Blog

The latest news and developments

Latest Blogs and News

Secora Consulting’s blog is a mixture of news and developments in the security world and technical breakdowns of our services. Bookmark this page to stay informed.

News

Phishing Attacks in Europe: Who is Most at Risk?

Phishing has rapidly evolved into one of the most significant cyber threats across Europe. According to recent data, the volume of phishing attacks targeting organisations in Europe increased by 112.4% between April 2023 and April 2024, underscoring the growing sophistication and prevalence of phishing attempts that exploit vulnerabilities in both personal and corporate digital practices. Why Phishing Demands Your Attention In this blog, we’ll cover: The latest phishing statistics in Europe Why this issue is critical for businesses and individuals Practical, actionable tips to defend against phishing attacks Headlines Phishing Defence Trends: Short-Term Gains, Long-Term Challenges, and Emerging AI Threats Emerging AI Threats What Drives the Phishing Surge?

News

Critical Vulnerabilities in Hewlett Packard Enterprise (HPE) Insight Remote Support

Hewlett Packard Enterprise (HPE) has disclosed multiple critical vulnerabilities in its Insight Remote Support software, with the most severe carrying a CVSS v3.0 score of 9.8. These vulnerabilities pose significant security risks, including remote directory traversal, information disclosure, and potential code execution. Overview of the Vulnerabilities The vulnerabilities impact versions of HPE Insight Remote Support prior to v7.14.0.629. A breakdown of the CVEs, their descriptions, and potential impacts is provided below:

Cybersecurity Alert

Palo Alto Networks Expedition Vulnerability Puts Admin Accounts at Risk

In July 2024, a critical vulnerability, CVE-2024-5910, was identified in Palo Alto Networks’ Expedition tool. This vulnerability, which scores a 9.3 on the CVSS 3.0 scale, exposes Expedition to a significant risk of admin account takeover by unauthorised parties with network access to the tool. As organisations increasingly rely on automation tools like Expedition for configuration migration, tuning, and enrichment, this security flaw is one that affected users cannot afford to overlook.

Cyber Advisory

The Importance of Third-Party Cybersecurity Assessments

Cybersecurity risks don’t just come from within your organisation; they often arise from third-party vendors who manage essential services like cloud hosting, software development, and data storage. A single vulnerability in a vendor’s system can open the door for cybercriminals to access your sensitive data, potentially jeopardising your entire business. These risks make third-party cybersecurity assessments critical for safeguarding your operations and ensuring that your vendors meet the required security standards.

SME Cybersecurity

Cybersecurity Awareness Month - Strengthening Your Businesss Defences

Cybersecurity Awareness Month serves as an important reminder for businesses of all sizes to stay vigilant against the cyber threats that target our data and systems. Whether you’re an experienced IT professional or just starting to learn the basics of cybersecurity, this month provides the perfect opportunity to evaluate and enhance your security practices. Malicious actors don’t discriminate based on the size of your business or your level of technical knowledge.

News

EU’s Cyber Resilience Act: Strengthening Security for Digital Products

On October 10, 2024, the European Council formally adopted the Cyber Resilience Act (CRA) —a landmark regulation aimed at ensuring that digital products sold within the European Union (EU) meet stringent cybersecurity requirements. This new law represents a significant step toward improving cybersecurity across the digital ecosystem, making Europe’s digital infrastructure more secure and resilient. But what exactly does this act entail, and what does it mean for businesses, consumers, and manufacturers of digital products?