Pkrevenue.com

Tag: PRAL

  • PRAL identifies vulnerabilities in Google Chrome; issues advisory

    PRAL identifies vulnerabilities in Google Chrome; issues advisory

    ISLAMABAD: The Pakistan Revenue Automation Pvt Limited (PRAL) has identified multiple vulnerabilities in Google Chrome, which are the most severe as those could allow for arbitrary code execution.

    Google Chrome is a web browser used to access the internet.

    In an advisory note issued on Wednesday, the PRAL said that the successful exploitation of the most severe of these vulnerabilities could allow an attacker to execute arbitrary code in the context of the browser.

    Depending on the privileges associated with the application, an attacker could view, change or delete data.

    “If this application has been configured to have fewer user rights on the system, exploitation of the most severe of these vulnerabilities could have less impact than if it was configured with administrative rights,” the PRAL said.

    PRAL is providing taxation services to the Federal Board of Revenue (FBR) and other provincial revenue authorities.

    The PRAL said that Google Chrome versions prior to 88.0.4324.182 were affected by the vulnerabilities.

    In order to ensure prevention against the vulnerabilities, the PRAL recommended the following:

    01. FBR IT Security Policy sanctioned by Member (IT) –FBR, must be strictly followed.

    02. Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack. It is highly recommended that the computer system must be registered with LAN’s Active Directory server.

    03. Avoid clicking unknown links and downloading attachments sent by anonymous users.

    04. use of third-party antivirus is strictly prohibited. Only approved licenses of antivirus software must be installed on desktop PCs.

    05. Always avoid using a suspicious USB flash stick. In case one needs to use the USB flash stick, then always scan the USB using approved antivirus software.

    06. Regular update operating system, antivirus software, internet browsers and MS Office and disable macros.

    07. Keep windows firewall enabled on the desktop computer system.

    08. All sensitive information should be handled with care and dissemination to all concerned be done through secure means.

    09. Use of official email is highly recommended.

    10. Change the password of the receptive accounts regularly.

    11. Always memorize the passwords, never write them.

    12. Maintain regular offline backups or centralized offline backup of critical data.

    13. Be aware of pop-ups in internet browsers or desktop screens and never enter confidential information in a pop-up screen.

  • Duty, tax above Rs1 million made mandatory through e-payment

    Duty, tax above Rs1 million made mandatory through e-payment

    KARACHI: The payment duty and taxes amounting above Rs1 million has been made mandatory through the electronic mode from January 20, 2021, said Wajid Ali, Director General, Reforms and Automation, Federal Board of Revenue (FBR).

    At a meeting with members of the Federation of Pakistan Chambers of Commerce and Industry (FPCCI), Wajid Ali said that the online system was introduced through a procedure in 2017 in collaboration with the State Bank of Pakistan (SBP), a statement said on Thursday.

    This system is connected with the WeBOC and payment of taxes can be made by pay orders and cash to create a balance.

    Such procedures are already adopted by a number of countries worldwide. The system is operated by a unique ID which is called a PSID number issued to the relevant users who are connected to approximately 16000 different branches of the relevant bank across Pakistan.

    In order to further ease the payment of taxes, the system is also supported by easy paisa / OTC on a mobile phone to the users as well and the facility through this system is available with the taxpayers on the basis of 24/7.

    No drastic adoption of the system was observed last year by the users and in order to enforce the online payment by the system, it is now automated in such a way that the payment of taxes beyond Rs. 1 million cannot be made through the old system of payment of taxes.

    “It is, therefore, mandatory to the taxpayers that they are bound to get PSID number if the amount of taxes to be paid accedes Rs. 1 million or above,” he added.

    The last date to adopt the new system by the taxpayers is January 20, 2021, as announced by the FBR so that the payment of taxes may be made more effective and transparent.

    This will also ease to compile the statistical data relating to revenue collection within no time. At present now 22 percent of the collection of taxes is being carried out with the help of a new electronic system and it is not out of place to mention that positive feedback is coming in from the taxpayers who are already using the facility.

