#FactCheck - Viral Video of US President Biden Dozing Off during Television Interview is Digitally Manipulated and Inauthentic

Introduction 

As the world is being "Digitally Interlaced", cyber security has become a continuous wrangle. The “Gambling industry” is considered an incredibly lucrative mark for cybercriminals, principally due to the enormous quantities of cash on hand and the sensitive details it processes day to day. Cybercriminals may use susceptibilities in gambling scaffolds to achieve financial scams or launder unlawful funds. An analysis by Security Scorecard discovered that the online gambling industry was ranked third in the possibility of encountering a cyber attack, following the energy and financial services sectors. Similarly, Online gambling is a bending matter that demands meticulous contemplation by policymakers and nationals. The incredible rise of online gambling has led to a terse acclivity in unlawful activities such as online scams, fraud, etc. Also, online sports gambling has become a thriving endeavour in contemporary years as millions of people are putting stakes and gambles on their electronic devices.

The Challenges

Online gambling has thus become a widespread frolicking for numerous youngsters, with the industry tossed to be worth billions of dollars in the forthcoming decades. The prominent cyber security challenges in the gambling industry are money laundering, financial laundering, ransomware, personal information theft, data breaches, distributed Denial of Service (DDoS), system disruptions and Insider perils and employee malfeasance. Challenges of online gambling also include being properly not regulated and a lack of social interaction with near and dear ones. The spread of Internet gambling has presented many problems affecting consumer behaviour online, motivations to gamble, problem gambling, security of websites, and the righteousness and virtue of the games. The rise of online gambling among young people due to the lack of clear regulations has likewise produced an abundant backdrop for financial ruination.

Web games and betting are among the fastest-evolving areas of the Internet. Over the past several years, there has been an international flare-up in online gambling, permitting customers to play from the convenience of home, work, and public locations. Numerous offshore betting websites and apps usually permit parties to win in the start with sound returns, whereas after the user gets addicted and invests considerable sums, they either keep failing or have the website refuse to cash out the winnings. Also, the information demonstrates that online games have been employed to commit wrongdoings (Child sexual exploitive material, religious conversion, cyberbullying, fraud, betting in virtual online casinos, etc.)

India's laws and regulations surrounding online gambling are complex and constantly evolving. While the legal framework is not entirely clear, a few state in India have their own set of rules.

Recently In April 2023, the Union Ministry of Electronics and Information Technology (“MeitY”), by virtue of the rule-making powers available to the central government under the Information Technology Act, 2000 (“IT Act 2000”), implemented a new central legal framework for online gaming through amendments to the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 (“IT Rules 2021”).  These amendments (“Online Gaming Rules”) propose a light-touch, co-regulatory regime whereby MeitY-recognised, independent self-regulatory bodies (“SRB”) will verify whether an “online real-money game” is to be made available to the general public or not – in accordance with the baseline criteria prescribed by the Online Gaming Rules.

The Online Gaming Rules attempt to regulate online gaming platforms by treating them as an “online gaming intermediary” (“OGI”) and prescribing intermediary due diligence obligations for them under the IT Rules 2021.  An OGI has been defined in the Online Gaming Rules as “any intermediary that enables the users of its computer resource to access one or more online games”.  Under the Online Gaming Rules, an online game can be a “permissible online game” if (i) it is not an online real-money game, or (ii) it is an online real-money game but is “verified” by an SRB in accordance with the baseline criteria prescribed by the Online Gaming Rules and any additional criteria prescribed by the SRB itself.

Global Perspective

The global gaming industry worth over US$227 billion in 2022 is further projected to grow to US$312 billion by 2027. Several countries have set regulatory frameworks about online gaming, though these are skewed, concentrating mainly on gambling and circumventing numerous of the more typical cyber threats. The US spends about $60 billion annually on online gambling and sports betting. In Europe, gambling is an even larger moneymaker. Also, numerous countries in Europe, like the UK, have legalised gambling. Nevertheless, it is prohibited for a US based company to operate an online gambling site. Yet, sports betting online is permitted in some states.

Today, though the gaming market has been overpowered by China and the US, future growth in the sector is anticipated to come from emerging economies like India with increasing populations. The permitted status of online gambling in India is nonetheless imprecise, vamoosing space for exploitation by cyber criminals and disarray for players involved. One of the climactic points that ought to be addressed is the sudden upsurge of online games, which increases gambling. Skill-based games such as poker, rummy etc., have additionally been developed to circumvent the legal definition of gambling in India. The recent instances of the online gaming industry not being properly regulated have also come to light in India. For instance, the Enforcement Directorate (ED) is still investigating the vast Mahadev Online Betting scandal, exposing an unknown money laundering method using Unified Payment Interface (UPI) IDs. Also, the Cyber Cell in Agra has taken proactive action against copyright violations, illegal online gambling and betting activities, shutting down 27 Illegal cricket betting sites in major operations, safeguarding several lakhs of Indians with thousands of crores from being transferred to overseas shores principally China. 

