fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

SolarWinds Hackers Breached US Treasury Officials’ Email Accounts

SolarWinds Hackers Breached US Treasury Officials’ Email Accounts

US Senator Ron Wyden said that dozens of US Treasury email accounts were compromised by the threat actors behind the SolarWinds hack.

The statement was issued after the US Treasury Department and the Internal Revenue Service (IRS) briefed the Committee staff on the SolarWinds supply chain attack.

While no evidence was found that the IRS itself or any taxpayers’ data was compromised as part of this ongoing hacking campaign, the senator said that “the hack of the Treasury Department appears to be significant.”

Dozens of Treasury email accounts breached

“According to Treasury staff, the agency suffered a serious breach, beginning in July, the full depth of which isn’t known,” Wyden, a ranking member of the Senate Committee on Finance, said. “Microsoft notified the agency that dozens of email accounts were compromised.”

The senator also added that the SolarWinds hackers also breached the systems in the Departmental Offices division of the US Treasury, a department that is the “home to the department’s highest-ranking officials.”

“Treasury still does not know all of the actions taken by hackers, or precisely what information was stolen,” Wyden added.

Also Read: Going Beyond DPO Meaning: Ever Heard of Outsourced DPO?

Treasury Secretary Steven Mnuchin also told CNBC when asked about the Treasury being hacked that Treasury has not yet found evidence of compromise of classified systems.

“I will say the good news is there’s been no damage, nor have we seen any large amounts of information displaced,” Mnuchin said.

Finally, after years of government officials advocating for encryption backdoors, and ignoring warnings from cybersecurity experts who said that encryption keys become irresistible targets for hackers, the USG has now suffered a breach that seems to involve skilled hackers stealing encryption keys from USG servers.

— Senator Ron Wyden

List of SolarWinds victims slowly growing

After the SolarWinds supply chain compromise was discovered, multiple organizations disclosed that they were breached by the hackers including FireEyeMicrosoft, and VMware.

Microsoft also found that the networks of over 40 of its customers were breached in this series of ongoing attacks, 80% of them from the US and 44% in the IT sector.

However, only FireEye was targeted for the second stage of the attack and had information stolen from its systems by the threat actors who orchestrated the attacks (tracked by FireEye as UNC2452 and by Volexity as Dark Halo).

The known list of organizations hit in the SolarWinds hack has slowly increased since the attack as new information is revealed while investigating forensic evidence.

Also Read: 5 Common Sections in an Agreement Form Example

At the moment it also includes US states and government agencies which have confirmed that their networks were breached:

Security researchers and cybersecurity have also shared several lists of SolarWinds victims over the weekend after cracking the malware’s domain generation algorithm (DGA).

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us