Yantra and Network Intelligence alliance organized its 1st of the 3 webinars for the Nepal audience in December 2020.
The 2nd in the series is titled “Beyond Managed Security Services: SOC-as-a-Service”. Manage, Detect and Respond (MDR) are the critical areas to address the security within an organization.
This one and half hour webinar aim at addressing the critical positioning of SIEM/ SOC, how to upgrade your current solution, and how to effectively use SIEM/ SOC, maximizing and maturing your solution to SOAR capabilities. Also, we will talk about the possible skill development training in Nepal. Please share the webinar invitation among your members.
Our host, Mr. Sujay Mendon is the Head of MSSP at Network Intelligence. A qualified and extremely experienced security expert in SIEM Technologies, Incident/Threat Analysis, Vulnerability Assessment, and Operations Management. He is leading a team of 200+ SOC consultants and driving critical projects with 24×7 monitoring.
Date: February 18th, 2021
Time: 11:00 AM – 12:30 PM (followed by a brief Q&A session)
An ethical hacker (researcher) has recently shown a novel supply chain attack. As a result, the networks of more than 35 major technology companies such as Microsoft, Apple, PayPal, Sophie, Netflix, Tesla, Uber have been violated.
Novel Supply Chain Assault uses public and open-source developer tools. The framework, created by Alex Birsan, an ethical hacker and cybersecurity researcher, injects malicious code into an open-source developer tool to exploit the dependencies of these organizations’ internal applications.
It may target developers’ projects using public repositories such as GitHub. According to Birsan, the success rate of such attacks is high after the targeting of the companies.
The vulnerabilities he has exploited so far, which he calls ‘Dependency Uncertainty,’ have been established in more than 35 organizations. They were in Python, Ruby, and Java programming languages.
Observing the Safer Internet Day 2021, ChildSafeNet and UNICEF Nepal published a white paper on protecting children and young people online, on 9 February 2021.
The white paper includes a comprehensive assessment of children and young people’s internet use, online risks for them, and their vulnerability to online abuse and exploitation.
The white paper was developed by ChildSafeNet, an organization working to make the internet safer for children and young people, in collaboration with UNICEF Nepal. The white paper also includes a review of the policies, plans, response mechanisms, and gaps related to the protection of children and young people online.
Over the past decade, internet use has seen a rapid increase in Nepal. According to Nepal Telecommunications Authority, 80.07 percent of Nepalese have access to the internet, whereas only 2.65 percent of people were connected to the internet in 2010. As stated in a report of the survey, conducted by ChildSafeNet and UNICEF Nepal, one in four children and young people spend more than ten hours online after the COVID-19 outbreak.
Anil Raghuvanshi, founder and president of ChildSafeNet, said, “Despite this exponential rise, awareness levels on internet safety still remains very low. As a result, children and young people, are at an increased risk to online risks such as online sexual abuse and exploitation, cyberbullying, cyber grooming and phishing.”
Speaking at the virtual launch of the white paper, Inah Fatoumata Kaloga, Chief, Child Protection, UNICEF Nepal, said that the white paper is expected to help in filling the gaps in knowledge on online safety for children and young people in Nepal and make the gravity of the issue more visible.
Raghuvanshi informed that, in order to prepare the white paper, ChildSafeNet conducted a desktop review of over 120 research reports, policy documents, laws, and international instruments related to the protection of children and young people online. Likewise, inputs and recommendations were collected from six virtual workshops and 21 key informant interviews with child online protection experts and stakeholders.
Kapil Aryal, human rights lawyer and lecturer at Kathmandu Law School reviewed the policies and laws related to the protection of children and young people in Nepal and contributed as a content writer of the white paper. According to Aryal, the Electronic Transactions Act 2063 is being used in all cases related to cybercrimes, which does not define cybercrimes against children. Moreover, the Kathmandu District Court remains the only court designated to hear cases filed under this Act.
Since The Act Relating to Children 2075 prohibits exploitation of children from online sexual abuse and exploitation and defines online offenses against, Aryal suggested using this Act for the cases related to online offenses against children. Moreover, the Criminal Code 2074 can also be used, which, penalizes cybercrimes, online harassment, threatening, insulting and improper behavior.
Kaloga said, “The white paper is an evidence-based tool. It is expected to contribute to policy development, program planning, and advocacy to increase engagement of the government, civil society, private sector, parents, teachers, and other stakeholders to make the internet safer.”
The white paper provides a set of actionable recommendations to the government, civil society organizations, private sector, parents, teachers, children, and young people in order to make digital technologies safer for children and young people.
TikTok, video sharing platform is now warning users to share misleading information. Currently, the content found is becoming an important priority for most social media companies. And TikTok is now developing a new system quickly. It will alert you when you get your friends to share unchecked content.
These guidelines can not be verified in video contents by TikTok’s web-based web-based platforms, policy, lead-stories, and cyber control platforms.
This fact check is particularly useful for those who have their views during the open events before announcing their final opinion according to TikTok.
You can see a white warning prompt at the top of your screen. When you try to reshare a video with content you are not in agreement with.
You can still share the video. But the goals are to think twice before you share the video according to TikTok.
If your content is not verified. Those videos will be not allowed to feed and will only appear on the app’s landing page. The content creators will also receive a warning from Ticket.
Based on the beta test, Tiktok observed a 24 percent decrease in the number of misleading details.
Cybersecurity is the practice of protecting computer systems and networks from malicious attacks. With the digital revolution and the increased reliance on computers and computer systems, cybersecurity has become a much more important aspect than ever.
The internet, wireless networks like Bluetooth, WiFi, and NFC, smart devices, etc, all are vulnerable to a myriad of security threats and that’s where the need for cybersecurity comes into the picture.
Major companies and firms usually have a lot of potential cybersecurity risks, from the employees browsing habits to the vulnerability of the various devices or network connections being used.
These vulnerabilities might lead to catastrophic problems for any firm, with their data being stolen, exposed, or much worse. That is why there are many cybersecurity companies that offer protection services to businesses.
The list below shows some of the biggest names among cybersecurity companies in Australia along with the services they offer.
Cybersecurity Companies in Australia:
Effectus Digital (Fortitude Valley, Australia)
Founded in 2018, Effectus Digital is a technology consulting company that provides consultancy services to organizations with smooth, fast, and smart integration of IT infrastructure.
While they charge a hefty hourly fee of $200-$300, the team at Effectus Digital offers solutions that are custom-fit to their client’s requirements.
DSC-IT (Subiaco, Australia)
This Perth based security company is a well-established name in the IT service and cybersecurity fields. Having offered their comprehensive IT services for over 20 years, they have a well-deserved reputation based on affordable packages as per the organization’s goals and needs.
They cater to these packages by changing them in accordance with every client’s wishes and goals based on their free consultancy.
Managed Solution (Ipswich, Australia)
Managed Solution is known for its proven track record in providing an appropriate and cost-effective solution to their clients’ computing needs.
