#FactCheck -Social Media Claim of ICC’s One-Year Ban on Pakistan Cricket Is Misleading

Introduction

In the digital entertainment world, OTT platforms have become highly popular and have attracted larger audiences. They offer a wide variety of entertaining content. However, there are certain concerns about depicting illicit or objectionable content on such platforms. The Indian Ministry of Information and Broadcasting (I&B) has been working on tackling issues like the availability of obscene content on online streaming platforms and other platforms. I&B Ministry has taken important steps to prevent the spread of such illicit or objectionable content.

The I&B Ministry has taken action against obscene and vulgar content on OTT platforms. A total 18 OTT platforms and several associated websites, apps, and social media handles have been blocked nationwide. The government has been in consistent talks with these platforms and issued several advisories, but they have not been adhered to. The decision was made after consultation with other ministries, domain experts, and industry bodies. The content allegedly obscene was found to depict nudity, sexual intercourse, and inappropriate sexual acts within societal contexts. The government states that it is the responsibility of platforms to ensure that content is not present in a vulgar fashion. Creativities do not necessarily mean promoting or propagating vulgar and sexual content.

Key Highlights of I&B Ministry Action against Obscene Content

On 14th March 2024, The Indian Ministry of Information and Broadcasting (I&B) announced the blocking of 18 OTT platforms, 19 Websites, 10 apps, and 57 social media handles for displaying obscene and vulgar content. Union Minister for Information & Broadcasting Shri Anurag Singh Thakur has announced the removal of 18 OTT platforms that published obscene and vulgar content, underscoring the responsibility of platforms to prevent the spread of such content. The decision was made under the Information Technology Act 2000 and in consultation with other Indian ministries and domain experts in media, entertainment, women's rights, and child rights.

List of Blocked OTT Platforms

OTT platforms that have been blocked are Dreams Films, Voovi, Yessma, Uncut Adda, Tri Flicks, X Prime, Neon X VIP, Besharams, Hunters, Rabbit, Xtramood, Nuefliks, MoodX, Mojflix, Hot Shots VIP, Fugi, Chikooflix, Prime Play.

It was highlighted that these OTT platforms, despite not being widely popular, have a significant viewership. One app has over 1 crore downloads, while two others have more than 50 lakh downloads on Google Play Store. These platforms also market their content through social media, with a combined followership of over 32 lakh.

Nature of content

The ministry reported that a significant portion of the content on social media platforms was obscene, vulgar, and demeaning, depicting nudity and sexual acts in inappropriate contexts like teacher-student relationships and incestuous family relationships. The content included sexual innuendos and prolonged pornographic scenes without any thematic or societal relevance. It was further stated that the content was found to be prima facie in violation of Section 67 and 67A of the Information & Technology Act, 2000, Section 292 of the Indian Penal Code and  Section 4 of the Indecent Representation of Women (Prohibition) Act, 1986.

Way Forward

The press release by the ministry stated that “The Government of India remains committed to fostering the growth and development of the OTT industry. Several measures have been undertaken in this regard, including the introduction of the Inaugural OTT Award for Web Series at the 54th International Film Festival of India, collaboration with OTT platforms in the media and entertainment sector, and the establishment of a light touch regulatory framework with an emphasis on self-regulation under the IT Rules, 2021.”

This shows that the Indian government is dedicated to promoting the growth of the OTT industry but within certain checks or oversight mechanisms to prevent illicit or objectionable content on such platforms.

OTT Content and Regulatory Checks

Online content streaming on OTT platforms lacks regulatory checks, unlike films, which are reviewed and certified by a government-appointed board. The government has instructed streaming services to independently review content for obscenity and violence before it is made available online. There have been repeated instances where criticism has been raised about the illicit or violative depicted content in some OTT shows. This highlights the issue of checks and balances. The government has urged self-regulation on platforms, but the repeated instances of illicit content raise societal concerns. The Ministry of I&B is keen towards promoting ethical & moral standards of content that is being hosted on online OTT platforms.

Conclusion

The Ministry of I&B has taken a step and announced the shutdown of 18 OTT platforms that were engaged in depicting illicit content. This shows that the I&B Ministry is committed to promoting ethical online content. While legislative measures are required to prevent the spread of such illicit or violative content, joint efforts by the government, industry players, and civil society are critical to ensuring a secure and responsible digital environment for all users.

