Microsoft Releases New Security Patch For Windows XP


In the wake of the recent cyber attacks including ‘WannaCrpyt”, Microsoft has issued a “highly unusual” patch for Windows XP users to help governments and enterprises minimize future malware attacks. These attacks were prone to mostly the windows XP version users, this security patch enables protection from the virus and protects the computer from all vulnerabilities that the version was prone to.

“In reviewing the updates for this month, some vulnerabilities were identified that pose elevated risk of cyberattacks by government organizations, sometimes referred to as nation-state actors, or other copycat organizations,” said Adrienne Hall, General Manager, Cyber Defense Operations Centre, Microsoft, in a blog post on Tuesday.

“To address this risk, we are providing additional security updates along with our regular ‘Update Tuesday’ service. These security updates are being made available to all customers, including those using older versions of Windows,” Hall added.

Due to the elevated risk for destructive cyber attacks at this time, the company took this action to protect users against potential attacks with characteristics similar to Wannacrypt. If the user is running a supported version of Windows, such as Windows 10 or Windows8.1, and the user has Windows Update enabled, there is no need to take any action “The best protection is to be on a modern, up-to-date system that incorporates the latest innovations. Older systems, even if fully up-to-date, lack the latest security features and advancements,” the blog post read.

The patches will be made available on Microsoft’s Download Centre or Windows Update.

read more

WannaCry Ransomware : Hoax Vs Facts; No Dancing Hillary Videos


The WannaCry Ransomware has wrecked havoc across the world since last Friday and enterprises and government agencies are on their toes since last three days to minimize the impact. Besides, they are going all the way to take steps not to repeat the attack in their organisations.

Though the attack was real, and one of the biggest in recent times, some fraudulent social media posts and WhastApp messages are creating more panic among less-aware users than it deserves.  The hoax messages range from not to use shopping sites, online banking to using ATMs as possible traps of the ransomware.

More than the actual attack of the WannaCry Ransomware, which held to ransom millions of computers and businesses worldwide demanding ransom to be paid in bitcoins worth $300 to unlock the data, it is the hoax creating more panic among users.

We bring you some of these hoax messages and also offer you the facts around it. eScan research team unravels the truth behind these hoax messages to bring you the truth behind the messages.

Here are some of the clarifications to ensure you do not fall prey to these texts:

  • Message : RBI orders Shutdown of ATMs until they are patched and safe.
    Status: Hoax
    Fact : RBI has issued clarification that they haven’t issued such orders.
  • Message : Avoid using ATMs and Do not do any online transaction
    Status: Hoax
    Fact : Any computer system infected with Ransomware would display the message that it has been infected.
  • Message : Don’t do any online transaction. Don’t open any Shopping cart.
    Status: Hoax
    Fact : Webserver infected with Ransomware would simply be not able to serve the pages. Shopping carts do not store Ransomware. However, while browsing and downloading software make sure that these executable are scanned by an antivirus.
  • Message : Except Africa all countries IT companies are hacked.
    Status: Hoax
    Fact: No explanations required cause its 100% fake news. Such events when IT organizations get hacked are published all over the internet, TV channels etc. These news pieces aren’t just limited to your limited group of friends.
  • Message : Dance of the Hillary video
    Status: Hoax.
    Fact : There is no such video existing
  • Message : Power off smart TVs, tablets, and every other smart device.
    Turn off Bluetooth, WiFi, tethering (also known as Hotspot) on your mobile phones.
    Switch off your servers (or any other computers that you may leave on 24×7.
    Disconnect LAN (network, CAT6, CAT5) cable plugging computers or laptops in the network. If it is a laptop, it may have a physical slide switch or button press to switch off WiFi card inside the laptop – Switch That Off. if possible, wait for news from eastern world

         Status: Hoax
Fact : This simply means that we should lead the life of an ascetic.

So far the ransomware has affected more than 50,000 computers across 75 countries including India. The attack was so damaging that in UK it had affected the National Health Services of the country and has stalled critical health care services like surgeries and emergency attention.

The WannaCry ransomware affects the computer systems and asks the user to pay a ransom of $300 in Bitcoins to restore access to the systems or its data.

read more

WannaCry Ransomware : Watch CERT-In Broadcast Here


The WannaCry Ransomware has wrecked havoc across the world since Friday and enterprises and government agencies on their toes since last three days to minimize the impact. Besides, they are going all the way to take steps not to repeat the attack in their organisations.

India’s respective agency – CERT-In – or Computer Emergency Response Team of India, has also sent out alerts to the internet users in the country against the WannaCry Ransomware. Besides, the CERT-Inn is also conducting a webcast on the same today to create awareness among the internet users.

The webcast on the topic “Prevention of WannaCry Ransomware Threat – session by CERT-In” will be broadcast on 15th May 2017 at 11 AM. You can watch it here.

“It has been reported that a new ransomware named as “Wannacry” is spreading widely. Wannacry encrypts the files on infected Windows systems. This ransomware spreads by exploiting vulnerable Windows Systems. The Indian Computer Emergency Response Team has issued advisory regarding prevention of this threat,” CERT-In said.

“In view of high damage potential of the ransomware a webcast has been arranged to create awareness among users/organisations,” it added.

What Is WannaCry Ransomware
WannaCry is a crypto-ransomware that aims at attacking internet-enabled computers and ceases use of the affected coputers by the intended users. In return the virus wants some kind of ransom to be paid to it if the user wannts access of the computer system. The computer system could be the PCs or laptops at workplaces, ATM machines, internet enabled PoS machines and similar such machines. So far the ransomware has affected more than 50,000 computers across 75 countries including India.

The attack was so damaging that in UK it had affected the National Health Services of the country and has stalled critical health care services like surgeries and emergency attention.

The WannaCry ransomware affects the computer systems and asks the user to pay a ransom of $300 in Bitcoins to restore access to the systems or its data.


read more

IBM To Build BSE’s Security Operation Center


The Next-generation cyber Security Operation Center to provide BSE round-the-clock security, strengthen cyber defence and safeguard stakeholder assets

IBM today announced that BSE (formerly known as the Bombay Stock Exchange), has selected IBM Security to design, build and manage a cyber Security Operation Center to safeguard the company’s assets and protect stakeholder data.

Under the five-year managed security services agreement, the center will enable around-the-clock security event monitoring, event handling, security analysis, incident management and response along with synchronized management of devices, networks and applications.

Given that the financial services sector continues to be targeted by cybercriminals, the stock exchange wanted to build a next generation security center to protect valuable digital assets belonging to the company, customers and stakeholders, while complying with SEBI & National Institute of Standards and Technology (NIST) cyber security framework.

BSE and IBM Security Services consultants worked to define the vision, strategy, architecture, processes and organization needed to develop a framework around the five key pillars of the business – endpoint devices, network, business applications, data and users – to define how the next generation SOC will operate. It will ensure proactive monitoring of threats 24×7, detection and analysis of any suspicious change in activity, protection against emerging threats and response, while ensuring resiliency of the system. IBM will work with BSE to integrate security solutions that will add new capabilities to the SOC infrastructure, as well as, develop a new, highly collaborative IBM and BSE framework for the multi-tenant, next generation SOC.

“The end-to-end security solutions, services and global expertise from IBM will help BSE consolidate and fortify best practices under one umbrella. With the SOC, BSE hopes to pre-empt security risks and respond to them, thereby, staying ahead of security threats. There was a very competitive and stringent technology evaluation process, from which we found that IBM had the most compelling value proposition and security road map for BSE,” said Shivkumar Pandey, CISO, BSE.

“Cyber criminals are constantly evolving their tactics to succeed whether for financial gain or even disruption. In such situations, it is critical to have a security operation center approach which integrates various security protocols and technology under one roof. We are delighted to partner with BSE to help them leverage the best in class security solutions, delivering an integrated system of analytics, cognitive and real-time defenses,” said Sandeep Sinha Roy, Business Unit Executive, IBM Security Services, India.

read more

99% Of Urban Children Use Internet : WebWise Report


The WebWise report released by Telenor India revealed that close to 99% of children in India’s urbanized geographies do access internet. However, the same report also mentioned that most of these children do not know much about how to access internet safely.

The report released by telecom operator Telenor mentioned that in India most of the child internet users use a ‘weak’ password which make them vulnerable to trespassing and cyber attacks.

“A whopping 98.8% of children in urban areas are using internet and 54.6% of those surveyed use “weak passwords” i.e. passwords with only alphabets or numbers and which are less than 8 characters,” says the WebWise report of Telenor.

The report says a strong password is the first line of defense against intruders and imposters, and if compromised it exposes an individual to vulnerabilities such as data theft, hacking and invasion of privacy.

The report was released on the occasion of World Password Day, that is celebrated on the first Thursday of May. The report has disclosed the password habits, internet usage and access patterns of school going children in the country.

Besides a weak password, the WebWsie report adds, that 54.82% children share their passwords with their friends, family or relatives, hence creating a threat to their digital security.

The WebWise survey was done in 13 cities and covered 2700 students. It also showed that 83.5% children between 6 to 18 years are active on social media and, hence, are likely to have a higher threat perception. The study found that over 35% children have experienced their account being hacked while 15.74% shared that they have received inappropriate messages.

On the occasion, Sharad Mehrotra, Chief Executive Officer, Telenor India Communications said, “Though India is home to the second largest internet population in the world, majority of users, specially our children, are exposed to cyber threats due to weak and easy-to-guess passwords. At Telenor India through projects like WebWise we are empowering the digital society by spreading awareness among our next generation of digital natives on how to stay safe from cyber vulnerabilities while accessing the Internet. On the World Password Day, we should understand the significance of using strong passwords and secure our identity in this digital world.”

Post the WebWise workshops, 81.9% children said that they will reconsider to change their passwords and 84.26% children agreed that they will not share their passwords with anyone apart from their parents. Additionally, 72.26% of children said they will use a strong password which is a mix of alphabets, numbers, small & capital letters, symbols and special characters.

Telenor India had initiated WebWise workshops in 2014 amongst school children, teachers and parents. Through WebWise more than 55,000 individuals have been trained on safe internet practices. Telenor WebWise ambassadors conduct these workshops in schools where they run modules on internet safety and explain the importance of setting a strong password.

read more