fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

US Federal Payroll Agency Hacked Using SolarWinds Software Flaw

US Federal Payroll Agency Hacked Using SolarWinds Software Flaw

The FBI has discovered that the National Finance Center (NFC), a U.S. Department of Agriculture (USDA) federal payroll agency, was compromised by exploiting a SolarWinds Orion software flaw, according to a Reuters report.

NFC provides human resources and payroll services to roughly 170 federal agencies and over 650,000 federal employees since 1973.

USDA confirms data breach

The software vulnerability used to break into NFC’s systems is different than the one used by suspected Russian nation-state hackers to compromise the update mechanism of the Orion software to deploy the Sunburst backdoor on SolarWinds customers’ systems.

Even though both the FBI and the USDA declined to provide further comment, the latter confirmed that it had suffered a data breach.

The USDA did, however, provide a statement saying that it “notified all customers (including individuals and organizations) whose data has been affected.”

The threat actors behind the USDA agency hack are suspected to be part of a Chinese-backed hacking group according to Reuters’ sources.

Reuters sources believe the attackers to be based out of China as they utilize infrastructure and tools utilized in previous state-backed Chinese cyberattacks.

Also Read: 15 Best Tools For Your Windows 10 Privacy Settings Setup

Hack exploited flaw used to deploy Supernova backdoor

Although the vulnerability was not named, Reuters reporters said that the suspected Chinese hackers used the same security bug that made it possible for threat actors to deploy the Supernova backdoor on systems where vulnerable versions of the Orion platform had been installed.

“This vulnerability in the Orion Platform has been resolved in the latest updates,” SolarWinds said in an advisory providing information on the Sunburst and Supernova malware.

Organizations that cannot immediately upgrade to these patched versions, can use a script SolarWinds provides in their advisory to temporarily protect their systems against attempts to deploy the malware.

SuperNova was deployed as a DLL file that allowed attackers to remotely send, compile, and execute malicious code on compromised systems.

Supernova backdoor code
Supernova backdoor code (Palo Alto Networks)

Compromised US government targets

The list of U.S. government agencies confirmed as having been hit in the SolarWinds supply-chain attack includes:

Also Read: Going Beyond DPO Meaning: Ever Heard of Outsourced DPO?

Earlier this month, the Administrative Office of the U.S. Courts has also disclosed an ongoing investigation of a potential compromise of the federal courts’ case management and electronic case files system.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us