security and IT audit and compliance, data security and data privacy, and security and compliance spending.

Windows PowerShell is enormously useful, extremely prevalent, and often targeted by crooks because it offers an express route into the heart of Windows servers and networks. Instead, the agencies recommend securing PowerShell prudently.

India's government last week issued confidential information security guidelines to the 30 million plus workers it employs - and as if to prove a point, the document quickly leaked on a government website. The document, and the measures it contains, suggest infosec could be somewhat loose across India's government sector.

Deep Instinct released the third edition of its annual Voice of SecOps Report, focused on the increasing and unsustainable stress levels among 1,000 C-suite and senior cybersecurity professionals across all industries and roles. The research found that 45% of respondents have considered quitting the industry due to stress, with the primary issues being an unrelenting threat from ransomware and the expectations to always be on call or available.

These features combine automation with scalability to accelerate security compliance programs with automated framework mapping, evidence collection, and continuous monitoring, as well as providing the ability for teams to leverage applications and data sources. Orca Security unveils Shift Left Security capabilities to prevent cloud application issues.

Eleven significant tech-aligned industry associations from around the world have reportedly written to India's Computer Emergency Response Team to call for revision of the nation's new infosec reporting and data retention rules, which they criticise as inconsistent, onerous, unlikely to improve security within India, and possibly harmful to the nations economy. The rules were introduced in late April and are extraordinarily broad. For example, operators of datacenters, clouds, and VPNs, are required to register customers' names, dates on which services were used, and even customer IP addresses, and store that data for five years.

Leaders of the Quad alliance - Australia, India, Japan, and the USA - met on Tuesday and revealed initiatives to strengthen collaboration on emerging technologies and cybersecurity, with an unspoken subtext of neutralizing China. "Today, we - prime minister Anthony Albanese of Australia, prime minister Narendra Modi of India, prime minister Fumio Kishida of Japan, and president Joe Biden of the United States - convene in Tokyo to renew our steadfast commitment to a free and open Indo-Pacific that is inclusive and resilient," declared the Quad in a very formal statement.

Indian IT shops have been handed another extraordinarily short deadline within which to perform significant infosec work. MII boards must sign off on lists of critical systems.

A threat actor targeted security researchers with fake Windows proof-of-concept exploits that infected devices with the Cobalt Strike backdoor. Threat actors commonly use these exploits to conduct attacks or spread laterally within a network.