Harsh Kumar

🚨Fake mParivahan Apps: India’s Android Threat Landscape Evolves🚨 During a recent investigation using Webamon’s threat hunting capabilities, I uncovered two newly registered, typo-squatted domains targeting users of India’s mParivahan portal. These domains - registered & hosted with Hostinger and crafted with notable attention to legitimacy, deceptively prompt visitors to download a fraudulent “mParivahan” mobile application. The intent is clear: lure unwary users into granting sensitive device permissions and stealthily compromise personal, financial, and communication data. Domains investigated: • hXXps://mparivahan[.]org/ • hXXps://mparivahan[.]shop/ This malware campaign leverages social engineering, mimicking government communications, and evades standard security checks by distributing the fake app outside secure channels like Google Play. Once installed, the malicious APK aggressively requests access to SMS, contacts, notifications, and more - turning infected devices into sources of surveillance and financial fraud, including OTP interception and unauthorized transaction facilitation. For those pursuing deeper technical research or incident response, the actual malware samples from these domains are accessible at: https://lnkd.in/gn9bEG7t https://lnkd.in/gSJnwSE3 With evolving tactics ranging from WhatsApp traffic alerts to advanced technical evasion and RAT-style payloads, these campaigns underscore the urgent need for vigilance and cross-verification before installing any application. Regular reviews of app permissions and prompt reporting to cybercrime authorities remain the best initial defense for end-users and security teams alike. CyberDost I4C #cybersecurity #infosec #threatintelligence #malware #mobilesecurity #phishing #cyberawareness #dataprotection #digitalrisk #India #cybercrime

12

Sacrificing Cybersecurity Quality for Cost? A Wake-Up Call on CERT-In Empanelled Audits In India, we have over 150 CERT-In empanelled vendors authorized to conduct security audits for government, PSU, BFSI, and critical infrastructure organizations. But here’s the uncomfortable truth: 🔻 Audit quality is deteriorating. 🔻 Reports are becoming templated, generic, and checkbox-driven. 🔻 Junior analysts are being deployed with minimal oversight. Why? The answer lies in a flawed procurement model — the L1 (lowest bidder) trap. 🎯 In the race to win contracts based on price alone, many organizations are forced to cut corners: • Using copy-paste reports • Skipping retesting • Ignoring contextual threat modeling • Focusing on “compliance” over “real risk mitigation” 📉 This is not just a vendor issue — it’s a systemic gap. Who ensures report quality? 👉 While CERT-In occasionally reviews vendor performance, the primary responsibility falls on the auditee (you and me). In critical sectors, regulators like RBI or NCIIPC may review samples, but there’s no consistent, formalized report QA mechanism today. ⸻ 💡 What Needs to Change? ✅ Move from L1 to QCBS (Quality + Cost Based Selection) ✅ Introduce standardized report formats and tool disclosures ✅ Build a feedback loop to rate vendor quality post-audit ✅ Encourage independent second-level reviews for high-risk environments ✅ Incentivize deep audits over fast audits ⸻ Cybersecurity is not a commodity. It’s a strategic national asset. Let’s not let the lowest cost dictate the lowest defense. #CyberSecurity #CERTIn #RiskManagement #CyberAudit #Governance #IndiaSecurity #Infosec #CISO #BFSI #CriticalInfrastructure #QCBS #AuditQuality #L1Trap #Empanelment

