Blog

The latest news and developments

Latest Blogs and News

Secora Consulting’s blog is a mixture of news and developments in the security world and technical breakdowns of our services. Bookmark this page to stay informed.

Cybersecurity Alert

MORE_EGGS Backdoor: A Growing Threat to Recruiters

A recent report by Trend Micro , highlights that attackers are leveraging the “MORE_EGGS” backdoor in a phishing campaign, primarily targeting recruitment platforms. These attackers compromise websites commonly used by recruiters to infect their devices, aiming to achieve financial gain. Overview The Trend Micro report details the technical aspects of the MORE_EGGS which is a JScript backdoor a part of Golden Chickens Malware-as-a-Service (MaaS) toolkit which is mainly used by threat actors such as FIN6 and the Cobalt Group.

Cyber Advisory

NIS2 Explained: How It Builds on NIS and What You Need to Know

The Network and Information Systems (NIS) Directive, introduced by the European Union in 2016, represented a major milestone in creating a unified cybersecurity framework across member states. However, with the rapid evolution of cyber threats and advancements in technology, the need for an update became clear. Enter NIS2 , the enhanced directive that comes into effect on 17th October 2024. In this blog post, we’ll delve into the key differences between NIS and NIS2, their implications for organisations, and the advantages of transitioning to the new directive.

Cybersecurity Alert

Red Hat Discloses Critical OpenPrinting CUPS Vulnerabilities Affecting RHEL

Red Hat has recently disclosed several critical vulnerabilities within OpenPrinting CUPS , an open-source printing system widely used across modern Linux distributions, including Red Hat Enterprise Linux (RHEL). These vulnerabilities (CVE-2024-47076, CVE-2024-47175, CVE-2024-47176, and CVE-2024-47177) pose a significant security risk, particularly if exploited in combination. Understanding the Vulnerabilities OpenPrinting CUPS is essential for managing, discovering, and sharing printers across Linux systems. However, if these vulnerabilities are exploited together, attackers could potentially achieve remote code execution, leading to the theft of sensitive data or damage to critical production systems.

Cybersecurity Alert

High-Risk Vulnerability in Ivanti CSA Demands Immediate Patch Action

A critical security vulnerability, CVE-2024-8963, has been discovered in Ivanti’s Cloud Services Appliance (CSA) version 4.6 . The flaw, which has a high CVSS score of 9.4, was addressed incidentally in the patch released on September 10, 2024 (Patch 519). However, it remains a significant risk for organisations that have not yet applied this update. Understanding CVE-2024-8963 This vulnerability allows remote unauthenticated attackers to exploit the system by accessing restricted functionality.

Cyber Advisory

Is Your Organisation Ready for NIS2? Take Our Free Readiness Questionnaire

With the new NIS2 Directive set to impact businesses across multiple sectors, the need to enhance security and compliance has never been more pressing. But how confident are you that you’re fully prepared? Our NIS2 Readiness Questionnaire is here to help. This high-level questionnaire is designed to evaluate your current cybersecurity capabilities and uncover key areas for improvement. You’ll also receive a personalised score with actionable recommendations to enhance your security controls.

Vulnerability

Critical Vulnerabilities in Red Hat OpenShift Container Platform 4

Red Hat has recently disclosed two critical vulnerabilities in OpenShift Container Platform 4 that require urgent attention from affected organisations. The vulnerabilities, identified as CVE-2024-45496 and CVE-2024-7387, both have critical CVSS3.0 scores, highlighting their severity. CVE-2024-45496: Privilege Misuse in Build Process This flaw, with a CVSS score of 9.9, occurs due to the misuse of elevated privileges during the build process of OpenShift Container Platform. Specifically, the git-clone container is run with a privileged security context, granting unrestricted access to the node.