fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

FBI Warns of Iranian Hackers Looking to Buy US Orgs’ Stolen Data

FBI Warns of Iranian Hackers Looking to Buy US Orgs’ Stolen Data

The Federal Bureau of Investigation (FBI) warned private industry partners of attempts by an Iranian threat actor to buy stolen information regarding US and worldwide organizations.

The warning came in a private industry notification (PIN) marked as TLP:AMBER, seen by BleepingComputer earlier this week.

According to the FBI, the threat actor will likely use the leaked data (e.g., emails and network info) bought from clear and dark web sources to breach the systems of related organizations.

The FBI says that US organizations that had data stolen and leaked online before should expect to be targeted in future attacks coordinated by this unnamed Iranian threat actor.

Also Read: The Top 4W’s of Ethical Hacking

Orgs at risk are advised to take mitigation measures to block hacking attempts by securing Remote Desktop Protocol (RDP) servers, Web Application Firewalls, and Kentico CMS installations targeted by this adversary.

Among the Tactics, Techniques, and Procedures (TTPs) used in attacks by this threat actor since May 2021, the FBI mentions the use of auto-exploiter tools used to compromise WordPress sites to deploy web shells, breaching RDP servers and using them to maintain access to victims’ networks.

This threat actor is also attempting to breach supervisory control and data acquisition (SCADA) systems with the help of common default passwords, according to the FBI.

Links to previous Iran-backed hacking activity

While the FBI did name the Iranian threat actor in the PIN, the use of site pentest tools and vulnerability scanners such as Acunetix and SQLmap to find insecure servers links it to previous campaigns coordinated by Iranian state-backed hacking group.

For instance, another unnamed Iranian hacking group used similar tools to steal voter registration data from state election sites between September and October 2020.

That voter info was later used to impersonate the far-right Proud Boys organization and send threatening emails to Democratic voters warning that they must vote for Trump or face the consequences.

Also Read: What is Social Engineering and How Does it Work?

The FBI’s Cyber Division also warned in a private industry notification issued last week that ransomware gangs have compromised the networks of several tribal-owned casinos, taking down their servers and disabling connected systems.

The same week, the federal agency also alerted the public that criminals are increasingly using cryptocurrency ATMs and QR codes for fraud, making it harder for law enforcement to recover the victims’ financial losses.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us