Connect with us

internet

RailTel Fixes Vulnerabilities Impacting Official Site, Email System

Published

on

RailTel Fixes Vulnerabilities Impacting Official Site, Email System

RailTel, the public sector enterprise that operates under the railway ministry and is known for providing Internet access at train stations, has fixed a list of serious vulnerabilities impacting its website. One of the issues could have allowed a hacker to reset a password of its email account holders, according to a security researcher. The RailTel site was also using an outdated version of the content management system Joomla that is impacted by a list of vulnerabilities, including the ones that can be exploited to let attackers gain root-level access or operate the site as an administrator.

Security researcher Sunny Nehra discovered various flaws impacting the RailTel site in early May. He informed Gadgets 360 that one of the issues could have allowed hackers to gain access to the email accounts of RailTel employees by resetting their passwords.

Advertisement

The researcher said that a bad actor could hack the email accounts since the organisation was not using a no-rate limit for the one-time password (OTP) mechanism available on its email password reset page. The limit is meant to restrict attackers from using various password combinations to eventually find the correct one.

In addition to the absence of the no-rate limit, the email system could allegedly be attacked using the response manipulation technique that attackers could leverage to bypass authentication.

“RailTel’s mailing system was made in a very insecure way,” Nehra told Gadgets 360. “Currently, it has turned the password reset page down.”

The RailTel site was also using the Joomla version 3.4.2 that was released back in 2015. That particular release has been impacted by several known vulnerabilities.

Nehra said the site was impacted by a vulnerability that is tracked as CVE-2015-8562 and was exploited by some attackers in December 2015.

Advertisement

“The flaw leads to root access or complete hacking of the vulnerable server,” he said, adding that other critical flaws of the outdated Joomla version also impacted the site.

To explain the flaws, Nehra shared three proof-of-concept (PoC) videos with Gadgets 360.

Shortly after spotting the issues, the researcher disclosed the vulnerabilities to RailTel and informed India’s Computer Emergency Response Team (CERT-In) and National Critical Information Infrastructure Protection Centre (NCIIPC) on May 6. The CERT-In and NCIIPC last week confirmed to the researcher that the issues were patched by the enterprise.

RailTel also separately confirmed the fixes to Gadgets 360.

“RailTel’s website runs behind a Web application firewall and is loaded with host-based antivirus and hence cyber attackers cannot exploit vulnerabilities, if any, and cannot upload shells to our website,” the organisation said in a prepared statement emailed to Gadgets 360. “We would like to stress upon the fact that there has been NO INCIDENT of any data breach reported.”

Advertisement

It also confirmed that its site was currently running on the latest stable release of Joomla platform.

“Also, currently we are not facing any issue related to the email account (railtelindia.com domain) compromise,” it said.

RailTel runs a service called RailWire to offer free Wi-Fi access at railway stations in the country. It partnered with Google in 2016 to kick off a public Wi-Fi initiative called Google Station. The partnership, though, ended in May 2020. RailTel has, however, continued to provide free Wi-Fi service at hundreds of railway stations.

In 2017, the RailWire service was named as the worst affected service provider by the WannaCry ransomware by antivirus company eScan.

Aside from providing Internet access, RailTel in the recent past introduced technologies including an artificial intelligence (AI) based attendance system for government schools in Assam.


What is the best value flagship smartphone? We discuss this on Orbital, the Gadgets 360 podcast. Orbital is available on Spotify, Gaana, JioSaavn, Google Podcasts, Apple Podcasts, Amazon Music and wherever you get your podcasts.

Source link

Advertisement

internet

Paytm Shares Jump to Six-Month High on Increased Monthly Users, More Payment Devices, Surge in Revenue

Published

on

Shares of Indian digital payments firm Paytm jumped more than 6 percent on Monday to their highest levels in nearly six months, after the company’s parent firm One 97 Communications Ltd posted an 89 percent surge in its quarterly revenue.

Higher number of monthly users, additional payment devices, and more disbursal of loans lifted the company’s revenue to Rs 1,680 crore, from Rs. 891 crore last year.

Investors appeared to show scant response to the company’s wider loss of Rs. 644 crore posted in its quarterly update after market close on Friday.

Advertisement

Paytm, which competes with Google‘s payment app and Walmart’s PhonePe in India’s digital payments market, said it is on track to achieve operational profitability by September 2023.

“The notable print in the results was a sharply increased gross margin print in payments business resulting in expansion in contribution margins to 13bps,” JP Morgan analysts said in a note on Monday.

Processing charges of the company, backed by China’s Ant Group and Japan’s SoftBank Group, fell 10.4 percent to Rs. 694 crore sequentially.

“The management clarified that it could negotiate better deals with their bank partners, and rationalised certain low margin online merchant accounts that resulted in lower payment processing charges,” Macquarie analysts said in a note.

Shares of the company were up 6 percent at Rs. 830, as of 06:48am GMT (12:18pm IST).

“Earlier this year, we had shared that we would achieve operating profitability by September 2023, driven by better monetisation, as well as moderating growth in costs. The first quarter of the financial year 2023 results exhibit our strategy is well-in-place, with focused improvement on unit economics, better expense management and an increasing mix of higher margin businesses (such as financial services and commerce) steering us on the path to profitability,” the firm stated on Friday.