15

SEBI has released the FAQs on CSCRF implementation and it evident and helpful to all the organisations falling under purview of this compliance. A summarised version of FAQ is here for quick glance. 1. Cybersecurity and Cyber Resilience Framework (CSCRF) – aimed at bolstering cyber defenses across SEBI-regulated entities (REs). 2. Cloud Adoption Framework – guiding safe and compliant use of cloud services by REs. Key Highlights: Governance & CISO Requirements: Emphasizes appropriate CISO designation, reporting structures, and permits remote CISOs with specific restrictions. RE Categorization: Clarifies classification based on size and operational scope; addresses nuanced cases like proprietary brokers and bank DPs. Asset & System Management: Allows flexible asset inventory approaches and requires board-approved critical system lists. Introduces post-quantum cryptography readiness. Vulnerability Management: Tightens VAPT cycles, enforces timelines for patching, and outlines third-party vulnerability responsibilities. Audits & Compliance: Standardizes audit periods to financial years and mandates forensic independence. Introduces nuanced cyber audit scopes and rules for multi-license entities. Cyber Capability Index: Specifies assessment frequencies, scoring logic, and its role in regulatory reporting. SBOM: Stresses mandatory SBOM documentation for critical systems, with flexibility for legacy applications via board-approved exceptions. Outsourcing & Cloud Hosting: Establishes that REs are fully accountable for third-party risks and allows cloud use if due diligence and compliance controls are in place. Cloud Service Providers (CSPs): Clarifies audit rights, subcontractor scopes, and MeitY empanelment conditions; offers guidance on infrastructure standards. COTS Software & Testing: Confirms testing mandates (DAST/SAST) even for internally-used applications. Log & Data Security: Requires comprehensive log management, strong encryption for all data states, and enforces automation tools for certain RE categories. ISO 27001 Certification: Needed only when specific critical services are outsourced. SOC Flexibility: Permits global/shared SOC usage with documentation; outlines Market-SOC onboarding. Threat Intelligence: Encourages REs to expand beyond CERT-In and NCIIPC sources using internal and commercial feeds. Disaster Recovery: Mandates live cybersecurity drills, strict RTO/RPO adherence, and board-level declaration during incidents. Incident Response: Makes forensic audits mandatory for high/critical incidents and prohibits in-house forensics. Conclusion: SEBI ’s FAQs reflect an industry-aware, forward-looking regulatory stance. While comprehensive, some areas (like SBOM ownership and integration of AI solutions) may see further refinement. If you want to have an discussion or need professional expertise connect with me or InSecSys at insecsys@insecsys.com Call : 8379077907 URL : www.insecsys.com #compliance #cybersecurity

13

1 Comment

🔒 The Silent Cost of Ignoring Small Vulnerabilities A ₹10,000 vulnerability can cause a ₹10 crore loss. Crazy? Not really. Recently, during a routine assessment, we spotted a small misconfiguration something that looked too minor to worry about. No data leak. No alert. Just an open port quietly waiting to be noticed. But here’s the thing — that “small issue” was all an attacker would need to step in, move laterally, and disrupt the entire network. That’s how cybersecurity really fails — not in one big hack, but in hundreds of small warnings we choose to ignore. Every unpatched system, every unused admin account, every “we’ll fix it later” adds up. Until one day, it’s too late. 👉 Cybersecurity isn’t about chasing threats. It’s about respecting the small things before they become big ones. #CyberSecurity #VAPT #RiskManagement #InformationSecurity #DataProtection #BusinessResilience #CybriaSecure

14

What does it mean to build Cyber Security Products now — under India’s AI Governance Guideline philosophy? Cyber product building is no longer just engineering features. It is nation scale risk architecture. The new AI Governance Guidelines shift how we think about product build for cyber — security products must now embed governance at design time, not after launch. This means ↓ Trust becomes the primary UX Security products must prove they protect, not just claim. People First Impact on the last user matters — not only the mature enterprise. Accessibility → responsibility. Innovation over Restraint We are expected to innovate boldly, but with guardrails… not build fear-based restrictions. Fairness & Equity Security protection cannot create new inequality, bias or exclusion. Accountability & Verifiable Responsibility Who is responsible for harm, misuse, AI-driven exploitation? Products must define this explicitly. Understandable by Design Security products cannot be black box magic. Explainability must be built into defaults. Safety, Resilience & Sustainability Defence cannot be static. It must self-adapt and sustain through evolving threat surfaces. So what does this mean for us building next-gen cyber products? Cyber products become trusted public infrastructure — not just tools. This is the era where Indian cyber product build is mission architecture — not just software shipping. This is how India will build secure AI + secure digital economy together Murali Rao Shiva Prakash Sai Abburu SIDHARTH SOOD #AI #Cybersecurity #IndiaAI #Product #Governance #Resilience #SecurityEngineering

