Blog

The latest news and developments

Explore a blend of security news, industry developments, and in-depth technical analysis of our services on Secora Consulting's blog. Bookmark this page to stay informed.

Latest Blogs and News

Secora Consulting’s blog is a mixture of news and developments in the security world and technical breakdowns of our services. Bookmark this page to stay informed.

News

Strengthen Your Business with the Enterprise Ireland Cyber Security Review Grant

As cyberattacks grow more frequent and sophisticated, malicious actors target organisations across the spectrum—from fledgling startups to established SMEs and large corporations. Recognising the pressing need for organisations to protect sensitive information and mitigate the risk of cyber-attacks, Enterprise Ireland has launched the Cyber Security Review Grant. This offers Irish organisations a practical and cost-effective solution to bolster their defences against cyber threats and ensure regulatory compliance. If you’re an Irish organisation and Enterprise Ireland client, you now have access to substantial support from Enterprise Ireland to evaluate your current cybersecurity posture and identify potential vulnerabilities.

SME Cybersecurity

Cybersecurity Awareness Month - Strengthening Your Businesss Defences

Cybersecurity Awareness Month serves as an important reminder for businesses of all sizes to stay vigilant against the cyber threats that target our data and systems. Whether you’re an experienced IT professional or just starting to learn the basics of cybersecurity, this month provides the perfect opportunity to evaluate and enhance your security practices. Malicious actors don’t discriminate based on the size of your business or your level of technical knowledge.

News

This Week in Cybersecurity: Looking Back at Week 42

Data Breach at Cabot Financial Exposes Sensitive Consumer Information A significant data breach at Cabot Financial, one of Ireland’s largest debt-collection agencies, has potentially compromised the personal and financial details of thousands of consumers. The agency, which manages accounts for approximately 80 credit unions and other lenders, has disabled its website and several phone lines in response to the attack. Cabot Financial has confirmed it is actively addressing a suspected cyber attack and is collaborating with IT experts to protect customer data.

News

EU’s Cyber Resilience Act: Strengthening Security for Digital Products

On October 10, 2024, the European Council formally adopted the Cyber Resilience Act (CRA) —a landmark regulation aimed at ensuring that digital products sold within the European Union (EU) meet stringent cybersecurity requirements. This new law represents a significant step toward improving cybersecurity across the digital ecosystem, making Europe’s digital infrastructure more secure and resilient. But what exactly does this act entail, and what does it mean for businesses, consumers, and manufacturers of digital products?

News

Critical Vulnerability identified in SAP BusinessObjects

A critical security vulnerability, identified as CVE-2024-41730 has been disclosed in SAP’s BusinessObjects Business Intelligence (BI) Platform. This vulnerability allows attackers to bypass authentication when Single Sign-On (SSO) is enabled for Enterprise authentication, enabling unauthorised access to the platform through a REST endpoint. With a CVSS score of 9.8, this vulnerability is rated as critical, posing a significant threat to affected organisations due to its potential to compromise the confidentiality, integrity, and availability of their systems.

News

This Week in Cybersecurity: Looking Back at Week 41

Ivanti Warns of Active Exploits Targeting New Cloud Service Appliance Vulnerabilities Ivanti has identified three new security vulnerabilities (CVE-2024-9379, CVE-2024-9380, and CVE-2024-9381) in its Cloud Service Appliance (CSA), which are actively being exploited. These flaws, found in CSA versions before 5.0.2, involve SQL injection, OS command injection, and path traversal attacks, all of which can be used by remote authenticated attackers with admin privileges. Threat actors are combining these vulnerabilities with a previously disclosed zero-day (CVE-2024-8963) to carry out sophisticated attacks.