While the Draft Bill which seeks to increase private participation and address key issues has been welcomed by industry, more clarity is needed on some of its provisions.

“Ever since the outbreak, we have observed increased volumes of phishing attacks as well as a number of malicious websites purporting to offer information or advice about the pandemic,” says Venugopal N, director, software engineering, Check Point Software Technologies.

Attackers are pivoting their existing infrastructure for the distribution of ransomware, phishing emails, and other malware, leveraging COVID-19 keywords that get us to click on links or open emails.

Company faring better than peers on operational front due to its focus on exports; lower costs to aid margin; ‘Buy’ maintained.

Building the infrastructure for a low carbon future will require oil. While a long term decline for oil’s central place in energy use seems inevitable, we need to ensure that our oil sector continues to contribute to the national economy

In Himachal around 90,000 persons returned home from other states on passes issued by state government in the past one week and another 20,000 plus are waiting to enter the state.

Till date there have been requests for repatriation from 67,833 which includes 34 per cent of 22,470 students, 30 per cent of 15,815 migrant workers, 9,250 short-term visa holders faced with the expiry of visas.

The government had last week permitted the companies to restore their manufacturing operations in red, green and organ zones with certain riders.

There are a number of best practices that can work to improve your organization’s security posture. Following these will help you put the right defenses in place, and become the building blocks of a solid plan to ensure you react to a breach.

RBI extends window for External Commercial Borrowings (ECB) for Civil Aviation Sector

RBI's Second Bi-monthly Monetary Policy Statement 2014-15 - Full Text

Indian Govt to inject 69.90 billion rupees ($1.13 billion) in Nine Public sector Banks

RBI revises Priority Sector Lending Guidelines for Banks

Govt starts selection of non-executive chairmen for public sector banks

Major Indian Public Sector Banks report decline in the profits

Hiring in banking sector is expected to go up to 25% this year

Banknet relaunches Press Release section for updates from BFSI, IT-BPO Companies.

Everyone within 5km of the plant in Andhra Pradesh told to leave over fear of repeat of accident that has left at least 11 dead

Indian officials have evacuated more people from the area around a chemical plant in the south of the country that leaked toxic gas, killing at least 11 people and sickening hundreds more.

There was confusion about whether the wider evacuation orders were sparked by a renewed leak at the LG Chem factory in Andhra Pradesh, or by the fear that rising temperatures at the plant could lead to another leak.

Related: India's chemical plant disaster: another case of history repeating itself

Related: 'Bhopal’s tragedy has not stopped': the urban disaster still claiming lives 35 years on

Haskell will play the third seed, Lincoln Christian College for a chance to play in the A.I.I. Conference Championship game. 

Both Women's and Men's Cross Country improved their overall standings this weekend at the bearcat Open.

Last week the weather disrupted the Indians as they opened the Outdoor Season at Pittsburg State University.  Thunderstorms and lightning prevented numerous races and events from running on schedule.  For many, the meet yesterday was their opportunity to finally compete.

It's been a while since you've heard from me...it has been a busy year for sure. One of the reasons I've been so quiet is that I was part of a team working diligently on our latest best kept secret: The MMSIM 12.1.1/MMSIM 13.1 Documentation has...(read more)

Vegas, here we come. All of us fun EDA engineers at once. Be prepared, next week’s Design Automation Conference will be busy! The trends I had outlined after last DAC in 2018—system design, cloud, and machine learning—have...(read more)

Autonomous vehicles are coming. In a statistic from the U.S. Department of Transportation, about 37,000 people died in car accidents in the United States in 2018. Having safe, fully automatic vehicles could drastically reduce that number—but the trick is figuring out how to make an autonomous vehicle safe. Internet-enabled systems in cars are more common than ever, and it’s unlikely that the use of them will slow or stop—and while they provide many conveniences to a driver, they also represent another attack surface that a potential criminal could use to disable a vehicle while driving.

So—what’s being done to combat this? Green Hills Software is on the case, and they explained the landscape of security in automotive systems in a presentation given by Max Hinson in the Cadence Theater at DAC 2019. They have software embedded [FS1] in most parts of a car, and all the major OEMs use their tech. The challenge they’ve taken on is far from a simple one—between the sheer complexity of modern automotive computer systems, safety requirements like the ISO 26262 standard, and the cost to develop and deploy software, they’ve got their work cut out for them. It’s the complexity of the systems that represents the biggest challenge, though. The autonomous cars of the future have dynamic behaviors, cognitive networks, require security certification to at least ASIL-D, require cyber security like you’d have on an important regular computer system to cover for the internet-enabled systems—and all of this comes with a caveat: under current verification abilities, it’s not possible to test every test case for the autonomous system. You’d be looking at trillions of test cases to reach full coverage—not even the strongest emulation units can cover that today.

With regular cars, you could do testing with crash-test dummies, and ramming the car into walls at high speeds in a lab and studying the results. Today, though, that won’t cut it. Testing like that doesn’t see if a car has side-channel vulnerabilities in its infotainment system, or if it can tell the difference between a stop sign and a yield sign. While driving might seem simple enough to those of us that have been doing it for a long time, to a computer, the sheer number of variables is astounding. A regular person can easily filter what’s important and what’s not, but a machine learning system would have to learn all of that from scratch. Green Hills Software posits that it would take nine billion miles of driving for a machine learning system of today’s caliber to reach an average driver’s level—and for an autonomous car, “average” isn’t good enough. It has to be perfect.

