fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Apple Patches Three Actively Exploited iOS Zero-days

Apple Patches Three Actively Exploited iOS Zero-days

Apple has patched today three iOS zero-day vulnerabilities actively exploited in the wild and affecting iPhone, iPad, and iPod devices.

“Apple is aware of reports that an exploit for this issue exists in the wild,” the company said in a security advisory issued today when describing the three flaws.

The list of affected devices includes iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later.

The zero-days were addressed by Apple earlier today, with the release of iOS 14.2, the mobile OS’ latest stable version.

iOS 14.2

Kernel and FontParser bugs

One of the vulnerabilities is a remote code execution (RCE) bug tracked as CVE-2020-27930 and triggered by a memory corruption issue when processing a maliciously crafted font by the FontParser library.

Also Read: By Attending This Event You Agree To Be Photographed

The second iOS zero-day is a kernel memory leak tracked as CVE-2020-27950 and caused by a memory initialization issue that allows malicious applications to gain access to kernel memory.

The third actively exploited bug is a kernel privilege escalation flaw (CVE-2020-27932) caused by a type confusion issue that makes it possible for malicious applications to execute arbitrary code with kernel privileges.

Project Zero, Google’s 0day bug-hunting team, were the ones who discovered and reported the security issues to Apple’s Security team.

“Targeted exploitation in the wild similar to the other recently reported 0days,” said Shane Huntley, Director and Google’s Threat Analysis Group. “Not related to any election targeting.”

More zero-days found by Project Zero

Four other zero-days disclosed or patched during the last two weeks were also discovered by Google’s Project Zero researchers.

Google patched two actively exploited Chrome zero-day flaws (CVE-2020-15999 in the FreeType text-rendering library and CVE-2020-16009 in the WebAssembly and JavaScript engine).

A third one (CVE-2020-16010) caused by a heap buffer overflow in the Android UI was addressed in Chrome for Android 86.0.4240.185, released on Monday.

The Project Zero researchers also disclosed an elevation of privileges (EoP) zero-day in the Windows kernel exploited in the wild, affecting all versions between Windows 7 and Windows 10.

Also Read: What Legislation Exists in Singapore Regarding Data Protection and Security?

A patch for the Windows zero-day should be provided by Microsoft on November 10 during this month’s Patch Tuesday.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us