• A
  • A
  • A

IPV6 Test         email Hindi Marathi

Broadband-GSM Companion scheme

The Free SIM along with the data STV will be offered to the new customers who book a Broadband.

Broadband-GSM Companion SIM

 

Plan Proforma for Broadband-GSM Companion SIM
Plan name PPS_FTU_BB
MRP of SIM 10 Free
MRP of FTU Rs. 3
Talk Value Re. 0.02
Tariff  Validity (days) 5 years (1825 days)
Call Charges Voice Call Video Call
 Home Network
Mobile Calls(Local + STD) 1p/sec 1p/sec
Landline Calls(Local + STD) 2p/sec NA
Roaming Network - MH & Goa
Call to MTNL Mumbai  N/w Re. 0.80/min Rs. 3.00/min
Call to Other Mumbai N/w Rs. 1.15/min Rs. 4.00/min
Call to Other BSNL Maharashtra N/w Re. 0.80/min Rs. 3.00/min
National Call Rs. 1.15/min Rs. 4.00/min
Incoming Free Free
 Roaming Network-Rest of India
Local Call Re. 0.80/min Rs. 3.00/min
National Call Rs. 1.15/min Rs. 4.00/min
Incoming in ROI Free Rs. 1.80/min
SMS tariff
 Home N/w Local: Re. 0.50; National : Rs. 1; International: Rs. 5
 Roam N/w Local: Re. 0.25; National : Rs. 0.38; International: Rs. 5
Data tariff   (Home & Roam) 3p/10 KB (after consumption of free data usage)
 International Calls Prevailing ISD Tariff will be applicable.
Trump My Group Plan
   Monthly Service charges Rs. 20/-
   Group Size Upto 9 other Local Dolphin/Trump numbers
   Group number registration  charge Rs.1/- per number
  Call charges within Group 1p/12sec
  SMS charges within Group 10p/SMS

NOTE:

  • Limited Period offer for 90 days from 01/07/2018 to 28/09/18
  • Only e-FTU will be offered and no physical FTU will be printed.
  • Subscriber can do Top-up for availing Talk-time benefits and can avail all other STVs.
  • The Broadband-GSM Companion e-FTU will exclusively be available at MTNL CSCs.
  • The MRP of the FTU is for internal technical implementation, however nothing will extra be charged from the customer.

 

Broadband-GSM Companion data STV

Broadband-GSM Companion data STV

For Broadband Customers availing Plan 600-799For Broadband Customer availing  Plan 800 and above
Broadband-GSM Companion data STV 1Broadband-GSM Companion data STV 2
MRP of the STV 1 Free MRP of the STV 2 Free
Talk-time Re. 0.17 Talk-time Re. 0.23
Free data benefit 5 GB per month Free data benefit 10 GB per month
Tariff validity 12   months Tariff validity 12 months

NOTE:

  • Limited Period offer for 90 days  from 01/07/2018 to 28/09/18
  • The above data STV will exclusively be available only at MTNL CSC and will be in E-recharge mode. It won’t be available through any distributor, e-MBA as well as online recharge. 
  • The benefit of free data usage will be available in home & national roaming network.
  •  After the consumption of free data usage, standard charges @3p/10 kb will be applicable.
  • Unused free benefits will lapse after the expiry of 30 days, per month. And every next month, fresh data will be given for the next 30 days.
  • The above STV will be valid only for Broadband-GSM Companion FTU only and won’t be valid for other existing SIM or FTU plans.
  • One GSM SIM per BB customer :  MTNL Broadband customers cannot avail more than one Free SIM on every BB  connection.

 

 

 

 

 

 

 

 


TLS 1.2 updation

 

What’s happening?

Transport Layer Security (TLS) is a protocol that ensures privacy between communicating applications and their users on the Internet. When a server and client communicate, TLS ensures that no third-party may eavesdrop or tamper with any message. TLS is the successor to the Secure Sockets Layer (SSL).

BillDesk will disable support for TLS 1.0. After this change, any application/ browser than uses TLS 1.0 WILL NOT be able to establish a successful connection to the BillDesk platform. For the best security, BillDesk recommends upgrading to TLS 1.2 as soon as possible for your organization.

Why this change?

 

This change is mandated by the PCI Security Council and affects all merchants and service providers processing or transmitting card data. This is not an action BillDesk is taking alone. EVERY website that transmits or processes card data has to make this change. This change has to be done by June 30, 2018.

When is this planned?

From June 22, 2018 05:00 AM IST onwards BillDesk will no longer accept TLS 1.0 connections.

What all could be impacted?