Consequently, though India has announced new regulations on online gaming, its contemporary policy framework cannot contend with the problems endangering this sector. The Public Gambling Act of 1867 makes it unlawful to use a public gambling house or to be seen in one. Nevertheless, the act does not explicitly cite online gambling, leading to further interpretation. The Ministry of Home Affairs (MHA) has released a further awareness campaign for offshore illegal gambling apps, notifying users to be mindful of foreign apps as they may be fraudulent and might induce monetary damage to the user. Also, state laws control gambling in India with each state having its own directive on the subject.  Yet, the Supreme Court of India has maintained that skilled games are not gambling and are thus legal. Furthermore, the Information Technology (IT) Act, of 2000 does not precisely handle online gambling or games that enable gambling.

Today, developers have strived for new ways to monetise the growing popularity of online gaming, which oversaw the creation of in-game currencies that can be bought using actual money, usually through credit cards.  Several nations have prohibited the usage of in-game currency and loot boxes, considering them a kind of online gambling. The in-game currency has thus caused much disagreement about becoming a state of hunting monetisation by developers, especially targeting minor or newbie players. The gambling industry, therefore, faces unique cybersecurity challenges that require a comprehensive and proactive approach to cybersecurity.

Conclusion

Presently, there are approximately 3.09 billion active video game players worldwide, and the number is expected to reach 3.32 billion by 2024 as of 2023. In the contemporary digital era, information is priceless, and encryption acts as a necessary means to safeguard it. Thus, Regulators are working to maintain the swiftness of shift in the industry, as the dearth of transparency in the law has made it challenging to implement regulations. There is also less awareness about cyber security in India due to the following grounds such as the lack of ethical hackers in the country, companies in India lacking focus on cyber security and hiring a team of ethical hackers and cyber security experts. Furthermore, there has been a lack of knowledge among the citizens as well. 

It is essential to realise the conceivable social and economic consequences and take measures to handle the online gambling industry. The industry has thus been undersized in the mode of research following online crime and Internet gambling, even though it is an acute emphasis.  There is also a pressing necessity to rebuild these regulations to tackle the more unbridled cyber security hazards swarming the gaming industry. Similarly, there is an urgent need for governments and policymakers around the world to start paying more attention to the gaming industry as cyber security threats continue to rise. There should be a further need to strengthen the regulatory framework, establish Self Regulatory Organizations (SROs), create ethical gaming designs and increase awareness among gamers. The Government of India should consider devising its own rating system to rate games so that players under 18 cannot access them.

Eventually, cyber security is a shared commitment, and everyone in the online gambling ecosystem must function jointly to provide a secure and safe setting for all.

References:

• https://truefort.com/gambling-industry-cybersecurity/
• https://www.orfonline.org/research/cybersecurity-threats-in-online-gaming-learnings-for-india
• https://www.hackread.com/chinese-scammers-cloned-websites-gambling-network/
• https://www.civilsdaily.com/news/cybersecurity-threats-from-online-gaming/
• https://www.linkedin.com/pulse/legal-considerations-online-gambling-india-sudden-increase-mathur/
• https://www.jsheld.com/insights/articles/the-importance-of-cybersecurity-in-the-online-sports-betting-industry
• https://www.the420.in/agra-cyber-cell-takes-down-27-illegal-betting-sites/
• https://g2g.news/gaming/ministry-of-home-affairs-releases-new-awareness-campaign-for-online-gaming-in-india/
• https://smestreet.in/technology/kaspersky-warns-of-increased-phishing-scams-and-data-breaches-in-apac-for-2024-2381601
• https://economictimes.indiatimes.com/tech/newsletters/morning-dispatch/govt-bans-mahadev-other-illegal-betting-apps-cyber-attacks-against-india-spike/articleshow/104996017.cms?from=mdr
• https://cipher.com/cybersecurity-for-gambling/
• https://www.mangalorean.com/tightening-the-reins-indian-government-blocks-over-550-illegal-betting-and-gambling-apps/
• https://cybersecurityasean.com/news-press-releases/kaspersky-predicts-rise-cyber-threats-across-apac-2024
• https://www.cnbctv18.com/technology/mahadev-betting-app-scam-ed-money-laundering-upi-celebrities-under-scanner-17815661.htm
• https://iclg.com/practice-areas/gambling-laws-and-regulations/india

‍

Introduction

Snapchat's Snap Map redefined location sharing with an ultra-personalised feature that allows users to track where they and their friends are, discover hotspots, and even explore events worldwide. In November 2024, Snapchat introduced a new addition to its Family Center, aiming to bolster teen safety. This update enables parents to request and share live locations with their teens, set alerts for specific locations, and monitor who their child shares their location with.