References

• https://pib.gov.in/PressReleaseIframePage.aspx?PRID=2014477
• https://www.thehindu.com/news/national/centre-bans-ott-platforms-websites-and-apps-over-obscene-and-vulgar-content/article67949819.ece
• https://economictimes.indiatimes.com/news/india/ib-ministry-blocks-18-ott-platforms-for-vulgar-content/articleshow/108485880.cms?from=mdr
• https://indianexpress.com/article/entertainment/information-and-broadcasting-ministry-blocks-18-ott-platforms-for-obscene-and-vulgar-content-9213749/
• https://www.storyboard18.com/ott-news/mib-blocks-18-ott-platforms-for-showing-obscene-and-vulgar-content-26400.htm

‍

Executive Summary:

Microsoft rolled out a set of major security updates in August, 2024 that fixed 90 cracks in the MS operating systems and the office suite; 10 of these had been exploited in actual hacker attacks and were zero-days. In the following discussion, these vulnerabilities are first outlined and then a general analysis of the contemporary cyber security threats is also undertaken in this blog. This blog seeks to give an acquainted and non-acquainted audience about these updates, the threat that these exploits pose, and prevent measures concerning such dangers. 

1. Introduction

Nowadays, people and organisations face the problem of cybersecurity as technologies develop and more and more actions take place online. These cyber threats have not ceased to mutate and hence safeguarding organisations’ digital assets requires a proactive stand. This report is concerned with the vulnerabilities fixed by Microsoft in August 2024 that comprised a cumulative of 90 security weaknesses where six of them were zero-day exploits. All these make a terrible risk pose and thus, it is important to understand them as we seek to safeguard virtual properties. 

2. Overview of Microsoft’s August 2024 Security Updates

August 2024 security update provided by Microsoft to its products involved 90 vulnerabilities for Windows, Office, and well known programs and applications. These updates are of the latest type which are released by Microsoft under its Patch Tuesday program, a regular cum monthly release of all Patch updates. 

•  Critical Flaws: As expected, seven of the 90 were categorised as Critical, meaning that these are flaws that could be leveraged by hackers to compromise the targeted systems or bring operations to a halt. 
•  Zero-Day Exploits: A zero-day attack can be defined as exploits, which are as of now being exploited by attackers while the software vendor has not yet developed a patch for the same. It had managed 10 zero-days with the August update, which underlines that Microsoft and its ecosystems remain at risk. 
•  Broader Impact: These are not isolated to the products of Microsoft only They still persist Despite this, these vulnerabilities are not exclusive to the Microsoft products only. Other vendors such as Adobe, Cisco, Google, and others also released security advisories to fix a variety of issues which proves today’s security world is highly connected. 

3. Detailed Analysis of Key Vulnerabilities

This section provides an in-depth analysis of some of the most critical vulnerabilities patched in August 2024. Each vulnerability is explained in layman’s terms to ensure accessibility for all readers.

3. 1 CVE-2024-38189: Microsoft Project Remote Code Execution Vulnerability (CVSS score:8. 8) : 

 The problem is in programs that belong to the Microsoft Project family which is known to be a popular project management system. The vulnerability enables an attacker to produce a file to entice an user into opening it and in the process execute code on the affected system. This could possibly get the attacker full control of the user’s system as mentioned in the following section. 

 Explanation for Non-Technical Readers: Let us assume that one day you received a file which appears to be a normal word document. When it is opened, it is in a format that it secretly downloads a problematic program in the computer and this goes unnoticed. This is what could happen with this vulnerability, that is why it is very dangerous. 

 3. 2 CVE-2024-38178: Windows Scripting Engine Memory Corruption Vulnerability (CVSS score: 7.5):

Some of the risks relate to a feature known as the Windows Scripting Engine, which is an important system allowing a browser or an application to run scripts in a web page or an application. The weak point can result in corruption of memory space and an attacker can perform remote code execution with the possibility to affect the entire system. 

 Explanation for Non-Technical Readers: For the purpose of understanding how your computer memory works, imagine if your computer’s memory is a library. This vulnerability corrupts the structure of the library so that an intruder can inject malicious books (programs) which you may read (execute) on your computer and create havoc. 

 3. 3 CVE-2024-38193: WinSock Elevation of Privilege Vulnerability (CVSS score: 7. 8 )

 It opens up a security weakness in the Windows Ancillary Function Driver for WinSock, which is an essential model that masks the communication between the two. It enables the attacker to gain new privileges on the particular system they have attacked, in this case they gain some more privileges on the attacked system and can access other higher activities or details. 

 Explanation for Non-Technical Readers: This flaw is like somebody gaining access to the key to your house master bedroom. They can also steal all your valuable items that were earlier locked and could only be accessed by you. It lets the attacker cause more havoc as soon as he gets inside your computer. 

