fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Microsoft’s Windows 10, Exchange, And Teams Hacked At Pwn2Own

Microsoft’s Windows 10, Exchange, And Teams Hacked At Pwn2Own

During the first day of Pwn2Own 2021, contestants won $440,000 after successfully exploiting previously unknown vulnerabilities to hack Microsoft’s Windows 10 OS, the Exchange mail server, and the Teams communication platform.

The first to fall was Microsoft Exchange in the Server category after the Devcore team achieved remote code execution on an Exchange server by chaining together an authentication bypass and a local privilege escalation. This brought them $200,000 and 20 Master of Pwn points.

Next, a security researcher using the OV online moniker successfully obtained code execution on Microsoft Teams in the Enterprise Communications category by combining two separate security bugs. He also earned $200,000 and 20 Master of Pwn points.

Team Viettel earned $40,000 and 4 Master of Pwn points after escalating privileges to SYSTEM from a regular user on Windows 10 while competing in the Local Escalation of Privilege category.

On the first day, RET2 Systems’s Jack Dates also won $100,000 after successfully obtaining kernel-level code execution on macOS using an Apple Safari integer overflow and Out-of-bounds Write bugs.

Also Read: The DNC Registry Singapore: 5 Things You Must Know

Ryota Shiga of Flatt Security won $30,000 for an OOB access bug that allows gaining root on a Ubuntu Desktop machine.

The STAR Labs team failed to get their exploits to work in the allotted time while trying to exploit Oracle VirtualBox and Parallels Desktop in the Virtualization category.

On the second day, Pwn2Own competitors will also target Google Chrome, Microsoft Edge (Chromium), Zoom Messenger, while others will try their hand at exploiting other new bugs in Microsoft Exchange, Windows 10, Ubuntu Desktop, and Parallels Desktop.

After the vulnerabilities are exploited and disclosed during Pwn2Own, software and hardware vendors are given 90 days to develop and release security fixes for all vulnerabilities reported.

During the Pwn2Own 2021 contest, 23 teams and researchers will target ten different products in the Web Browsers, Virtualization, Servers, Local Escalation of Privilege, and Enterprise Communications categories.

Between April 6 and April 8, Pwn2Own contestants will be able to earn over $1,500,000 in cash and prizes, including a Tesla Model 3.

Team Fluoroacetate was the first to win a Tesla Model 3 Pwn2Own after hacking the car’s Chromium-based infotainment system two years ago.

Also Read: How To Comply With PDPA: A Checklist For Businesses

They also earned $375,000 at Pwn2Own 2019 after demoing exploits for Apple Safari, Oracle VirtualBox, VMware Workstation, Mozilla Firefox, and Microsoft Edge.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us