Latest news with #IndianComputerEmergencyResponseTeam
Mint
26-05-2025
- Mint
CERT-In issues high-risk advisory over critical Microsoft vulnerabilities: Report
The Indian Computer Emergency Response Team (CERT-In), under the Ministry of Electronics and Information Technology, has issued a high-risk security advisory for users of Microsoft products,reported Business Standard. As per the publication, the alert, published on CERT-In's official platform, highlights serious vulnerabilities that could potentially expose users and organisations to a range of cyber threats. You may be interested in According to the advisory, the identified flaws reportedly affect a wide range of Microsoft services and tools, including Microsoft Windows, Microsoft Azure, Office, Developer Tools, Dynamics, System Centre, and extended security updates for older Microsoft products. CERT-In has raised concerns that the vulnerabilities could be exploited by attackers to gain elevated privileges, access confidential data, bypass security mechanisms, execute remote code, or initiate denial-of-service (DoS) and spoofing attacks. 'These multiple vulnerabilities in Microsoft products could be exploited to compromise system integrity and put sensitive information at risk,' the agency warned, urging IT administrators, cybersecurity teams, and general users to act promptly. As of now, Microsoft has not issued any official workaround or mitigation for the vulnerabilities. Users are being advised to install the latest security patches released by Microsoft in its May 2025 update to minimise potential risks. It is noteworthy that the advisory serves as a crucial reminder for organisations and individuals to remain vigilant and to ensure that all systems are updated regularly to avoid potential exploitation. Install the latest security updates as detailed in Microsoft's May 2025 release notes. Monitor systems for unusual activity and apply best practices in access management and endpoint security. Engage security professionals to assess vulnerabilities and ensure appropriate defences are in place. With cyberattacks growing increasingly sophisticated, CERT-In's alert underscores the importance of proactive cybersecurity measures in safeguarding digital infrastructure.
&w=3840&q=100)
Business Standard
26-05-2025
- Business Standard
CERT-In issues 'high risk' warning, many Microsoft tools affected: Details
CERT-In warns of multiple Microsoft product flaws that could enable attackers to bypass security, execute code remotely, or cause data leaks and service disruption New Delhi The Indian Computer Emergency Response Team (CERT-In) has issued an advisory for Microsoft users, warning of security vulnerabilities in their devices. The central government authority has issued this advisory to alert individuals and IT administrators, security teams responsible for maintaining and updating Microsoft products. CERT-In has classified these vulnerabilities as 'High risk,' warning they could enable attackers to access sensitive data, disrupt services, and carry out other malicious actions. CERT-In in its blog wrote: 'Multiple vulnerabilities have been reported in various Microsoft Products, which could allow an attacker to gain elevated privileges, obtain Information Disclosure, bypass Security restrictions, conduct remote code execution attacks, perform spoofing attacks, or cause denial of service (DoS) conditions.' Affected software The full list of affected software includes: Microsoft Windows Extended Security Updates (ESU) for legacy Microsoft products Microsoft Azure Microsoft Developer Tools Microsoft Office Microsoft Apps Microsoft System Centre Microsoft Dynamics How to keep your device protected CERT-In has advised users to apply appropriate security updates as mentioned in Microsoft's May 2025 security update release notes. However, as per Microsoft's website, there are no workarounds to these issues yet, and no mitigation has been done in the matter officially either. In related news, CERT-In issued an advisory for iPhone and iPad users around two weeks back. CERT-In earlier issued a high-severity alert for Apple users, warning of a critical vulnerability affecting iPhones running iOS versions earlier than 18.3 (iPhone XS and later) and several iPad models with outdated iPadOS versions. The warning, marked as 'very high' risk, was released on May 12 and highlights the potential threat to device functionality. According to CERT-In, the flaw could allow malicious apps to make devices unresponsive or unusable until restored. Users are advised to update their iOS and iPadOS versions promptly to avoid possible disruptions.
News18
26-05-2025
- News18
Windows 10, 11 And Microsoft Office Users Face Major Security Risks, Indian Govt Raises Alert
Last Updated: Windows and Office users are facing multiple security issues that can leave them vulnerable to cyber attacks and hacking. Microsoft Windows and Office among other products are facing another big security risk that has forced the Indian government to alert the users across the country. Windows is the popular OS used by millions for their PCs and laptops, while Office lets you use apps like Word, Excel and PowerPoint. The latest concerning issue has been detailed by the Indian Computer Emergency Response Team or CERT-In in May 2025, sharing some worrying details about the security risks that make millions of Windows PCs vulnerable to hacking attacks. The CERT-In alert explains the security risks that are plaguing not just the Windows and Office users but other Microsoft products that are heavily relied on by businesses. 'Multiple vulnerabilities have been reported in various Microsoft Products which could allow an attacker to gain elevated privileges, obtain Information Disclosure, bypass Security restriction, conduct remote code execution attacks, perform spoofing attacks, or cause denial of service (DoS) conditions," the security bulletin says. The government alert also points out the Microsoft users who are at risk because of the latest issues: Windows, both latest and legacy versions are vulnerable to the security issues, which makes it critical that everyone using a Windows PC should install the latest patch at the earliest. You also have businesses targeted with products like Azure and dynamics also in the mix. And yes, like we said, Office has a wide suite of apps that are used by both personal and business users. The agency also informs that Individuals and IT administrators, security teams responsible for maintaining and updating Microsoft products could be targeted with ransomware or cyber attacks. So what can you do to protect your systems from the issues? Microsoft has already discovered the risks, and released the patches that will keep your machine safe. We suggest you go to settings, enable auto-update Windows and reboot the system to have the new version installed to keep your PC safe.
