By Reuters | Updated: 30 April 2021
For at least the third time since the beginning of this year, the US government is investigating a hack against federal agencies that began during the Trump administration but was only recently discovered, according to senior US officials and private sector cyber defenders.
It is the latest so-called supply chain cyberattack, highlighting how sophisticated, often government-backed groups are targeting vulnerable software built by third parties as a stepping-stone to sensitive government and corporate computer networks.
The new government breaches involve a popular virtual private network (VPN) known as Pulse Connect Secure, which hackers were able to break into as customers used it.
More than a dozen federal agencies run Pulse Secure on their networks, according to public contract records. An emergency cybersecurity directive last week demanded that agencies scan their systems for related compromises and report back.
The results, collected on Friday and analysed this week, show evidence of potential breaches in at least five federal civilian agencies, said Matt Hartman, a senior official with the US Cybersecurity Infrastructure Security Agency.
“This is a combination of traditional espionage with some element of economic theft,” said one cyber-security consultant familiar with the matter. “We’ve already confirmed data exfiltration across numerous environments.”
The maker of Pulse Secure, Utah-based software company Ivanti, said it expected to provide a patch to fix the problem by this Monday, two weeks after it was first publicised. Only a “very limited number of customer systems” had been penetrated, it added.
Over the last two months, CISA and the FBI have been working with Pulse Secure and victims of the hack to kick out the intruders and uncover other evidence, said another senior US official who declined to be named but is responding to the hacks. The FBI, Justice Department and National Security Agency declined to comment.
The US government’s investigation into the Pulse Secure activity is still in its early stages, said the senior US official, who added the scope, impact and attribution remain unclear.
Security researchers at US cybersecurity firm FireEye and another firm, which declined to be named, say they’ve watched multiple hacking groups, including an elite team they associate with China, exploiting the new flaw and several others like it since 2019.
In a statement last week, Chinese Embassy spokesperson Liu Pengyu said China “firmly opposes and cracks down on all forms of cyberattacks,” describing FireEye’s allegations as “irresponsible and ill-intentioned.”
The use of VPNs, which create encrypted tunnels for connecting remotely to corporate networks, has skyrocketed during the COVID-19 pandemic. Yet with the growth in VPN usage so too has the associated risk.
“This is another example in a recent pattern of cyber actors targeting vulnerabilities in widely used VPN products as our nation largely remains in remote and hybrid work postures,” said Hartman.
Three cybersecurity consultants involved in responding to the hacks told Reuters that the victim list is weighted toward the United States and so far includes defense contractors, civilian government agencies, solar energy companies, telecommunications firms, and financial institutions.
The consultants also said they were aware of less than 100 combined victims so far between them, suggesting a fairly narrow focus by the hackers.
Analysts believe the malicious operation began around 2019 and exploited older flaws in Pulse Secure and separate products made by cyber-security firm Fortinet before invoking the new vulnerabilities.
Hartman said the civilian agency hacks date back to at least June 2020.
Hacking the supply
A recent report by the Atlantic Council, a Washington think tank, studied 102 supply chain hacking incidents and found they surged the last three years. Thirty of the attacks came from government-backed groups, primarily in Russia and China, the report said.
The Pulse Secure response comes as the government is still grappling with the fallout of three other cyberattacks.
The first is known as the SolarWinds hack, in which suspected Russian government hackers commandeered the company’s network management program to burrow inside nine federal agencies.
A weakness in Microsoft’s email server software, named Exchange, exploited by a different group of Chinese hackers, also required a massive response effort, although there was ultimately no impact to federal networks, according to US officials.
Then a weakness at a maker of programming tools called Codecov left thousands of customers exposed inside their coding environments, the company disclosed this month.
Some government agencies were among the customers which had the Codecov hackers take credentials for further access to code repositories or other data, according to a person briefed on the investigation. Codecov, the FBI, and the Department of Homeland Security declined to comment on that case.
The US plans to address some of these systemic issues with an upcoming executive order that will require agencies to identify their most critical software and promote a “bill of materials” that demands a certain level of digital security across products sold to the government.
“We think [this is] the most impactful way to really impose costs on these adversaries and make it that much harder,” said the senior US official.