    Mian Nasser Hyatt Maggo President, FPCCI appreciated Pakistan Revenue Automation Private Limited (PRAL) for improving ease of doing business and facilitating the business industry while presiding the meeting of FPCCI Standing Committee on Customs headed by Shabbir Hassan Mansha.

    He further said when it comes to business endeavors every business person has to deal with Customs, FBR, and SBP.

    Most people are confused by the complexity of processes. The meeting expects the experts to disentangle the process complications.

    A team of experts from Pakistan Customs and Pakistan Revenue Automation Private Limited (PRAL) joined FPCCI Head Office, Karachi the in the meeting of FPCCI Standing Committee on Customs, for a presentation with FPCCI member trade bodies across Pakistan simultaneously at FPCCI Head Office Karachi (Chair), Capital Office Islamabad and Regional Offices at Lahore, Peshawar & Quetta via Zoom Link to deliver the presentation.

    The team members include Mr. Wajid Ali, Director General, Reforms & Automation, FBR; Sanaullah Abro, Director Reforms & Automation, and Arshad Hussain, Sr. Manager, PRAL, Customs House, Karachi along with representative of State Bank of Pakistan (SBP).

    The presentation was attended by the trade bodies from all over Pakistan on Zoom.

    In the meantime, the trade bodies were also briefed by the other team members including representatives from the State Bank as to how to adopt the new system with minimum hurdles.

    During the question-answer session, the representatives of trade bodies from all over Pakistan were invited to share their views and queries in this respect. In general, the trade bodies have shown their interest and shown their willingness to register themselves within the newly adopted system of payment of taxes.

    The views were also shared by the representatives of trade bodies via Zoom Link from all FPCCI Stations who were present on Zoom.

    Shabbir Hassan Mansha, Convener, FPCCI Central Standing Committee on Customs informed that his committee will organize more sessions relevant to Customs, and SBP to enhance the knowledge and relevant information on the subject.

    Khurram Ijaz former vice president FPCCI while presenting the vote of thanks to the participants and the experts’ said that a close liaison between the FBR and SBP and trade bodies should be maintained by appointing a focal person from FBR and SBP respectively for the ease of trade.

  • PRAL issues cyber security advisory for FBR officials working from home

    PRAL issues cyber security advisory for FBR officials working from home

    ISLAMABAD: Pakistan Revenue Automation (Pvt) Limited (PRAL) has issued cyber security advisory for officials of Federal Board of Revenue (FBR), who are working from home in the wake of resurgence of coronavirus.

    In its advisory issued on Thursday, the PRAL said that switching to remote working because of the ongoing coronavirus pandemic can create cyber security problems for an organization like FBR and its employees.

    Attackers are exploiting the situation, so look out for phishing emails, scams and other hacking attempts.

    “A new type of phishing attack is rising which is focusing on coronavirus (COVID-19). Adversaries’ sends phishing & spam emails to users to open the infected word document claiming an update report from World Health Organization (WHO) of Pakistani Health Authorities.”

    Therefore, all FBR resources who are authorized by the competent authority to Work From Home are directed to adhere to the following strategy points:

    01. Avoid public Wi-Fi networks and use PRAL recommended VPN for secure communications.

    02. Use of remote desktop software such as Teamviewer, Anydesk, etc. are strictly prohibited.

    03. Make sure you are using a secure connection for your work from home environment.

    04. Keep password strong and change it regularly. Always memorize the password, never write it.

    05. Enable two factor (2FA) or multi-factor authentication, wherever possible.

    06. Encrypt your home PC hard drive and USB sticks to safe data in case of theft.

    07. Keep your home PC operating system patched. Install & update your home PC with top-rated antivirus, anti-malware and firewalls. You may also get latest freeware antivirus and other security software from PRAL technical support team.

    08. Check all security software is up to date in your home PC. Privacy tools, add-ons for browsers and other patches need to be checked regularly.

    09. All work from home resources are advised to communicate using official FBR email only.

    10. All FBR remote workers are advised to be suspicious of any emails asking them to check or renew their password and login credentials, even if they seem to come from a trusted source.