From IT system and support to Networking, Internet, Hardware, and other technical support required for any business or organization, the company provides a comprehensive service whereby they take responsibility for almost all the IT aspects of a business.
Toniolo (Collingwood, Australia)
Toniolo offers IT consultancy to small and medium-sized enterprises. Founded in 2012, the company specializes in infrastructure and security projects and also provides full-stack and specialized cloud services.
Toniolo delivers a comprehensive package to its customers with seamless collaboration, backup, IT infrastructure, and business intelligence through its proprietary AI-driven automation tool named Paperclip.
Imperva (Ipswich, Australia)
Imperva is an industry-leading cybersecurity firm in Australia. They are known for their packages and solutions where they identify, evaluate, and eliminate security threats, both current and emerging ones. Their services workaround app security, data security, cloud security, and much more.
Check Point Software Technologies (Canberra, Australia)
Check Point Software Technologies is popular for their contracts with the Australian government protecting them from cyber-threats.
The company is also a well-regarded international name with its services branching out to many corporate enterprises on a global scale.
They offer protection against cyber-attack while also being an industry leader in catching malware, ransomware, and other types of attacks as well as tracking the perpetrators.
Secure Code Warrior (The Rocks, Australia)
The only Australian name on the annual list of Hot 150 Cybersecurity Companies of 2020, Secure Code Warrior is a global force in the cybersecurity market.
Founded by Pieter Danhieux and Dr. Matias Madou, two globally recognized cybersecurity experts, Secure Code Warrior offers services to individuals, businesses, and enterprises around the world.
Additionally, they also provide resources and news regarding cybersecurity on their website, all of which can be utilized by anyone to be a bit more security-savvy than they are.
The company also offers enthusiasts opportunities to take part in tournaments, courses, and training.
The Safer Internet Day 2021 will be celebrated on 9 February 2021 in Nepal and over 170 countries to promote a safer internet for children and young people with a theme, “Together for a better Internet” to raise awareness on online risks for children and young people and in protecting children and young people online.
ChildSafeNet, a specialized organization working to protect children and young people online, has been hosting and promoting the day in Nepal since 2019. Every year, the Safer Internet Day is celebrated globally in February to promote the safe and positive use of digital technology for children and young people and develop synergy among organizations working with and for children.
According to Anil Raghuvanshi, founder/president of ChildSafeNet, a National Coordination Committee has been formed to promote the Safer Internet Day 2021 in Nepal. The Committee is composed of ChildSafeNet as the secretariat, and Nepal Police Cyber Bureau, UNICEF, Plan International Nepal, Yuwalaya, CWIN-Nepal, Saathi, ActionAid Nepal, Veda Creative Organization, Loo Niva Child Concern Group, Umbrella Organization Nepal, and Child Watabaran Center as the members.
Raghuvanshi said, “This day also provides the government, police, and law practitioners an opportunity to reinforce the implementation of the cyber safety policy and enhance legal protection, particularly in the context of the COVID-19 pandemic.”
Child rights organizations are planning to organize cyber safety awareness activities to promote a safer and better internet for children and young people, which include production and dissemination of appeal videos, podcasts, YouTube vlogs, social media posts, digital posters, and other child-friendly multimedia communication materials. Besides, cyber safety training sessions, panel discussions with cyber safety and child rights workers, parents, children, and young people are planned. Although the main event will be organized on 9 February 2021, cyber safety awareness-raising activities will be conducted throughout the year.
On behalf of the Committee, ChildSafeNet appealed to children, young people, parents, schools, colleges, government, police, law practitioners, private sector, private sector, NGOs, INGOs, UN agencies, media, and other duty-bearers to promote and support the Safer Internet Day 2021 and make the internet a safer and a better place for children and young people.
The Nepal Telecommunications Authority (NTA) has said that the name and logo have been misused. By creating an unauthorized Facebook page in its name.
The administrative body of the telecommunications sector, NTA, has mentioned that misleading information has been published through the social network Facebook page by misusing the name and logo of NTA.
As the name and logo of this authority have been misused. And misleading information has been published through the social network Facebook page.
We warn everyone not to click on such unauthorized pages. And links on that page and not to provide any of your details.
We also say that there is no official page/account on the Facebook of this authority so far and those who do/cause such unauthorized acts will be punished according to the prevailing law.
Even before this. Hackers have been carrying out phishing activities with the aim of stealing the information of Nepali Facebook users.
This is how hackers around the world steal data through phishing. Not long ago. Hackers stole all the data from a company called Solar Winds in the United States.
Man arrested for sexually harassing and harassing women by sending pornographic videos, photos, and messages on social media.
The Cyber Bureau of Nepal Police has arrested a man on Monday for sexually harassing and harassing by sending obscene videos, photos, and messages through Facebook’s chatting platform Messenger.
Police have arrested Ravi Shahi alias Ramesh Shahi, 36, of Seradanda in Kumakh Gaonpalika Ward No. 4 of Salyan for harassing and harassing Salyani 20.
According to Cyber Bureau spokesperson and Information Officer Navindra Aryal, he was found guilty of violating Section 47 of the Electronic Transactions Act, 2063 BS and was arrested on January 18 with the help of District Police Office, Salyan.
He is being further investigated, the bureau said.
Phishing began by creating a fake Facebook page in the name of Nepal Bangladesh Bank said that it will provide 10,000 jobs.
A Facebook page has been launched under the name ‘Bank and Nepal and Bangladesh’ targeting Nepalese using the logo and name of Nepal Bangladesh Bank. The fake page has also been sponsored to reach all Nepali Facebook users.
The page states, ‘Bank of Nepal Bangladesh announces the need for 10,000 workers in all our branches in Nepal. Apply for the job now. If you are interested If you won’t work. Click on the link and register via the link.’
Clicking on the link requires verification of the Facebook account. The personal website opens. The page is in the Urdu language and appears to be operated from Iran. This job requires your Facebook login to fill out the form.
The ad says, ‘You only have to register once. If you registered earlier, do not re-register. The site may take longer to register. Don’t try it again. ‘
“If your head is different from these businesses, register and we will contact you,” the bank’s fake Facebook page said.
In the phishing ads, it has been asked to fill the application form saying that there will be no work in the bank and it will not be used.
The positions to be filled are Chemistry and Geology, Account Staff, Construction and Transport Workers, Marketing Representatives and Technicians, Craftsmen, Security Guards and Distributors, and Ammar Genitals and First and Second Class Drivers and Caregivers and Cooks and Buffet Workers.
The fake page also has jobs for students above 18 years of age. (You can apply your major suit to employment).
Most of the jobs called through the page are not even related to the bank.
Chief Information Officer and Spokesperson of Nepal Bangladesh Bank Suresh Devkota says that no such advertisement was made. He said he had no information about such a Facebook page and that it could be fake.
