fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Mimecast Links Security Breach To SolarWinds Hackers

Mimecast Links Security Breach To SolarWinds Hackers

Email security company Mimecast has confirmed today that the threat actor behind the SolarWinds supply-chain attack is behind the security breach it disclosed earlier this month.

“Our investigation has now confirmed that this incident is related to the SolarWinds Orion software compromise and was perpetrated by the same sophisticated threat actor,” Mimecast said.

“Our investigation also showed that the threat actor accessed, and potentially exfiltrated, certain encrypted service account credentials created by customers hosted in the United States and the United Kingdom.

“These credentials establish connections from Mimecast tenants to on-premise and cloud services, which include LDAP, Azure Active Directory, Exchange Web Services, POP3 journaling, and SMTP-authenticated delivery routes.”

The company added that there is no evidence that any of the encrypted credentials accessed during the breach were decrypted or misused.

However, United States and United Kingdom Mimecast customers are advised to reset credentials to prevent potential attacks from abusing them.

Also Read: What Is A Governance Framework? The Importance And How It Works

The threat actor that coordinated the SolarWinds supply-chain attacks is tracked as StellarParticle (CrowdStrike), UNC2452 (FireEye), SolarStorm (Palo Alto Unit 42), and Dark Halo (Volexity).

While its identity remains unknown, a joint statement issued by the FBI, CISA, ODNI, and the NSA says that it is likely a Russian-backed Advanced Persistent Threat (APT) group.

Kaspersky also made a connection between the Russian Turla hacking group and the SolarWinds hackers after finding feature overlaps between the Sunburst backdoor and the Kazuar backdoor linked to Turla in the past.

Attack discovered following a Microsoft notification

The company was alerted by Microsoft that some of its self-issued certificates customers use to authenticate to a subset of Mimecast’s products were compromised.

While the exact number of affected customers using the stolen certificates to secure the connection to the Microsoft 365 cloud was not disclosed, Mimecast said that roughly 10 percent of their customers “use this connection.”

Mimecast’s products are currently used by more than 36,000 customers, with 10% of them amounting to roughly 3,600 impacted customers.

The company found evidence that “a low single-digit number of our customers’ M365 tenants were targeted” by the SolarWinds hackers.

Mimecast reached out to these customers to remediate and address this issue and, according to today’s update, “[t]he vast majority of these customers have taken this action, and Microsoft has now disabled use of the former connection keys for all affected Mimecast customers.”

Also Read: Website Ownership Laws: Your Rights And What These Protect

One week ago, cybersecurity firm Malwarebytes also confirmed that the SolarWinds hackers were able to gain access to some internal company emails.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us