© Thomson Reuters 2021
Google Launches ‘India Ki Udaan’ to Mark 75 Years of Country’s Independence
By Press Trust of India | Updated: 6 August 2022
Capturing the milestones the country has achieved in its 75-year journey since independence, software major Google has unveiled an online project, drawing from rich archives and featuring artistic illustrations to tell the story of India.
The project – India ki Udaan – executed by Google Arts and Culture celebrates the achievements of the country and is “themed on the unwavering and undying spirit of India over these past 75 years”.
It was officially launched at a glittering event held at the Sunder Nursery here on Friday in the presence of Union Culture and Tourism Minister G Kishan Reddy and senior officials of the culture ministry and Google.
As part of the countrywide celebrations to commemorate 75 years of independence, Google also announced its collaboration with the Ministry of Culture focused “on reaching informative online content that showcases the contributions of Indians and the evolution of India since 1947 to support the government’s year-long ‘Azadi Ka Amrit Mahotsav’ programme”, the software giant said in a statement.
It also announced that its popular Doodle4Google contest for 2022, themed on “In the next 25 years, my India will…”, is now open for entries to the students of Classes 1-10.
“The winner of this year’s Doodle4Google will see their artwork on the Google homepage in India on November 14 and win a Rs. 5 lakh college scholarship, a Rs. 2 lakh technology package for their school or non-profit organisation, a recognition of achievement, Google hardware and fun Google collectibles. Four group winners and 15 finalists will also win exciting prizes,” it said.
Reddy urged the Google team to create a special doodle on “Har Ghar Tiranga”, which would encourage its employees and others to enthusiastically take part in the campaign.
In his speech, the minister also said Google could help the culture ministry in digital mapping of the boundaries of its over 3,000 centrally-protected monuments that will help in better monitoring of the sites and checking encroachment.
It can also help in digitisation of rare archival material, he added.
“Therefore, we urge the Google team to be a partner in the government’s transformative journey as also to promote India’s tourism destinations,” Reddy said.
“To mark 75 years of India’s independence, Google announced the launch of a series of special initiatives across its products and services that will offer content and experiences created especially for the occasion to hundreds of millions of Indians through the anniversary year,” the statement said.
The centrepiece of its celebrations is a new online collection titled India Ki Udaan, available on the Google Arts and Culture website. It pays tributes to India’s rich cultural history and includes iconic moments from the last 75 years.
Published in English and Hindi, it allows people to explore more than 120 illustrations and 21 stories created by 10 talented artists, alongside exhibitions from various institutions – including the Ministry of Tourism, the Museum of Art and Photography, the Heritage Directorate of the Indian Railways, the Indian Academy of Sciences and the Dastkari Haat Samiti.
“This initiative offers a unique view of India’s remarkable moments and lets people discover some of the most memorable moments in India’s modern history, its iconic personalities, its proudest scientific and sporting achievements, and how women in India continue to inspire the world. This commemorative collection will be expanded with a unique blend of archives and artistry for people in India and across the globe,” Google said.
Merging technologies and India’s rich cultural heritage, the new Google Arts and Culture collection, “India Ki Udaan”, (literally translated as “India takes flight”), “is themed on the unwavering and undying spirit of India over these past 75 years”, it added.
Simon Rein, senior programme manager at Google Arts and Culture, told PTI that the project “marries the rich archival content with artistic talent as demonstrated by illustrators”.
A physical representation of the new digital collection was also set up at the venue, with a kite-shaped digital screen, pictures with augmented reality experience and other tech-driven experiences.
Rein said kite has been used as an “optimistic metaphor” to describe India’s journey in the last 75 years as also to engage and educate the audience at home and also those who are not from India but wish to learn about its story.
In its 10th year in India, Google Arts and Culture has showcased the country’s rich culture in many ways. Working with more than 100 partners in India, it has brought the country’s cultural heritage to people all over the world.
CCPA Fines Amazon Rs. 1 Lakh Over Sale of Substandard Pressure Cookers: All Details
By Press Trust of India | Updated: 4 August 2022
The Central Consumer Protection Authority (CCPA) has imposed a penalty of Rs. 1 lakh on e-commerce major Amazon for selling pressure cookers that did not meet quality standards.