Lately, phishing using the logos of various well-known companies and organizations is on the rise in Nepal. Such phishing has been done by showing the temptation of employment and attractive gifts.
Many users have fallen prey to such offers. Phishers also run the risk of blackmailing users with user data and confidential information.
The arrest of people who send out pornographic messages, send images, sexually assault, and harass women.
People who made Fake IDs for social media & E-mail to upload porn videos to the Porn Platform and send out pornographic messages, send pornographic images, sexually assault, and harass women were arrested.
A resident of Makwanpur district, Bangkok, Thailand, has been accused of uploading semi-nude and nude photos and videos on porn sites.
Also making worse for victims, they made fake email & misusing internal service they send pornographic images and upload on some pornographic platform.
Uploading nude photos and videos to porn sites and demanding money ($ 1098) to remove those photos and videos from those sites.
As it was found that he had committed an offense under Section 47 of the Electronic Transactions Act, 2063 BS by committing sex extortion and harassment, he was arrested by the Honorable District Court. Aslam Ansari, 36 of age from Parijat Path, was arrested from Hetauda on 2077-09-07 with the help of the District Police Office, Makwanpur.
Similarly, on the social network Facebook, Indrayani (name changed) created a fake ID for her relatives and Sending sexual, obscene messages and pictures to close friends, posting obscene material with sexually explicit content, insulting, harassing, and violating Section 47 of the Electronic Transactions Act, 2063 has been found.
Sulikot village municipality ward no. 5 Barpak Ghar and now Lalitpur Godavari Municipality Ward no. 11 Chapagaun, Rolak Bahadur Thapa of 20 years old was arrested on 2077-09-07, and further investigation is underway.
NOTE:
Publishing, broadcasting, or displaying pornographic and sexually explicit material through electronic or other means, including a computer, internet, etc. It is requested not to do.
A person was arrested for unauthorized access to the electrical plant of Vianet Communication Pvt. Ltd.
Recently, there was an unauthorized access to the electrical plant of Vianet Communications Pvt. Ltd, now that person has been arrested.
During the investigation based on the information and request that the script was made public on social media including Facebook, Instagram, and Twitter by unauthorized access to the data of the customers of the internet service provider.
A young man on his 17/18 years living in Tilottama Municipality-1 changed his name to ‘Narpichas’ made unauthorized access to the electrical plant Data Breach.
Twitter handle called ‘Narpichas’ and the script made public through Facebook and Instagram, it has been revealed that he has committed an offense under paragraph 9 of the Electronic Transactions Act, 2063.
A team deployed by the Bureau with District Police Office, Rupandehi, and Area Police Office, Butwal, arrested him from Butwal on 2077-09-26, and further investigation is underway.
On this Data Breach, Vianet Communications Pvt. Ltd said:
It’s to acknowledge that Vianet Communications Pvt. Ltd. has detected a cyber incident on its customer information systems, which resulted in unauthorized access to some personal data; in particular, Name, Location, Email Address, Phone Number.
We have identified and fixed the source of the breach. Our technical teams have taken appropriate and immediate actions to reinforce existing security measures and monitor our systems for any further possible vulnerability.
We are in contact with the Nepal Police Cyber Crime Bureau and have forwarded a request to the competent authorities where the data has been uploaded. This incident is being extensively reviewed by the internal staff, cybersecurity experts, and the Bureau to minimize its future impacts, and we expect to resolve it as soon as possible.
The Company sincerely apologies for the concern and inconvenience caused by this illegal activity. We appreciate the magnitude of the problem is working hard to get to the bottom of it and get things right. We will update you as soon as there are any major changes in this event.
Phishing attack in the name of Ncell on Facebook, the risk of stealing comprehensive user data
It has been found that a phishing attack has taken place on Facebook by misusing the name and profile picture of telecommunication service provider Ncell. Many have become victims of this attack on user data.
Bitly link has been given by showing the greed of 5 GB free data from the fake page of Ncell under phishing.
Common users would be targeted by cybercriminals by clicking on a common link in anticipation of getting free internet access.
Earlier, cybercriminals had created a Facebook page in the name of Nepal Telecom and boosted the post with misleading information.
In this way, phishing attacks have sprung up as a trap for users to keep their personal details and hack their accounts.
In this case, the security experts insist that the necessary information should be obtained only from the official website and social media page of the official company.
According to the Cyber Security firm Threatnix, such phishing campaigns are being conducted in various countries, including Nepal.
A new study found that more than 600,000 Facebook users’ login credentials have been stolen from a Facebook phishing scam.
The study has shown that 615,000 Facebook users from different countries including Nepal have been affected by phishing using GitHub page and Facebook ad.
According to ThreatNix, Facebook login credentials of users from Nepal, Egypt, the Philippines, Tunisia, Pakistan, and other countries are being stolen from such wide-spread phishing campaigns.
Under the campaign, hackers have been found to be phishing people by copying local Facebook posts and pages from different countries and luring them with similar advertisements and offers.
Phishing scams had become increasingly common in 2020. Sadly, cyber criminality of this type is on the rise as we move further and further online; criminals look further and further into ways to conduct their criminality.
There are numerous ways to protect ourselves from a phishing scam, although sometimes it can catch people out by surprise. Phishers thrive on exactly that and generally aim to catch people off guard who, without a second thought, might provide personal details. It’s a horrifically common crime, particularly at the moment, as criminals have more sophisticated tools than ever before.
A phishing scam can happen to anyone, too. One minute you could be surfing the web assessing your holiday options or searching for slot bonuses available for Indian players, then the next minute, you open up an email and, unknowingly, fall victim to a scam. It has happened to thousands of people worldwide, and, sadly, it will continue to happen.
Scammers are coming up with new techniques to conduct their crimes regularly, so be sure to keep up to date with all the latest scams hitting the news. The sooner you know about a common scam occurring, the better you’ll be when it comes to dealing with one.
Install an anti-phishing toolbar
Anti-phishing toolbars can be added to most internet browsers and are extremely effective. Anti-phishing toolbars essentially scan any sites you visit and notify you should you enter a harmful or potentially malicious website. Not only is it completely free, but adding an extra layer of protection can only be a good thing.
Check your online accounts regularly.
We all have online accounts we don’t check for a while or barely even use at all. The danger is, though, that someone could be having a field day with one of them without your knowledge. To avoid any scammers taking advantage of any unused or unchecked accounts, be sure to check in on your accounts regularly. To add even more security, consider changing your passwords every few months too.
Think before you click
An obvious one to many, but don’t click any random links in emails, messages, or on untrusted websites. On top of this, beware of any phishing emails. They seem legitimate and from a company you’re signed up with, but they’re designed to look like that and essentially dupe the receiver into giving out personal details. Look for any grammatical errors, as that tends to be a common giveaway. If you’re even in doubt over an email, though, ignore it and give the company in question a call.