Basically, there are two methods by which connections are established with the BillDesk platform:

  1. 1.Browser redirection to a BillDesk URL– this is handled by the end consumer’s browser and to the extent if the browser version is the latest one, there is no reason to worry since latest browser versions support TLS 1.1 / TLS 1.2. However, if the end consumer is using an old browser version that does not support the latest TLS version then such customers WILL not be able to access the BillDesk URL. The only solution for the customer would be to upgrade to the latest browser version. You may want to let your customer support team know about this so that they can guide customers who either call/ email your help desk.
  2. 2.You’re connecting to a BillDesk URL on a direct server to server basis through API calls– here you need to make sure your applications are able to establish connections with the BillDesk URLs using TLS 1.1 / TLS 1.2.

What’s the action item?

Depending on your tech stack you should check the version that you’re using and the relevant support for the latest TLS version is already available or not – in the event you need to perform certain upgrades to ensure that your application can support the relevant TLS version you need to act immediately so that you’re ready.

BillDesk production end point URLs ALREADY support TLS 1.1 and TLS 1.2 which means you can immediately request your application/ technology teams to check and ensure that your applications are connecting to BillDesk using either TLS 1.1 or TLS 1.2. You need NOT wait until BillDesk completes the activity as per the planned date. You should be ready much BEFORE that to ensure no impact to your integrations.

Integrity Pact & IEM

 

 

Click Here For CVC Circular Regarding Integrity Pact

 

A new committee of Independent External Monitors has been formed as per the details given below:


Name                                                     E-mail ID

(1) Shri Dhruv Kumar Agarwal               This email address is being protected from spambots. You need JavaScript enabled to view it.
(2) Shri V.K. Gupta                                 This email address is being protected from spambots. You need JavaScript enabled to view it.
(3) Ms. Alka Sirohi                                  This email address is being protected from spambots. You need JavaScript enabled to view it.

 

Last Updated: 29 Dec,2017

Upgrade MTNL Email  Storage

 

MTNL Mumbai provides Email box with storage capacity of 1GB,5GB and 100GB on chargable basis per year.

To upgrade your mail box , Click Here

Last Updated: 23rd Jun 2018


 

Cyber Security Alerts

Banking Trojan Emotet

Banking   Trojan Emotet :-

     The Emotet Trojan designed to steal banking credentials and other sensitive information, and is most often propagated by way of phishing emails containing a crafted document purporting to be invoices or other business communications or links to similar Reportedly, a surge in the emotet activity is observed involves the use of a spam botnet, which results in its rapid distribution via email thus distributing IcedID,TRICKBOT etc. Emotet can also spread via a network propagation module that brute forces its way into an account domain using a dictionary attack. Emotet’s use of compromised URLs as C&C servers likely helped it spread as well.  Once Emotet has infected a host, a malicious file that is part of the malware is able to intercept, log, and save outgoing network traffic via a web browser leading to sensitive data  being compiled to access the victi m's bank account. According to reports, The Trojan may download the following modules to carry out various tasks:

Banking module

Distributed denial of service (DDoS) module

Spam module

Email client infostealer module

Browser infostealer module

Personal Storage Table (PS T) infostealer module

Recommendations

  Monitor Connection attempts towards the listed domains /IPs. The list may include compromised domains /IP resources as well. Blocking the domains / IPs is solely the recipients responsibility after diligently verifying them without impacting the operations. Deploy web and email filters on the network. Configure these devices to scan for known bad domains, sources, and addresses; block these befo re receiving and downloading messages. Scan all emails, attachments, and downloads both on the host and at the mail gateway with a reputableantivirus solution.

Enforce application whitelisting on all endpoint workstations. This will prevent droppers or unauthorized software from gaining execution on endpoints. Disable macros in Microsoft Office products. Some Office products allow for the disabling of macros that originate from outside of an organization and can provide a hybrid approach when the organization depends on the legitimate use of macros. For Windows, specific settings can block ma cros originating from the Internet from running. Restrict execution of powershell /WSCRIPT in enterprise environment. Ensure installation and use of the latest version (currently v5.0) of PowerShell,with enhanced logging enabled script block logging and transcription enabled. Send the associated logs to a centralized log repository for monitoring and analysis.

Information Stealer Backdoor Malware Darkcomet

Reports of Darkcomet RAT variants that collects and exfiltrates system information, user credentials, cryptocurrency wallets, browser info, and login credentials. It is designed to allow a remote operator to perform various specific functions, such as recording the victim's information and downloading additional malicious payloads.

