fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

FBI, CISA Officially Confirm US Govt Hacks After SolarWinds Breach

FBI, CISA Officially Confirm US Govt Hacks After SolarWinds Breach

The compromise of multiple US federal networks following the SolarWinds breach was officially confirmed for the first time in a joint statement released earlier today by the FBI, DHS-CISA, and the Office of the Director of National Intelligence (ODNI).

“Over the course of the past several days, the FBI, CISA, and ODNI have become aware of a significant and ongoing cybersecurity campaign,” the US intelligence agencies said [12].

“This is a developing situation, and while we continue to work to understand the full extent of this campaign, we know this compromise has affected networks within the federal government.”

The National Security Council (NSC) has established a Cyber Unified Coordination Group (UCG) following the SolarWinds breach to help the intelligence agencies better coordinate the US government’s response efforts surrounding this ongoing espionage campaign.

To establish the UCG, the NSC used the Presidential Policy Directive-41 and its Annex, both issued in July 2016 by the Obama administration.

“The UCG process facilitates continuous and comprehensive coordination for whole-of-government efforts to identify, mitigate, remediate, and respond to this incident,” NSC spokesman John Ullyot said two days ago.

“The highly-trained and experienced professionals across the government are working diligently on this matter.”

Also Read: Trusted Data Sharing Framework IMDA Announced In Singapore

During this coordinated whole-of-government response effort, the FBI will be the lead for threat response, DHS-CISA will lead all asset response activities, and the ODNI will lead intelligence support and related activities.

The FBI will focus its efforts on collecting additional intelligence on the threat actors behind this compromise campaign and on attributing, pursuing, and disrupting their ongoing cyber-espionage efforts.

DHS-CISA has already issued an Emergency Directive after suspected Russian state-sponsored hackers breached SolarWinds asking federal civilian agencies to immediately disconnect or power down affected SolarWinds Orion products on their networks to block future attacks.

The DHS security agency is the one keeping in contact with all government, private sector, and international partners during the coordinated response efforts, as well as providing resources and information needed to those affected by this campaign to “recover quickly.”

“CISA is engaging with our public and private stakeholders across the critical infrastructure community to ensure they understand their exposure and are taking steps to identify and mitigate any compromises,” the joint statement reads.

Yesterday, BleepingComputer also reported that Microsoft, FireEye, and GoDaddy collaborated to create a kill switch for the SolarWinds backdoor deployed on compromised networks to force the malware to terminate itself.

This backdoor is currently tracked as Solarigate by Microsoft and Sunburst by FireEye, and it was distributed via SolarWinds’ auto-update mechanism onto the systems of roughly 18,000 customers.

The list of victims includes the US Treasury, the US Department of State, US NTIA, US NIH, DHS-CISA, and the US Department of Homeland Security.

Also Read: The Importance Of Knowing Personal Data Protection Regulations

SolarWinds’ customer listing [12] includes over 425 of the US Fortune 500, all top ten US telecom companies, the US Military, the US Pentagon, the State Department, NASA, NSA, Postal Service, NOAA, the US Department of Justice, and the Office of the President of the United States.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us