Firewalls essentially act as a shield between you, your computer, and any outside intruders. A desktop and a network firewall are recommended, therefore providing you with a solid amount of protection and giving hackers and phishers much less of a chance of succeeding in taking over your network or your computer.
Use antivirus software
Again, another obvious way to protect yourself too, but it’s amazing how many people don’t have any antivirus software installed on their computer. Then they wonder why they have fallen victim to a crime. Antivirus software comes in all shapes and forms, with numerous options out there. Still, on the whole, it guards against malicious files, cyberattacks, phishing attacks and adds protection to your overall system. Make sure you keep it up to date, though!
Starting with the basics, ethical hacking refers to an authorized process of gaining access over a defined network, data, or system.
Notice the use of ‘authorized’?
That’s the thin line that separates ethical hackers from malicious hackers.
CEH training is a very standard certification in the field of security. It covers all the basics of ethical hacking, including the benefits, tools, and types of system vulnerabilities.
Moreover, trainees get to experience the latest commercial-grade hacking techniques and methods used by hackers.
To beat a hacker, you either need a hacker or need to be a hacker.
Who is a certified ethical hacker?
As mentioned earlier, an ethical hacker is an authorized professional who can access a defined system.
You’re certified once you complete the Certified Ethical Hacking training successfully.
Some also like to call ethical hackers white-hat hackers.
Part of their job as security professionals is to find and exploit vulnerabilities in systems. But in a lot more lawful manner.
Why do ethical hackers find vulnerabilities and exploit them?
To avoid ‘blackhat’ hackers from doing the same.
The main purpose is to identify and fix those flaws before a malicious hacker breaches the system causing inadmissible loss.
Why is certified ethical hacking training in demand in Nepal?
Globally, we witnessed a surge in cybercrimes amid the pandemic. Data breaches will continue to be a threat to organizations in Nepal, and therefore, it would be unwise to look the other way.
After completing the certified ethical hacking training, you will be able to pursue some common job roles such as:
Cybersecurity Auditor
IT Security Administrator
Cyber Defense Analyst
Vulnerability Assessment Analyst
Information Security Analyst
Network Security Engineer
Manual Ethical Hacker
Penetration Tester
Cybersecurity Consultant
Once you are a certified ethical hacker, you will be able to keep up with security checklists that will allow you to audit your organization’s information assets.
To boil it down, the knowledge that you acquire will ensure a more secure and efficient workplace.
The industry partner, One Cover Pvt. Ltd., is a security company providing services such as security consulting, assessment, incident response, and managed security.
Certified Ethical Hacking CEH V11 is an opportunity for security professionals and enthusiasts to learn tools, techniques, and lawful hacking methodologies.
Training Detail:
Start Date – Jan 21, 2021
End Date – Jan 25, 2021
Category – Security
Timing – 10AM – 5PM
Venue- LABA Pvt. Ltd. (Anamnagar, Kathmandu)
Where can I enroll for CEH training in Nepal?
LABA is an authorized Certified Ethical Hacking training center based in Kathmandu, Nepal.
Nepal’s first bug-bounty platform, ‘BugV’ has been made public. For the first time in Nepal, Cynical Technology Pvt. LTD has brought such a platform. The main aim of this platform is to make cybersecurity services cheap and accessible.
The work of ethical hackers and cybersecurity researchers are easy now. They are able to detect and reward the risks of various companies’ systems and software. With the aim of making BugV a global product, it was brought into the market. If ethical hackers find bugs on any platform, they can report them by using BugV. “We will provide a reward with a certain amount based on the buys to such hackers”, said Lamgade.
Naresh Lamgade is the founder of Cynical Technology. He said the services would be cheaper because companies would only have to pay for bugs. The companies won’t have to pay for testing their software systems.
BugV has also set digital payments in collaboration with eSewa and Fonepay. The six different companies are listed in BugV. Their bugs will get detected by ethical hackers. Esewa is also included in this list. The list of other companies will be public in the next few days.
The client companies and organizations have to pay a certain fee to get listed on this platform. Also, they have to pay the ones who find bugs. Cybersecurity researchers can get connected free of cost from around the world.
According to Lamgade, service seeking companies and organizations can determine the price of the bugs that can be found in their products and software systems.
BugV organized a live hacking event on its platform last Friday. As soon as they fix the found bugs, the platform will be public, the company said. The government bodies will also get both private and public services. In which they can find the security vulnerabilities in their system through hackers.
Due to the lack of proper means of communication, data breaches and leaks are taking place. The concerned companies and the platform finding bugs don’t have a secure means of communication. BugV would also solve this problem, Lamgade hopes.
Nepal Telecommunications Authority Announced Public Notice For Selection of Information Security Consulting Firms. To get enlisted in a roster of NTA as IS Auditor/Cloud Auditor
(First date of publication – 30th December 2020)
Vairav Technology is one of the leading cybersecurity companies in Nepal. The company has got in the list of MSSP Alert’s Top 250 MSSPs. It was founded in 2019. In a very short period, Vairav has made it to the Top 250 MSSPs. MSSP stands for Managed Service Security Provider
Vairav Technology introduces itself as a Cyber Defender from the Land of Gurkha. Vairav has a growing international clientele. They provide services to prevent cyber-crime, protect data, and reduce security risks. Their services include:
SOC as a service,
security testing,
IS audit, and
cybersecurity consultation.
MSSP Alert 2020
MSSP Alert identifies and honors MSSPs, MDRs, and SOCAS from all around the world. Where the MDRs and SOCAS stand for Managed Detection and Response, and Security Operations Center as a Service Provider.
The ranking of cybersecurity service providers done according to:
MSSP Alert 2020 Readership Survey, and
the global editorial coverage of MSSPs’ digital media sites.
Amy Katz is the CEO of Nine Corporation and MSSP Alert. She said, “Despite the Corona epidemic in 2020, companies have managed to grow their businesses by protecting digital assets around the world by reducing the consumer risk.”
According to the MSSP Alert survey, the honored companies expect to earn 19.15 million dollars in 2020. Compared to 2019, revenue is expected to increase by 16 percent.
This year, companies from 25 different countries got included in the list. According to the report, 84% of MSSP companies have benefited in the fiscal year 2020.
Cyber-attacks are increasing with time. Most of the MSSP users got attacked which include
95 percent phishing,
76 percent vulnerabilities, and
69 percent ransomware attacks.
According to the survey, mergers, acquisitions, and private equity investment in the sector are rising. MSSP survey participants mentioned 129 different hardware, software, cloud, and services, vendors. These assist their cybersecurity efforts. This number went up from 95 in 2019 to 129 in 2020.
As you are aware, It’s important that you have the right balance of defenses and the correct sense of appreciation for the new normal. Connect with industry leaders to understand the new threat landscape and to develop an agile, flexible strategy for Cyber Security.