A certifier for autonomous vehicles has a herculean task, then. And if that doesn’t sound hard enough, consider this: in modern machine-vision systems, something called the “single pixel hack” can be exploited to mess them up. Let’s say you have a stop sign, and a system designed to recognize that object as a stop sign. Randomly, you change one pixel of the image to a different color, and then check to see if the system still recognizes the stop sign. To a human, who knows that a stop sign is octagonal, red, and has “STOP” written in white block letters, a stop sign that’s half blue and maybe bent a bit out of shape is still, obviously, a stop sign—plus, we can use context clues to ascertain that sign at an intersection where there’s a white line on the pavement in front of our vehicle probably means we should stop. We can do this because we can process the factors that identify a stop sign “softly”—it’s okay if it’s not quite right; we know what it’s supposed to be. Having a computer do the same is much more difficult. What if the stop sign has graffiti on it? Will the system still recognize it as a stop sign? How big of an aberration needs to be present before the system no longer acknowledges the mostly-red, mostly-octagonal object that might at one point have had “stop” written on it as a stop sign? To us, a stop sign is a stop sign, even with one pixel changed—but change it in the right spot, and the computer might disagree.

The National Institute of Security and Technology tracks vulnerabilities along those lines in all sorts of systems; by their database, a major vulnerability is found in Linux every three days. And despite all our efforts to promote security, this isn’t a battle we’re winning right now—the number of vulnerabilities is increasing all the time.

Check back next time to see the other side: what does Green Hills Software propose we do about these problems? Read part 2 now.

If you missed the first part of this series, you can find it here.

So: what does Green Hills Software propose we do?

The issue of “solving security” is, at its core, impossible—security can never be 100% assured. What we can do is make it as difficult as possible for security holes to develop. This can be done in a couple ways; one is to make small code in small packs executed by a “safing plan”—having each individual component be easier to verify goes a long way toward ensuring the security of the system. Don’t have sensors connect directly to objects—instead have them output to the safing plan first, which can establish control and ensure that nothing can be used incorrectly or in unintended ways. Make sure individual software components are sufficiently isolated to minimize the chances of a side-channel attack being viable.

What all of these practices mean, however, is that a system needs to be architected with security in mind from the very beginning. Managers need to emphasize and reward secure development right from the planning stages, or the comprehensive approach required to ensure that a system is as secure as it can be won’t come together. When something in someone else’s software breaks, pay attention—mistakes are costly, but only one person has to make it before others can learn from it and ensure it doesn’t happen again. Experts are experts for a reason—when an independent expert tells you something in your design is not secure, don’t brush them off because the fix is expensive. This is what Green Hills Software does, and it’s how they ensure that their software is secure.

Now, where does Cadence fit into all of this? Cadence has a number of certified secure offerings a user can take advantage of when planning their new designs. The Tensilica portfolio of IP is a great way to ensure basic components of your design are foolproof. As always, the Cadence Verification Suite is great for security verification in both simulation and emulation, and JasperGold platform’s formal apps are a part of that suite as well.

We are entering a new age of autonomous technology, and with that new age we have to update our security measures to match. It’s not good enough to “patch up” security at the end—security needs to beat the forefront of a verification engineer or hardware designer’s mind at all stages of development. For a lot of applications, quite literally, lives are at stake. It’s uncharted territory out there, but with Green Hills Software and Cadence’s tools and secure IP, we can ensure the safety of tomorrow.

i had encountered error message like this before. 

but in liberate, i did not find the entry to input section info. 

માં બ્રહ્મચારિણીએ શ્વેત વસ્ત્ર પહેર્યા છે. એમના એક હાથમાં અષ્ટદળની જપમાળા અને બીજા હાથમાં કમંડલ સુશોભિત છે.

The TRENDnet UltraCam ActiveX Control UltraCamX.ocx suffers from a stack buffer overflow vulnerability when parsing large amount of bytes to several functions in UltraCamLib, resulting in memory corruption overwriting several registers including the SEH. An attacker can gain access to the system of the affected node and execute arbitrary code. Versions TV-IP422WN and TV-IP422W are affected.

G DATA TOTAL SECURITY version 25.4.0.3 suffers from an active-x buffer overflow vulnerability.

Ubuntu Security Notice 4058-1 - It was discovered that Bash incorrectly handled the restricted shell. An attacker could possibly use this issue to escape restrictions and execute any command.

Ubuntu Security Notice 4058-2 - USN-4058-1 fixed a vulnerability in bash. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. It was discovered that Bash incorrectly handled the restricted shell. An attacker could possibly use this issue to escape restrictions and execute any command. Various other issues were also addressed.

Ubuntu Security Notice 4180-1 - It was discovered that Bash incorrectly handled certain inputs. An attacker could possibly use this issue to cause a crash or execute arbitrary code.

This Metasploit module exploits a vulnerability that exists due to a lack of input validation when creating a user. Messages for a given user are stored in a directory partially defined by the username. By creating a user with a directory traversal payload as the username, commands can be written to a given directory. To use this module with the cron exploitation method, run the exploit using the given payload, host, and port. After running the exploit, the payload will be executed within 60 seconds. Due to differences in how cron may run in certain Linux operating systems such as Ubuntu, it may be preferable to set the target to Bash Completion as the cron method may not work. If the target is set to Bash completion, start a listener using the given payload, host, and port before running the exploit. After running the exploit, the payload will be executed when a user logs into the system. For this exploitation method, bash completion must be enabled to gain code execution. This exploitation method will leave an Apache James mail object artifact in the /etc/bash_completion.d directory and the malicious user account.