Manas Harsh

🚨 BSNL LTD Data Breach: A Stark Reminder of Cybersecurity Vulnerabilities🚨 Bharat Sanchar Nigam Limited (BSNL LTD) has recently suffered a significant data breach, exposing the sensitive information of millions of users. This incident, attributed to the hacker "kiberphant0m," underscores the critical need for enhanced cybersecurity measures in India's telecom sector. Here’s what you need to know: Key Details: Hacker: "kiberphant0m" Data Compromised: 278GB Information Stolen: IMSI Numbers: Unique identifiers for mobile subscribers SIM Card Details: Critical authentication keys Home Location Register (HLR) Data: User profiles and current locations Security Keys: Used for network authentication and encryption Potential Risks : The compromised data includes highly sensitive information that could be exploited for: SIM Card Cloning: Allows hackers to replicate SIM cards and intercept communications. Financial Fraud: By bypassing two-factor authentication and accessing bank accounts. Illegal Surveillance: Monitoring calls and messages. Service Disruptions: Potentially causing widespread communication outages. Dark Web Sale: Data Price: $5,000 (₹4,17,000) Availability: Data samples provided to validate the breach Government and Expert Response: The Indian government has demanded a comprehensive forensic investigation to identify and mitigate the vulnerabilities exploited in the breach. Cybersecurity experts stress the importance of robust security measures to protect critical infrastructure. Our Founder, Kanishk Gaur, spoke with Bennett Coleman & Co. Ltd. (The Times of India) on how "This breach highlights the urgent need for robust cybersecurity measures across our telecom infrastructure. It’s a stark reminder of the evolving threats we face in the digital age." For more detailed insights, read the full article on The Times Of India #CyberSecurity #DataBreach #TelecomSecurity #BSNL #KanishkGaur #AthenianTech #Infosec #DigitalSafety https://lnkd.in/dJJvM3qt

2

Poultry Farm Management System 1.0 Shell Upload #shreateh #Cybersecurity #InfoSec #DataSecurity #NetworkSecurity #CyberThreats #VulnerabilityManagement #ITSecurity #CyberDefense #CyberAwareness #SecurityIncident #DataPrivacy #CyberAttacks #CyberProtection #CyberRisk #SecurityBreaches #EthicalHacking #CyberEducation #SecurityOperations #CyberResilience #CyberIntelligence

1

Requirement 8 of PCI DSS is about identifying access. It also is about restricting access to unique IDs. Meaning that everyone who accesses the CDE is fully identifiable for non-repudiation. Setting lockouts for failed logins and automatic logouts after 15 minutes. We also need to be able to identify any source, both logically and physically, for users and apps/systems.

1

Vulnerabilities in web applications have resulted in victim organisations incurring significant remediation expenses. S Kumar Subramania discusses the top 5 vulnerabilities discovered by K7’s VAPT team across numerous assessments of web applications, with mitigation measures. https://lnkd.in/dex_TkEj #vapt #vaptteam #webapplication #k7 #cybersecurity #brokenauthentication #paymenttampering #sqlinjection #crosssitescripting #xxs #middleeast

9

𝐌𝐚𝐬𝐬𝐢𝐯𝐞 𝐁𝐒𝐍𝐋 𝐃𝐚𝐭𝐚 𝐁𝐫𝐞𝐚𝐜𝐡 𝐄𝐱𝐩𝐨𝐬𝐞𝐬 𝐌𝐢𝐥𝐥𝐢𝐨𝐧𝐬 𝐭𝐨 𝐒𝐈𝐌 𝐂𝐚𝐫𝐝 𝐂𝐥𝐨𝐧𝐢𝐧𝐠 𝐚𝐧𝐝 𝐅𝐢𝐧𝐚𝐧𝐜𝐢𝐚𝐥 𝐅𝐫𝐚𝐮𝐝 📢 BSNL, India's state-owned telecom provider, has suffered a major data breach. Hacker "kiberphant0m" compromised 278GB of sensitive data, including IMSI numbers, SIM details, and server snapshots. This breach exposes millions of users to risks like SIM cloning, identity theft, and financial fraud. Key Data Compromised: 🚨 HLR data 🚨 IMSI and SIM details 🚨 SOLARIS server snapshots 🚨 DP card data and security keys Potential Risks: 🚨 Privacy violations 🚨 Financial and identity theft 🚨 Targeted scams and phishing attacks 🚨 SIM cloning and interception of communications Expert’s Advice: ✅ Update your BSNL account password with a more complex pattern ✅ Monitor phone and bank account activity ✅ Enable two-factor authentication (2FA) BSNL must take immediate action to secure their network and enhance security measures to prevent future breaches. #DataBreach #BSNL #DataProtection

