News

The National Institute of Standards and Technology (NIST) has revised its approach to handling cybersecurity vulnerabilities. Due to a significant increase of 263% in submissions for Common Vulnerabilities and Exposures (CVEs), NIST will now only enhance those entries that meet specific criteria. While all CVEs will still be recorded in the National Vulnerability Database (NVD), only some will receive detailed enrichment. This decision comes as part of an effort to manage the growing volume of submissions and ensure that critical vulnerabilities are effectively prioritized. Such changes aim to improve overall cybersecurity measures and awareness. Source: [publication name].

The Space Industry Association India and CERT-In have jointly released comprehensive cybersecurity guidelines to protect India's space ecosystem. These guidelines establish security standards and best practices for organizations operating in the space sector, addressing vulnerabilities and cyber threats specific to space infrastructure. The initiative aims to strengthen India's space security posture as the sector expands its capabilities and commercial activities. The joint effort between the industry body and the government's cybersecurity authority represents a coordinated approach to safeguarding critical space assets and data from cyber attacks. Source: PIB.

A new analysis examines India's approach to cyber deterrence and the complexities involved in establishing credible defensive postures against digital threats. The study explores constraints India faces in developing effective cyber deterrence mechanisms, including technical limitations, attribution challenges, and the credibility of response measures. It also assesses escalation risks that could arise from cyber conflicts in the South Asian context. The research highlights how India's cyber deterrence strategy must balance national security interests with international norms and the potential for unintended consequences in an increasingly connected digital environment. Source: NatStrat.

A security researcher discovered nine vulnerabilities in Windows' Administrator Protection feature by exploiting UI Access implementation issues. The flaws stem from longstanding problems with User Interface Privacy Isolation (UIPI) in Windows UAC. Historically, Windows Vista introduced UIPI to prevent privilege escalation attacks where low-privilege users could manipulate windows created by high-privilege processes. The researcher identified root causes affecting five of the nine bypasses, highlighting how accessibility features can be abused to circumvent security boundaries. All discovered vulnerabilities have been patched by Microsoft. The findings underscore ongoing challenges in balancing security with system accessibility in Windows environments.

India is implementing a comprehensive approach to combat deepfakes and financial cybercrime. The multi-layered response involves coordination between government agencies, regulatory bodies, and law enforcement to address the growing threat of synthetic media fraud and digital financial crimes. Authorities are focusing on detection mechanisms, public awareness, and legal frameworks to protect citizens from deepfake-based scams and financial exploitation. The strategy emphasizes both preventive measures and swift response protocols to mitigate risks in the digital economy. Source: Observer Research Foundation.