Happy Thursday !

Welcome to Cycoresecure.io, your go-to partner for transforming security and compliance into effortless processes. Whether you're a startup or a growing tech company, we provide services to tackle your biggest security challenges, freeing you to focus on scaling your business with confidence. Let's secure your future together!

Make sure to follow our Cycore LinkedIn page and subscribe to receive updates on current events, trends, and industry news that matter to you

In Today's Rundown

• What Cycore found interesting this week: Pwn2Own I …

  • Security

  • Compliance

  • Privacy

• Let's Build Trust

Let’s dive right in.

What Cycore found interesting this week: Pwn2Own Ireland 2024: Zero-Day Exploits Unleashed, Are We Ready for the Fallout?

The Pwn2Own Ireland 2024 competition, held from October 18-20, has once again underscored the persistence and ingenuity of the global hacking community. On the first day alone, participants uncovered a staggering 52 zero-day vulnerabilities, targeting everything from NAS devices to printers, cameras, and smart speakers, earning nearly $500,000 in rewards. This massive discovery of previously unknown exploits serves as a wake-up call for companies and consumers alike, highlighting the urgent need for proactive security measures.

Cycore's take on this year’s Pwn2Own is clear: zero-day vulnerabilities represent one of the most significant threats to organizations. The rapid pace of discovery at the event showcases just how susceptible even seemingly secure systems can be to new exploits. For businesses, especially those with critical infrastructure or consumer-facing applications, a layered approach to security is no longer a choice—it's a necessity. At Cycore, we emphasize a multi-faceted strategy combining regular vulnerability assessments, patch management, and incident response readiness to protect against the unpredictable nature of zero-day threats.

The competition’s results further demonstrate the importance of bug bounty programs and ethical hacking initiatives. By incentivizing the discovery of these vulnerabilities in a controlled environment, organizations can patch weaknesses before they are exploited in the wild. As we navigate a digital age where connected devices proliferate and cyber threats evolve rapidly, staying ahead of the curve through proactive measures and collaboration with the cybersecurity community is essential.

Sources:

1. BleepingComputer: Hackers exploit 52 zero-days on the first day of Pwn2Own Ireland

2. SecurityWeek: White Hat Hackers Earn $500,000 on First Day of Pwn2Own Ireland 2024

Security, Privacy, and Compliance Round-up

Security

• Active Exploitation of SharePoint Flaw Warned by CISA – The U.S. Cybersecurity & Infrastructure Security Agency (CISA) issued a warning about the active exploitation of a critical remote code execution vulnerability in Microsoft SharePoint, urging immediate patching.

• Samsung Devices Vulnerable to Zero-Day Exploit – A critical zero-day vulnerability affecting Samsung devices allows attackers to execute arbitrary code while evading detection, raising concerns over device security.

• Bumblebee Malware Makes a Comeback – After a law enforcement sweep in May, Bumblebee malware is re-emerging, posing a renewed threat as a sophisticated downloader used for spreading other malicious payloads.

• Ransomware Groups Exploit LockBit’s Reputation – Cybercriminals are leveraging the fame of LockBit ransomware in new attacks, disguising malware to intimidate victims and exfiltrate data to Amazon S3 using compromised credentials.

Compliance

• SEC Fines Four Companies Over SolarWinds Breach Disclosure Failures – The U.S. Securities and Exchange Commission (SEC) has charged four tech firms for misleading investors about the impact of the SolarWinds hack, emphasizing the importance of transparency in breach reporting.

• CISA Adds Microsoft SharePoint Flaw to Known Exploited Vulnerabilities Catalog – Following the discovery of an exploited SharePoint vulnerability, CISA has included it in its catalog of known exploited vulnerabilities, reinforcing compliance requirements for patching.

• New Rules on Selling Sensitive Data Proposed by U.S. Government – Regulations aiming to ban the sale of sensitive data to foreign entities have been introduced, highlighting evolving data compliance standards.

• IBM Enhances Guardium Platform to Address AI and Quantum Risks – IBM's latest upgrades to its Guardium platform focus on securing shadow AI deployments and preparing for quantum cryptography challenges.

• Supply Chain Security Emphasized by New Retail & Hospitality ISAC Program – The Retail & Hospitality Information Sharing and Analysis Center (ISAC) has launched a program focused on securing supply chains to meet compliance needs.

Privacy

• Proposed CISA Rules to Safeguard American Data from Foreign Adversaries – The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has introduced new proposals aimed at enhancing protections for American citizens' personal data against foreign adversaries.

• Most U.S. Political Campaigns Still Lack Email Protection – A report highlights the risks posed to U.S. political campaigns due to a lack of DMARC email protection, making them vulnerable to phishing and impersonation attacks.

• Mallox Ransomware Decryptor Released by Avast – Avast has published a decryptor for Mallox ransomware, following the discovery of a cryptographic weakness, allowing victims to recover their encrypted data.

• Zendesk Breach Linked to Stolen Access Tokens – Zendesk revealed that a recent breach involving the Internet Archive stemmed from stolen access tokens, raising concerns over cloud security practices.

• New Identity Security Threats Highlighted in Permiso Report – The "State of Identity Security 2024" report by Permiso outlines rising concerns over identity security and the increasing prevalence of breaches.

Let's Build Trust

Work with us or follow along:

1. Cycore, builds enterprise-grade security, privacy and compliance programs for the modern organization. Partner with us.

2. Follow us on LinkedIn for security, privacy & compliance updates!

3. How else can we help? Feedback? Have a question? Reply to this email.

4. Know someone who would like this email? Forward it to a friend...

Your security & compliance ally,
Cycore Team