fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

‘Hack DHS’ Bug Bounty Program Expands to Log4j Security Flaws

‘Hack DHS’ Bug Bounty Program Expands to Log4j Security Flaws

The Department of Homeland Security (DHS) has announced that the ‘Hack DHS’ program is now also open to bug bounty hunters willing to track down DHS systems impacted by Log4j vulnerabilities.

“In response to the recently discovered log4j vulnerabilities, @DHSgov  is expanding the scope of our new #HackDHS bug bounty program and including additional incentives to find and patch log4j-related vulnerabilities in our systems,” tweeted DHS Secretary Alejandro N. Mayorkas.

“In partnership with vetted hackers, the federal government will continue to secure nationwide systems and increase shared cyber resilience.”

Also Read: Got A Notice of Data Breach? Don’t Panic!

The ‘Hack DHS’ bug bounty program was announced last week. It allows vetted cybersecurity researchers to find and report vulnerabilities in external DHS systems, earning rewards of up to $5,000 per reported bug.

Hackers enrolled in this program are required to disclose their findings together with detailed info on the vulnerability, how attackers can potentially exploit it, and how threat actors could use it to access information from DHS systems.

All reported security flaws will be verified by the DHS within 48 hours and be fixed in 15 days or more, depending on their complexity.

The DHS launched its first bug bounty pilot program in 2019 after the SECURE Technology Act was passed into law to require establishing a security vulnerability disclosure policy and a bug bounty program.

CISAJen - Hack DHS Log4j

The decision to expand the ‘Hack DHS’ program comes on the heels of an emergency directive issued by CISA on Friday to order Federal Civilian Executive Branch agencies to patch the actively exploited and critical Log4Shell bug until December 23.

Also Read: A Review of PDPC Undertakings July 2021 Cases

The federal agencies were given five more days until December 28 to report impacted Java products in their environments, including app and vendor names, the apps’ versions, and the actions taken to block exploitation attempts.

CISA provides a dedicated page for the Log4Shell flaw with patching information for vendors and affected organizations, and today the agency released a Log4j scanner to find vulnerable apps.

Together with cybersecurity agencies worldwide and other US federal agencies, CISA also issued a joint advisory with mitigation guidance on addressing the CVE-2021-44228, CVE-2021-45046, and CVE-2021-45105 Log4j security flaws.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us