Blog

The latest news and developments

Explore a blend of security news, industry developments, and in-depth technical analysis of our services on Secora Consulting's blog. Bookmark this page to stay informed.

Latest Blogs and News

Secora Consulting’s blog is a mixture of news and developments in the security world and technical breakdowns of our services. Bookmark this page to stay informed.

Cybersecurity News

This Week in Cybersecurity: Looking Back at Week 1

Cyberhaven Chrome Extension Breach Part of Expanding Supply Chain Attack Cyberhaven, a data detection and response platform, suffered a compromise of its Chrome extension on December 24, 2024, after a phishing attack gave threat actors access to the company’s Chrome Web Store account. The attackers published a malicious version of the extension designed to steal Facebook access tokens and user information. Although Cyberhaven detected and removed the malicious extension within approximately 24 hours, this incident is part of a broader campaign that has compromised at least 29 Chrome extensions over the past 18 months, potentially affecting over 2.

News

This Week in Cybersecurity: Looking Back at Week 51

Russian-Israeli Suspected LockBit Ransomware Coder Charged by US Ascension Health Data Breach Impacts 56 Million Individuals Lazarus Group Targets Nuclear Research Organizations Critical Apache Struts Flaw Exploited in the Wild Dutch DPA Fines Netflix $475 Million for Data Handling Violations HubSpot Phishing Targets 20,000 Microsoft Azure Accounts US Considers Banning TP-Link Routers Over Cybersecurity Risks Critical FortiWLM Bug Allows Hackers Admin Privileges RSPack NPM Packages Compromised with Malicious Code Over 25,000 SonicWall VPN Firewalls Exposed to Critical Flaws Russian-Israeli Suspected LockBit Ransomware Coder Charged by US US authorities have filed charges against a Russian-Israeli national believed to be a developer behind the notorious LockBit ransomware, a strain responsible for numerous high-profile cyberattacks.

News

This Week in Cybersecurity: Looking Back at Week 50

Headlines Microsoft Patches Zero-Day Vulnerability and 71 Other Flaws in December 2024 Update Europol Targets DDoS-for-Hire Services Ahead of Holiday Attacks Hackers Exploit Visual Studio Code Tunnels in Advanced Cyberattacks Deloitte Denies Data Breach Allegations Despite Ransomware Claims Microsoft 365 Outage Disrupts Key Services Due to Cache Issues International Crackdown on Phishing Gang in Belgium and Netherlands MTU Prank Email Incident Highlights Ongoing Cybersecurity Vigilance NTLM Zero-Day Vulnerability Exposes Windows to Credential Theft Risks Lynx Ransomware Targets Romanian Energy Supplier Electrica in Cyberattack Microsoft Patches Zero-Day Vulnerability and 71 Other Flaws in December 2024 Update Microsoft’s December 2024 Patch Tuesday update addresses 71 security vulnerabilities across its products, including one actively exploited zero-day vulnerability.

News

This Week in Cybersecurity: Looking Back at Week 49

Headlines Solana Web3.js Library Supply Chain Attack Investigation into Data Breach at Irish Utility Company EU’s First Report on Cybersecurity Maturity Deloitte UK Allegedly Hit by Cyberattack, 1TB Data Stolen Phishing Campaign Uses Corrupted Word Files to Evade Detection SpyLoan Malware Hits 8 Million Android Users Worldwide Sensitive Data from Alder Hey Breach Published Online Police Dismantle Major German-Language Criminal Marketplace International Sting Shuts Down Criminal Messaging Platform Massive Espionage Campaign Targets Global Telecoms Solana Web3.

News

Critical Vulnerabilities in Hewlett Packard Enterprise (HPE) Insight Remote Support

Hewlett Packard Enterprise (HPE) has disclosed multiple critical vulnerabilities in its Insight Remote Support software, with the most severe carrying a CVSS v3.0 score of 9.8. These vulnerabilities pose significant security risks, including remote directory traversal, information disclosure, and potential code execution. Overview of the Vulnerabilities The vulnerabilities impact versions of HPE Insight Remote Support prior to v7.14.0.629. A breakdown of the CVEs, their descriptions, and potential impacts is provided below:

News

This Week in Cybersecurity: Looking Back at Week 48

Headlines Critical Cobbler Server Vulnerability Enables Unauthorised Contro Blue Yonder Ransomware Attack Disrupts UK Supermarkets’ Supply Chains Massive Retail Data Breach Exposes 57 Million Customers’ Information Matrix Botnet Exploits IoT Devices for Global DDoS Campaign UK Businesses Lose £44 Billion to Cybercrime Over Five Years U.S. Soldier Suspected in Snowflake Extortion Scheme Global Police Takedown Dismantles €250M/month Pirate Streaming Service Critical Flaw in WordPress Plugin Risks 4 Million Websites Russian RomCom Hackers Exploit Firefox and Windows Zero-Day Vulnerabilities Major Incident Declared at Merseyside’s Arrowe Park Hospital Over Cybersecurity Breach Critical Cobbler Server Vulnerability Enables Unauthorised Contro A critical vulnerability (CVE-2024-47533) in Cobbler Server versions 3.