Author: Admin
he recent ransomware attack on Indonesia’s national data center has exposed critical vulnerabilities in our digital infrastructure, raising alarming questions about the security of our government’s most sensitive information systems.As we grapple with the aftermath of this breach, it is crucial to delve deeper into the potential root causes that may have allowed such a devastating attack to occur. At the heart of this incident lies a complex interplay of technical vulnerabilities and human factors. The attackers likely exploited a technique known as “privilege escalation”, a method whereby they gain initial access to a system, often through seemingly innocuous means,…
July 4, 2024Information hallVulnerability / Critical Infrastructure Microsoft has identified two security flaws in Rockwell Automation PanelView Plus that could arm remote, unauthenticated attackers to execute arbitrary code and trigger a Denial of Service (DoS) condition. “The (remote code execution) vulnerability in PanelView Plus includes two custom classes that can be exploited to download and install a malicious DLL on a device,” security researcher Yuval Gordon said. “The DoS vulnerability exploits the same custom class to send a crafted buffer that the device cannot process properly, resulting in a DoS.” The list of disadvantages is as follows – CVE-2023-2071 (CVSS…
The increasing incidence of data breaches across government and private sectors in Indonesia has underscored the need for stringent data protection protocols. In 2022, more than 21,000 companies in Indonesia experienced data breaches. The incidents affected critical sectors, including healthcare, finance, e-commerce and utilities, and highlighted widespread cybersecurity challenges for the country’s business operations. In one notable incident, the healthcare sector encountered significant security breaches due to unauthorized access to the electronic health alert card (e-HAC) system and the Social Health Insurance Administration Body. In addition to data breaches, the government’s potential misuse of data for surveillance and its risks…
3 retail executives compare notes on rapid tech-driven growth of e-commerce at Retail Asia Forum. WITH e-commerce set to continue its rapid growth in Indonesia, a report by GlobalData predicts a 15.5% surge in the market for 2024, driven by a shift towards online shopping. The market saw an 18.3% increase in 2023, reaching $37.6 billion (IDR 573 trillion), and is projected to hit $43.4 billion (IDR 661.9 trillion) this year, indicating the rising popularity of e-commerce amongst Indonesians. This trend was echoed by Budi Primawan, vice chairperson of the Indonesian e-commerce association (idEA), who observed that the e-commerce landscape…
by Fintech News Indonesia March 11, 2024 In the dynamic landscape of Indonesia’s digital revolution, the exponential growth of digital payments has generated an increased demand for robust mobile app security solutions. As financial institutions navigate the challenges of securing sensitive financial information and user data, a great responsibility emerges to safeguard both. Mobile app security is no longer an afterthought; it’s the cornerstone of trust and sustainable growth in the competitive financial industry. Indonesia, with its vibrant digital landscape and skyrocketing mobile adoption, offers a wealth of opportunities for businesses. However, a challenge presents itself: the ever-evolving threat to…
In late 2022, the Indonesian government took an important step in unifying the country’s data protection regulations that were previously regulated in separate laws and sectoral regulations. On October 17, 2022, this was enacted into a single personal data protection law through Law No. 27 of 2022 on personal data protection (“PDP Law”). The enactment of PDP Law which references the provisions set out under the European Union’s General Data Protection Regulation (“EU GDPR”) is intended to guarantee the rights of every individual to have adequate protection over their data. What is personal data? The PDP Law defines personal data…
Indonesia’s communications and informatics minister, Budi Arie Setiadi, is facing public pressure to resign following a large-scale ransomware attack on the country’s national data center that disrupted over 200 institutions, including government agencies. A petition urging Setiadi to step down was signed by over 18,500 Indonesians since it was launched last week by the local digital rights organization Southeast Asia Freedom of Expression Network (SAFEnet). “As a state institution responsible for data and information management, including security, the Ministry of Communication and Information Technology should also be held accountable for the current ransomware attack,” the petition said. “For this reason,…
A cyber attacker compromised Indonesia’s national data centre, disrupting immigration checks at airports, and asked for a US$8 million ($12 million) ransom, the country’s communications minister told Reuters. The attack disrupted several government services, most notably at airports last week, … Hi! You’ve reached one of our premium articles. This is available exclusively to subscribers. It’s free to register, and only takes a few minutes. Once you sign up you’ll have unlimited access to the full catalogue of Australia’s best business IT content, as well as a daily news bulletin delivered straight to your inbox. Register now Already have an…
July 5, 2024Information hallNetwork Security / Cyber Attack Cybersecurity researchers have discovered a new botnet called Zergeca that is capable of conducting distributed denial of service (DDoS) attacks. Written in Golang, the botnet is named so for a reference to a string named “ootheca” present on the command and control (C2) servers (“ootheca(.)pw” and “ootheca(.)top”). “Functionally, Zergeca is not just a typical DDoS botnet; in addition to supporting six different attack methods, it also has capabilities for proxy, scanning, self-updating, storage, file transfer, reverse shell, and gathering sensitive device information.” — QiAnXin XLab. team said in the report. Zergeca is…
With the implementation of Law No. 27 of 2022 on Personal Data Protection (“PDP Law”), both personal data controllers and personal data processors are mandated to provide external notification to personal data subjects, demonstrating organizational transparency in handling personal data. This notification, commonly known as a privacy notice, is typically accessible on the personal data controller’s or personal data processor’s website, mentioned either as a privacy notice or privacy policy. A privacy notice serves as an external document, informing visitors about the utilization of their data and outlining their data privacy rights. Meanwhile, a privacy policy functions as an internal…