Latest News

 "You can always benefit from a fresh pair of experienced hands when it comes to maintaining your cyber security posture. Here’s a quick insight into how Privasec is able to help you secure your organisation."

A well-considered approach to cyber security often brings an organisation’s ecosystem into the fold. We need to look into building secure business interactions with partners, vendors and any other intermediaries.

ACSC Essential Eight Assessment Services

A CISO's Thoughts, by Prashant Haldankar, Privasec's CISO

Australian Cyber Security Centre’s (ACSC) Strategy to Mitigate Cyber Security Incidents provides a prioritised list of mitigation strategies to assist organisations in protecting their systems and their crown jewels against a range of adversaries. The mitigation strategies advised by ACSC vary and can be customised based on the risk profile, the industry sector and the adversaries the organisation is most concerned with.

In a world full of costly data breaches and invasive privacy incidents, Singapore is not immune. It’s not just the big threats such as cyber criminals, nation-state hackers and cyber espionage—even simple employee mistakes can end up exposing private data and costing your organisation millions.

To combat the growing wave of privacy and cybersecurity issues, Singapore passed the Personal Data Protection Act (PDPA) 2012. These regulations are complemented by the Data Protection Trustmark (DPTM), a voluntary certification that helps organisations demonstrate that they have appropriate protection and privacy practices in place to guard their personal data.

In this interview with Macquarie Business School, Sita Bhat shares what she does on a day to day as a Privasec GRC Consultant, and also walks through the daily activities of our RED team and penetration testers. She was asked to provide an example of what was discovered in one of these engagements and talk about the different solutions that have been used to address identified vulnerabilities.  Hear more about her take if financial services executives "get" cyber risks.

Our latest broadcast episode is now out! In our third episode (Singapore feature), together with our host Quan Heng "Q", we meet with Angela Yuen, Privasec's GRC Consultant, as we explore a very topical discussion.

Due to rapid growth and industry's demand, our Privasec team is hiring! 

It’s International's Womens Day! This year's IWD 2021 campaign theme is: 'Choose to Challenge'. From challenge comes change; a challenged world is an alert world. We can all choose to seek out and celebrate achievements, collectively, helping to create an inclusive world.

When it comes to a business’ cyber hygiene, it pays to secure your extended ecosystem and ensure best practices are followed with all the partners, vendors or any other intermediaries that you work with on a regular basis.

Written By David Roccasalva, Senior RED Consultant

Not long ago, I assisted a client of ours with a penetration test of their VMware Horizon remote access solution and discovered a vulnerability affecting how it handles Multi-Factor Authentication (MFA). As a result, with a compromised user account password, I could gain access to the organisations internal network from the internet, bypassing the MFA requirement. In this blog, I’ll provide a high-level summary and explain how I identified and exploited the vulnerability.