News & Updates

Severe Security Flaws Patched in Microsoft Dynamics 365 and Power Apps Web API

/
Details have emerged about three now-patched security vulnerabilities in Dynamics 365 and Power Apps Web API that could result in data exposure.
The flaws, discovered by Melbourne-based cybersecurity company Stratus Security, have been addressed as of May 2024. Two of the three shortcomings reside in Power Platform’s OData Web API Filter, while the third vulnerability is rooted in the FetchXML
Threats

CVE-2024-49112 Detection: Zero-Click PoC Exploit for a Critical LDAP RCE Vulnerability Can Crush Unpatched Windows Servers

/

In 2024, vulnerability exploitation accounted for 14% of breach entry points, marking a nearly threefold increase from the previous year—a trend that could persist into 2025. At the turn of January 2025, defenders released the first PoC exploit that can crash unpatched Windows Servers by leveraging a critical RCE vulnerability in the Windows Lightweight Directory […]

The post CVE-2024-49112 Detection: Zero-Click PoC Exploit for a Critical LDAP RCE Vulnerability Can Crush Unpatched Windows Servers appeared first on SOC Prime.

News & Updates

Cross-Domain Attacks: A Growing Threat to Modern Security and How to Combat Them

/
In the past year, cross-domain attacks have gained prominence as an emerging tactic among adversaries. These operations exploit weak points across multiple domains – including endpoints, identity systems and cloud environments – so the adversary can infiltrate organizations, move laterally and evade detection. eCrime groups like SCATTERED SPIDER and North Korea-nexus adversaries such as FAMOUS
News & Updates

Three Russian-German nationals charged with suspicion of secret service agent activity

/
German authorities have charged three Russian-German nationals with suspicion of, among other things, secret service agent activity for the Russian government. German authorities have charged three Russian-German nationals on suspicion of activities including acting as secret service agents for the Russian government. On 9 December 2024, the Federal Prosecutor’s Office filed charges against the German-Russian nationals before […]
Cybersecurity Tools

How ISO 27001 Helps You Comply With DORA

/

From 17 January 2025, DORA (Digital Operational Resilience Act) will, as an EU regulation, directly apply throughout the EU. Though the Regulation is primarily concerned with the operational resilience of critical and important functions of EU financial entities, UK organisations may also be in scope – particularly if they supply ICT services to EU financial institutions. As we conduct DORA gap analyses, we’ve noticed how the organisations with an ISO 27001 ISMS (information security management system) tend to have a higher degree of DORA compliance. In this blog How ISO 27001 helps with DORA compliance ISO 27001 provides the ‘building

The post How ISO 27001 Helps You Comply With DORA appeared first on IT Governance UK Blog.

News & Updates

Lumen reports that it has locked out the Salt Typhoon group from its network

/
Lumen reports that the Salt Typhoon hacking group, which targeted at least nine U.S. telecom firms, was locked out of its network. This week, a White House official confirmed that China-linked APT group Salt Typhoon has breached a ninth U.S. telecoms company as part of a cyberespionage campaign aimed at telco firms worldwide. China-linked APT group Salt Typhoon (also known as FamousSparrow and GhostEmperor) […]
Scroll to Top