Keeping the above in mind, ISACA in collaboration with SL CERT & SINETCOM will host a Webcast on “Sharpen up Cyber Security Defenses for the New Normal with an Agile, Flexible, and Predictive Strategy” on Thursday, 17th December 2020 at 3.00 p.m.
Please find below the e-flyer and a quick registration link to secure your entrance. – Click Here
Are you looking for the free best antivirus for Windows? Confused about which one to choose? Your Windows computer needs proper protection against malware, and the free antivirus software may be enough for it. So, below we have provided you the list of Top 5 free best antivirus for Windows
5 Best free antiviruses for Windows
1.Microsoft Defender
First on the list of the best free antivirus for Windows is Microsoft Defender, which is in-built into Windows 10. So, it is totally free. if you do safe computing practices such as you keep your software up to date, using strong passwords with the help of a password manager, clear unexpected emails, and escaping suspicious links then you probably can avoid various virus and ransomware attacks. And with the free protection running on Windows 10, you have a malware protection safety net until you do let your guard down.
This antivirus program is built into Windows and is enabled by default, so just keep it as it is and do its thing. This antivirus solution will also look after the basics of internet security. Don’t worry about the update as Microsoft launches new updates frequently. This defender also lets you control the level of protection accordingly. Such as giving control if you want to block unwanted apps protecting various files and folders from virus and ransomware attacks.
Note: Windows Defender Advanced Threat Protection is also available. It is mainly for corporate users for a certain fee.
Avira is in the second position on the list of best free antivirus for Windows. Yes, it deserves the 2nd spot as it has one of the best virus scanning engines on the market. This antivirus is lightweight, fast, has a perfect detection rate, and gives free protection. Looking at its free internet security tools like the privacy optimizer and the Safe Shopping browser extension which assists in the overall cybersecurity protection. So it’s internet security features are better than any other free antivirus. Avira’s privacy and performance optimization tools are good as they clean cookies and junk files, along with fixed hidden privacy settings that leak personal information on the web. But to get more advanced options on internet security protection, you have to upgrade to one of Avira’s paid plans, but in terms of free antivirus for Windows, Avira is a good choice.
Panda is good antivirus protection with a beginner-friendly interface. It might be one of the lesser-known brands on this list. But it is a powerful and easy-to-use antivirus, which offers free protection. It’s one of the most intuitive antivirus programs out there as it needs no advanced setup. It includes a powerful firewall, blocking more intrusions than any other free antivirus. It also provides VPN service, powerful, but it’s limited to only 150 MB for a day. But you’ll need to upgrade if you want to access unlimited VPN access and other advanced features like parental controls, password manager, and advanced malware detection. So, Panda is a great option for free Windows antivirus.
Sophos is an antivirus which is the best free plan for families, good interface with parental control. Sophos’s free plan includes great parental controls which usually comes only with premium internet security packages. So, It is a great antivirus option for parents who want peace when their kids on the internet. This internet security protection includes real-time malware protection which isn’t included with other free antiviruses. It’s a Web Filtering tool that allows users to block kids from getting into malicious sites, accessing adult content, or specific inappropriate websites for young children, such as certain social networks.
In addition, Sophos Home Free includes an internet security browser extension that blocks phishing websites and real-time malware protection. While Sophos free antivirus covers up to only 3 devices, if you need to add more devices and some advanced features, you will be required to upgrade to the Premium option.
The last option in the list we are suggesting is Bitdefender. It is simple free antivirus protection with low CPU load. This antivirus is a great choice if you are looking for an antivirus scanner that they don’t need to think about after installation. It is because Bitdefender is developed in such a way that it will run in the background. It provides only essential notifications in case of suspicious program activity. scans, detection, and removal of Malware all happen automatically until you adjust the settings.
If you’re looking for more extra features like parental controls, password manager, dark web monitoring, or a VPN feature. This antivirus is not the right product for you. But it is still a good antivirus software option. As its minimal design means that it won’t lag the PC down. Bitdefender Antivirus Free doesn’t include as extra many features as other antivirus software listed above, but it is one of the easiest software to use. If you’re looking for perfect malware detection which can run in the background, keeps your PC safe, and monitors browsing, Bitdefender is your free antivirus.
VA chatbots are used in various industries for different types of assistance. They work on the concept of Machine Learning and take decisions according to it. So, they are meant to assist us and we depend on them but are they protected? Do they have proper security? Is their decision, always right? If not then different vulnerabilities may arise from it.
Below we have discussed the importance of Chatbot security.
What are the problems of VA chatbots?
The chatbots use ML learning for decisions so they work with certain data learnings. For example, we stop our car at a red light or a stop board and move when it turns green. But in the case of Chatbots, the signals detected in the form of patterns.
Sometimes these ML-driven machines may be attacked not only internally but externally also. One such incident is last year a Tesla car crashed and took the life of its owner. What happened was the Tesla was kept on auto driver mode, everything was going normal until the car did not stop on a stop signal board and crashed. So, actually what happened was someone kept a sticker on the board and the auto driver was not able to detect the stop sign and caused the accident. Though this might be among the 1 in thousand cases. But still, it is a major problem for Machine learning as it was affected due to a tape on the sign.
VA is having a major impact on the global IoT ecosystem and home automation as well. How secured are they?
The simple answer they don’t have any security embedded in them. They don’t have any type of authentication or verification and they lack layers of security. So yes they can easily be attacked. These systems are particularly vulnerable because they all work in a network. Once somebody is in the system, there are various ways in which it can impact the user. For example, nowadays people interact and share confidential information with home automation like Alexa. If you have an application on top of the home automation, the attacker can possibly extract that information out easily.
Nowadays Organizations usually prefer coolness, often making security an afterthought. What is the result of this?
It doesn’t matter how many trendy features your VA chatbot has if it lacks security then it will cause many vulnerabilities. Nobody has been protecting the chatbots properly as it’s very different to protect a chatbot through a firewall because these are not correlated things. Chatbots are not only vulnerable at the HTTP level but also at the conversational level.
Irrespective of how you install the security system, it’s still possible to get into the system and try to extract data or at the backend manipulate it in such a way that you are not aware of it.
Are CISOs considering attacks against chatbots as an emerging threat?
No, many of them are unaware of this threat vector. If you ask them then their first reaction will be ‘we have to protect this?’. The answer to the above question is ‘YES’. You need to make sure that your data is protected. You are spending millions for quality functioning, then it is your responsibility to make sure that no data can be stolen from the chatbot as well.
So how to make VA chatbotssecure?
So firstly, If you are using anything in Machine Learning, the data can be poisoned and you should know that more than 80% of all assisted chatbots are created on an open-source algorithm or an open-source training data set. You need to make sure that if you are creating on open source, then you don’t take that as faith value. There are various examples of back-door channels with malicious codes inside the algorithm. So make sure what you are doing when you are taking anything from the open-source. And the final aspect is when you are setting up the architecture analyze what goes in and comes out of the chatbot.
