Privacy Ninja



        • Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

SanDisk SecureAccess Bug Allows Brute Forcing Vault Passwords

SanDisk SecureAccess Bug Allows Brute Forcing Vault Passwords

Western Digital has fixed a security vulnerability that enabled attackers to brute force SanDisk SecureAccess passwords and access the users’ protected files.

SanDisk SecureAccess (now rebranded to SanDisk PrivateAccess) allows storing and protecting sensitive files on SanDisk USB flash drives.

“SanDisk SecureAccess 3.02 was using a one-way cryptographic hash with a predictable salt making it vulnerable to dictionary attacks by a malicious user,” Western Digital explained in a security advisory issued Wednesday.

“The software also made use of a password hash with insufficient computational effort that would allow an attacker to brute force user passwords leading to unauthorized access to user data.”

The flaw (CVE-2021-36750) stemming from the key derivation function issues presented above has been addressed with the release of SanDisk PrivateAccess Version 6.3.5, which now uses PBKDF2-SHA256 together with a randomly generated salt.

Also Read: Personal Data Protection Act Singapore: Is Your Business Compliant?

How to upgrade to PrivateAccess Vault

You can find detailed information here on upgrading your installation and migrating the SecureAccess Vault to the new PrivateAccess Vault.

This requires updating the iXpand Drive mobile app and the Windows and macOS Desktop to the latest released versions.

“We urge our customers to install this software update immediately to keep their vaults secure,” Western Digital added.

“As with any upgrade, it is best to back up your data before installing the upgrade. Back up your data using the built-in Backup function in the Tools menu.”

Also Read: How Does Ransomware Work? Examples and Defense Tips

PrivateAccess Vault

In related news, Western Digital confirmed a speed crippling SN550 SSD flash change in August (with writing speed decreases of up to 50%) after replacing the NAND flash memory in the WD Blue SN550, one of its most popular M.2 NVMe SSD models.

While it failed to alert customers of the change, the company said that, in the future, it would also introduce new model numbers when making hardware changes impacting its’ products’ performance.



Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection


We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.


Click one of our contacts below to chat on WhatsApp

× Chat with us