Blog

The latest news and developments

Explore a blend of security news, industry developments, and in-depth technical analysis of our services on Secora Consulting's blog. Bookmark this page to stay informed.

Latest Blogs and News

Secora Consulting’s blog is a mixture of news and developments in the security world and technical breakdowns of our services. Bookmark this page to stay informed.

Cybersecurity News

This Week in Cybersecurity: Looking Back at Week 11

This Weeks Headlines PCI SSC Release Information Supplement on Payment Page Security and Preventing E-Skimming Expiring Root Certificate May Disable Firefox Add-Ons, Security Features, and DRM Playback Over One-Third of Irish Households Experienced Cybercrime in the Past Year Microsoft Patches 57 Security Flaws, Including Six Actively Exploited Zero-Days New Vulnerabilities in ruby-saml Library Enable Potential Account Takeovers DeepSeek R1 AI Model Capable of Generating Malware Code with Prompt Engineering Meta Warns of Actively Exploited FreeType Vulnerability PCI SSC Release Information Supplement on Payment Page Security and Preventing E-Skimming The PCI Security Standards Council (PCI SSC) has introduced a new information supplement on “Payment Page Security and Preventing E-Skimming – Guidance for PCI DSS Requirements 6.

Cybersecurity News

This Week in Cybersecurity: Looking Back at Week 10

This Weeks Headlines Exploited VMware ESXi Zero-Day Vulnerabilities Expose Thousands to Ransomware Attacks ‘Bulletproof’ Hosting Provider Allegedly Routes Operations Through Kaspersky Lab Networks Over 1,000 WordPress Sites Compromised by JavaScript Backdoors Eleven11bot Botnet Infects Over 86,000 IoT Devices, Primarily Security Cameras and NVRs Hunters International Ransomware Group Claims Hack on Tata Technologies Exploited VMware ESXi Zero-Day Vulnerabilities Expose Thousands to Ransomware Attacks Recent reports have identified that tens of thousands of VMware ESXi instances are vulnerable to three zero-day vulnerabilities which have been actively exploited in the wild:

Cybersecurity News

This Week in Cybersecurity: Looking Back at Week 9

This Weeks Headlines Southern Water Reports £4.5 Million Loss from Black Basta Ransomware Attack Bybit Suffers $1.5 Billion Cryptocurrency Theft in Largest Exchange Hack to Date DDoS Attacks Surge by 550% in 2024 Malicious ‘PirateFi’ Game Infects Steam Users with Vidar Stealer Malware Critical Remote Code Execution Vulnerability Discovered in MITRE Caldera Framework DISA Global Solutions Data Breach Exposes Personal Information of 3.3 Million Individuals Southern Water Reports £4.5 Million Loss from Black Basta Ransomware Attack In February 2024, Southern Water, a major UK water supplier, experienced a cyberattack attributed to the Black Basta ransomware group.

Cybersecurity News

This Week in Cybersecurity: Looking Back at Week 8

This Weeks Headlines Microsoft Patches Actively Exploited Power Pages Privilege Escalation Vulnerability UK Government Orders Apple to Provide Access to Encrypted User Data Critical Vulnerabilities Discovered in Unifi Protect Cameras and Management Interface Content Credentials Initiative Gains Momentum in Combating Digital Disinformation Storm-2372 Cybercriminals Exploit Device Codes in Phishing Attacks via Microsoft Teams and WhatsApp Oireachtas Committee to Assess Ireland’s Cybersecurity Preparedness Amid Escalating Digital Threats Microsoft Patches Actively Exploited Power Pages Privilege Escalation Vulnerability Microsoft has released security updates addressing two critical vulnerabilities affecting Bing and Power Pages, including one actively exploited in the wild.

Event News

Secora Consulting Sponsors CTF at BSides Galway

Secora Consulting is pleased to announce our sponsorship of the ZeroDays Capture The Flag (CTF) competition at BSides Galway—the city’s inaugural BSides cybersecurity conference—taking place on February 22, 2025, at the University of Galway. BSides Galway will serve as a premier gathering for cybersecurity professionals, researchers, and enthusiasts, fostering knowledge exchange and innovation in the field. As part of the event, the ZeroDays CTF, run by Zero Days events, will provide an immersive, hands-on challenge designed to test and refine participants’ cybersecurity expertise in real-world scenarios.

Cybersecurity News

This Week in Cybersecurity: Looking Back at Week 7

This Weeks Headlines Microsoft’s February Patch Tuesday Addresses 63 Vulnerabilities, Including Two Actively Exploited Elevation of Privilege Flaws Ivanti Releases Patches for Critical Vulnerabilities in Connect Secure and Policy Secure HSE Faces Nearly 500 Legal Actions Following €102 Million Cyberattack New Exploit Bypasses Patched NVIDIA Container Toolkit Vulnerability FINALDRAFT Malware Exploits Microsoft Graph API for Espionage on Windows and Linux Microsoft’s February Patch Tuesday Addresses 63 Vulnerabilities, Including Two Actively Exploited Elevation of Privilege Flaws On February 12, 2025, Microsoft released security updates addressing 63 vulnerabilities across its software products.