3. 4 CVE-2024-38106: Windows Kernel Elevation of Privilege Vulnerability (CVSS score: 7. 0) 

 This vulnerability targets what is known as the Windows Kernel which forms the heart or main frameworks of the operating system that controls and oversees the functions of the computer components. This particular weakness can be exploited and an opponent will be able to get high-level access and ownership of the system. 

 Explanation for Non-Technical Readers: The kernel can be compared to the brain of your computer. It is especially dangerous that if someone can control the brain he can control all the rest, which makes it a severe weakness. 

 3. 5 CVE-2024-38213: Windows Mark of the Web Security Feature Bypass Vulnerability (CVSS score: 6.5). 

 This vulnerability enables the attackers to evade the SmartScreen component of Windows which is used to safeguard users from accessing unsafe files. This weakness can be easily used by the attackers to influence the users to open files that are otherwise malicious. 

 Explanation for Non-Technical Readers: Usually, before opening a file your computer would ask you in advance that opening the file may harm your computer. This weak point makes your computer believe that this dangerous file is good and then no warning will be given to you. 

 4. Implications of the Vulnerabilities

These vulnerabilities, importantly the zero-day exploits, have significant implications on all users. 

•  Data Breaches: These weaknesses can therefore be manipulated to cause exposures of various data, occasioning data leaks that put individual and corporate information and wealth. 
•  System Compromise: The bad guys could end up fully compromising the impacted systems meaning that they can put in malware, pilfer data or simply shut down a program. 
•  Financial Loss: The organisations that do not patch these vulnerabilities on the shortest notice may end up experiencing a lot of losses because of having to deal with a lot of downtimes on their systems, having to incur the costs of remediating the systems that have been breached and also dealing with legal repercussions. 
•  Reputation Damage: Security breaches and IT system corruptions can result in loss of customer and partner confidence in an organisation’s ability to protect their information affecting its reputation and its position in the market. 

5. Recommendations for Mitigating Risks

Immediate measures should be taken regarding the risks linked to these issues since such weaknesses pose a rather high threat. The following are recommendations suitable for both technical and non-technical users. 

5. 1 Regular Software Updates 

 Make it a point that all the software, particularly operating systems and all Microsoft applications are updated. Any system out there needs to update it from Microsoft, and its Patch Tuesday release is crucial. 

 For Non-Technical Users: As much as possible, reply ‘yes’ to updates whenever your computer or smartphone prompts for it. These updates correct security matters and secure your instruments. 

 5. 2 Realisation of Phishing Attacks 

 Most of the risks are normally realised through phishing techniques. People should be taught diversifiable actions that come with crazy emails like clicking on links and opening attachments. 

 For Non-Technical Users: Do not respond to emails from unknown people and if they make you follow a link or download a file, do not do it. If it looks like spam, do not click on it. 

 5. 3 Security Software 

 Strong and reliable antivirus and anti-malware software can be used to identify and avoid the attacks that might have high chances of using these vulnerabilities. 

 For Non-Technical Users: Ensure you download a quality antivirus and always update it. This works like a security guard to your computer by preventing bad programs. 

 5. 4  Introduce Multi Factor Authentication (MFA)

 MFA works in a way to enforce a second factor of authentication before the account can be accessed; for instance, a user will be asked to input a text message or an authentication application. 

 For Non-Technical Users: NS is to make use of two-factor authentication on your accounts. It is like increasing the security measures that a man who has to burgle a house has to undergo by having to hammer an additional lock on the door. 

 5. 5 Network segmentations and Privileges management 

 Network segmentation should be adopted by organisations to prevent the spread of attacks while users should only be granted the privileges required to do their activities. 

 For Non- Technical Users: Perform the assessments of user privileges and the networks frequently and alter them in an effort of reducing the extent of the attacks. 

6. Global Cybersecurity Landscape and Vendor Patches

The other major vendors have also released patches to address security vulnerabilities in their products. The interdependent nature of technology has the effect on the entire digital ecosystem.

• Adobe, Cisco, Google, and Others: These companies have released updates to address the weaknesses in their products that are applied in different sectors. These patches should be applied promptly to enhance cybersecurity.
• Collaboration and Information Sharing:Security vendors as well as researchers and experts in the cybersecurity domain, need to remain vigilant and keep on sharing information on emerging threats in cyberspace.

