Blog

The latest news and developments

Latest Blogs and News

Secora Consulting’s blog is a mixture of news and developments in the security world and technical breakdowns of our services. Bookmark this page to stay informed.

Cybersecurity News

This Week in Cybersecurity: Looking Back at Week 46

This week highlights an surge in active exploitation targeting critical network and identity infrastructure, confirmed by the zero day attacks against Cisco and Citrix and the urgent patch for an exploited Windows Kernel bug. Simultaneously, the user’s browser has been validated as the weakest link, with shadow AI usage, poor SSO practices and massive Phishing-as-a-Service (PhaaS) networks combining to create unprecedented identity and data loss risks. 1. Critical Exploitation & Patching Urgency Advanced Hackers Exploited Zero Days in Cisco and Citrix A report from Amazon’s threat intelligence team revealed an advanced, highly resourced threat actor exploiting two separate zero day vulnerabilities in critical network infrastructure in the Cisco Identity Service Engine (ISE) and Citrix NetScaler ADC/Gateway.

Cybersecurity News

This Week in Cybersecurity: Looking Back at Week 45

This week’s threat intelligence highlights the sophisticated evolution of adversary tactics, where attackers are moving beyond simple malware to exploit legitimate software and virtualisation features for evasion. We cover a novel technique using Windows Hyper-V to bypass EDR, a critical confirmation that a SonicWall cloud breach was linked to state sponsored actors and a highly exploitable WordPress flaw that puts over 400,000 sites at risk of takeover. For strategic and resilient organisations, the lessons are clear that security must be layered, extending beyond the endpoint to cover supply chain, cloud backups and third party risk.

Cybersecurity News

This Week in Cybersecurity: Looking Back at Week 44

Week 44 brings a fresh reminder of the diverse and persistent threats facing every organisation. From a critical unpatched browser flaw that can crash billions of Chromium installations to a massive 183 million credential leak confirming that infostealer malware is an existential risk, defenders must prioritise patching and strong access controls. Furthermore, critical infrastructure remains under threat, as evidenced by the attack on Sweden’s power grid operator, while financial teams must guard against sophisticated social engineering scams that continue to claim major victims.

Cybersecurity News

This Week in Cybersecurity: Looking Back at Week 43

This week in cybersecurity reveals the dual reality of the digital world, escalating state sponsored threats and the persistent danger of systemic failure. Our top stories detail the aggressive expansion of Espionage and Targeted APTs, with the notorious Lazarus Group focusing its sights on the sensitive UAV and drone sector. We cover major law enforcement success in Counter Cybercrime and Fraud Takedowns as Europol dismantles a massive network enabling 49 million fake accounts and the “Jingle Thief” fraud ring targets Microsoft 365.

Cybersecurity News

This Week in Cybersecurity: Looking Back at Week 42

This week’s cybersecurity news is headlined by a stark warning from the UK government as cyber threats are escalating rapidly, forcing organisations to prioritise resilience now. Our top stories reveal a significant Macro Threat Shift, with the NCSC reporting a massive 50% surge in highly significant attacks. We detail critical Urgent Patching alerts, including fixes for two Windows zero day vulnerabilities and the emergence of the Rust based ChaosBot malware abusing Discord for C2.

SME Cybersecurity

Cybersecurity Myths for SMEs: 6 Risks Small Businesses Can’t Ignore

Every October, the world observes Cybersecurity Awareness Month, a timely annual reminder that digital protection isn’t just for tech giants. This year, we’re cutting through the noise to focus squarely on the challenges faced by Small and Medium Enterprises (SMEs). Cybercriminals know that the gap between what small businesses believe about security and the harsh reality of today’s threats makes them prime, low effort targets. According to Hiscox’s 2024 Cyber Readiness Report, 74% of organisations globally report an increase in cyber attacks.