18

2 Comments

#CyCatz #Cybersecurity Cyber Security Incidents in India, 2018-2022   #cyberawareness #cyberattack #breaches #databreaches #cybercrime #darkwebmonitoring #SurfaceWebMonitoring #mobilesecurity #emailsecurity #vendorriskmanagement #threatlandscape #cybersecurity #incidents

6

#CyCatz #Cybersecurity 21st June International Yoga Day   #cyberawareness #cyberattack #breaches #databreaches #cybercrime #darkwebmonitoring #SurfaceWebMonitoring #mobilesecurity #emailsecurity #vendorriskmanagement #BrandMonitoring #yogaday 

4

What is a Statement of Applicability? 🔍 Definition: A Statement of Applicability (SoA) states: Which security controls your organisation deems necessary to mitigate identified security Which security controls have been excluded 💼 Importance: An SoA is a mandatory document if your organisation wants to get certified for ISO 27001. Without, you will receive a major non-conformity and hence, wait until the next audit which is unnecessarily expensive and time consuming. Link to the article is in the comments #ISO27001 #Cybersecurity

7

1 Comment

#CyCatz #Cybersecurity Key Components of Vendor Risk Management   #cyberawareness #cyberattack #breaches #databreaches #cybercrime #darkwebmonitoring #SurfaceWebMonitoring #mobilesecurity #emailsecurity #vendorriskmanagement #BrandMonitoring #vrm

4

🔍📄 Introducing the NIST CSF 2.0 Audit Checklist for the Identify Function! Before you scroll down Follow Niranjan V for more such Infosec Content. Reach out for ISO 27001 Mentorship, Training, and Guidance. Join our exclusive infosec community: https://lnkd.in/gG_aG5AF 1️⃣ Introduction to the Document: Step up your cybersecurity game with this comprehensive NIST CSF 2.0 Audit Checklist for the Identify function. This essential guide helps organizations assess and enhance their cybersecurity posture by identifying critical assets, risks, and vulnerabilities. 2️⃣ What's in the Document: This checklist provides a detailed framework to help you systematically evaluate the Identify function of the NIST Cybersecurity Framework. It includes comprehensive questions and guidelines covering asset management, business environment, governance, risk assessment, and risk management strategy. 3️⃣ Conclusion: Strengthen your organization's cybersecurity foundation with this NIST CSF 2.0 Audit Checklist for the Identify function. By implementing these practices, you can proactively manage and reduce cybersecurity risks, ensuring a more resilient and secure business environment. Download the document now and take the first step towards robust cybersecurity management! #nistcsf #nist #cybersecurity #identify #audit #checklist #infosec #compliance

571

27 Comments

#CyCatz #CybersecurityTeamViewer Ransomware attack top threat in India, human error leading cause of breaches   #cyberawareness #cyberattack #breaches #databreaches #cybercrime #darkwebmonitoring #SurfaceWebMonitoring #mobilesecurity #emailsecurity #vendorriskmanagement #threat #breaches

4

Version 1.0 of "The Windows Forensic Journey" is out !!! The goal is to create a "bible" that will hold the most basic forensic artifacts in Windows and to have a short explanation on them. I am going to update it every couple of months. If you have any suggestions/correction/asks please send them to me. In this version I have included: LNK files, RDP cache, Prefetch, File Explorer Searches, Activity History, Run MRU and Recent Docs (by file/extension/folder). Have a nice read ;-) You can also follow me on twitter - @boutnaru (https://lnkd.in/dkYSgHHZ). Also, you can read my other writeups on medium - https://lnkd.in/drU__sCj. You can find my free eBooks at https://lnkd.in/dCQ57Fqb. #Windows #Kenrel #TheWindowsForensicJourney #Security #infosec #DevSecOps #DevOps #dfir #OperratingSystems #OS #Learning #Forensic

