fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Massive Nitro Data Breach Impacts Microsoft, Google, Apple, More

Massive Nitro Data Breach Impacts Microsoft, Google, Apple, More

A massive data breach suffered by the Nitro PDF service impacts many well-known organizations, including Google, Apple, Microsoft, Chase, and Citibank.

Claimed to be used by over 10 thousand business customers and 1.8 million licensed users, Nitro is an application used to create, edit, and sign PDFs and digital documents.

As part of their service offering, Nitro offers a cloud service used by customers to share documents with coworkers or other organizations involved in the document creation process.

Nitro software suffers a data breach

On October 21st, Nitro Software issued an advisory to the Australia Stock Exchange, stating that they were affected by a “low impact security incident” but that no customer data was impacted.

“NITRO ADVISES OF LOW IMPACT SECURITY INCIDENT

* AN ISOLATED SECURITY INCIDENT INVOLVING LIMITED ACCESS TO NITRO DATABASE BY AN UNAUTHORISED THIRD PARTY

* DATABASE DOES NOT CONTAIN USER OR CUSTOMER DOCUMENTS.

* INCIDENT HAS HAD NO MATERIAL IMPACT ON NITRO’S ONGOING OPERATIONS.

* INVESTIGATION INTO INCIDENT REMAINS ONGOING

* NO EVIDENCE CURRENTLY THAT ANY SENSITIVE OR FINANCIAL DATA RELATING TO CUSTOMERS IMPACTED OR IF INFO MISUSED.

* DOES NOT ANTICIPATE A MATERIAL FINANCIAL IMPACT TO ARISE FROM INCIDENT

* INCIDENT IS NOT EXPECTED TO IMPACT CO’S PROSPECTUS FORECAST FOR FY2020″

It turns out that there may be more to the story than initially stated.

Also Read: The Scope Of Singapore Privacy: How We Use It In A Right Way

Cybersecurity intelligence firm Cyble has told BleepingComputer that a threat actor is selling the user and document databases, as well as 1TB of documents, that they claim to have stolen from Nitro Software’s cloud service.

This data is now being sold in a private auction with the starting price set at $80,000.

Cyble states that the ‘user_credential’ database table contains 70 million user records containing email addresses, full names, bcrypt hashed passwords, titles, company names, IP addresses, and other system-related data.

Nitro user database
Nitro user database

BleepingComputer was able to determine the stolen user database’s authenticity by confirming known email addresses of Nitro accounts that were present in the database.

The document database contains a file’s title, whether it was created, signed, what account owns the document, and whether it’s public.

According to Cyble, these databases contains a considerable amount of records related to well-known companies, as illustrated in the table below:

Company# of accounts# of documents
Amazon5,44217,137
Apple5846,405
Citi653137,285
Chase85177
Google3,67832,153
Microsoft3,3302,390

From the samples of the database shared with BleepingComputer, the document titles alone disclose a great deal of information about financial reports, M&A activities, NDAs, or product releases.

Also Read: How To Make A PDPC Complaint: With Its Importance And Impact

M&A documents
M&A documents

If the threat actors stole the documents as they claim, this could be one of the worst corporate data breaches we have seen in a while.

As Nitro is commonly used by businesses to sign sensitive financial, legal, and marketing documents digitally, it could allow for the leaking of information that would significantly impact a company’s business.

BleepingComputer has not been able to confirm if documents were stolen in this attack.

For those who are concerned that their Nitro account is part of this breach, Cyble has added the data to their AmIBreached.com service. Users can submit their email address and check if it was disclosed in the stolen database using this service.

BleepingComputer has contacted Nitro Software with questions regarding the breach but has not received a reply.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us