fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

DHS Orders Federal Agencies To Update SolarWinds Orion Platform

DHS Orders Federal Agencies To Update SolarWinds Orion Platform

The Cybersecurity and Infrastructure Security Agency (CISA) has ordered all US federal agencies to update the SolarWinds Orion platform to the latest version by the end of business hours on December 31, 2020.

CISA’s Supplemental Guidance to Emergency Directive 21-01 demands this from all agencies using Orion versions unaffected in the SolarWinds supply chain attack.

“We issued V2 supplemental guidance to Emergency Directive 21-01,” CISA tweeted. “Agencies using non-affected versions must update to the new version.”

“The National Security Agency (NSA) has examined this version and verified that it eliminates the previously identified malicious code,” the agency said.

“Given the number and nature of disclosed and undisclosed vulnerabilities in SolarWinds Orion, all instances that remain connected to federal networks must be updated to 2020.2.1 HF2 by COB December 31, 2020.”

Also Read: What Is A Governance Framework? The Importance And How It Works

Orion Platform VersionContinued use of SolarWinds Orion permitted at this timeUpdate required?
Affected versions: 2019.4 HF5, 2020.2 RC1, 2020.2 RC2, 2020.2, 2020.2 HF1 (should be powered down or removed from networks based on ED 21-01)NoN/A
All other versions that are currently online (if the instance did not previously use an affected version)YesYes (2020.2.1HF2)

Agencies using non-affected versions must update to the new version since Orion Platform versions 2019.4 HF6 and 2020.2.1 HF2 are designed to protect from both SUNBURST and SUPERNOVA malware.

The latest Orion updates designed to protect against both SUNBURST and SUPERNOVA are:

  • 2019.4 HF 6 (released December 14, 2020)
  • 2020.2.1 HF 2 (released December 15, 2020)
  • 2019.2 SUPERNOVA Patch (released December 23, 2020)
  • 2018.4 SUPERNOVA Patch (released December 23, 2020)
  • 2018.2 SUPERNOVA Patch (released December 23, 2020)

Organizations that cannot immediately upgrade to these patched versions, can use a script provided by SolarWinds in their advisory to temporarily protect their environments against the SUPERNOVA malware.

“CISA will follow up with additional supplemental guidance, to include further clarifications and hardening requirements,” the federal agency added.

The FBI also shared a TLP:WHITE private industry notification [PDF] with info on how system admins and security professionals can check if APT actors have exploited SolarWinds vulnerabilities in their environments.

CISA and cybersecurity firm Crowdstrike also released free malicious activity detection tools to help search for SAML token usage anomalies in audit logs easier and to enumerate Azure tenant assigned privileges.

Also Read: Best Privacy Certification: 3 Simple Steps On How To Achieve

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us