Blog

The latest news and developments

Explore a blend of security news, industry developments, and in-depth technical analysis of our services on Secora Consulting's blog. Bookmark this page to stay informed.

Latest Blogs and News

Secora Consulting’s blog is a mixture of news and developments in the security world and technical breakdowns of our services. Bookmark this page to stay informed.

Penetration Test

What to Expect from a Penetration Test Report

Penetration testing is a crucial component of any organisation’s cybersecurity strategy, helping businesses to identify and address vulnerabilities before they can be exploited by attackers. But once the testing is complete, what comes next? How do you interpret the findings, how should you prepare for a re-test of the big issues discovered and what should you expect from a penetration test report? Navigating Your Penetration Testing Report Whether you’re a seasoned IT professional or new to the world of cybersecurity, understanding the structure and significance of a pen testing report will help you make informed decisions and take actionable steps toward protecting your systems from potential threats.

Cybersecurity News

This Week in Cybersecurity: Looking Back at Week 13

This Weeks Headlines Free Online File Converters Spreading Malware Disguised as Useful Tools RedCurl Group Shifts from Espionage to Ransomware with QWCrypt Deployment Windows 11 Update KB5051987 Causes Veeam Recovery Connection Errors Hackers Exploit ‘Atlantis AIO Multi-Checker’ for Credential Stuffing Across 140+ Platforms RedCurl Group Shifts from Espionage to Ransomware with QWCrypt Deployment Critical RCE Vulnerabilities Discovered in Ingress NGINX Controller for Kubernetes Over 150,000 Websites Compromised by JavaScript Supply Chain Attack Next.

Cybersecurity News

This Week in Cybersecurity: Looking Back at Week 12

This Weeks Headlines Unpatched Windows Zero-Day Exploited by Multiple State-Sponsored Groups Since 2017 Active Exploitation of Cisco Smart Licensing Utility Vulnerabilities Over 300 Malicious ‘Vapor’ Apps on Google Play Amass 60 Million Downloads Critical Fortinet Vulnerability Actively Exploited in Ransomware Attacks Compromised GitHub Action Exposes CI/CD Secrets in Over 23,000 Repositories Hackers Exploit Critical PHP Flaw to Deploy Quasar RAT and XMRig Miners Unpatched Windows Zero-Day Exploited by Multiple State-Sponsored Groups Since 2017 A critical, unpatched Windows zero-day vulnerability, tracked as ZDI-CAN-25373, has been actively exploited by 11 state-sponsored threat groups from nations including China, Iran, North Korea, and Russia since 2017.

Cybersecurity News

This Week in Cybersecurity: Looking Back at Week 11

This Weeks Headlines PCI SSC Release Information Supplement on Payment Page Security and Preventing E-Skimming Expiring Root Certificate May Disable Firefox Add-Ons, Security Features, and DRM Playback Over One-Third of Irish Households Experienced Cybercrime in the Past Year Microsoft Patches 57 Security Flaws, Including Six Actively Exploited Zero-Days New Vulnerabilities in ruby-saml Library Enable Potential Account Takeovers DeepSeek R1 AI Model Capable of Generating Malware Code with Prompt Engineering Meta Warns of Actively Exploited FreeType Vulnerability PCI SSC Release Information Supplement on Payment Page Security and Preventing E-Skimming The PCI Security Standards Council (PCI SSC) has introduced a new information supplement on “Payment Page Security and Preventing E-Skimming – Guidance for PCI DSS Requirements 6.

Cybersecurity News

This Week in Cybersecurity: Looking Back at Week 10

This Weeks Headlines Exploited VMware ESXi Zero-Day Vulnerabilities Expose Thousands to Ransomware Attacks ‘Bulletproof’ Hosting Provider Allegedly Routes Operations Through Kaspersky Lab Networks Over 1,000 WordPress Sites Compromised by JavaScript Backdoors Eleven11bot Botnet Infects Over 86,000 IoT Devices, Primarily Security Cameras and NVRs Hunters International Ransomware Group Claims Hack on Tata Technologies Exploited VMware ESXi Zero-Day Vulnerabilities Expose Thousands to Ransomware Attacks Recent reports have identified that tens of thousands of VMware ESXi instances are vulnerable to three zero-day vulnerabilities which have been actively exploited in the wild:

Cybersecurity News

This Week in Cybersecurity: Looking Back at Week 9

This Weeks Headlines Southern Water Reports £4.5 Million Loss from Black Basta Ransomware Attack Bybit Suffers $1.5 Billion Cryptocurrency Theft in Largest Exchange Hack to Date DDoS Attacks Surge by 550% in 2024 Malicious ‘PirateFi’ Game Infects Steam Users with Vidar Stealer Malware Critical Remote Code Execution Vulnerability Discovered in MITRE Caldera Framework DISA Global Solutions Data Breach Exposes Personal Information of 3.3 Million Individuals Southern Water Reports £4.5 Million Loss from Black Basta Ransomware Attack In February 2024, Southern Water, a major UK water supplier, experienced a cyberattack attributed to the Black Basta ransomware group.