Juspay has appointed Verizon Business to conduct an independent forensic investigation into the cyber-attack the company faced in Aug last year. It also oped in PwC for a comprehensive audit of policies, protocols, and tech. Its 3.5 cr records with masked card data and card fingerprint had been breached in the cyberattack. Verizon and PwC are appointed to enhance resilience and preparedness to mitigate threats from unlawful cyber-attacks in future.
The hacker who possibly hacked masked credit and debit card data of JusPay users, ‘Shinty Hunters’ was now selling databases belonging to three more Indian firms -ClickIndia, ChqBook and WedMeGood, claimed cybersecurity researcher Rajshekhar Rajaharia. Bigbasket found that data of 20 mn users had been hacked and put on sale on the dark web for over $40,000. Rajaharia sensed a strong connection between all these recent data leaks, including BigBasket.
The US Department of Justice’s email systems were accessed by the hackers who broke into software company SolarWinds. The department, which has over 100,000 employees across a series of law enforcement agencies — FBI, Drug Enforcement Administration, and the US Marshals Service, said in a statement that 3% of its mailboxes were accessed. However, it said that it had no indication any classified systems were impacted.
Researchers have discovered hardcoded admin-level backdoor account in over 1 lakh networking devices manufactured by Taiwan-based company Zyxel that can let cybercriminals access to devices and risk data. The models include many of Zyxel’s top products from business-grade devices usually deployed in private firms and govt networks. Firewalls, VPN gateways and access point controllers have been compromised by the backdoor account.
Rajshekhar Rajaharia, an independent cybersecurity researcher, said that data of nearly 10 cr credit and debit card users of India was being sold on the Dark Web via cryptocurrency Bitcoin. The massive data, according to Rajaharia, has been leaked from a compromised server of payments gateway Juspay. The Bangaluru based firm said that no financial data were compromised during the Aug 2020 cyber-attack and the actual number was much lower than 10 cr.
A PIL had been filed against G Pay claiming unauthorised access to Aadhaar data in alleged violation of the Aadhar Act of 2016 in addition to, Payments and Settlement Systems Act 2007 and Banking Regulations Act 1949. A response from the UIDAI mentioned that no permission had been issued to G Pay to access, use and store citizens Aadhaar details. It also violated the fundamental right to privacy. The petition directed UIDAI and RBI to take relevant action against G Pay.
The suspected Russia-backed hackers have compromised as many as 250 federal agencies and top firms in the US, by hacking into ‘SolarWinds Orion’ monitoring and management software. The New York Times, in a report, said as businesses such as Amazon and Microsoft that provide cloud computing services are digging deeper for evidence. Microsoft, last week, said that its systems were infiltrated “beyond just the presence of malicious ‘SolarWinds’ code.”