fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Australian Securities Regulator Discloses Security Breach

Australian Securities Regulator Discloses Security Breach

Image: Pat Whelen

The Australian Securities and Investments Commission (ASIC) has revealed that one of its servers has been accessed by an unknown threat actor following a security breach.

ASIC is an independent Australian government commission tasked with the regulation of insurance, securities, and financial services, as well with consumer protection as Australia’s national corporate regulator.

The commission also maintains a searchable database of business information for several types of organizations. The stored data includes both current and historical info including but not limited to addresses and office locations.

A single server affected by the breach

As ASIC disclosed the incident that took place on January 15th, 2021, is related to Accellion software the commission uses to transfer information.

“It involved unauthorised access to a server which contained documents associated with recent Australian credit licence applications,” ASIC said.

“While the investigation is ongoing, it appears that there is some risk that some limited information may have been viewed by the threat actor.

“At this time ASIC has not seen evidence that any Australian credit licence application forms or any attachments were opened or downloaded.”

In response to the security breach, ASIC has disabled access to the impacted server and is working on providing an alternative credit application submission channel.

The Australian securities regulator is working on bringing the impacted systems back online and on a forensic investigation of the attack with the help of external cybersecurity experts.

The commission said that no other systems besides the affected server have been reached or impacted in the incident.

Also Read: What Is A Governance Framework? The Importance And How It Works

ASIC is working with Accellion and has notified the relevant agencies as well as impacted parties to respond to and manage the incident. – ASIC

Other Accellion customers breached or exposed to attacks

The New Zealand Reserve Bank also disclosed earlier this month that they suffered a data breach after an attacker compromised a file sharing service containing sensitive data, powered by Accellion’s FTA (File Transfer Application).

This is a legacy service deployed on-premise to allow users to share large and sensitive files with external recipients securely.

The vulnerability used to hack New Zealand Reserve Bank’s file sharing service was patched by Accellion on Christmas Eve.

“Accellion resolved the vulnerability and released a patch within 72 hours to the less than 50 customers affected,” the company said in a press release.

Based on these numbers, dozens of other targets might have been compromised by exploiting the same vulnerability.

According to BleepingComputer’s cybersecurity industry sources, Accellion released the patch on December 24th, and the Reserve Bank of New Zealand suffered the breach on December 25th.

Also Read: 5 Self Assessment Tools To Find The Right Professional Fit

Even though Accellion still provides support for the legacy FTA service, it has also been urging customers to migrate to the new Kiteworks platform since at least December 2019.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us