Blog

The latest news and developments

Latest Blogs and News

Secora Consulting’s blog is a mixture of news and developments in the security world and technical breakdowns of our services. Bookmark this page to stay informed.

News

Critical Vulnerabilities in Hewlett Packard Enterprise (HPE) Insight Remote Support

Hewlett Packard Enterprise (HPE) has disclosed multiple critical vulnerabilities in its Insight Remote Support software, with the most severe carrying a CVSS v3.0 score of 9.8. These vulnerabilities pose significant security risks, including remote directory traversal, information disclosure, and potential code execution. Overview of the Vulnerabilities The vulnerabilities impact versions of HPE Insight Remote Support prior to v7.14.0.629. A breakdown of the CVEs, their descriptions, and potential impacts is provided below:

Cybersecurity Alert

Palo Alto Networks Expedition Vulnerability Puts Admin Accounts at Risk

In July 2024, a critical vulnerability, CVE-2024-5910, was identified in Palo Alto Networks’ Expedition tool. This vulnerability, which scores a 9.3 on the CVSS 3.0 scale, exposes Expedition to a significant risk of admin account takeover by unauthorised parties with network access to the tool. As organisations increasingly rely on automation tools like Expedition for configuration migration, tuning, and enrichment, this security flaw is one that affected users cannot afford to overlook.

Cyber Advisory

The Importance of Third-Party Cybersecurity Assessments

Cybersecurity risks don’t just come from within your organisation; they often arise from third-party vendors who manage essential services like cloud hosting, software development, and data storage. A single vulnerability in a vendor’s system can open the door for cybercriminals to access your sensitive data, potentially jeopardising your entire business. These risks make third-party cybersecurity assessments critical for safeguarding your operations and ensuring that your vendors meet the required security standards.

News

Strengthen Your Business with the Enterprise Ireland Cyber Security Review Grant

As cyberattacks grow more frequent and sophisticated, malicious actors target organisations across the spectrum—from fledgling startups to established SMEs and large corporations. Recognising the pressing need for organisations to protect sensitive information and mitigate the risk of cyber-attacks, Enterprise Ireland has launched the Cyber Security Review Grant. This offers Irish organisations a practical and cost-effective solution to bolster their defences against cyber threats and ensure regulatory compliance. If you’re an Irish organisation and Enterprise Ireland client, you now have access to substantial support from Enterprise Ireland to evaluate your current cybersecurity posture and identify potential vulnerabilities.

SME Cybersecurity

Cybersecurity Awareness Month - Strengthening Your Businesss Defences

Cybersecurity Awareness Month serves as an important reminder for businesses of all sizes to stay vigilant against the cyber threats that target our data and systems. Whether you’re an experienced IT professional or just starting to learn the basics of cybersecurity, this month provides the perfect opportunity to evaluate and enhance your security practices. Malicious actors don’t discriminate based on the size of your business or your level of technical knowledge.

News

EU’s Cyber Resilience Act: Strengthening Security for Digital Products

On October 10, 2024, the European Council formally adopted the Cyber Resilience Act (CRA) —a landmark regulation aimed at ensuring that digital products sold within the European Union (EU) meet stringent cybersecurity requirements. This new law represents a significant step toward improving cybersecurity across the digital ecosystem, making Europe’s digital infrastructure more secure and resilient. But what exactly does this act entail, and what does it mean for businesses, consumers, and manufacturers of digital products?