(Extracted from the exclusive interview of Chaitanya Hiremat, CEO of San Francisco-based AI firm, Scanta Inc with CISO MAG)
Researchers have discovered a new attack ‘ Lidar Mobile’. This attack allows attackers to spy on homeowners, through the LiDAR sensors on their robot-based vacuums.
What does LiDAR mean?
LiDAR stands for Light Detection and Ranging is a remote sensing method. It uses light in the form of a pulsed laser to measure variable distances to nearby objects. Robot Vacuum cleaners also use this technology. This technology assists in cleaning and to navigate around obstacles on the floor.
Researchers have found that robot vacuums are a source for cyberattacks while inside their homes. LiDAR (Light Detection and Ranging) sensors on robot vacuums consist of a bug. That bug could allow an attacker to listen to the private conversations of the homeowners.
Worried? Calm down because the attack is complex. Attackers would have to compromise the device itself. In addition, attackers need to be on the local network of victims to launch the attack. The idea behind the attack is to access LiDAR readings, which include sound signals. Then use it to reveal full conversations. Potentially revealing sensitive information that could reveal their credit-card data or deliver potentially incriminating information that could be used for blackmail.
Lidar Mobile Solution
According to the team of researchers from the University of Maryland, College Park, and the National University of Singapore, they have developed a system to repurpose the LiDAR sensor to sense acoustic signals in the environment. Remotely harvest the information from the cloud and process the raw signal to extract the data.
Researchers said that the Lidar Mobile can be mitigated by reducing the SNR (which stands for signal-to-noise ratio) of the LiDAR signal. This is possible If the robot vacuum-cleaner LiDARs will include a hardware interlock. In a way that its laser beams cannot travel below a certain rotation rate, with no option to override this feature in the software,”
While researchers investigate LiDAR on robot vacuum cleaners as an exemplary case. Their findings may be extended to many other different active light sensors, including various smartphone TOF (time-of-flight) sensors. ToF cameras make use of infrared rays that bounce off objects and then return to the hardware. The time that this light takes to leave and then return to the device (TOF) allows the camera to sense depth, thus developing a 3D ‘map’ of a space.
So, this attack is a signal of an important reminder. The proliferation of smart sensing devices in our homes opens up many opportunities for acoustic side-channel attacks on private conversations.
We all have made “China is Watching” jokes or heard about China stealing our data from its software and apps. But how true it actually is?
The Indian Express’s “China is watching” investigation has come to a new spotlight about China’s cybersecurity threat. The research had a finding of operation by a Shenzhen-based technology company. The company has links with the government and the Chinese Communist Party about keeping a record of India’s enormous mass and entities.
The Shenzhen-based company is Zhenhua Data Information Technology Co. Ltd. The company talks about them being pioneers in using big data for “hybrid warfare” and the “great rejuvenation of the Chinese nation.”
China’s People’s Liberation Army’s (PLA) step into Cybersecurity Threat.
Firstly, after the Gulf War of 1991, the Chinese realised conventional warfare was rapidly ending. Chinese had already understood American technology being far ahead of them. Similarly, they realised they could leapfrog a couple of generations and get ahead of time after stepping into the ICT world. This decision coincided with China turning into the electronics factory of the world.
Moreover, in 2003, the Central Committee of the Chinese Communist Party and China’s Central Military Commission officially approved the concept of “Three Warfares,” consisting of psychological, media, and legal warfare. After that, they prioritized PLA to fight a war in the information domain by 2020. Soon, the PLA had already begun setting up intelligence units dedicated to cyber operations.
World’s discovery about the PLA’s commitment to Cyberwarfare
Likewise, in February 2013, the Alexandria, American cybersecurity firm Mandiant published a report about China’s cyber warfare operations. The Mandiant report documented evidence of cyberattacks by PLA Unit 61398, in Pudong, Shanghai, with several computer hacking attacks in the past.
The unit is a single organisation that has also conducted a cyber-spying campaign against a broad range of victims for at least the last 15 years. From the quantity of information stolen, it is one of the most prolific cyberspying groups.
According to the Mandiant report, the group had stolen up to billions of terabytes of data from 141 companies across 20 major industries. China considers the nature of “Unit 61398’s” work to be a state secret. However, we believe it has been engaging in harmful cybersecurity threats. Meanwhile, they estimate hundreds and even thousands of people staff in unit 61398. The Mandiant report also said about Unit 61398 requiring its personnel to be skilled in computer security and network operations and be proficient in English.
Reaction to these Cybersecurity Threats from China
After retirement, former Northern Army Commander Lt. Gen DS Hooda (Retd) headed a panel to set up specialized information warfare units. He said that back in 2014, the United States government discovered that a Chinese team had hacked into the Office of Personnel Management of the federal government to take out records of 21 million people. In addition, about 4 to 5 million of these people worked for the US military and CIA.
“Gen Hooda regards this hack as one of the biggest hacks of classified personnel documents. To sum up, the hackers had got hold of 127-page forms, which listed every detail of the individual official.
After that, the US Department of Justice accused five PLA officers of cybercrime. After which they released the names and photos of the officers. US Department of Justice charged them with hacking and stealing information from several companies. This was the first time the US took such a step against a foreign power.
Recently NVIDIA released a patch for a critical bug in its high-performance line of DGX servers. The bug could potentially invite remote attackers to control and access sensitive data on the system, which is operated by governments and Fortune-100 companies.
NVIDIA recently issued nine-patches to fix flaws in firmware used by DGX high-performance computing (HPC) systems. The systems are responsible for processor-intensive artificial intelligence (AI) tasks, machine learning, and data modelling. Whereas, the fixes were for the flaws in its firmware that runs on its brains behind a remote monitoring service servers, DGX AMI baseboard management controller (BMC).
Likewise, Researcher Sergey Gordeychik, credited for finding the bugs, wrote that the attackers could be remote. If bad guys root one of the boxes and then get access to the controller; they can use the out of band management network to PWN the whole data center. Moreover, he added, “If you have OOB access, the game is over for the target.”
With the high-stake computing jobs typically running on the HPC systems, exploiting the flaw could even interfere with data and force models to make incorrect predictions or infect an AI model.”
NVIDIA has said that it wouldn’t be able to update the patch fixing one critical bug(CVE‑2020‑11487)until the second quarter of 2021. Meanwhile, the bug is impacting the DGX A100 server line. The flaws of the critical bug are tied to a hard-coded RSA 1024 key with weak cyphers, leading to information disclosure. Whereas, the fix for other servers, DGX-1 and DGX-2 impacted by the same bug CVE‑2020‑11487, is available.
NVIDIA suggested limiting connectivity to the BMC, including the web UI, to trusted management networks to mitigate the security concerns.
