fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

OpenWRT Forum User Data Stolen In Weekend Data Breach

OpenWRT Forum User Data Stolen In Weekend Data Breach

The OpenWRT forum, a large community of enthusiasts of alternative, open-source operating systems for routers, announced a data breach.

Forum administrators posted the announcement in a high-visibility area, explaining what happened and the risks to users stemming from exposing their data.

Good password not enough

The attack occurred on Saturday, around 04:00 (GMT), when an unauthorized third party gained admin access to and copied a list with details about forum users and related statistical information.

The intruder used the account of an OpenWRT administrator. The intruder used the account of an OpenWRT administrator. Although the account had “a good password,” additional security provided by two-factor authentication (2FA) was not active.

Email addresses and handles of the forum users have been stolen, the moderators say. They add that they believe the attacker was not able to download the forum database, meaning that passwords should be safe.

However, they reset all the passwords on the forum just to be on the safe side and invalidated all the API keys used for project development processes.

Also Read: How To Prevent WhatsApp Hack: 7 Best Practices

Users have to set the new password manually from the login menu by providing their user name and following the “get a new password” instructions. Those logging in using GitHub credentials are advised to reset or refresh it.

The OpenWRT forum credentials are separate from the Wiki. Currently, there is no suspicion that the Wiki credentials have been compromised in any way.

OpenWRT forum administrators warn that since this breach exposed email addresses, users may become targets of credible phishing attempts.

“That means you may get phishing emails that include your name. DO NOT click links, but instead manually type the URL of the forum,” the announcement advises.

“We apologize for the inconvenience caused by this attack. We will provide updates if we learn any more about the attacker or information that was disclosed” – OpenWRT forum moderators

OpenWRT is a Linux-based, community-maintained firmware project that provides custom software for a wide range of routers. It is suitable for enthusiasts that want to unlock advanced options supported by their router.

Furthermore, its maintainers are often quicker at addressing security issues than the router vendors. Since the number of devices running custom firmware is smaller and they tend to be more secure, attacks against them are less likely.

Also Read: 15 Best Tools For Your Windows 10 Privacy Settings Setup

Loading custom firmware on a router, though, requires some technical knowledge and more often than not voids the warranty of the device.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us