Techshots' Weekly Cybersecurity Newsletter

Hello readers,

Welcome back to our newsletter, where we discuss news items that kept the cybersecurity world busy and also made headlines in India. By the end of this newsletter, we hope you'll become more cyber-aware and will have better insights into the big events around you.

Let's get started

The Poonam Pandey episode

Adult film actress Poonam Pandey pulled a stunt last week which was heavily criticised by almost everyone. Her publicist claimed she had died of cervical cancer and a day later, she reappeared. She said she only wanted to create awareness about the disease and claimed to have done that with this stunt. However, using her death as a medium was something that didn't sit well with many. Later, the government responded to news reports, claiming that she was being considered a brand ambassador for the government's awareness campaign on cervical cancer. Senior officials said this was not the case.

The Paytm episode

Paytm, India's leading digital payments platform, faced action from the Reserve Bank of India (RBI) for alleged violations of regulatory norms related to know-your-customer (KYC) guidelines. The RBI reportedly found lapses in adherence to these norms and ordered Paytm to halt onboarding of new customers to its payments bank until further notice. Paytm stated it is committed to resolving the concerns and ensuring compliance with regulatory requirements. Paytm CEO Vijay Shekhar Sharma is learnt to have met Finance Minister Nirmala Sitharaman over the issue. However, she reportedly told him in the nearly 10-minute-long meeting that the government had no role in this action.

The Uttarakhand UCC episode

Uttarakhand has become the first state to pass the Uniform Civil Code (UCC) Bill. The elaborate bill also mentions that couples in live-in relationships have to register themselves, failing which they would invite imprisonment, fine or both. The bill aims to bring common law on marriage, divorce, land, property, and inheritance for all citizens, irrespective of their religion. However, it leaves Scheduled Tribes out of its ambit.

Moving on to cybersecurity now

Deepfakes featuring Taylor Swift surfaced online

Late last month, pornographic images of singer-songwriter Taylor Swift surfaced online, following which Elon Musk’s social media platform X blocked some searches for her. After the images began spreading online, the singer’s fanbase, popularly known as “Swifties”, started a #ProtectTaylorSwift hashtag to flood it with more positive images of the pop star. Some said they were reporting accounts that were sharing the deepfakes.

Indian government again issued a warning for Apple products

The Indian government's cybersecurity agency, CERT-In, last week flagged multiple vulnerabilities in various Apple products which if exploited by hackers, can allow them to steal users' sensitive data and even gain complete control over the device. To safeguard vulnerable Apple devices from potential security threats, CERT-In recommends users apply the security updates mentioned in the Apple Security Update immediately.

Biotech company 23andMe said it didn't detect cyberattacks for months

23andMe, a genetic testing company, acknowledged a security lapse, admitting it failed to detect cyberattacks for months. The breach started in April 2023 and went undetected till September. The company vowed to enhance its security measures and notify affected customers promptly. It is being reported that hackers stole data, like a person’s name, birth year, relationship labels, the percentage of DNA shared with relatives, ancestry reports and self-reported location, of 6.9 million customers

Hackers steal $112 million of XRP Ripple cryptocurrency

Chris Larsen, executive chairman and co-founder of Ripple, said that several of his personal XRP accounts had been hacked. "We were quickly able to catch the problem and notify exchanges to freeze the affected addresses," he added. Larsen and other Ripple-related individuals have not confirmed the amount stolen. However, on-chain sleuth ZachXBT reported that the addresses in question were hacked for 213 million XRP, or $112.5 million.

With this, we are ending this edition of our newsletter. If you wish to read about a particular topic, write to me at [email protected].