Xynik

OData Injection Risk in Low-Code/No-Code Environments

by

December 13, 2024 at 10:06AM Organizations using low-code/no-code (LCNC) platforms face security risks, particularly OData injection, which can expose sensitive data. This vulnerability is poorly understood and lacks established safeguards. To combat these risks, proactive security strategies must be developed, including automated monitoring tools and collaboration between security teams and developers for effective input validation. … Read more

Cyber protection made intuitive and affordable

by

December 13, 2024 at 09:42AM The 2024 MITRE ATT&CK Evaluation highlighted Cynet as the only vendor achieving 100% Detection Visibility and Protection, detecting all threats without false positives. The evaluation serves as a critical benchmark for cybersecurity solution effectiveness, emphasizing the importance of choosing the right vendor for SMEs and MSPs seeking reliable protection. ### … Read more

Lloyd’s of London Launches New Cyber Insurance Consortium

by

December 13, 2024 at 08:37AM Lloyd’s of London has launched a cyber insurance consortium aimed at creating a shared risk facility for qualified organizations. This initiative offers exclusive rates, simplified processes, and comprehensive coverage, particularly for those with HITRUST certifications, including a significant premium discount. The consortium aims to improve underwriting efficiency and broaden participation. … Read more

In Other News: Gen Digital Makes $1B Buy, Recall Captures Sensitive Data, MITRE ATT&CK Evaluations

by

December 13, 2024 at 08:36AM SecurityWeek’s roundup highlights key cybersecurity stories, including China’s Salt Typhoon espionage revealing phone call recordings, WhatsApp’s fixed View Once feature, and Russia’s Secret Blizzard attacks in Ukraine. Notable developments include MITRE’s evaluations, Gen Digital’s $1 billion acquisition of MoneyLion, and Yahoo’s layoffs in its cybersecurity team. ### Key Takeaways from … Read more

Hackers Possibly Stole Personal Data From Bitcoin ATM Operator Byte Federal

by

December 13, 2024 at 08:21AM Bitcoin ATM operator Byte Federal informed 58,000 individuals of a potential data breach, discovered on November 18, due to a vulnerability in GitLab. Personal data may have been accessed, but no funds were compromised. Byte Federal is taking security measures and advises users to monitor their accounts for suspicious activities. … Read more

Iran-Linked IOCONTROL Malware Targets SCADA and Linux-Based IoT Platforms

by

December 13, 2024 at 07:33AM Iran-affiliated hackers have developed IOCONTROL, a custom malware targeting IoT and operational technology systems in Israel and the U.S. It can compromise various devices like cameras and PLCs, enabling attackers to shut down services and steal data. The malware functions via MQTT and employs advanced evasion tactics. **Meeting Takeaways – … Read more

How to Generate a CrowdStrike RFM Report With AI in Tines

by

December 13, 2024 at 07:33AM The Tines library offers free, pre-built workflows for security operations, including an award-winning automated reporting system for CrowdStrike RFM by Tom Power. This workflow streamlines manual processes, saving over 25 hours annually, enhances decision-making, and reduces errors, thereby allowing analysts to focus on critical cybersecurity tasks. ### Meeting Takeaways 1. … Read more

Rydox Cybercrime Marketplace Disrupted, Administrators Arrested

by

December 13, 2024 at 07:02AM The US dismantled Rydox, a cybercrime marketplace for stolen personal information, arresting three Kosovo nationals linked to its administration. Active since 2016, Rydox generated over $230,000 in illicit sales. The US seized its domain and cryptocurrency, while the suspects face serious charges, including identity theft and money laundering. ### Meeting … Read more

Microsoft Patches Vulnerabilities in Windows Defender, Update Catalog 

by

December 13, 2024 at 06:40AM Microsoft has patched two critical vulnerabilities: one in Windows Defender (CVE-2024-49071) related to information disclosure, and another in the Update Catalog (CVE-2024-49147) involving privilege escalation. These issues have been fully mitigated, requiring no action from users. Transparency remains a priority for Microsoft with CVE identifiers. **Meeting Takeaways: Microsoft Vulnerabilities Update** … Read more

Germany Sinkholes Botnet of 30,000 BadBox-Infected Devices

by

December 13, 2024 at 06:26AM Germany’s Federal Office for Information Security reported that over 30,000 media devices sold with pre-installed BadBox malware became part of a botnet. The agency has disrupted communication between infected devices and their command servers, advising users to disconnect and scan devices, while working with internet providers to address the issue. … Read more