We can help with SG Cyber Safe Certification
OUR SERVICES
UAS & C-UAS Assurance, Training & Intelligence
This article explores Zentao, understanding how its routing works, and identifying several vulnerabilities that lead to an attack chain that an attacker can execute in order to achieve remote code execution.
For everyone who’s asking, what are the differences with a Red team, Blue and Purple, Black, White and Gold? Find out more here!
Check out our Senior Red Consultant’s talk at the recent CRESTCon Australia 2021, on the ‘The benefits of Infrastructure as Code for Adversary Simulation’.
Australian Cyber Security Centre’s (ACSC) Strategy to Mitigate Cyber Security Incidents provides a prioritised list of mitigation strategies to assist organisations in protecting their systems and their crown jewels against a range of adversaries. The mitigation strategies advised by ACSC vary and can be customised based on the risk profile, the industry sector and the adversaries the organisation is most concerned with.
In a world full of costly data breaches and invasive privacy incidents, Singapore is not immune. It’s not just the big threats such as cyber criminals, nation-state hackers and cyber espionage—even simple employee mistakes can end up exposing private data and costing your organisation millions.
To combat the growing wave of privacy and cybersecurity issues, Singapore passed the Personal Data Protection Act (PDPA) 2012. These regulations are complemented by the Data Protection Trustmark (DPTM), a voluntary certification that helps organisations demonstrate that they have appropriate protection and privacy practices in place to guard their personal data.
Not long ago, I assisted a client of ours with a penetration test of their VMware Horizon remote access solution and discovered a vulnerability affecting how it handles Multi-Factor Authentication (MFA). As a result, with a compromised user account password, I could gain access to the organisations internal network from the internet, bypassing the MFA requirement. In this blog, I’ll provide a high-level summary and explain how I identified and exploited the vulnerability.
Written by Breton Chan, Privasec’s Marketing Executive
“Cyber security is a confluence between technology, process and people – with adequate and accurate education of an organisation’s people possibly being the most important facet.”
Written by Breton Chan, Privasec’s Marketing Executive
How prepared is your business for upcoming challenges in the digital landscape?
In recent research data released by the Ponemon Institute and IBM Security, cyber crimes accounted for 18.6% of all crime in Singapore. The average cost of a data breach per organisation in the ASEAN bloc sits at about S$2.7m, with the time taken to identify and subsequently contain an attack clocking in at 287 days; this is an increase from 2019, when the average cost and response time were about S$2.6m and 259 days respectively.
