fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

CISA Orders Federal Agencies to Fix Hundreds of Exploited Security Flaws

CISA Orders Federal Agencies to Fix Hundreds of Exploited Security Flaws

CISA has issued this year’s first binding operational directive (BOD) ordering federal civilian agencies to mitigate security vulnerabilities exploited in the wild within an aggressive timeline.

BOD 22-01 (Reducing the Significant Risk of Known Exploited Vulnerabilities) applies to both software and hardware on internet-facing and non-internet-facing federal information systems, including the ones managed by federal agencies or third parties on an agency’s behalf.

The goal of this government-wide directive is to help both federal agencies and public/private sector organizations keep pace with ongoing threat activity by improving their vulnerability management practices and reducing their exposure to cyberattacks.

Also Read: 13 Special Skills To Become a Front End Developer Singapore

“BIG step forward today in protecting Federal Civilian Networks—Binding Operational Directive (BOD) 22-01 establishes timeframes for mitigation of known exploited vulnerabilities and requires improvements in vulnerability management programs,” said CISA Director Jen Easterly.

“The BOD applies to federal civilian agencies; however, ALL organizations should adopt this Directive and prioritize mitigating vulnerabilities listed on our public catalog, which are being actively used to exploit public and private organizations.”

Agencies ordered to patch 2021 bugs within two weeks

CISA has published a catalog of hundreds of exploited security vulnerabilities that expose government systems to significant risks if successfully abused by threat actors.

Also Read: Top 4 Advantages Of Opting For WordPress Developer Singapore

Agencies are ordered to remediate the security flaws listed in the known exploited vulnerabilities catalog according to the timelines set by CISA:

  • Flaws exploited this year should be patched in the next two weeks, until November 17, 2021.
  • Flaws exploited until the end of 2020 should be fixed within six months, until May 3, 2022.

Currently, the catalog includes 200 vulnerabilities identified between 2017-2020 and 90 from 2021, with CISA to regularly update it with newly discovered ones if they match the following conditions:

  • The vulnerability has an assigned Common Vulnerabilities and Exposures (CVE) ID.
  • There is reliable evidence that the vulnerability has been actively exploited in the wild.
  • There is a clear remediation action for the vulnerability, such as a vendor-provided update.

CISA also ordered federal agencies to review and update their internal vulnerability management procedures within 60 days with today’s directive.

They will also have to submit quarterly reports on the patch status via CyberScope or the CDM Federal Dashboard, with a change to bi-weekly reporting for agencies that haven’t migrated away from CyberScope until October 1, 2022.

“Vulnerabilities that have previously been used to exploit public and private organizations are a frequent attack vector for malicious cyber actors of all types,” CISA said.

“These vulnerabilities pose significant risk to agencies and the federal enterprise. It is essential to aggressively remediate known exploited vulnerabilities to protect federal information systems and reduce cyber incidents.”

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us