When executed, the malware checks if the following Anti-Virus (AV) applications are installed:

  • Bitdefender
  • Kaspersky Anti-Virus

It installs a copy of the malware into the following directories:

 PathRemarks
 %TEMP%\data.bin --
%TEMP%\data.exe --
%TEMP%\S-winup.exe --
C:\41-9322255461-12-5-1-S\S-1-5-21-1645522239-14.exe The folder and the file names are generated using access token information (SID).
%AppData%\4FB42C\C0FA36.hdb Contains the hash of the exfiltrated data.
%AppData%\4FB42C\C0FA36.lck A lock file for decrypting Windows Credentials or Keylogging
%AppData%\4FB42C\C0FA36.exe Installed copy of the malware used for persistence
%AppData%\4FB42C\C0FA36.kdb Keylogger data to be sent to the C2 server


It verifies if the current user is a member of the local administrators and attempts to bypass User Account Control (UAC) using the following commands:

  • /c reg add hkcu\Environment /v windir /d "cmd /c start %TEMP%\data.exe
  • /f && exit
  • /c schtasks /Run /TN \Microsoft\Windows\DiskCleanup\SilentCleanup /I && exit
  • /c reg delete hkcu\Environment /v windir /f && exit

It logs victim's activities in plaintext such as keystrokes, along with time, clipboard changes, applications and more into "%AppData%\dclogs\YY-MM-DD-00.dc". It attempts to connect to a domain "dkcengin.ddns.net" using port 4891 and waits for commands from the C2 or controller.

 

CERT-In Recommends

  • Restrict connection towards the domains. Put the IPs under watchlist. [Note: blocking of IPs can impact the bussiness. The IP address may hosts multiple genuine domains/ or may belong to a compromised infrastructure. Blacklisting is completely on the bussiness policy of the organization.

  • Disable macros in Microsoft Office products. Some Office products allow for the disabling of macros that originate from outside of an organization and can provide a hybrid approach when the organization depends on the legitimate use of macros. For Windows, specific settings can block macros originating from the Internet from running.

  • Restrict execution of powershell/WSCRIPT in enterprise environment Ensure installation and use of the latest version (currently v5.0) of PowerShell, with enhanced logging enabled. script block logging and transcription enabled. Send the associated logs to a centralized log repository for monitoring and analysis.
    Reference:https://www.fireeye.com/blog/threatresearch/2016/02/greater_visibilityt.html

  • Deploy web and email filters on the network. Configure these devices to scan for known bad domains, sources, and addresses; block these before receiving and downloading messages. Scan all emails, attachments, and downloads both on the host and at the mail gateway with a reputable antivirus solution. Note: A lot of malicious domains are using TLDs of (.PW, .TOP, .ME) and DYNDNS domains. Monitor connections to such domains.

  • Application whitelisting/Strict implementation of Software Restriction Policies (SRP) /APPLOCKER to block binaries running from %APPDATA% and %TEMP% paths.

  • Don’t open attachments in unsolicited e-mails, even if they come from people in your contact list, and never click on a URL contained in an unsolicited e-mail, even if the link seems benign. In cases of genuine URLs close out the e-mail and go to the organization’s website directly through a browser.

  • Scan for and remove suspicious e-mail attachments; ensure the scanned attachment is its "true file type" (i.e., the extension matches the file header). Monitor users' web browsing habits; restrict access to sites with unfavorable content.

  • Block the attachments of file types;  exe|pif|tmp|url|vb|vbe|scr|reg|cer|pst|cmd|com|bat|dll|dat|hlp|hta|js|wsf

 

Malware SAMSAM Ransomware

A surge in SAMSAM Ransomware activity with various tactics such as vulnerabilities in remote desktop protocols (RDP), Java-based web servers, or file transfer protocol (FTP) servers to gain access to the victims’ network. Succesful infection encrypts all the user data with RSA-2048 encryption.

