Blog

The latest news and developments

Latest Blogs and News

Secora Consulting’s blog is a mixture of news and developments in the security world and technical breakdowns of our services. Bookmark this page to stay informed.

SME Cybersecurity

Cybersecurity Awareness Month - Strengthening Your Businesss Defences

Cybersecurity Awareness Month serves as an important reminder for businesses of all sizes to stay vigilant against the cyber threats that target our data and systems. Whether you’re an experienced IT professional or just starting to learn the basics of cybersecurity, this month provides the perfect opportunity to evaluate and enhance your security practices. Malicious actors don’t discriminate based on the size of your business or your level of technical knowledge.

News

EU’s Cyber Resilience Act: Strengthening Security for Digital Products

On October 10, 2024, the European Council formally adopted the Cyber Resilience Act (CRA) —a landmark regulation aimed at ensuring that digital products sold within the European Union (EU) meet stringent cybersecurity requirements. This new law represents a significant step toward improving cybersecurity across the digital ecosystem, making Europe’s digital infrastructure more secure and resilient. But what exactly does this act entail, and what does it mean for businesses, consumers, and manufacturers of digital products?

News

Critical Vulnerability identified in SAP BusinessObjects

A critical security vulnerability, identified as CVE-2024-41730 has been disclosed in SAP’s BusinessObjects Business Intelligence (BI) Platform. This vulnerability allows attackers to bypass authentication when Single Sign-On (SSO) is enabled for Enterprise authentication, enabling unauthorised access to the platform through a REST endpoint. With a CVSS score of 9.8, this vulnerability is rated as critical, posing a significant threat to affected organisations due to its potential to compromise the confidentiality, integrity, and availability of their systems.

Cyber Advisory

NIS2 Compliance: Key Steps to Ensure Readiness

As the European Union’s NIS2 Directive comes into force, businesses across critical sectors are under increasing pressure to bolster their cybersecurity defenses. This directive isn’t just another compliance box to tick—it’s a comprehensive framework that raises the stakes for network and information security across the board. In this blog, we provide essential steps to help ensure your organization is not only compliant but also resilient against evolving cyber threats. From governance and accountability to incident reporting and supply chain security, these steps will guide you through the process of protecting your business.

Cybersecurity Alert

MORE_EGGS Backdoor: A Growing Threat to Recruiters

A recent report by Trend Micro , highlights that attackers are leveraging the “MORE_EGGS” backdoor in a phishing campaign, primarily targeting recruitment platforms. These attackers compromise websites commonly used by recruiters to infect their devices, aiming to achieve financial gain. Overview The Trend Micro report details the technical aspects of the MORE_EGGS which is a JScript backdoor a part of Golden Chickens Malware-as-a-Service (MaaS) toolkit which is mainly used by threat actors such as FIN6 and the Cobalt Group.

Cyber Advisory

NIS2 Explained: How It Builds on NIS and What You Need to Know

The Network and Information Systems (NIS) Directive, introduced by the European Union in 2016, represented a major milestone in creating a unified cybersecurity framework across member states. However, with the rapid evolution of cyber threats and advancements in technology, the need for an update became clear. Enter NIS2 , the enhanced directive that comes into effect on 17th October 2024. In this blog post, we’ll delve into the key differences between NIS and NIS2, their implications for organisations, and the advantages of transitioning to the new directive.