fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

CISA Orders Federal Agencies to Update iPhones, Macs until Feb 25th

CISA Orders Federal Agencies to Update iPhones, Macs until Feb 25th

The US Cybersecurity and Infrastructure Security Agency (CISA) has added a new flaw to its catalog of vulnerabilities exploited in the wild, an Apple WebKit remote code execution bug used to target iPhones, iPads, and Macs.

According to the binding operational directive (BOD 22-01) issued by CISA in November, federal agencies are now required to patch their systems against this actively exploited vulnerability impacting iOS, iPadOS, and macOS devices.

CISA said that all Federal Civilian Executive Branch Agencies (FCEB) agencies have to patch the vulnerability tracked as CVE-2022-22620 [12] until February 25th, 2022.

Also Read: 4 Things to Know When Installing CCTVs Legally

“These types of vulnerabilities are a frequent attack vector for malicious cyber actors of all types and pose significant risk to the federal enterprise,” the cybersecurity agency said.

“Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice.”

Yesterday, CISA also asked FCEB agencies to patch 15 other vulnerabilities tagged as being under active exploitation, with CVE-2021-36934 — a Microsoft Windows SAM (Security Accounts Manager) bug allowing privilege escalation and credential theft — having a February 24th patch deadline.

Third zero-day patched by Apple this year

The CVE-2022-22620 is the third zero-day Apple has patched since the start of 2022 and is a WebKit Use After Free issue exploitable for OS crashes and code execution on vulnerable devices.

Successful exploitation enables attackers to execute arbitrary code on iPhones, iPads, and Macs after opening maliciously crafted web pages using Safari.

“In particular, all browsers for iOS and iPadOS are based on this open source engine — that is, not only iPhone’s default Safari, but also Google Chrome, Mozilla Firefox and any others,” Kaspersky said today. “So even if you do not use Safari, this vulnerability still affects you directly.”

Also Read: 5 Most Frequently Asked Questions About Ransomware

“Apple is aware of a report that this issue may have been actively exploited,” the company added when describing the zero-day.

Apple has addressed the vulnerability with improved memory management in iOS 15.3.1, iPadOS 15.3.1, and macOS Monterey 12.2.1.

The complete list of impacted devices is quite extensive, and it includes iPhone 6s and later, multiple iPad models, and Macs running macOS Monterey.

Even though this flaw was likely only used in a small number of targeted attacks, it’s still highly recommended to install the updates as soon as possible to block potential attack attempts, just as CISA urged earlier today.

In January, Apple also patched two other actively exploited zero-days that can let attackers track browsing activity and users’ identities in real-time (CVE-2022-22594) and gain arbitrary code execution with kernel privileges (CVE-2022-22587).

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us