16

🚨 CERT-In Releases Technical Guidelines on SBOM, QBOM, CBOM, AIBOM & HBOM The Indian Computer Emergency Response Team (CERT-In) has released Version 2.0 of its technical guidelines on the Software Bill of Materials (SBOM), now significantly expanded to cover five critical domains: 1. SBOM – A detailed list of all software components, including third-party elements, used in a software product. It helps identify and mitigate vulnerabilities within the codebase. 2. QBOM – Focuses on components related to quantum computing and quantum-safe cryptography. It inventories quantum algorithms and security frameworks, aiding organizations in preparing for and adopting post-quantum cryptographic (PQC) solutions. 3. CBOM – An inventory of all cryptographic assets such as algorithms, encryption keys, and security protocols used within an organization. It helps in ensuring transparency and up-to-date security measures. 4. AIBOM – A comprehensive list of all components used in the development, training, and deployment of AI models, including hardware (e.g., GPUs), software frameworks, and datasets. AIBOMs are becoming essential for ensuring security, transparency, compliance, and risk management in AI systems. All organizations involved in AI-driven development and services are advised to include AIBOM requirements in all AI-related procurements and solutions. 5. HBOM – A list of all physical components, such as servers, networking gear, and storage devices that make up a hardware system. It helps in tracking, auditing, and managing hardware-related risks. These guidelines are especially relevant for government bodies, public sector units, essential services organizations, and entities involved in software exports and software services. It is aimed at: 1. Software Consumers – Organizations that purchase and use software to support operations. 2. Software Developers – Entities that build and maintain custom software solutions. 3. System Integrators / Software Resellers – Organizations that distribute software products and provide related services. By adopting these guidelines, organizations can bolster security, accelerate incident response, identify and patch vulnerabilities more efficiently, mitigate supply chain risks, ensure regulatory compliance, and enhance overall operational resilience. This is an essential step in building more secure, transparent, and future-ready digital ecosystems. 👉 Link to the full guidelines is in the comments. #ai #india #aigovernance #cybersecurity [This post is for educational purposes only and does not constitute legal advice. The views expressed herein are personal and not reflective of any institution or company. Likes or interactions with this content do not imply endorsements.]

17

1 Comment

Why does a ₹10 lakh vulnerability cost ₹3 crore to fix later? Because late-stage cybersecurity fixes often involve: Redesigning ECUs or software modules Revalidating safety-critical functions Delaying homologation and production timelines Reopening supplier contracts and test cycles We’ve seen it firsthand. HackersEra’s early gap assessments and compliance roadmaps help OEMs: Detect issues during design, not pre-launch Align cybersecurity milestones with engineering cycles Avoid downstream financial, operational, and reputational losses Start early. Test thoroughly. Fix before it costs you everything. #HackersEra #AIS189 #OEMCostSaving #VehicleCybersecurity #CompliancePlanning #ISO21434 #SecureByDesign

21

1 Comment

Patient data is the new jackpot for attackers. Without HSMs, you’re handing them the keys. ICMR’s 81 crore record breach showed what happens when data and keys live together. Most hospitals in India still keep patient PII — often Aadhaar-linked — in standard databases where data and encryption keys sit side by side. That design flaw makes a breach inevitable, not hypothetical. The ICMR incident proved the scale: health records of over 81 crore Indians for sale online, placing India among the top three in global healthcare leaks. Under the DPDP Act 2023, penalties can touch ₹250 crore per breach. That’s before factoring in reputational damage and regulatory scrutiny. Hardware Security Modules (HSMs) change the game — by isolating encryption keys in tamper-proof hardware, they render stolen databases useless. The truth is simple: the way hospitals secure patient data today is insufficient. HSMs are not an upgrade. They are the minimum standard of trust.

80

5 Comments

Mandiant (part of Google Cloud) opens its M-Trends 2025 report with a paragraph discussing Infostealers. Infostealers are mentioned 72 times and are a key focus of the report. I’m glad to see Infostealers being recognized as an industry-wide problem by every major cybersecurity company now. When I first started talking about Infostealers, companies had no idea what they were. M-Trends 2025 report available here - https://lnkd.in/d-kNvuxh

68

4 Comments

Indian fintech companies really need to rethink how they treat cybersecurity. Recently, I responsibly reported security issues to 2-3 fintech companies These were not theoretical risks, but real bugs that could impact customer data and brand trust. Two companies didn’t respond at all. One replied, but the tone was dismissive and rude. This is the pattern I keep seeing: budgets for marketing, growth hacks, and PR are unlimited, but security is ignored until a breach happens and the damage is already done. Cybersecurity is not an optional cost. It’s a basic responsibility when you handle user data and money. Ignoring researchers who are trying to help is short-sighted and dangerous. Indian fintechs don’t have a trust problem yet. But this attitude is exactly how you create one. Security should be proactive, not a reaction after headlines. #CyberSecurity