While designed with keeping safety in mind, such tracking tools raise significant privacy concerns. Misusing these features could expose teens to potential harm, amplifying the debate around safeguarding children’s online privacy. This blog delves into the privacy and safety challenges Snap Map poses under existing data protection laws, highlighting critical gaps and potential risks.

Understanding Snapmap: How It Works and Why It’s Controversial

Snap Map, built on technology from Snap's acquisition of social mapping startup Zenly, revolutionises real-time location sharing by letting users track friends, send messages, and explore the world through an interactive map. With over 350 million active users by Q4 2023, and India leading with 202.51 million Snapchat users, Snap Map has become a global phenomenon.

This opt-in feature allows users to customise their location-sharing settings, offering modes like "Ghost Mode" for privacy, sharing with all friends, or selectively with specific contacts. However, location updates occur only when the app is in use, adding a layer of complexity to privacy management.

While empowering users to connect and share, Snap Map’s location-sharing capabilities raise serious concerns. Unintentional sharing or misuse of this tool could expose users—especially teens—to risks like stalking or predatory behaviour. As Snap Map becomes increasingly popular, ensuring its safe use and addressing its potential for harm remains a critical challenge for users and regulators.

The Policy Vacuum: Protecting Children’s Data Privacy

Given the potential misuse of location-sharing features, evaluating the existing regulatory frameworks for protecting children's geolocation privacy is important. Geolocation features remain under-regulated in many jurisdictions, creating opportunities for misuse, such as stalking or unauthorised surveillance. Presently, multiple international and national jurisdictions are in the process of creating and implementing privacy laws. The most notable examples are the COPPA in the US, GDPR in the EU and the DPDP Act which have made considerable progress in privacy for children and their online safety. COPPA and GDPR prioritise children’s online safety through strict data protections, consent requirements, and limits on profiling. India’s DPDP Act, 2023, prohibits behavioral tracking and targeted ads for children, enhancing privacy. However, it lacks safeguards against geolocation tracking, leaving a critical gap in protecting children from risks posed by location-based features.

Balancing Innovation and Privacy: The Role of Social Media Platforms

Privacy is an essential element that needs to be safeguarded and this is specifically important for children as they are vulnerable to harm they cannot always foresee. Social media companies must uphold their responsibility to create platforms that do not become a breeding ground for offences against children. Some of the challenges that platforms face in implementing a safe online environment are robust parental control and consent mechanisms to ensure parents are informed about their children’s online presence and options to opt out of services that they feel are not safe for their children. Platforms need to maintain a level of privacy that allows users to know what data is collected by the platform, sharing and retention data policies. 

Policy Recommendations: Addressing the Gaps

Some of the recommendations for addressing the gaps in the safety of minors are as follows:

• Enhancing privacy and safety for minors by taking measures such as mandatory geolocation restrictions for underage users.
• Integrating clear consent guidelines for data protection for users. 
• Collaboration between stakeholders such as government, social media platforms, and civil society is necessary to create awareness about location-sharing risks among parents and children. 

Conclusion

Safeguarding privacy, especially of children, with the introduction of real-time geolocation tools like Snap Map, is critical. While these features offer safety benefits, they also present the danger of misuse, potentially harming vulnerable teens. Policymakers must urgently update data protection laws and incorporate child-specific safeguards, particularly around geolocation tracking. Strengthening regulations and enhancing parental controls are essential to protect young users. However, this must be done without stifling technological innovation. A balanced approach is needed, where safety is prioritised, but innovation can still thrive. Through collaboration between governments, social media platforms, and civil society, we can create a digital environment that ensures safety and progress.

References

• https://indianexpress.com/article/technology/tech-news-technology/snapchat-family-center-real-time-location-sharing-travel-notifications-9669270/
• https://economictimes.indiatimes.com/tech/technology/snapchat-unveils-location-sharing-features-to-safeguard-teen-users/articleshow/115297065.cms?from=mdr
• https://www.thehindu.com/sci-tech/technology/snapchat-adds-more-location-safety-features-for-teens/article68871301.ece 
• https://www.moneycontrol.com/technology/snapchat-expands-parental-control-with-location-tracking-to-make-it-easier-for-parents-to-track-their-kids-article-12868336.html ‍
• https://www.statista.com/statistics/545967/snapchat-app-dau/

Executive Summary:

Recently PAN-OS software of Palo Alto Networks was discovered with the critical vulnerability CVE-2024-3400. It is the software used to power all their networks in the next generation firewalls. This  vulnerability is a common injection vulnerability which provides access to unauthenticated attackers to execute random code having root privileges on the attacked system. This  has been exploited actively by threat actors,  leaving many organizations at risk for severe cyberattacks. This report helps to understand the exploitation, detection, mitigations and recommendations for this vulnerability.

