fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

LastPass owner admits to major security lapse: Customer backups stolen

Lastpass
GoTo, the parent company of LastPass, has disclosed a recent system breach where attackers were able to obtain encrypted backups of clients’ data.

LastPass owner admits to major security lapse: Customer backups stolen

GoTo, LastPass’ parent company, has revealed that attackers acquired encrypted backups from clients during a recent system breach.

LastPass originally confirmed the breach on November 30. At the time, LastPass CEO Karim Toubba stated that an “unauthorized entity” had gotten access to certain user data held in a third-party cloud service that LastPass and GoTo shared. The attackers utilized the August intrusion into LastPass’s systems to access the companies’ shared cloud data further. GoTo, which acquired LastPass in 2015, stated at the time that the company was conducting an investigation.

Given that bad actors do not discriminate, your small business is all the more prone to the advanced tactics that bad actors may use to take down their prey. 

Malware as the culprit

About two months later, in an amended statement, GoTo confirmed that the malware affected a number of its products, including the business communications tool Central, the online meetings service Join.me, the hosted VPN service Hamachi, and the Remotely Anywhere remote access tool.

GoTo reported that the intruders stole encrypted backups of user data from these services and the company’s encryption key for encrypting the data.

“Depending on the product, the compromised information may include account usernames, salted and hashed passwords, a portion of multi-factor authentication (MFA) settings, as well as some product settings and license information,” stated GoTo CEO Paddy Srinivasan. Additionally, Rescue and GoToMyPC’s encrypted databases were not exfiltrated, but the MFA settings of a fraction of their clients were compromised.

Lastpass’ parent company stated that it does not keep credit card or bank account information, nor does it collect personal information such as date of birth, home address, or Social Security numbers. This is in stark contrast to the attack on its subsidiary, LastPass, in which attackers acquired the encrypted password vaults of clients along with their names, email addresses, phone numbers, and some billing information.

GoTo has not disclosed the number of affected consumers. According to GoTo public relations director Jen Mathews, the company has 800,000 customers, including enterprises, but she refuses to answer our further queries. Prior to publication, GoTo spokeswoman Nikolett Bacso-Albaum continually declined to answer or reply to TechCrunch’s questions.

Large companies can be vulnerable to malware attacks; what more if your business is small?

What can we get from this incident?

Large companies can be vulnerable to malware attacks; what more for small businesses? Given that bad actors do not discriminate, your small business is all the more prone to the advanced tactics that bad actors may use to take down their prey. 

Small businesses are particularly vulnerable to malware attacks, as smaller organizations may have less robust security measures in place. It is important for small businesses to take proactive steps to protect their sensitive information and systems from attack. Here are some tips for small businesses to guard against malware:

  1. Keep software up-to-date: This includes the operating system, web browsers, and all other software used by the company. Outdated software can contain security vulnerabilities that attackers can exploit.
  2. Educate employees: Teach employees about the dangers of malware and how to identify phishing scams and other malicious attacks. Emphasize the importance of only downloading software and attachments from trusted sources.
  3. Implement strong passwords: Encourage employees to use strong, unique passwords and to avoid using the same password for multiple accounts. Consider using a password manager to help generate and store strong passwords.
  4. Use antivirus and antimalware software: Install and regularly update antivirus and antimalware software to protect against the latest threats.
  5. Backup data regularly: Regularly backing up important data and storing it off-site can help minimize the damage caused by a malware attack.
  6. Hire a Data Protection Officer (DPO) to ensure that your organisation is PDPA compliant. Appointing a DPO is not only mandatory for all organisations in Singapore, but it also provides several benefits for your company. While you can appoint in-house, there are also benefits to outsourcing data protection officer service.

Data Protection Officer (DPO) oversees data protection responsibilities and ensures that organizations comply with the Personal Data Protection Act (PDPA). Furthermore, every Organization’s DPO should be able to curb any instances of PDPA noncompliance as it is the officer responsible for maintaining the positive posture of an organization’s cybersecurity.

DPOs complement organizations’ efforts to ensure that the organisation’s methods of collecting personal data comply with the PDPA. It also ensures that policies are set in place to make sure that there will be no instances of data breaches in the future.

Don’t wait any longer to ensure your organisation is PDPA compliant. Take our free 3-minute PDPA Compliance Self-audit checklist now, the same “secret weapon” used by our clients to keep them on track. Upon completion, we will send you the results so you can take the necessary action to protect your customers’ data. Complete the free assessment checklist today and take the first step towards protecting your customers’ personal data.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us