fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Microsoft Confirms Breach In SolarWinds Hack, Denies Infecting Others

Microsoft Confirms Breach In SolarWinds Hack, Denies Infecting Others

Microsoft has confirmed that they were hacked in the recent SolarWinds attacks but denied that their software was compromised in a supply-chain attack to infect customers.

This past weekend it was discovered that Russian state-sponsored hackers breached SolarWinds and used their auto-update mechanism to distribute a backdoor to clients.

This malicious software is a backdoor tracked as Solarigate (Microsoft) or Sunburst (FireEye) and reached the infrastructure of approximately 18,000 customers, including the U.S. Treasury, US NTIA, and the U.S. Department of Homeland Security.

Tonight, Reuters released a report stating that sources indicated that Microsoft was not only compromised in the SolarWinds supplychain attack but also had their software modified to distribute malicious files to its clients.

In a statement to BleepingComputer, Microsoft confirmed that they detected malicious SolarWinds binaries in their environment but denies that their systems were used to compromise customers.

“Like other SolarWinds customers, we have been actively looking for indicators of this actor and can confirm that we detected malicious Solar Winds binaries in our environment, which we isolated and removed. We have not found evidence of access to production services or customer data. Our investigations, which are ongoing, have found absolutely no indications that our systems were used to attack others,” Microsoft told BleepingComputer.

Also Read: Key PDPA Amendments 2019/2020 You Should Know

The known list of organizations that were hit by the SolarWinds supply chain attack include:

  • FireEye
  • U.S. Department of the Treasury
  • U.S. National Telecommunications and Information Administration (NTIA)
  • U.S. Department of State 
  • The National Institutes of Health (NIH) (Part of the U.S. Department of Health)
  • U.S. Cybersecurity and Infrastructure Security Agency (CISA)
  • U.S. Department of Homeland Security (DHS)
  • U.S. Department of Energy (DOE)
  • U.S. National Nuclear Security Administration (NNSA)
  • Three US states (Specific states are undisclosed)
  • Microsoft

As SolarWinds’ network management products are used by a wide range of organizations worldwide, we can expect to see further victims in the coming weeks.

It is reported that a Russian hacking group has allegedly attacked the City of Austin, but there is no indication that they are related to the SolarWinds breach.

Also Read: The 5 Benefits Of Outsourcing Data Protection Officer Service

12/17/20: Updated with statement from Microsoft and warnings to not disable Windows Update.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us