44

#CyCatz #Cybersecurity Life Cycle Of A Coalition Clawback   #cyberawareness #cyberattack #breaches #databreaches #cybercrime #darkwebmonitoring #SurfaceWebMonitoring #mobilesecurity #emailsecurity #vendorriskmanagement #risk #post

4

🔒 BSNL Data Breach: Millions of Users at Risk! 📢 Attention cybersecurity professionals and BSNL users! India's state-owned telecom provider, BSNL, has suffered a major data breach exposing millions of users to significant threats. 🚨 What Happened? 🚨 A threat actor known as "kiberphant0m" compromised over 278GB of sensitive data, including: 📱 International mobile subscriber identity (IMSI) numbers 💳 SIM card details 🌐 Home location register (HLR) data 🔑 Critical security keys ⚠️ What are the potential risks? ⚠️ 🔒 SIM Cloning & Identity Theft 💸 Financial Losses 📴 Service Disruptions 🏴 National Security Threats This is the second data breach for BSNL in just six months, raising serious concerns about their data security practices. ❗ Why This Matters? ❗ The compromised data goes beyond typical user information. It includes critical operational data that could be used for sophisticated attacks not only on BSNL but also on interconnected systems, potentially impacting national security. 💡 What can you do? 💡 📣 Share Awareness: Let your network know about the BSNL breach and the potential risks. 📧 Urge BSNL to Act: BSNL needs to investigate the breach, improve security measures, and be transparent with their users. 🔐 Educate Users: Advise BSNL users to monitor accounts, enable two-factor authentication, and stay vigilant against phishing attempts. Let's work together to raise awareness and hold companies accountable for protecting user data! Learn more: https://lnkd.in/gsPTrykw #BSNL #DataBreach #Cybersecurity #cybersecurityawareness #vapt

12

Potential vulnerabilities are identified by VA, and their impact is measured and addressed more effectively by PT through active exploitation. Follow For More SecuriumSolutions PVT LTD #Securiumsolutions #Cybersecurity #Vulnerabilities #Penetrationtesting #Pentesting #Cybersecurityservices #Digitalsecurity #Linkedin

8

Penetration testing has been always an important requirement of PCI DSS. The following VAPT requirements will become mandatory in V4.0 of the standard, starting April 1, 2025. A1.1.4 Confirm, via penetration testing, the effectiveness of logical separation controls used to separate customer environments. 6.4.2 Deploy an automated technical solution for public-facing web applications that continually detects and prevents web-based attacks. Note that this new requirement removes the option in requirement 6.4.1 to review web applications via manual or automated application vulnerability assessment tools or methods. 11.3.1.1 Manage all other applicable vulnerabilities (those not ranked as high-risk or critical) found during internal vulnerability scans. 11.3.1.2 Perform internal vulnerability scans via authenticated scanning. 11.4.7 Multi-tenant service providers should support their customers for external penetration testing. Note that AWS now allow external pen-testing on many of their services. Ref: https://lnkd.in/dkyRj94W

26

1 Comment

Impersonation scams are on the rise, Don't let fear cloud your judgment! Cybercriminals are getting crafty, impersonating officials to steal your money. Download the CyberBAAP app for the complete guide and learn how to spot a cyber scam before it's too late! https://lnkd.in/d57RvQvS Nirali Bhatia #CyberSecurity #StaySafeOnline #CyberScams #DigitalSafety #OnlineProtection #InternetSafety #OnlineFraud #SecureYourData #AntiFraud #CyberCrime #OnlineThreats #TechSafety #InternetSecurity #CyberAlert #ProtectYourself #SafetyFirst #FraudPrevention #SecureOnline #ScamAwareness #CyberSafetyTips#CyberBAAP #niralibhatia

2

A comprehensive guide to mastering data protection and bolstering security with effective data loss prevention. Read the article: bit.ly/42mR7Fx for more information call on 9910456787 #TimeToDoBig #CyberSecurity Ashutosh Sharma Piyush Mathur

1