What should you make of Realme’s three new offerings? We discuss them on Orbital, the Gadgets 360 podcast. Orbital is available on Spotify, Gaana, JioSaavn, Google Podcasts, Apple Podcasts, Amazon Music and wherever you get your podcasts.

Source link

Advertisement

Continue Reading

internet

Hackers Plant Chinese Flag on Taiwan Government Websites Over Nancy Pelosi Visit

Published

on

In response to US House Speaker Nancy Pelosi’s visit to Taiwan, Chinese hackers planted the flag of China on the websites of several local government agencies across Taiwan. While China’s live-fire drills encircling Taiwan were taking place from Thursday, Chinese hackers covered a Kaohsiung government website with a China flag picture for over 10 hours from late Friday to Saturday morning, reported Taiwan News.

On Friday morning, it was admitted that the website of Taiwan’s Ministry of Foreign Affairs crashed for a few hours on Aug 2, 4, and 5.

The ministry explained there was a brute force attempt to crash the server, with up to 17 million times per minute access attempts from numerous Chinese and Russian IP addresses, reported Taiwan News.

Advertisement

As a result, central government agencies were told to stay on high alert for malicious internet activities.

People familiar with the matter told Taiwan News that central government agencies have been ordered to keep tabs on websites and report problems up the chain of command to the Cabinet, every hour from Friday to noon on Monday (August 8).

Emergency response guidelines issued by the Cabinet on Friday say a website has to be taken down immediately if it has been hacked.

Furthermore, the Ministry of Education informed schools nationwide of its own emergency response guidelines to ensure cybersecurity, in which 24-hour security monitoring of each school website and an hourly update is required until next Monday, reported Taiwan News.

As the tensions in the Taiwan strait heightened soon with US House Speaker Nancy Pelosi’s visit to Taiwan, China has been increasing its military activities.

Multiple Chinese planes and ships were detected around Taiwan Strait, simulating an attack on its main island, the Defence Ministry said on Saturday adding that some of them have crossed the median line.

According to the Ministry of National Defense, the armed forces responded to such a situation accordingly with surveillance systems, CAP aircraft, naval vessels and missile systems.

Advertisement

“Multiple PLA craft were detected around Taiwan Strait, some have crossed the median line. Possible simulated attack against HVA. #ROCArmedForces have utilized alert broadcast, aircraft in CAP, patrolling naval vessels, and land-based missile systems in response to this situation,” Taiwan’s Ministry of National Defence tweeted today.

Yesterday, Taiwan’s Defence Ministry said that 68 Chinese military planes and 13 warships crossed over the median line to participate in drills.

Taiwan Premier Su Tseng-chang blasted what he called “the evil neighbour” after China encircled the self-ruled island with a series of huge military drills that were condemned by the United States and other Western allies.

China is holding threatening military exercises in six zones off Taiwan’s coasts that it says will run through Sunday. Missiles have also been fired over Taiwan, defence officials told state media. The speaker is the highest-ranking US politician to visit Taiwan in 25 years.

China opposes the self-governing island having its own contacts with foreign governments, but its response to the Pelosi visit has been unusually vociferous.

Advertisement

What should you make of Realme’s three new offerings? We discuss them on Orbital, the Gadgets 360 podcast. Orbital is available on Spotify, Gaana, JioSaavn, Google Podcasts, Apple Podcasts, Amazon Music and wherever you get your podcasts.

Source link

Continue Reading

internet

Provident Fund Data of 28 Crore Indians Leaked By Hackers, Claims Ukraine Based Researcher

Published

on

Provident Fund (PF) data of about 28 crore Indians was found to have been leaked by hackers earlier this month. A cybersecurity researcher from Ukraine, Bob Diachenko, made the discovery on August 1 and found that details such as Universal Account Number (UANs), names, marital status, Aadhaar details, gender, and bank account details were exposed online. According to Diachenko, he found two different internet protocol (IP) addresses hosting two clusters of leaked data. Both of these IPs were hosted on Microsoft’s Azure cloud storage service.

Cybersecurity researcher Bob Diachenko detailed the leak in a post on LinkedIn. On August 2, Diachenko discovered two separate IP clusters of data that contained indices called UAN. Upon reviewing the clusters, he found that the first cluster contained 280,472,941 records, whereas the second IP contained 8,390,524 records.

“After quick review of the samples (using a simple browser), I was sure that I am looking at something big and important”, Diachenko said in his post. However, he was not able to find who owned the data. Both the IP addresses were hosted on Microsoft’s Azure platform and were India-based. He wasn’t able to obtain other information via a reverse DNS analysis.

Advertisement

The Shodan and Censys search engines from Diachenko’s SecurityDiscovery firm found these clusters on August 1. However, it is not clear how long the information was available online. The data could’ve been misused by hackers to gain access to the PF account. Data such as name, gender, Aadhaar details, could also be used to create fake identities and documents.

The researcher tagged the Indian Computer Emergency Response Team (CERT-In) in a tweet informing them about the leak. The CERT-In replied to his tweet asking him to provide a report of the hack in an email. Both IP addresses were taken down within 12 hours after his tweet. Diachenko says that since August 3, no company or agency has come forward to take responsibility for the hack

Source link

Advertisement
Continue Reading

Most Popular