fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Microsoft: Iranian Hackers Actively Exploiting Windows Zerologon Flaw

Microsoft: Iranian Hackers Actively Exploiting Windows Zerologon Flaw

Microsoft today warned that the Iranian-backed MuddyWater cyber-espionage group was observed using ZeroLogon exploits in multiple attacks during the last two weeks.

The ongoing attacks exploiting the critical 10/10 rated CVE-2020-1472 security flaw were spotted by Microsoft’s Threat Intelligence Center.

“MSTIC has observed activity by the nation-state actor MERCURY using the CVE-2020-1472 exploit (ZeroLogon) in active campaigns over the last 2 weeks,” Microsoft warned earlier today. “We strongly recommend patching.”

The company issued a similar warning last month, on September 23, urging IT admins to apply security updates update issued as part of the August 2020 Patch Tuesday to defend against attacks using public ZeroLogon exploits.

A week later, Cisco Talos also warned of  “a spike in exploitation attempts against the Microsoft vulnerability CVE-2020-1472, an elevation of privilege bug in Netlogon.”

Also Read: How Being Data Protection Trained Can Help With Job Retention

The Windows Server Zerologon vulnerability

Zerologon is a critical security flaw that enables attackers to elevate privileges to a domain administrator when successfully exploited, enabling them to take control over the entire domain, to change any user’s password, and to execute any command.

Microsoft is rolling out the fix for Zerologon two stages since it can cause some of the affected devices to experience authentication issues.

The first one, released on August 11, blocks Windows Active Directory Domain controllers from using unsecured RPC communication and logs auth requests from non-Windows devices that don’t use secure RPC channels to allow admins to fix or replace affected devices.

Starting with the February 2021 Patch Tuesday updates, Microsoft will release another update to enable enforcement mode which requires all network devices to use secure-RPC, unless specifically allowed by admins.

On September 29, Microsoft clarified the steps admins should take to protect devices against ongoing attacks using Zerologon exploits.

The update plan outlined by Microsoft at the time includes the following actions:

  1. UPDATE your Domain Controllers with an update released August 11, 2020 or later.
  2. FIND which devices are making vulnerable connections by monitoring event logs.
  3. ADDRESS non-compliant devices making vulnerable connections.
  4. ENABLE enforcement mode to address CVE-2020-1472 in your environment.

MERCURY – Iranian cyber-espionage group

MERCURY (also tracked as MuddyWaterSeedWorm, and TEMP.Zagros) is an Iranian-backed hacking group first spotted in 2017 [12] and active since at least May 2017.

The group is known for mainly targeting Middle Eastern and Asian entities, with most of their attacks being focused on organizations in the telecommunications, government (IT services), and oil industry sectors.

Despite being a relatively new APT group, MERCURY is very active, having made 131 victims between late-September and mid-November 2018 as detailed by a Symantec report.

The MERCURY hackers were also seen expanding their attacks to defense and government entities in Central and Southwest Asia, as well as numerous privately-held and public companies from North America, Europe, and Asia [123].

Also Read: Understanding The Data Intermediary In Data Protection

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us