7. Conclusion

The security updates companies such as Microsoft and other vendors illustrate the present day fight between cybersecurity experts and cybercriminals.  All the vulnerabilities addressed in this August 2024 update cycle are a call for prudence and constant protection of digital platforms. These vulnerabilities explain the importance of maintaining up-to-date systems, being aware of potential threats, and implementing robust security practices. Therefore, it is important to fortify our shield in this ever expanding threat domain, in order to be safe from attackers who use this weakness for their malicious purposes.

‍

About Customs Scam:

The Customs Scam is a type of fraud where the scammers pretend to be from the renowned courier office company (DTDC, etc.), or customs department or other government entities. They try to deceive the targets to transfer the money to resolve the fake customs related concerns.  The Research Wing at CyberPeace along with the Research Wing of Autobot Infosec Private Ltd. delved into this case through Open Source Intelligence methods and undercover interactions with the scammers and concluded with some credible information.

Case Study:

The victim receives a phone call posing as a renowned courier office (DTDC, etc.) employee (in some case custom’s officer) that a parcel in the name of the victim has been taken into custody because of inappropriate content. The scammer provides the victim an employee ID, FIR number to prove the authenticity of the case and also they show empathy towards the victim. The scammer pretends to help the victim to connect with a police officer for further action. This so-called police officer shows transparency in his work. He asks him to join a skype video call and he even provides time to install the skype app. He instructs the victim to connect with the skype id provided by the fake police officer where the scammer created a fake police station environment. He also claims that he contacted the headquarters and the victim’s phone number is associated with many illegal activities to create panic to the victim.  Then the scammers also ask the victim to give their personal details such as home address, office address, aadhar card number, PAN card number and screenshot of their bank accounts along with their available account balance for the sake of so-called investigation. Sometimes scammers also demand a high amount of money to resolve the issue and create fake urgency to trap the victim in making the payment. He sternly warns the victim not to contact any other police officials or professionals, making it clear that doing so would only lead to more trouble.

Analysis & Findings: 

After receiving these kinds of complaints from multiple sources, the analysis was done on the collection of phone numbers from where the calls originated. These phone numbers were analysed for alias name, location, Telecom operator,  etc.  Further, we have verified the number to check whether the number is linked with any social media account on reputed platforms like Google, Facebook, Whatsapp, Twitter, Instagram, Linkedin, and other classified platforms such as Locanto.

• Phone Number Analysis: Each phone number looks authentic, cleverly concealing the fraud. Sometimes scammers use virtual/temporary phone numbers for these kinds of scams. In this case the victim was from Delhi, so the scammer posed themselves from Delhi Police station, while the phone numbers belong to a different place.

• Undercover Interactions:  The interactions with the suspects reveals their chilling way of modus operandi. These scammers are masters of psychological manipulation. They threaten the victims and act as if they are genuine LEA officers. 
• Exploitation Tactics: They target unsuspecting individuals and create fear and fake urgency among the targets to extract sensitive information such as Aadhaar, PAN card and bank account details.

• Fraud Execution: The scammers demand for the payment to resolve this issue and they make use of the stolen personally identifiable information. Once the victims transfer the money, the fraudsters cut off all the communication.
• Outcome for Victims:  The scammers act so genuine and they frame the incidents so realistic, victims don't realise that they are trapped in this scam. They suffer severe financial loss and psychological trauma.

Recommendations:

• Verify Identities: It is important to verify the identity of any individual, especially if they demand personal information or payment. Contact the official agency directly using verified contact details to confirm the authenticity of the communication.
• Education on Personal Information: Provide education to people to protect their personal identity numbers like Aadhaar and PAN card number. Always emphasise the possible dangers connected to sharing such data in the course of phone conversations.
• Report Suspicious Activity: Prompt reporting of suspicious phone calls or messages to relevant authorities and consumer protection agencies helps in tracking down scammers and prevents people from falling. Report to https://cybercrime.gov.in or reach out to helpline@cyberpeace.net for further assistance. 
• Enhanced Cybersecurity Measures: Implement robust cybersecurity measures to detect and mitigate phishing attempts and fraudulent activities. This includes monitoring and blocking suspicious phone numbers and IP addresses associated with scams.

Conclusion:

In the Customs Scam fraud, the scammers pretend to be a custom or any government official and sometimes threaten the targets to get the details such as Aadhaar, PAN card details, screenshot of their bank accounts along with their available balance in their account. The phone numbers used for these kinds of scams were analysed for any suspicious activity. It is found that all the phone numbers look authentic concealing the fraudentent activities. The interactions made with them reveals that they create fearness and urgency between the individuals. They act as if they are genuine officer’s and ask for money to resolve this issue. It is important to stay vigilant and not to share any personal or financial information. When facing these kinds of scams, report and spread awareness among individuals.

‍