News18
23-05-2025
- News18
Zoom Security Warning Issued By Indian Govt For Windows And Android Users: Should You Worry?
Last Updated: Zoom users face multiple security issues that can make them easy target for hackers who can try to steal personal data. The Indian government has raised a new security warning for Zoom users on Windows, macOS and even Android. The latest alert from the Indian Computer Emergency Response Team or CERT-In on May 22 talks about multiple security issues that can make it easy for hackers to attack their system bypassing the Zoom security layers and able to steal data and other information from the targeted users. Zoom was popular during the pandemic because of people working remotely and assisting them with video meetings from anywhere. Even today, people rely on the platform for work which is why the new risks warrant your attention. Zoom Security Issue: What The Alert Says The CERT-In note talks about multiple security issues that are affecting Zoom on various platforms. 'Multiple vulnerabilities exist in Zoom products due to improper input validation, race conditions and memory corruption issues." The agency further suggests that the Zoom security issues could make it high risk for both businesses and personal users. 'Successful exploitation of these vulnerabilities could allow an attacker to affect the integrity of the app, gain elevated privileges or cause denial of service conditions on the targeted system." So who is at risk because of the aforementioned security issues in Zoom, the government agency says pretty much every platform that runs the app needs to be alert: The Zoom workplace app is used by businesses and professionals while the Android and iOS app mentioned here are popular among most people. If the Zoom on your Android, iOS or Windows system is running on the versions prior to the ones written here, you need to update the Zoom app right away. So, We suggest you open the Zoom app on your desktop/mac or mobile device and click on the available software update for the platform and secure your devices from possible hacking threats. First Published:
Hans India
20-05-2025
- Business
- Hans India
Cybersecurity audits top agenda at CERT-In conference
New Delhi: Discussions on Cybersecurity audits and emerging technologies dominated the agenda at an ongoing brainstorming conference organised by the Indian Computer Emergency Response Team (CERT-In), said an official on Tuesday. The three-day national conference, 'CERT-In SAMVAAD 2025,' began on Monday, aiming to unite information security auditing organisations, regulators, and stakeholders to enhance cybersecurity practices across the nation, the official said. In his inaugural address, S. Krishnan, Secretary, Ministry of Electronics and Information Technology (MeitY), highlighted the importance of collaboration to address evolving cyber threats and strengthen India's audit ecosystem. He also mentioned that CERT-In's initiative offers a valuable opportunity for auditing organisations to upgrade practices and share knowledge, contributing to a more cyber-resilient India, said a statement. Dr. Kamakoti Veezhinathan, Director, IIT-Madras, delivered a brief presentation emphasising the importance of cyber resilience — ensuring the continuity of essential services and safeguards even during adverse situations, particularly in light of the evolving cyber threat landscape targeting Indian organisations across various sectors. He underscored the need for comprehensive architectures, frameworks and models to support cyber resilience programs among diverse stakeholders. Dr Veezhinathan appreciated CERT-In's efforts in organising the conference and expressed hope that the event would significantly contribute to strengthening the capabilities of participating information security auditing organisations and improving overall auditing practices. The conference organised by CERT-In, in collaboration with SkillsDA, was also attended by Brajendra Navnit, Principal Secretary, Information Technology and Digital Services Department, Government of Tamil Nadu, Dr. N. Subramanian, Executive Director, Society for Electronic Transactions and Security (SETS) and Dr. Sanjay Bahl, Director General, CERT-In. The event included a panel discussion on 'Cybersecurity Audits & Regulatory Expectations: Bridging the Gap' moderated by S.S. Sarma, Director Operations, CERT-In, with panellists from various regulators. The discussion provided auditing organisations with valuable and actionable insights into regulatory expectations. The three-day event also promises parallel management and technical tracks, with over 70 presentations that would set the standard for cutting-edge cybersecurity audit practices. The management track would explore key topics such as human factors in auditing, C-suite risk management, governance frameworks and strategies for stakeholder communication. The technical track would focus on emerging tools for automated audits, securing next-generation technologies (IoT, AI/ML, blockchain, quantum computing), SBOM implementation and innovative approaches to complex and continuous audit environments, including cloud systems, APIs and operational technology.