Targeted
File
Extensions

"xls",".xlsx",".pdf",".doc",".docx",".ppt",".pptx",".txt",".dwg",".bak",".bkf",".pst",".dbx",".zip",".rar",".mdb",".asp",".aspx",".html",".htm",".dbf", ".3dm",".3ds",".3fr",".jar",".3g2",".xml",".png",".tif",".3gp",".java",".j pe",".jpeg",".jpg",".jsp",".php",".3pr",".7z",".ab4",".accdb",".accde",".accdr", ".accdt",".ach",".kbx",".acr",".act",".adb",".ads",".agdl",".ai",".ai t",".al",".apj",".arw",".asf",".asm",".asx",".avi",".awg",".back",".backup ", ".backupdb",".pbl",".bank",".bay",".bdb",".bgt",".bik",".bkp",".blend",". bpw",".c",".cdf",".cdr",".cdr3",".cdr4",".cdr5",".cdr6",".cdrw",".cdx"," .ce1", ".ce2",".cer",".cfp",".cgm",".cib",".class",".cls",".cmt",".cpi",".cp p",".cr2",".craw",".crt",".crw",".phtml",".php5",".cs",".csh",".csl",".tib" ,".csv", ".dac",".db",".db3",".dbjournal",".dc2",".dcr",".dcs",".ddd",".ddoc", ".ddrw",".dds",".der",".des",".design",".dgc",".djvu",".dng",".dot",".docm" ,".dotm",".dotx",".drf",".drw",".dtd",".dxb",".dxf",".dxg",".eml",".eps",".erbsql",".erf",".exf",".fd b",".ffd",".fff",".fh",".fmb",".fhd",".fla",".flac",".flv",
".fpx",".fxg",". gray"," .grey",".gry",".h",".hbk",".hpp",".ibank",".ibd",".ibz",".idx",".iif",".iiq ",".incpas",".indd",".kc2",".kdbx",".kdc",".key",".kpdx",
".lua",".m",".m4v",".max",".mdc",".mdf",".mef",".mfw",".mmw",".moneywell",".mos",".mov",".mp3" ,".mp4",".mpg",".mrw",".msg",".myd",".nd",
".ndd",".nef"," .nk2",".nop",".nrw",".ns2",".ns3",".ns4",".nsd",".nsf",".nsg",".nsh",".nwb" ,".nx2",".nxl",".nyf",".oab",".obj",".odb",".odc",".odf",
".odg",".odm", ".odp",".ods",".odt",".oil",".orf",".ost",".otg",".oth",".otp",".ots",".ott ",".p12",".p7b",".p7c",".pab",".pages",".pas",".pat",".pcd",
".pct",".pdb",".pdd",".pef",".pem",".pfx",".pl",".plc",".pot",".potm",".potx",".ppam",".pps ",".ppsm",".ppsx",".pptm",".prf",".ps",".psafe3",".psd",
".pspimage" ,".ptx",".py",".qba",".qbb",".qbm",".qbr",".qbw",".qbx",".qby",".r3d",".raf ",".rat",".raw",".rdb",".rm",".rtf",".rw2",".rwl",".rwz",".s3db",
".sas7bd at",".say",".sd0",".sda",".sdf",".sldm",".sldx",".sql",".sqlite",".sqlite3" ,".sqlitedb",".sr2",".srf",".srt",".srw",".st4",".st5",".st6",".st7",".st8" ,
".std",".sti",".stw",".stx",".svg",".swf",".sxc",".sxd",".sxg",".sxi",".sxi",". sxm",".sxw",".tex",".tga",".thm",".tlg",".vob",".war",".wallet",".wav",".wb 2",
".wmv",".wpd",".wps",".x11",".x3f",".xis",".xla",".xlam",".xlk",".xlm",".x lr",".xlsb",".xlsm",".xlt",".xltm",".xltx",".xlw",".ycbcra",".yuv"

 

Following the encryption of the victim’s files, the ransomware executes "selfdel.exe" [extracted from the resource section] to delete itself from the system and installs the ransomware note "HELP_DECRYPT_YOUR_FILES.html” onto the victim’s system.

CERT-In Recommends;

  • Perform regular backups of all critical information to limit the impact of data or system loss and to help expedite the recovery process. Ideally, this data should be kept on a separate device, and backups should be stored offline.
     
  • Restrict connection towards the domains. Put the IPs under watchlist. [Note: blocking of IPs can impact the business. The IP address may hosts multiple genuine domains/ or may belong to a compromised infrastructure. Blacklisting is completely on the business policy of the organization]
     
  • Disable macros in Microsoft Office products. Some Office products allow for the disabling of macros that originate from outside of an organization and can provide a hybrid approach when the organization depends on the legitimate use of macros. For Windows, specific settings can block macros originating from the Internet from running.

  • Restrict execution of powershell /WSCRIPT in enterprise environment Ensure installation and use of the latest version (currently v5.0) of PowerShell, with enhanced logging enabled. script block logging and transcription enabled. Send the associated logs to a centralized log repository for monitoring and analysis.
    Reference:https://www.fireeye.com/blog/threatresearch/2016/02/greater_visib ilityt.html

  • Deploy web and email filters on the network. Configure these devices to scan for known bad domains, sources, and addresses; block these before receiving and downloading messages. Scan all emails, attachments, and downloads both on the host and at the mail gateway with a reputable antivirus solution.
    Note: A lot of malicious domains are using TLDs of (.PW, .TOP, .ME) and DYNDNS domains. Monitor connections to such domains.
     
