Frame-14

Privacy Ninja

        • DATA PROTECTION

        • Email Spoofing Prevention
        • Check if your organization email is vulnerable to hackers and put a stop to it. Receive your free test today!
        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • AntiHACK Phone
        • Boost your smartphone’s security with enterprise-level encryption, designed by digital forensics and counterintelligence experts, guaranteeing absolute privacy for you and up to 31 others, plus a guest user, through exclusive access.

        • CYBERSECURITY

        • Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$3,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Secure your digital frontiers with our API penetration testing service, meticulously designed to identify and fortify vulnerabilities, ensuring robust protection against cyber threats.

        • Network Penetration Testing
        • Strengthen your network’s defenses with our comprehensive penetration testing service, tailored to uncover and seal security gaps, safeguarding your infrastructure from cyber attacks.

        • Mobile Penetration Testing
        • Strengthen your network’s defenses with our comprehensive penetration testing service, tailored to uncover and seal security gaps, safeguarding your infrastructure from cyber attacks.

        • Web Penetration Testing
        • Fortify your web presence with our specialized web penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats.

        • RAPID DIGITALISATION

        • OTHERS

Australian Securities Regulator Discloses Security Breach

Australian Securities Regulator Discloses Security Breach

Image: Pat Whelen

The Australian Securities and Investments Commission (ASIC) has revealed that one of its servers has been accessed by an unknown threat actor following a security breach.

ASIC is an independent Australian government commission tasked with the regulation of insurance, securities, and financial services, as well with consumer protection as Australia’s national corporate regulator.

The commission also maintains a searchable database of business information for several types of organizations. The stored data includes both current and historical info including but not limited to addresses and office locations.

A single server affected by the breach

As ASIC disclosed the incident that took place on January 15th, 2021, is related to Accellion software the commission uses to transfer information.

“It involved unauthorised access to a server which contained documents associated with recent Australian credit licence applications,” ASIC said.

“While the investigation is ongoing, it appears that there is some risk that some limited information may have been viewed by the threat actor.

“At this time ASIC has not seen evidence that any Australian credit licence application forms or any attachments were opened or downloaded.”

In response to the security breach, ASIC has disabled access to the impacted server and is working on providing an alternative credit application submission channel.

The Australian securities regulator is working on bringing the impacted systems back online and on a forensic investigation of the attack with the help of external cybersecurity experts.

The commission said that no other systems besides the affected server have been reached or impacted in the incident.

Also Read: What Is A Governance Framework? The Importance And How It Works

ASIC is working with Accellion and has notified the relevant agencies as well as impacted parties to respond to and manage the incident. – ASIC

Other Accellion customers breached or exposed to attacks

The New Zealand Reserve Bank also disclosed earlier this month that they suffered a data breach after an attacker compromised a file sharing service containing sensitive data, powered by Accellion’s FTA (File Transfer Application).

This is a legacy service deployed on-premise to allow users to share large and sensitive files with external recipients securely.

The vulnerability used to hack New Zealand Reserve Bank’s file sharing service was patched by Accellion on Christmas Eve.

“Accellion resolved the vulnerability and released a patch within 72 hours to the less than 50 customers affected,” the company said in a press release.

Based on these numbers, dozens of other targets might have been compromised by exploiting the same vulnerability.

According to BleepingComputer’s cybersecurity industry sources, Accellion released the patch on December 24th, and the Reserve Bank of New Zealand suffered the breach on December 25th.

Also Read: 5 Self Assessment Tools To Find The Right Professional Fit

Even though Accellion still provides support for the legacy FTA service, it has also been urging customers to migrate to the new Kiteworks platform since at least December 2019.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us