31

6 Comments

‼️CERT-In Issues High Alert for Android Users in India ‼️ The Indian Computer Emergency Response Team (CERT-In) has issued a high-severity advisory, urging Android mobile phone users (versions 13, 14, 15, 16) to immediately apply the November 2025 security update released by Google and major device manufacturers to mitigate a critical “Zero Click” exploit (CVE-2025-48593). Leading mobile phone brands such as Samsung and Xiaomi have already begun rolling out patches to mitigate the vulnerability. Vulnerability Details CVE-2025-48593 arises from insufficient validation of user input within a core Android component, letting attackers remotely execute malicious code with a single crafted packet or payload, such as a malicious MMS or push notification. The exploit requires no additional execution privileges or active user participation (zero-click), raising the risk of mass device compromise, data theft, ransomware, and use in botnet campaigns. Impact and Risks Puts the integrity, privacy, and security of messages, data, and enterprise communications at serious risk. Current patches are available, but delayed updates leave millions exposed, making timely deployment crucial—especially for business mobile fleets. Mitigation and Recommendations Check device security patch level and update immediately; patches released as part of the November 2025 update by Google, Samsung, Xiaomi, and other brands. Enterprises should enforce mobile device management (MDM) with automatic updates, maintain real-time device inventories, and deploy mobile threat defense solutions for continuous detection. Immediate patching is the best defense; any Android device lacking the November 2025 update is at increased risk of exploitation from sophisticated attackers.

36

2 Comments

🎬 𝐀 𝐁𝐨𝐥𝐥𝐲𝐰𝐨𝐨𝐝 𝐒𝐨𝐧𝐠 𝐋𝐲𝐫𝐢𝐜 𝐚𝐧𝐝 𝐚 𝐂𝐲𝐛𝐞𝐫𝐬𝐞𝐜𝐮𝐫𝐢𝐭𝐲 𝐋𝐞𝐬𝐬𝐨𝐧 🎶 “𝐊𝐚𝐡𝐢𝐧 𝐚𝐚𝐠 𝐥𝐚𝐠𝐧𝐞 𝐬𝐞 𝐩𝐞𝐡𝐥𝐞, 𝐮𝐭𝐡𝐭𝐚 𝐡𝐚𝐢 𝐚𝐢𝐬𝐚 𝐝𝐡𝐨𝐨𝐚𝐧…” (Song- Do Dil Mil Rahe Hain, from the movie Pardes)- Before the fire, there’s always smoke. The same holds true in cybersecurity. Before every breach, there are always signs — exposures waiting to be noticed. Vulnerabilities, misconfigurations, phishing-prone users, counterfeit assets — these are the dhooan that rise before the aag (breach). Organizations that focus only on detection and response are reacting after the flames. Those that continuously manage their exposures can prevent the fire altogether. Because in cybersecurity, if you can see the smoke early, you might never have to face the fire. That’s why we built Invinsense OXDR (https://lnkd.in/gcgQR6FX )— our unified Exposure Management Platform — to help organizations detect the dhooan before it becomes aag. 

11

1 Comment

SEBI CSCRF Compliance – The Final Countdown! 🚨 The deadline for SEBI’s Cybersecurity & Cyber Resilience Framework (CSCRF) compliance is March 31, 2025 – and many Regulated Entities (REs) are still figuring out their next steps. If you’re feeling stuck, don’t worry! Here’s a quick-action checklist to get started immediately: ✅ 1. Create an Asset Inventory – Identify & tag all IT assets to track security posture. ✅ 2. Identify & Classify Critical Systems – Determine sensitive systems & get management approvals. ✅ 3. Develop Cybersecurity & Resilience Policies – Draft and approve key security policies. ✅ 4. Evaluate Cyber Risk in Infrastructure – Assess current security gaps & upgrade where needed. ✅ 5. Perform an Initial Gap Assessment – Understand where your organization stands today. ✅ 6. Establish a Cyber Risk Management Framework – Define how risks are identified & mitigated. ✅ 7. Develop an Incident Response Plan (IRP) – Document incident handling & escalation workflows. ✅ 8. Document a Disaster Recovery Plan (DRP) – Ensure business continuity & resilience planning. ✅ 9. Finalize Scope for VAPT – Conduct testing on critical assets as per CSCRF guidelines. ✅ 10. Conduct Cybersecurity Awareness Training – Educate employees on security best practices. Time is running out! If you haven’t started yet, focus on high-priority tasks like policy documentation, asset classification, and risk assessment. 📢 Need help with last-minute compliance efforts? Drop a comment or DM, and let’s get you on track before the deadline! #SEBICSCRF #CyberSecurity #Compliance #RiskManagement #FinancialSecurity #CISO #CyberResilience

20