  • Application whitelisting/Strict implementation of Software Restriction Policies (SRP) /APPLOCKER to block binaries running from %APPDATA% and %TEMP% paths.
     
  • Don’t open attachments in unsolicited e-mails, even if they come from people in your contact list, and never click on a URL contained in an unsolicited e-mail, even if the link seems benign. In cases of genuine URLs close out the e-mail and go to the organization’s website directly through a browser.
     
  • Scan for and remove suspicious e-mail attachments; ensure the scanned attachment is its "true file type" (i.e., the extension matches the file header). Monitor users' web browsing habits; restrict access to sites with unfavorable content.
     
  • Block the attachments of file types, exe|pif|tmp|url|vb|vbe|scr|reg|cer|pst|cmd|com|bat|dll|dat|hlp|hta|js|wsf

  • Use firewalls (both software and hardware where available) to restrict access to remote desktop listening ports (default is TCP 3389) and file transfer Protocol(TCP 21).

 

Satori Botnet

Satori Botnet affecting IoT devices

You may be aware that a new Botnet named as Satori has been found infecting Internet of Things (IoT) devices.

One of the possible modus operandi of this malware is as under:

  • Compromise IoT systems.
  • Create botnets of the compromised devices.
  • Use compromise devices to launch DDoS attacks.
  • Make network connections to receive commands to launch further attacks.

Following countermeasures can be taken to protect the IOT devices;

  • Restrict Web Management Interface access of IoT devices to authorized users only and change default username/passwords
  • Disable Universal Plug and Play (UPnP) on IoT devices unless absolutely required.
  • Keep up to date Antivirus on the computer system
  • Keep up-to-date on patches and fixes on the IoT devices, operating system, and applications.
  • Unnecessary port and services on the devices should be stopped and closed.

Kindly visit https://www.cyberswachhtakendra.gov.in to get information about latest malwares/botnets and to download free botnet removal tools.

 

Mirai Botnet

Mirai Botnet affecting IoT devices

A new malware named as Mirai targeting Internet of Things (IoT) devices such as printers, video camera, routers, smart TVs is spreading.The malware is capable of scanning the network devices or Internet of Things and try to compromise these systems especially those protected with defaults credentials or hardcoded username passwords.    

The malware is capable of performing the following function:

  • Compromise IoT systems with default username and passwords
  • Create botnets of the compromised devices.
  • Use compromise devices to launch DDoS attacks.
  • Make network connections to receive commands from launch further attacks.

 Indicators of compromise:

  • Abnormal traffic on port 2323/TCP and 23/TCP as it scans for vulnerable devices.
  • Command and Control Network traffic on port 48101/TCP.
  • Huge outbound traffic if the device is part of DDoS attack.

When the malware runs, it turns the infected system into a bot connecting to a C&C server. Bot-infected systems are connecting to the C&C Servers on specific ports and listen for commands from the remote attacker. In view of the high damage potential of Botnet infected machines, the customers are requested to disinfect their systems and take appropriate countermeasures suggested below to prevent such incidents in future.

Countermeasures for securing IOT devices:

  • Restrict Web Management Interface access of IoT devices to authorized users only and change default username/passwords.
  • Always change Default login credentials before deployment in production.
  • Change default credentials at device startup and ensure that passwords meet the minimum complexity.
  • Disable Universal Plug and Play (UPnP) on IoT devices unless absolutely required.
  • Users should be aware of the installed devices and their capabilities. If a device comes with a default password or an open Wi-Fi connection, users should change the password and only allow it to operate on a home network with a secured Wi-Fi router.
  • Control access to the devices with Access List.
  • Configure devices to "lock" or log out and require a user to re-authenticate if left unattended.
  • Identify systems with default passwords and implement abovementioned measures. Some the systems that need to be examined are Routers, switches, web applications and administrative web interfaces, ICS systems, Telnet and SSH interfaces.
  • Implement account lockout policies to reduce the risk of brute forcing attacks.
  • Telnet and SSH should be disabled on a device if there is no requirement for remote management.
  • Configure VPN and SSH to access device if remote access is required.
  • Configure certificate-based authentication for telnet client for remote management of devices.
  • Implement Egress and Ingress filtering at the router level.
  • Report suspicious entries in Routers to your Internet Service Provider.
  • Keep up to date Antivirus on the computer system.
  • Keep up-to-date on patches and fixes on the IoT devices, operating system, and applications.
  • Unnecessary port and services should be stopped and closed.
  • Logging must be enabled on the device to log all the activities.
  • Enable and monitor perimeter device logs to detect scan attempts towards critical devices/systems.

Subcategories