‍

‍

Understanding The CVE-2024-3400 Vulnerability:

CVE-2024-3400 impacts the particular version of PAN-OS and a certain configuration susceptible to this kind of a security issue. It is a command injection, which exists in the GlobalProtect module of the PAN-OS software. The vulnerability can be exploited by an unauthorized user to run any code on the firewall having root privileges.  This targets Active Directory database (ntds.dit), important data (DPAPI), and Windows event logs (Microsoft-Windows-TerminalServices-LocalSessionManager%4Operational.evtx) and also login data, cookies, and local state data for Chrome and Microsoft Edge from specific targets leading attackers to capture the browser master key and steal sensitive information of the organization.

The CVE-2024-3400 has been provided with a critical severity rating of 10.0. The following two weaknesses make this CVE  highly severe:

1. CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') 
2. CWE-20: Improper Input Validation.

‍

Impacted Products:

The affected version of PAN-OS by CVE-2024-3400 are-

Only the versions 10.2, 11.0, and 11.1, setup with GlobalProtect Gateway or GlobalProtect Portal are exploited by this vulnerability. Whereas the Cloud NGFW, Panorama appliances and Prisma Access are not affected.

Detecting Potential Exploitation: 

Palo Alto Networks has confirmed that they are aware of the exploitation of this particular vulnerability by threat actors. In a recent publication they have given acknowledgement to Volexity for identifying the vulnerability.  There is an increasing number of organizations that face severe and immediate risk by this exploitation. Third parties also have released the proof of concept for the vulnerability.

The suggestions were provided by Palo Alto Networks to detect this critical vulnerability. To detect this vulnerability, the following command shall be run on the command-line interface of PAN-OS device: 

grep pattern "failed to unmarshal session(.\+.\/" mp-log gpsvc.log*

This command looks through device logs for specific entries related to vulnerability. 

These log entries should contain a long, random-looking code called a GUID (Globally Unique Identifier) between the words "session(" and ")". If an attacker has tried to exploit the vulnerability, this section might contain a file path or malicious code instead of a GUID.

Presence of such entries in your logs, could be a sign of a potential attack to hack  your device which may look like:

• failed to unmarshal session(../../some/path)

A normal, harmless log entry would look like this:

• failed to unmarshal session(01234567-89ab-cdef-1234-567890abcdef)

Further investigations and actions shall be needed to secure the system in case the GUID entries were not found and suspicious.

Mitigation and Recommendations:

Mitigation of the risks posed by the critical CVE-2024-3400 vulnerability, can be accomplished by the following recommended steps:

• Immediately update Software:   This vulnerability is fixed in software releases namely PAN-OS 10.2.9-h1, PAN-OS 11.0.4-h1, PAN-OS 11.1.2-h3, and all higher versions. Updating software to these versions will protect your systems fully against potential exploitation.
• Leverage Hotfixes: Palo Alto Networks has released hotfixes for commonly deployed maintenance releases of PAN-OS 10.2, 11.0, and 11.1 for the users who cannot upgrade to the latest versions immediately. These hotfixes do provide a temporary solution while you prepare for the full upgrade.
• Enable Threat Prevention:  Incase of available Threat Prevention subscription, enable Threat IDs 95187, 95189, and 95191 to block attacks targeting the CVE-2024-3400 vulnerability. These Threat IDs are available in Applications and Threats content version 8836-8695 and later.
• Apply Vulnerability Protection: Ensure that vulnerability protection has been applied in the GlobalProtect interface to prevent the exploitation on the device. It can be implemented using these instructions. 
• Monitor Advisory Updates: Regularly checking for  the updates to the official advisory of Palo Alto Networks. This helps to stay up to date of the new releases of the guidance and threat prevention IDs of CVE-2024-3400.
• Disable Device Telemetry – Optional:  It is suggested to disable the device telemetry as an additional  precautionary measure.
• Remediation: If there is an active exploitation observed, follow the steps mentioned in this Knowledge Base article by Palo Alto Networks. 

Implementation of the above mitigation measures and recommendations would be in a position to greatly reduce the risk of exploitation you might face from a cyber attack targeting the CVE-2024-3400 vulnerability in Palo Alto Networks' PAN-OS software.

Conclusion: 

The immediate response should be taken against the offensive use of the critical CVE-2024-3400 vulnerability found in the PAN-OS platform of Palo Alto Networks.  Organizations should actively respond by implementing the suggested mitigation measures such as upgrading to the patched versions, enabling threat prevention and applying vulnerability protection to immediately protect from this vulnerability. Regular monitoring, implementing security defense mechanisms and security audits are the necessary measures that help to combat emerging threats and save critical resources.

‍