Blog

The latest news and developments

Explore a blend of security news, industry developments, and in-depth technical analysis of our services on Secora Consulting's blog. Bookmark this page to stay informed.

Latest Blogs and News

Secora Consulting’s blog is a mixture of news and developments in the security world and technical breakdowns of our services. Bookmark this page to stay informed.

Event News

Secora Consulting Sponsors CTF at BSides Galway

Secora Consulting is pleased to announce our sponsorship of the ZeroDays Capture The Flag (CTF) competition at BSides Galway—the city’s inaugural BSides cybersecurity conference—taking place on February 22, 2025, at the University of Galway. BSides Galway will serve as a premier gathering for cybersecurity professionals, researchers, and enthusiasts, fostering knowledge exchange and innovation in the field. As part of the event, the ZeroDays CTF, run by Zero Days events, will provide an immersive, hands-on challenge designed to test and refine participants’ cybersecurity expertise in real-world scenarios.

Cybersecurity News

This Week in Cybersecurity: Looking Back at Week 7

This Weeks Headlines Microsoft’s February Patch Tuesday Addresses 63 Vulnerabilities, Including Two Actively Exploited Elevation of Privilege Flaws Ivanti Releases Patches for Critical Vulnerabilities in Connect Secure and Policy Secure HSE Faces Nearly 500 Legal Actions Following €102 Million Cyberattack New Exploit Bypasses Patched NVIDIA Container Toolkit Vulnerability FINALDRAFT Malware Exploits Microsoft Graph API for Espionage on Windows and Linux Microsoft’s February Patch Tuesday Addresses 63 Vulnerabilities, Including Two Actively Exploited Elevation of Privilege Flaws On February 12, 2025, Microsoft released security updates addressing 63 vulnerabilities across its software products.

Cyber Advisory

The Path to Operational Resilience: Key Considerations for Credit Unions

In a time where business disruptions and cybersecurity incidents are inevitable, operational resilience has become a prominent focus area for the Central Bank of Ireland (CBI). The CBI released Cross Industry Guidance on Operational Resilience in December 2021 and set a deadline for financial services to fully implement their guidance by December 2023. As we move into 2025, financial institutions are expected to demonstrate that their operational resilience strategies are fully aligned with the guidance.

Cybersecurity News

This Week in Cybersecurity: Looking Back at Week 6

This Weeks Headlines Phishing Campaign Exploits Microsoft ADFS to Bypass MFA and Hijack Accounts Chrome 133 and Firefox 135 Release Patches for High-Severity Vulnerabilities AsyncRAT Malware Campaign Leverages Python Payloads and Cloudflare Tunnels for Stealthy Attacks Malicious Go Package Exploits Module Mirror Caching for Persistent Remote Access Malvertising Campaign Targets Microsoft Advertisers via Fake Google Ads Zyxel Declines to Patch Exploited Zero-Day Vulnerabilities in Legacy DSL Devices Critical Veeam Vulnerability Allows Remote Code Execution via Man-in-the-Middle Attacks California Man Sentenced to Seven Years for $50 Million Financial Fraud Scheme Phishing Campaign Exploits Microsoft ADFS to Bypass MFA and Hijack Accounts A sophisticated phishing campaign is targeting Microsoft Active Directory Federation Services (ADFS) to bypass multifactor authentication (MFA) and take over user accounts.

Cybersecurity News

This Week in Cybersecurity: Looking Back at Week 5

This Weeks Headlines DeepSeek AI Database Exposed: Over 1 Million Log Lines, Secret Keys Leaked New SLAP and FLOP Attacks Expose Speculative Execution Vulnerabilities in Apple M-Series Chips Law Enforcement Dismantles Two Major Cybercrime Forums British Museum Restores Operations After Alleged IT Attack by Former Contractor OAuth Redirect Vulnerability in Airline Travel Integration Exposes Millions to Account Hijacking GitHub Desktop Vulnerability Exposes User Credentials via Malicious URLs Meta’s Llama Framework Vulnerability Allows Remote Code Execution DeepSeek AI Database Exposed: Over 1 Million Log Lines, Secret Keys Leaked Chinese AI startup DeepSeek inadvertently left a ClickHouse database exposed on the internet, allowing unauthorized access to sensitive information.

Cybersecurity News

This Week in Cybersecurity: Looking Back at Week 4

CISA Adds Five-Year-Old jQuery XSS Flaw to Exploited Vulnerabilities List Hundreds of Fake Reddit Sites Push Lumma Stealer Malware Ivanti Vulns Chained Together in Cyberattack Onslaught SonicWall Warns of SMA1000 RCE Flaw Exploited in Zero-Day Attacks Stealthy ‘Magic Packet’ Malware Targets Juniper VPN Gateways Fake Homebrew Google Ads Target Mac Users with Malware CISA Adds Five-Year-Old jQuery XSS Flaw to Exploited Vulnerabilities List The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a now-patched cross-site scripting (XSS) vulnerability (CVE-2020-11023) affecting the widely-used jQuery JavaScript library to its Known Exploited Vulnerabilities (KEV) catalog.