fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Sophos Alerts Customers Of Info Exposure After Security Breach

Sophos Alerts Customers Of Info Exposure After Security Breach

British cybersecurity and hardware company Sophos has emailed a small group of customers to alert them that their personal information was exposed following a security breach discovered on Tuesday.

The exposed customer data was accessible to unauthorized parties due to a misconfigured “tool” used by the company to store information by users who reached out to the company’s support team.

Only a small subset of customers affected

“On November 24, 2020, Sophos was advised of an access permission issue in a tool used to store information on customers who have contacted Sophos Support,” the company said in the notification email.

“As a result, some data from a small subset of Sophos customers was exposed. We quickly fixed the issue.”

Sophos did not provide any information on who discovered and disclosed the insecure storage tool or on the exact number of customers who had their personal info exposed due to this security breach.

The exposed data includes customers’ first and last names, email addresses, and their contact phone number if it was provided to Sophos Support.

The company also said that the customer support information is no longer exposed after remediation measures were taken to stop the data exposure.

Sophos breach notification
Sophos breach notification

“At Sophos, customer privacy and security are always our priority,” the cybersecurity firm added. “We are contacting all affected customers.”

Also Read: The 5 Benefits Of Outsourcing Data Protection Officer Service

“Additionally, we are implementing additional measures to ensure access permission settings are continuously secure.”

Not the first security incident this year

Earlier this year, Sophos fixed a zero-day SQL injection vulnerability in their XG Firewall following reports that hackers were actively exploiting it in attacks.

A new Trojan malware, dubbed Asnarök by Sophos researchers, exploited the zero-day to try and steal firewall usernames and hashed passwords from XG Firewall users starting with April 22, 2020.

The same Sophos XG firewall zero-day was also exploited in failed attempts to deliver Ragnarok Ransomware payloads onto companies’ Windows systems.

Update: A Sophos spokesperson told BleepingComputer that only “a small subset was affected in no specific region” and that “Sophos quickly fixed the issue.”

Also Read: How To Prevent WhatsApp Hack: 7 Best Practices

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us