fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

US State Dept Employees’ Phones Hacked Using NSO Spyware

US State Dept Employees’ Phones Hacked Using NSO Spyware

Apple has warned US Department of State employees that their iPhones have been hacked by unknown attackers using an iOS exploit dubbed ForcedEntry to deploy Pegasus spyware developed by Israeli surveillance firm NSO Group.

The attacks hit US officials (at least 11 according to the Washington Post) based in or focused on matters concerning the East African country of Uganda and took place in recent months, according to anonymous sources cited by Reuters today.

While NSO canceled the customer accounts behind these intrusions and promised to investigate the attacks, a spokesperson told Reuters—who first reported the attacks—that the company doesn’t know what tools were used in the attack. NSO also declined to name the suspended customers.

“On top of the independent investigation, NSO will cooperate with any relevant government authority and present the full information we will have,” an NSO spokesperson separately told Motherboard.

“To clarify, the installation of our software by the customer occurs via phone numbers. As stated before, NSO’s technologies are blocked from working on US (+1) numbers. Once the software is sold to the licensed customer, NSO has no way to know who the targets of the customers are, as such, we were not and could not have been aware of this case.”

Also Read: 4 Easy Steps To Create Privacy Management Plan For Business

NSO Group full statement
NSO Group’s statement (Joseph Cox)

The news of Department of State employees’ phones being hacked to install Pegasus spyware comes on the heels of the US sanctioning NSO Group and three other companies from Israel, Russia, and Singapore last month for spyware development and selling hacking tools used by state-sponsored hacking groups.

NSO and Candiru have been added to the Commerce Department’s Bureau of Industry and Security (BIS) Entity List for supplying the software used by state hackers to spy on government officials, journalists, and activists.

Positive Technologies from Russia and Computer Security Initiative Consultancy PTE. LTD. from Singapore were sanctioned for the trafficking of exploits and hacking tools.

“Specifically, investigative information has shown that the Israeli companies NSO and Candiru developed and supplied spyware to foreign governments that used this tool to maliciously target government officials, journalists, businesspeople, activists, academics, and embassy workers,” reads the Department of Commerce’s final ruling.

Also Read: What Is Governance Structure: Fundamentals for Gov’t Success

In early November, Apple has also filed a lawsuit against NSO and its parent company for targeting and spying on Apple users with surveillance tech.

For instance, NSO’s ForcedEntry exploit (also used to hack the nine State Dept employees) was employed by state attackers to compromise Apple devices and install Pegasus spyware, as revealed by the Citizen Lab in August.

Apple added at the time that it will notify all users targeted using the ForcedEntry exploit (alerts that were also sent to the hacked State Dept employees) and those who will be targeted in state-sponsored spyware attacks in the future, “in accordance with industry best practices.”

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us