Bugs Highlight Vulnerability of AI and ML Infrastructure
Sergey Gordeychik disclosed the bugs Wednesday at the CodeBlue 2020 as a part of the presentation “Vulnerabilities of Machine Learning Infrastructure.”
In the presentation, Sergey highlighted the vulnerability of different AI infrastructure components. It includes NVIDIA DGX GPU servers used in ML frameworks(Pytorch, Keras, and Tensorflow), data processing pipelines. Also, the specific applications, including Medical Imaging and face recognition, powered CCTV, could be tampered with by an adversary.
With the supply chain of NVIDIA, other vendors are also likely to have an impact.
Nine CVE Patches
Among the recent nine CVE patches NVIDIA issues on Wednesday, CVE‑2020‑11483 is a critical bug. The vulnerable line of NVIDIA DGX servers includes DGX-1, DGX-2, and DGX A100.
Out of the Nine CVEs, four of the NVIDIA bugs are critical: CVE‑2020‑11484, CVE‑2020‑11487, CVE‑2020‑11485, CVE‑2020‑11486. The CVE‑2020‑11484 is the most severe among the four of the bugs.
Three of the other patched vulnerabilities are medium-severity whereas, and one is with low.
Scraping Google search results can become a hassle, and you’ve probably run into a severe problem when trying to try to do so.
You might be changing prox servers time and again while trying to web scrape from Google SERP. And you might not be able to bypass the Google automated System settings.
So, this article will guide you to web scrape using Google SERP API, which enables you to scrape without continuously changing proxy servers.
What Is Web Scraping?
Web scraping also called web harvesting, or web data extraction is information from a website. It’s the course of action of automating the extraction of site content material through a software program.
Web scraping an online page involves fetching it and extracting from it—high-level programs like Python and Java scape data employing a few code lines. Data is then parsed and stored to be processed later.
Why Scrape Google SERPS?
Obviously, Google has the best market share for a search engine, so it’s a no brainer to scrape Google SERPS.
Companies and individuals use that information for a spread of reasons, including:
SEO rank tracking
Ad verification
Content aggregation
Lead generation
After the data gets stored in an area database, it becomes easy to identify. When a business wants to work out their SEO initiatives are working well; they’ll see their page placement over time.
Google Search results also contain feature snippets, shopping results, local search maps, and many more. Web Scraping provides a transparent picture of how real-life users view SERPs from across the world.
How Scraping SERPs Can Quickly facilitate your Uncover Damage Caused by a Hacker. It is very taxing and burdensome when a hacker makes it past your security and starts disrupting your hard work. SEO results might be all destroyed that took years to build up.
According to a survey of SEO professionals, it usually takes Google months to restore their original search results. They also rated more usually the damage from previous hacks to be severe.
You get valuable insights into your website and the website rankings and how they change during hacks while tracking your website’s SERPs. Tracking it also makes it easier for Google to reinstate your previous positions. Even just an 8hours downtime could result in a 35% drop in SERP rankings.
Small businesses are more vulnerable. Malware regularly leads to harm to your research results, and ultimately, you get blacklisted. And GoDaddy reported that 90% of the websites don’t even know about they carrying malware.
Doing routine scrape off all your SERPs and tracking the data historically can spot malware and hacks and even help you know about where the damage is most severe.
How to Web Scrape Google Search Results So, how can you really web scrape Google using Python?
Replace New York MTA York URL with www.google.com using this code. The response object holds the results, and then you can interrogate the data using the BeautifulSoup library.
But it isn’t as easy as it sounds; scraping can become a hassle because of parsing issues and connection limitations.
Parsing and Proxy Problems
Due to different structures in the other web pages, parsing information is also unique to each site. Parsing organic listings can often lead to strange results due to a lack of uniformity in Google search results.
Google tends to change its code over time, so the same thing might not work next month. Also, platforms like Google Search don’t appreciate high-volume web scraping.
So, they check the IP address of each user while they are searching. And those who act like a bot or computer are banned after about eight attempts or so every twenty hours.
Cybersecurity Issues
As Google doesn’t want automated computer programs or bots bypassing their services, cybersecurity is also one issue. To work around the problem, many coders even employ a proxy solution.
Google gets a different IP address with a proxy when resets the limit. But it’s just for once as after that; the proxy is blocked. And continuously changing proxy servers can become a nightmare while web scraping.
Google SERP API
But with the right API, Google SERP is easy to scrape.
With the right API, you get to web scrape without any restrictions as such programs work by rotating proxies. Such APIs also make sure that you only receive valid responses.
One such company that provides one of the best Google SERP API is Zenserp.
Benefits of Google SERP API
A good API isn’t just scraping to get search listings and ranking data
Google provides a broad range of services, including:
image search
shopping search
image reverse search
trends, etc.
A good API will help you scrape such data from a broad range of services to keep you one step ahead. It could also help you make strategies accordingly in your own business.
Advanced API Features
A good API not only helps you in web scraping with changing proxies. But it also has many features like:
Location-Based Results
Large Data Sets
Intelligent Parsers
24-year-old Nepali rapper VTEN has made it to the headlines yet again as the Nepali Police are initiating an action against the rapper.
The latest release from Samir Ghising, popularly known as ‘VTEN’, has grabbed the attention of the police. The police have been receiving complaints against the new rap song – “PAARAA” for promoting vulgar language and using foul language against the Nepal Police.
The song which was released on October 24 had gained over 1 million views on YouTube in 5 days.
A police source said that the language used in the rap song is obscene and against the accepted social values. Following the release of the song, the HQ has directed the Cyber Bureau to take action against the rapper.
This is not the first time the rapper has been on the news for using ‘obscene’ language in his songs. Last year, Police had arrested VTEN for his song “Hami yestai ta honi bro” for the same reason.
Many people have deemed it an act of violating freedom of expression.
Here’s what Abhaya Subba, frontwoman of Abhaya & the Steam Engines tweeted:
Social media can be a fun way to interact with your friends and families, but it could come with its own set of cons, one being Phishing attacks. Phishing attacks and information theft in social media aren’t new, but it is getting dangerous with time.
Scammers have been using the favorite photo-sharing app, Instagram, as a popular medium to steal data and personal information. But don’t worry; they can’t steal your data right away without you doing anything.
Phishing Attack on Instagram
The Indian Computer Emergency Response Team (CERT-In), under the Ministry of Electronics & Information Technology, Government of India, has warned users about the phishing attacks via its Twitter post.
Cert-In has included a photo explaining the Phishing Attacks on Instagram DMs and the consequences you have to bear if scammers steal your information. The message in the DMs may be related to anything. Still, generally, scammers will attach a link will be which they will ask you to click.
With a click at this link, users might lose their email address. Even other online services connected to the email account might be compromised, warns the Twitter post.
With full control of the email address, scammers might try to crack other online accounts’ passwords, further blackmailing the victim. Or even the scammer may impersonate as the victim in their social media handles.
