Latest News

The ripple effect from Russia-linked SolarWinds hack has reached the banking shores of Singapore.

The Monetary Authority of Singapore (MAS) is issuing a third-party risk management directive that requires all financial institutions to assess and manage their exposure to technology risks with third-party suppliers, before entering into a contractual agreement.

It's post-Christmas and the numbers are out! We have our ugly sweater winner. Thank you everyone for voting as it has been a very tough call with so much creativity and heart.

A new framework by the Council of Financial Regulators requires APRA-regulated financial institutions to attack themselves in a bid to uplift their cyber preparedness, as APRA orders urgent audits against CPS 234.

The #CORIE framework that has been launched will require banks, super funds and other financial institutions to organise independent red team attack simulations.

Nov. 1, 2020 – More than 34 million users’ data have been compromised across 17 companies worldwide. In the latest data security breach involving a third-party database service provider serving more than several industries worldwide – including finance, e-commerce, entertainment, information technology – the notable victims include RedMart and Eatigo.

We are very excited to announce PRIVACON 2020, Privasec's first international summit coming to different regions this October! Join us as we ride the digital skies and cross virtual borders to hear from an incredible diverse lineup of industry speakers.

Congratulations to our Senior Consultant David Roccasalva, for his discovery and responsible disclosure of a MFA Authentication Bypass vulnerability on VMWare Horizon DaaS (9.x, 8.x and 7.x) for VMware earlier this year.

VMWare Horizon DaaS (Desktop as a Service) is a remote desktop and application service used by organisations for working remotely on applications, which is depended by many during the remote work situation as a result of COVID-19.

emergent risk

Privasec had the privilege of being invited on the board panel discussion last week organised by Cyber Data-Risk Managers.

Romain Rallu together with Teresa Dyson, Michelle Beveridge, Meena Wahi, moderated by Shamane Tan discussed the perspective of boards on Super funds, experience of complying with APRA CPS234 to business continuity and lessons learnt from living in pandemic times, all the way through to emerging risks and risk transfer options.

Watch it here now to tap into this jammed packed and insightful exchange if you've missed out!

Cyberrisk 4

With the entire world mostly moving online, our Executive Advisor Shamane Tan has wasted no time in bringing her acclaimed Cyber Risk Meetups (of more than 3,000 cyber security professionals across Australia, Singapore and Japan) to the digital platforms as well. We are proud to be a community supporter as she launched the Mega C-Suite Series, seeking to bring real insights from various C-executives.

Episode 1 featured guest speaker Dan Lohrmann, a renowned government CISO from the US where he shared some stories of his personal failure and successes over the past few decades. The episode covered his Cyber Storm days to how he built the pandemic playbook for H1N1 all the way to how he nearly got fired as a CISO.

Cyber insurance vs security policies privasec

Data breaches are rampant in the world of business today. Hardly a week goes by without a reported breach or fines that range into the millions of dollars. This new age of security has brought about a change in the way that organisations structure their risk, and their insurance. Unfortunately for many, their over-reliance on cyber insurance to bail them out when they suffer a breach leaves them with a “customer last” security policy.

Threat actors around the world have been trying to take advantage of the coronavirus pandemic situation by registering coronavirus related domains and selling them at a discounted price on the dark web. The average number of registrations for such domains have increased almost 10 times over the past few weeks.


Image Source: The Hacker News