The CCPA also directed Amazon to notify the consumers of all these 2,265 pressure cookers sold through its platform, recall the products and reimburse the prices to buyers, the Department of Consumer Affairs said in a statement.
The authority, headed by Chief Commissioner Nidhi Khare, recently passed an order against Amazon for allowing sale of domestic pressure cookers, in violation of mandatory standards, on its e-commerce platform.
The CCPA had initiated suo-moto action against e-commerce platforms for sale of domestic pressure cookers in violation of compulsory standards.
The authority had issued notices to major e-commerce platforms, including Amazon, Flipkart, Paytm Mall, ShopClues and Snapdeal as well as the sellers registered on these platforms.
“After examination of the response submitted by the company, it was observed that total 2,265 pressure cookers not conforming to mandatory standards were sold through Amazon after notification of the QCO (Quality Control Order). The total fee earned by the Amazon on sale of such pressure cookers through its platform was Rs.6,14,825.41,” the order said.
Amazon admitted that it earned ‘sales commission’ fee for the pressure cookers sold on its platform.
The CCPA observed that when Amazon earns commercially from each sale of the product listed on its e-commerce platform, it can not disassociate itself in case of issues arising from the sale of these items.
In the order, CCPA has asked Amazon to notify all consumers of the 2,265 pressure cookers, recall the products and reimburse the amount to the buyers.
Amazon has been asked to submit a compliance report within 45 days.
“The company was also directed to pay a penalty of Rs 1,00,000 for allowing sale of pressure cookers in violation to the QCO on its platform and violating rights of consumers.” The CCPA had passed a similar order of penalty and recall of defective pressure cookers against Paytm Mall, which has complied with the directions and deposited the penalty of Rs 1 lakh.
The authority is continuously monitoring the consumer protection landscape in the country.
Recently, the CCPA issued an advisory to all e-commerce platforms with regard to sale of Ayurvedic, Siddha and Unani drugs.
It also recently issued Guidelines for Prevention of Misleading Advertisements and Endorsements for Misleading Advertisements.
The guidelines include conditions for valid and non-misleading advertisements, due diligence required for endorsement of advertisements and considerations for advertisements targeted at children.
The CCPA has also issued Safety Notices under Section 18(2)(j) of the Consumer Protection Act, 2019 to alert and caution consumers against buying goods which do not hold valid ISI mark and violate compulsory BIS standards.
While the first safety notice was issued with regard to helmets, pressure cookers and cooking gas cylinders, the second notice was issued with regard to household goods including electric immersion water heaters, sewing machines, microwave ovens, domestic gas stoves with LPG, among others.
Amazon Workers at UK Warehouse Walk Out Over Pay Discontent, Says Union
By Reuters | Updated: 4 August 2022
Hundreds of Amazon workers at a warehouse in Tilbury in southeast England have walked out in protest over pay, the trade union GMB said, the latest sign of labour force discontent as the rising cost-of-living sparks strikes across sectors.
Amazon, which dominates the online retail marketplace, has faced criticism from workers in many countries over pay and conditions.
“Amazon continues to reject working with trade unions to deliver better working conditions and fair pay. Their repeated use of short-term contracts is designed to undermine worker’s rights,” the union said on Thursday.
GMB said 800 workers walked out of the warehouse on Wednesday and Thursday over a 35 pence per hour pay increase, with the union seeking a two pound ($2.44 or nearly Rs. 195) rise to cope with the higher cost of living and to better match the demands of the role.
The US tech giant, which has 70,000 workers in the UK, said starting pay would increase to a minimum of between 10.50 pounds an hour and 11.45 pounds in an e-mail.
Workers from across industries, including railway, airline and telecommunication, have staged strikes in recent months in Britain as wage increases lag the rise in the price of goods.
In May, the US Vice President Kamala Harris and Labour Secretary Marty Walsh met with union organizers at the White House to boost unionisation campaigns.
Participants in the meeting, which featured an unscheduled appearance by President Joe Biden, discussed organisers’ efforts to form unions in their workplaces, and how those could prompt workers around the country to mount similar organisation campaigns, according to a readout from the White House. Biden thanked them for bolstering organising momentum that is growing nationally.