Scammers and frauds with the email address could quickly get through the two-factor authentication (2FA). Then they could even change the security settings of email and other associated accounts. After that, scammers get to hold onto sensitive documents, financial and personal information.
Globally, October is being celebrated as National Cyber Security Awareness Month(NCASM). And the CERT-In is sharing cybersecurity tips and awareness posts throughout October via its Twitter handle.
CERT-In had shared the post about Phishing Attacks on Instagram through the caption: “NATIONAL CYBERSECURITY AWARENESS MONTH (NCSAM).”
⦁ Also read: ⦁ Learn To Protect Your Organization From Spear Phishing.
The verified Twitter account of the Office of the President of Nepal has been deactivated.
The office has launched a Twitter account in order to disseminate information related to President Bidya Devi Bhandari. The verified account (@SHITALNIWAS) was shut down after it experienced cyber-attacks, according to experts.
Presidential communication expert Tika Dhakal said in a tweet that the account was closed due to technical problems.
“I was the one who verified the account and moved the work forward,” said Dhakal.
Furthermore, he added that the office will immediately prepare and submit a new account.
Some tweets shared from the account operated by the President’s Press Secretariat were deemed as controversial. In fact, people even started questioning the operation of the account.
Meanwhile, an unverified account of the President (@presidentofnp) is still in operation, which is also run by President’s Secretariat.
With more users using messaging apps, it has benefited frauds to start phishing attacks in Whatsapp and other apps. It has become a hotspot for scammers and frauds. With almost every mobile phone having Whatsapp or Viber in Nepal, scammers are sending unique phishing messages on WhatsApp.
The situation does not seem to get better with the Whatsapp group, where phishing messages reach spread within an enormous mass quickly. Frauds and scammers have been designing unique messages with malicious links that appear legit. Once you click it, you give away all your personal information, including your banking details.
Sending malicious links and phishing attacks in Whatsapp has become a widespread problem. Especially when very few people even think about investing in a reliable mobile anti-virus system or a security system to protect personal information and banking details.
Phishing Attacks in Whatsapp and Other Apps
A phishing attack takes place with two things, one is the message which is sent, and another is the hook which is the malicious URL. Not only WhatsApp, but you can expect a phishing attack from anywhere including email, Facebook, and any other messaging app. But reports suggest that people fall for such scams in Whatsapp/Facebook from known contacts. Your friends/family don’t realize that they are sending a phishing message and just forward.
So, will the scammers scam you just by you clicking on the link? Yes, they will, unless you have a sound security system on your phone or an anti-virus application. Usually, when you click the link, it will redirect you to a fake social-media login page of Facebook or Instagram or even a fake banking page. It may even install a malicious app on your phone in the background. Then they rob off your personal and private information, including your social media handles and banking details.
One way to avoid such phishing attacks is not opening such malicious links from anyone, including known contacts too. But, it is not possible always to ignore the messages. Sometimes you might get tempted or get carried away and click on the malicious links. You might end up clicking one day after ignoring for years; for situations like that look forward to investing in a sound security system.
A full-proof way of staying away from phishing attacks in Whatsapp is definitely investing in a security system for your mobile phone. Such anti-virus/mobile security apps could block such a malicious URL or stop a malicious app from downloading in the background.
You can also see our article about how safe your smartphone is.
With the ongoing increase in rapes around the country, it has been hard for all the females to walk freely in the streets, with keeping the constant fear of people in mind youths from KalikaManavgyan Secondary School in Butwal designed this system. The group of four studying in grade 12, SajanPoudel, RiteshKafle, SishirTimalsina, Laxman Poudel, SurajBashyal, Anish Bhandari, and NischalNeupane were studying computer engineering from grade 9.
The Anti Rape System is a watch that sends alerts to the police and your close people whilst sending an alert message and your GPS location. This project aims to minimize rape cases and also other crimes.
The rape cases in Nepal are increasing with time. As per Nepal Police, 1,945 cases of rape were recorded in the past fiscal 2019/20, which has doubled since the last five years with 981 cases in 2014/15. About six rape cases are reported daily in Nepal, and that’s only the ones that people report to the Police. Most get settled with money or with marriage, and some cases even stay with just the victim and the abuser. The rape culture seems to grow, with many women facing some sexual harassment while growing up. With the increasing number of rapes every year, the fear within people has raised.
Recently Actor Reecha Sharma also wrote a letter to PM addressing the rape culture in Nepal. The heinous act does not seem to stop soon. But have youths designed Safe Nepal for the future with the “Anti Rape System”?
The Anti Rape-System
In the form of a simple wearable watch, this device is easy to handle and operated with a single click. It comes in the hardware of a watch with an emergency button. In a single press of the button, with an alert message, it forwards the victim’s location to the registered number in the micro-controller. Not only that, simultaneously, the system gives an electric shock to the abuser.
GSM module fitted inside the system is responsible for the data communication, and the Neuro Stimulator will produce a non-lethal shock in times of assault. When you press the button, the GPS sensor in the watch tracks the longitude and latitude of the location. With longitude and latitude, it will set your location in the google maps. Then, the system alerts the registered numbers with the default selected message “PLEASE RESCUE ME, I AM IN PROBLEM. MY CURRENT LOCATION IS…”
The system will alert any number registered in the system. They plan another local server of the system to set in the Local police station. The server receiver will feature an LCD panel and a buffer. The system sends the location of the victim in the LCD with a beeping sound.
The prototype of the watch is rechargeable, which lasts up to 8hrs after one full charge. To test the system, the team has planned to design a low- range serve for the time being. The team has set to commercialize the “Anti Rape System” after receiving the required funding.
Prava Basnet, Nepali bug bounty hunter has been awarded $3,000 after discovering bugs on Facebook. The bugs (security vulnerability) were related to Facebook and Instagram.
In fact, she discovered 2 bugs on the platform.
Let’s first get to know what these bugs were.
One of the bugs that she reported was the photo uploaded to Instagram’s story was also shared on Facebook. The social media giant has fixed this bug and awarded Prava with a thousand dollar bug bounty.
Basically, this flaw would share an Instagram story to Facebook without the user’s consent.
Another bug was related to the linked accounts on Facebook and Instagram.
“In some cases, it was still possible to log in to Instagram with a linked Facebook account even if the linked accounts feature was switched off.” – Message from Facebook.
For reporting this bug, Facebook has awarded Prava with a bug bounty of $2,000.
Normally, Facebook awards a bug bounty of less than $500 but since these bugs were serious threats to security. Prava says that when a hacker gets access to a Facebook account, s/he can easily hack Instagram automatically.
With this, she is on her path to becoming the first female bug bounty hunter to be listed on the Facebook White Hat Thanks page.
Recently, Facebook had awarded Saugat Pokharel with a $6,000 bug bounty. Read more of that here.
Saugat Pokharel has revealed via Facebook post that Prava was inspired by him. Have a look:
