fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Nissan NA Source Code Leaked Due To Default admin:admin Credentials

Nissan NA Source Code Leaked Due To Default admin:admin Credentials

Multiple code repositories from Nissan North America became public this week after the company left an exposed Git server protected with default access credentials.

The entire collection is around 20 gigabytes large and contains source code for mobile apps and various tools used by Nissan internally for diagnostics, client acquisition, market research, or NissanConnect services.

It is unclear if Nissan learned about the leak by itself or received a tip, but the company took down the insecure server on Tuesday before media outlets started publishing news of the incident.

Complete git repos dump

Swiss developer and reverse engineer Tillie Kottmann, who maintains a repository of leaked source code from various sources and their scouting of misconfigured devops tools, posted a summary of the Nissan leak:

  • Nissan NA Mobile apps
  • Parts of the ASIST Diagnostic System software
  • Dealer Business Systems/Dealer Portal
  • Nissan internal core mobile library
  • Nissan/Infiniti NCAR/ICAR services
  • Client acquisition and retention tools
  • Sale/market research tools and data
  • Various marketing tools
  • Vehicle logistics portal
  • Vehicle connected services/Nissan connect things
  • Various other backends and internal tools

Also Read: Trusted Data Sharing Framework IMDA Announced In Singapore

Kottmann told BleepingComputer that someone had informed them of the server and the admin/admin access credentials. Once the word got out, a torrent link for Nissan source code collection started being shared online; so despite Nissan’s effort, the data remains in the hands of unauthorized third-parties.

Repository pulled

In a conversation with Kottmann, they said that the company contacted them about hosting the repositories and that they would likely remove them. It happened on Thursday.

The developer told us on a different occasion that they comply with takedown requests and are even willing to provide tips for improving the security of a company’s infrastructure if asked.

Their public repository on GitLab contains folders with data from big companies like Pepsi, Toyota, SunTech, AMD, Motorola, Mediatek, Sierra Nevada Corporation, or the U.S. Air Force Research Laboratory.

Although not all folders have sensitive data they may contain information meant to be private or that could lead to protected assets.

Also Read: Data Protection Authority GDPR: Everything You Need To Know

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us