Among the guests were Chris Smalls, who heads the Amazon Labor Union that won a vote last month to unionize warehouse workers on Staten Island, New York.
After Uber, Tiger Global Sells 2.34 Percent Stake in Zomato Over Rs. 18.45 Crore
By Press Trust of India | Updated: 4 August 2022
Zomato on Thursday said investment firm Tiger Global has reduced its stake in the company by almost half to 2.77 percent by selling over 18.45 crore shares in the open market.
Tiger Global’s Internet Fund VI Pte Ltd had a holding of 5.11 percent in the online food delivery platform before the sale.
Between July 25- August 2, 2022, the fund sold over 18.45 crore shares aggregating to 2.34 percent stake in the company in the open market, Zomato said in a regulatory filing.
Post the sale, Internet Fund VI Pte Ltd has 2.77 percent stake in Zomato, it added.
On Wednesday, ride-hailing app Uber had offloaded 61.2 crore shares of Zomato for Rs. 3,088 crore through an open market transaction.
The shares were disposed of at an average price of Rs. 50.44 apiece, taking the transaction value to Rs. 3,087.93 crore.
Uber picked up the stake in Zomato after the latter acquired its local food business UberEats in an all-stock deal in 2020.
Reuters reported on Tuesday that the offer size of the block deal was set to be for 612 million shares, according to its term sheet, which did not disclose the seller.
One of the sources said the stake was bought by around 20 global and Indian funds, including Fidelity, Franklin Templeton and India’s ICICI Prudential.
Fidelity could not immediately be reached for comment, while Franklin and ICICI declined to comment.
Meanwhile, shares of Zomato fell up to 6.8 percent on Wednesday, in their biggest drop in more than a week. The stock cut some losses and was trading down 2.6 percent by 0614 GMT.
BofA Securities was the sole bookrunner for Wednesday’s transaction.
CCPA Issues 24 Notices for Unfair Trade Practices Against E-Commerce Firms, MoS Consumer Affairs Says
By ANI | Updated: 4 August 2022
The Central Consumer Protection Authority (CCPA) has issued 24 notices for unfair trade practices against e-commerce companies, informed the Ministry of Consumer Affairs, Food and Public Distribution on Wednesday. In a written reply to a question in Lok Sabha, Union Minister of State for Consumer Affairs, Food and Public Distribution Ashwini Kumar Choubey said that apart from these 24 notices, CCPA also issued two Safety Notices to alert and make consumers cautious against buying household goods like pressure cookers, helmets etc that do not conform to the Bureau of Indian Standards (BIS).
Choubey informed that under the provisions of the Consumer Protection Act, 2019, CCPA has been established with effect from July 24, 2020 to regulate matters, inter alia, relating to false or misleading advertisements which are prejudicial to the interests of the public and consumers as a class.
The CCPA has notified the Guidelines for Prevention of Misleading Advertisements and Endorsements for Misleading Advertisements, 2022 on June 9, 2022. These guidelines provide for conditions for an advertisement to be non-misleading and valid; certain stipulations in respect of bait advertisements and free claim advertisements; and prohibition of surrogate advertisements.
The minister also informed that under the provisions of the Consumer Protection Act, 2019, a consumer can file a consumer complaint in the Consumer Commission of appropriate jurisdiction offline or online using e-Daakhil portal. As per the revised pecuniary jurisdiction, a District Consumer Dispute Redressal Commission has jurisdiction to entertain complaints where the value of the goods or services paid as consideration does not exceed Rs. 50 lakh.
According to the Ministry, the State Consumer Dispute Redressal Commission and the National Consumer Dispute Redressal Commission have jurisdication where such consideration is above Rs. 50 lakh and upto Rs. 2 crore and above Rs. 2 crore respectively.
The Consumer Protection (Consumer Disputes Redressal Commissions) Rules, 2020 notified under the ibid Act provides that no fees is required for registering cases in the District Consumer Disputes Redressal Commissions involving value of goods or services paid as consideration upto Rs. 5 lakh.
