BTMOB RAT Spreads Across Brazil, LatAm via MaaS Model
An advanced remote access Trojan is propagating online. Notably, it's delivered via an operator licensing model and features a no-code malware-development interface.
No-code platforms can speed development but may introduce insecure workflows, excessive permissions, and data exposure when security controls are overlooked.
Search across headline titles and summaries.
Background for this topic.
No-code is software development through visual builders, forms, workflows, and pre-built components rather than hand-written application code. It lets non-specialists create internal tools, automate business processes, and connect services, while the platform usually operates the underlying runtime and infrastructure. The term can include low-code products, but this tag focuses on applications built with little or no custom programming.
Security risk often shifts from source-code flaws to configuration, identity, and data-flow decisions. A rapidly created app may expose sensitive records through excessive permissions, weak authentication, public sharing, or an unsafe third-party integration; embedded scripts, connectors, and uploaded secrets can also expand the attack surface. Security teams should maintain an inventory of no-code apps and their owners, review permissions and data retention, enforce approved connectors and secret handling, and assess vendor controls. Testing should cover authorization and workflow abuse, while logging and documented ownership support vulnerability remediation and incident response.
Weekly headline count for the current query.
An advanced remote access Trojan is propagating online. Notably, it's delivered via an operator licensing model and features a no-code malware-development interface.
Microsoft puts the power of AI in the hands of everyday non-technical Joes. It's a nice idea, and a surefire recipe for security issues.
Securing the no-code supply chain isn't just about mitigating risks — it's about enabling the business to innovate with confidence.
No-code and low-code platforms offer undeniable benefits. But when security is an afterthought, organizations risk deploying vulnerable applications that expose sensitive data and critical systems.
Low-code/no-code (LCNC) and robotic process automation (RPA) technologies allow companies to speed up development processes and reduce costs, but security is often overlooked. When this happens, the risks can outweigh the benefits.
While low-code/no-code tools can speed up application development, sometimes it's worth taking a slower approach for a safer product.
As the adoption of LCNC grows, so will the complexity of the threats organizations face.
Less-experienced users of Microsoft's website building platform may not understand all the implications of the access controls in its low- or no-code environment.
Nokod Security is building a platform that enables organizations to secure in-house low-code/no-code custom applications by scanning for security and compliance issues and applying remediation policies
With the introduction of generative AI, even more business users are going to create low-code/no-code applications. Prepare to protect them.
Getting a handle on the new risks facing appsec by low-code/no-code development patterns
How can we build security back into software development in a low-code/no-code environment?
No-code has lowered the barrier for non-developers to create applications. AI will completely eliminate it.
By authenticating and authorizing every application, and by maintaining data lineage for auditing, enterprises can reduce the chances of data exfiltration.
The platform uses no-code policy workflows to automate the provisioning and revoking of permissions.
Forward-leading business and technology leaders are seeing the value of the "do-It-yourself" approach.
With Actions Integrations, Okta is expanding its no-code offerings to help administrators manage and customize their identity workflow.
Security teams that embrace low-code/no-code can change the security mindset of business users.
No-code startups such as Mine PrivacyOps say they offer best of both worlds — quick development and compliance with privacy laws.
Low/no-code tools allow citizen developers to design creative solutions to address immediate problems, but without sufficient training and oversight, the technology can make it easy to make security mistakes.