Infotect Security

14/11/2025

https://www.youtube.com/watch?v=pNAQBKJVMKY

Multi-turn prompt injection attacks are real and can bypass your inbound AI firewall.

Get IWS now as IWS provides real-time, round-the-clock protection for your AI services, including agentic AI MCP services, to prevent undesirable or sensitive content from being generated by your AI services, even after 1000 turns.

Contact us now to know more how to protect your GenAI services.

Open-weight models provide researchers and developers with accessible foundations for diverse downstream applications. We tested the safety and security post...

14/11/2025

https://mothership.sg/2025/10/mbs-fined-data-breach/

Similar to our 8 May 2024 post about Hong Kong Fire Department data leakage, human error will always be present, especially during major system change, such as data migration.

With IWS, you can rest assured that even with human errors, your public facing services, including APIs, cannot leak out sensitive data even if they are indeed leaking such data.

This is because IWS provides real-time, round the clock protection for your public facing services against data leakage and defacement.

Contact us now for a demo or trial to see how IWS can prevent you from running foul of PDPA.

MBS relied on one employee to manually compile a list of API configurations into the new software, which led to a vulnerability.

17/07/2025

https://www.csa.gov.sg/alerts-and-advisories/advisories/ad-2023-001/

For organisations, you can refer to the advisory athttps://isomer-user-content.by.gov.sg/36/da0da837-0363-4bf7-830c-d8ac2799e2bf/Protecting%20Your%20Organisation%20from%20Data%20Breaches%20(Final).pdf

In the above advisory, we agree with CSA advice as follows:

"Outbound network traffic for unauthorised communications or data transmissions. For cloud-native applications, ensure proper configuration of security settings and access control."

To detect and prevent data leakages from your public web/cloud portals, you need IWS which provides outbound monitoring and protection of data from your public web/cloud portals, even when your cloud configuration, such as those for S3, is misconfigured.

Contact us now to better protect your organisation's web portals and cloud-native services.

A data breach, in relation to personal data, refers to any unauthorised access, collection, use, disclosure, copying, modification or disposal of personal data. It also includes the loss of any storage medium or device, on which personal data is stored, in circumstances where the unauthorised access...

17/08/2024

"Attackers Exploit Public .env Files to Breach Cloud Accounts in Extortion Campaign"

https://thehackernews.com/2024/08/attackers-exploit-public-env-files-to.html?m=1

IWS can alert you if anyone is hunting for .env files on your public facing cloud services and protect against inadvertent disclosure of .env files.

Examples of IWS blocking malicious hunting of .env files by nefarious actors.

08/05/2024

https://hongkongfp.com/2024/05/07/hong-kong-fire-department-reports-potential-data-leak-marking-third-govt-data-breach-in-less-than-a-week/

"The Fire Services Department (FSD) said in a statement on Monday evening that there was no evidence that the breach, caused by an unauthorised alteration of access rights during a data migration procedure by an outsourced contractor, led to the data being “released.”

To err is human.

With IWS, data leakage arising from human errors can be detected and blocked in real time, not even exposing the personal data for 5 mins.

Most, if not all, inbound security solutions will not detect such data leakage arising from human errors.

So add on IWS to build a true blue 360 degree defence for your web and cloud services.

Hong Kong’s fire department has discovered a computer system breach that exposed the personal data of over 5,000 department personnel and hundreds of residents, marking the third data security inci…

18/12/2023

IWS is now available on Azure Marketplace!

Ideal for all SMEs to enjoy the one and only true real-time protection for your cloud / web services against leakage of personal data, display of defaced content and compromised infectious pages, with no CAPEX!

Existing security systems provide good protection against incoming attacks from external sources. IWS complements such systems by extending the protection profile to include protection against outgoing information leakages.

13/04/2023

Have internal security policies that all SaaS and SecaaS service providers have to be SOC2 audited and you must have web defacement protection defences?

As IWS is a product, not a service, it does not fall under the ambit of the SOC 2 requirements, unlike your existing web defacement monitoring service.

Get IWS now so that you can comply with both policies.

05/04/2023

https://mothership.sg/2023/04/malaysia-immigration-hacked-captainsmok3r/

Does your current anti-web-defacement solution guarantee that no search engines, such as Google, will index the defaced pages within your current 5-min time monitoring interval?

The answer is no.

Because only IWS can provide you that guarantee.

Contact us for a true, real-time protection against web defacement.

Send a message to learn more

19/10/2022

Worried that your API is leaking sensitive data or replying with offensive content?

Get IWS for real-time protection now.

https://www.csa.gov.sg/singcert/Advisories/ad-2022-011

""Minimise Data Exposure: Any API response should only include the specific information requested or the success/failure of the request. All related passwords and keys used during development should also be removed before making the API publicly available."

https://nypost.com/2022/09/28/fast-company-hacker-sends-out-racist-apple-news-push-alerts/

Apple News readers who subscribe to updates from the business magazine Fast Company received racist and lewd push notifications after a hacker infiltrated the publication.

21/09/2022

Get IWS to protect your chats from being defaced in real-time.

Do note there is no scanning solution that can protect against this, as the chat content is transient and non-persistent, unlike a web page.

"Around the same time that Revolut states attackers had unauthorized access to its systems, users reported that the company's help chat sent offensive messages to site visitors."

Customers of app-based bank Revolut should be on guard for phishing attempts after a data breach exposed personal details such as names, emails and telephone

24/08/2022

Ex-security chief appears to echo claims by Elon Musk over the number of fake accounts on its site.

04/08/2022

https://www.theregister.com/2022/07/05/shanghai_police_database_for_sell/

Whatever the root cause - leaked credentials or unprotected ELK servers - IWS would have detected, alerted and blocked such large volume retrieval of personal records from Shanghai Police Department ELK servers on Aliyun cloud.

Get IWS to protect your cloud servers now and stop data leakages from your cloud servers now.

Appears to have leaked from a cloud thanks to sloppy coding