Further, Section 38(7) of the Consumer Protection Act, 2019 prescribes that every complaint shall be disposed of as expeditiously as possible and endeavour shall be made to decide the complaint within a period of three months from the date of receipt of notice by an Opposite party where the complaint does not require analysis or testing of commodities and within five months if it requires analysis or testing of commodities.
Department of Consumer Affairs has generated consumer awareness under “JagoGrahakJago” campaign among all the consumers of the country through video spots and other material on issues like salient features of the Consumer Protection Act 2019, packaged commodities, weights and measures, hallmark, consumer grievance redressal mechanism through departmental website, State or Union Territory governments, VCOs, TV, Radio, CSCs.
Regular messages on these issues are being posted on social media to harness its potential to create consumer awareness. State/UT governments have been involved to spread consumer awareness in rural and remote areas.
The Department of Consumer Affairs has recently launched “Jagriti”, a mascot for empowering consumers and generating awareness of their rights. Jagriti is projected as an empowered young consumer.
With this, the Department of Consumer Affairs has also constituted a committee to develop a framework on checking fake and deceptive reviews in e-commerce.
Google Removed Over 1.11 Lakh Harmful Content in June Under New India IT Rules
By ANI | Updated: 3 August 2022
Google removed 1,11,493 harmful pieces of content in June of this year in accordance with the new India IT Rules, 2021.
According to Google’s Monthly Transparency Report, the majority of the content that was removed fell under the category of copyright infringement, with the rest falling under other categories like trademarks, court orders, explicit sexual material, fraud, and others.
Within the same time frame, the internet company received 32,717 complaints from citizens of the country about external content on different Google platforms that they believed to violate their personal or regional legal rights. Numerous classifications can be made of the complaints.
Some requests, according to Google, might allege the violation of intellectual property rights, while others might claim that local laws restricting the publication of particular types of material due to things like defamation had been broken.
“In addition to what our users report, we substantially spend in battling dangerous information online and employing technology to detect and remove it from our platform”, the company said in its monthly compliance report.
The company added its automatic identification procedures resulting in the removal of 528,846 accounts nationwide. We invest a lot of money to fight harmful internet content, and we use technology to track it down and remove it from our platform.
Google asserted that some of our products will make use of automatic identification processes in order to prevent the spread of harmful information, such as child sex abuse material and violent extremist content.
This report mentions the complaints received by Google and the action taken on it during the specifi ed one- month reporting period. The actions were taken as a result of automated detection mechanisms used by Google’s SSMI platforms. The period captures information from June 1 to June 30. Google might publish more monthly transparency reports in the coming months.
ISRO’s Faces SSLV-D1 Data Loss at Terminal Phase of the Mission, Placed in Wrong Orbit
Baidu Bags License to Operate China’s First Fully Driverless Robotaxi Service
Elon Musk Challenges Twitter CEO Parag Agrawal to Public Debate Over Bot Users, Says Deal Cold Move Ahead
Microsoft Mesh Mixed Reality Platform Launched That Allows Users to Appear as Holograms in Virtual Meetings
Apple to Establish North Carolina Campus That Will House Up to 3,000 Employees, Increase US Spending Targets
Apple, Epic Games CEOs on List of Witnesses in Fortnite Case
Social Networking3 weeks ago
Social Media Firms Brace for Slow Global Revenue Growth Amid Competition From Apple, TikTok
Technology3 weeks ago
Delhi Metro Awards 300 Permits for E-Autos Driven by Women for Last-Mile Commuter Connectivity
Social Networking3 weeks ago
Instagram Most Popular News Source Among Teens in UK, Reveals Ofcom Report
Technology2 weeks ago
Audi India to Discontinue ICE Vehicles From 2033, Focus Only on EVs, Top Official Says
Internet3 weeks ago
DALL-E AI Text to Image Tool Enters Beta Testing, OpenAI to Invite 1 Million Users on Waitlist
Technology3 weeks ago
Wearable Activity Trackers Motivate People to Exercise More, Lose Weight, Study Says
Apps3 weeks ago
Microsoft Teams Down for Thousands of Users, Company Investigating Outage
Technology3 weeks ago
Maruti Suzuki Believes Government Will Support ‘Green’ Tech Beyond EVs, CEO Says