Catergory

CERT-In

cybersecurity

IFF’s cybersecurity report for the third quarter of 2024

This series lists the various cybersecurity incidents that occurred during this quarter in the country and our actions in response to them. We highlight the need for organisations to prioritise proactive measures, transparency, and public awareness to mitigate risks and foster cyber resilience.
01 November, 2024
9 min read
Shravani Nag LankaShravani Nag Lanka & Karthika RajmohanKarthika Rajmohan
cybersecurity

IFF’s cybersecurity report for the second quarter of 2024

This series lists the various cybersecurity incidents that occurred during a quarter in the country and our actions in response to them. We highlight the need for organisations to prioritise proactive measures, transparency, and public awareness to mitigate risks and foster cyber resilience.
09 July, 2024
6 min read
Tejasi PanjiarTejasi Panjiar & Shravani Nag LankaShravani Nag Lanka
cybersecurity

IFF’s cybersecurity report for the first quarter of 2024 #PlugTheBreach

This post is the first in a series tracking IFF’s work on data breaches and vulnerabilities every quarter. We will list the various cybersecurity incidents that occurred in the country and our actions in response to them.
29 April, 2024
6 min read
Tejasi PanjiarTejasi Panjiar
vulnerability

IFF Explains: How a vulnerability in a government cloud service could have exposed the sensitive personal data of 2,50,000 Indian citizens

In January 2022, we informed CERT-In about a vulnerability in S3WaaS, a platform developed for hosting government websites, which could expose sensitive personal data of 2,50,000 Indians. The security researcher who identified the vulnerability confirmed its resolution in March 2024.
06 April, 2024
5 min read
Tejasi PanjiarTejasi Panjiar
CERT-In

Delhi HC Permits SnTHostings to Withdraw Petition Challenging the Legality of 2022 Directions

SnTHostings' petition at the Delhi HC challenging the CERT-In 2022 Directions has been withdrawn on instructions from the petitioner.
18 March, 2024
3 min read
Internet Freedom FoundationInternet Freedom Foundation
CERT-In

Statement: Exemption of CERT-In from the RTI Act dilutes institutional transparency and weakens individual privacy

An amendment to the Second Schedule to the RTI Act, 2005 was notified on November 24, 2023, exempting CERT-In from providing information under the Act. This move is certainly not in the public interest as it weakens the rights of the people by diluting an Act meant to empower them.
25 November, 2023
3 min read
Tejasi PanjiarTejasi Panjiar & Prateek WaghrePrateek Waghre
CERT-In

Top Secret: One year on, CERT-In refuses to reveal information about compliance notices issued under its 2022 Directions on cybersecurity

To mark the first anniversary of the notification of the 2022 CERT-In Directions, we filed two Right to Information (“RTI”) applications with the Department of Electronics and Information Technology, seeking details on the issuance of compliance notices under this new regulatory mandate.
28 April, 2023
4 min read
Gayatri MalhotraGayatri Malhotra
2022

Delhi HC permits SnTHostings to respond to the CERT-In’s defence of the 2022 Directions

CERT-In has replied to SnTHostings' petition challenging the 2022 Directions, which require service providers to monitor the activities of their customers. Delhi HC has permitted SnTHostings to respond to the reply.
10 December, 2022
3 min read
Krishnesh BapatKrishnesh Bapat
vpn

Delhi HC issues notice in SnTHosting’s challenge to legality of CERT-In’s Directions

Tl;dr The Delhi HC has issued notice in a petition filed by SnTHostings challenging the legality of Direction No. 20(3)/2022-CERT-In dated April 28, 2022 (‘2022 Directions’) by the The Indian Computer Emergency Response Team (‘CERT-In’). SnTHostings provides hosting, Virtual Private Network (‘VPN’) and Virtual Private Server (‘VPS’) services. The 2022 Directions presented an existential crisis to SnTHostings as they mandated it to collect a range of personal data and share it with CERT-In on de
28 September, 2022
4 min read
Krishnesh BapatKrishnesh Bapat, Anandita MishraAnandita Mishra & Tanmay SinghTanmay Singh
CERT-In

Delaying the inevitable: Implementation of CERT-In’s Cybersecurity Directions gets a piecemeal extension

CERT-In has extended the timeline for partial enforcement of Cyber Security Directions dated April 28, 2022. The timeline for enforcement of the directions by MSMEs and enforcement of Direction 5 (a) and (f) by entities mentioned in Direction 5 is September 25, 2022.
28 June, 2022
4 min read
Tejasi PanjiarTejasi Panjiar & Prateek WaghrePrateek Waghre

Donate to IFF

Help IFF scale up by making a donation for digital rights. Really, when it comes to free speech online, digital privacy, net neutrality and innovation — we got your back!