fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

European Banking Authority Discloses Exchange Server Hack

European Banking Authority Discloses Exchange Server Hack

The European Banking Authority (EBA) took down all email systems after their Microsoft Exchange Servers were hacked as part of the ongoing attacks targeting organizations worldwide.

EBA is part of the European System of Financial Supervision and it oversees the integrity orderly functioning of the EU banking sector.

“The Agency has swiftly launched a full investigation, in close cooperation with its ICT provider, a team of forensic experts and other relevant entities,” EBA said.

“The EBA is working to identify what, if any, data was accessed. Where appropriate, the EBA will provide information on measures that data subjects might take to mitigate possible adverse effects.”

An initial advisory published Sunday said that the attackers might have gained access to personal information stored on the email servers.

However, an update issued today added that forensic experts had found no signs of data exfiltration.

“The EBA investigation is still ongoing and we are deploying additional security measures and close monitoring in view of restoring the full functionality of the email servers,” the EU agency said.

Also Read: 15 Best Tools For Your Windows 10 Privacy Settings Setup

“At this stage, the EBA email infrastructure has been secured and our analyses suggest that no data extraction has been performed and we have no indication to think that the breach has gone beyond our email servers.”

Widespread attacks targeting organizations worldwide

Last week, Microsoft patched multiple zero-day vulnerabilities affecting on-premises versions of Microsoft Exchange Server and exploited in ongoing attacks coordinated by multiple state-sponsored hacking groups.

At first, Microsoft only linked the attacks to a China state-sponsored hacking group dubbed Hafnium.

In an update to the blog post, the company says several other threat actors exploit the recently patched Exchange flaws in similar campaigns.

While Hafnium’s targets’ identities are not yet known, Microsoft has shared a list of previously targeted industry sectors.

“Historically, Hafnium primarily targets entities in the United States for the purpose of exfiltrating information from a number of industry sectors, including infectious disease researchers, law firms, higher education institutions, defense contractors, policy think tanks, and NGOs,” Microsoft VP Tom Burt said.

The Chinese-backed APT27, Bronze Butler (aka Tick), and Calypso are also attacking unpatched Exchange servers, according to Slovak internet security firm ESET, who says that it also detected other state-sponsored groups it couldn’t identify.

CISA also warned of “widespread domestic and international exploitation of Microsoft Exchange Server vulnerabilities” on Saturday, urging admins to use Microsoft’s IOC detection tool to detect signs of compromise in their organizations.

The attackers deploy web shells that allow them to gain remote access to a compromised server and to the internal network, even after the servers are patched.

Also Read: Going Beyond DPO Meaning: Ever Heard of Outsourced DPO?

Microsoft has updated their Microsoft Safety Scanner (MSERT) tool to detect web shells deployed in these attacks and a PowerShell script to search for indicators of compromise (IOC) in Exchange and OWA log files.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us