Blog

The latest news and developments

Explore a blend of security news, industry developments, and in-depth technical analysis of our services on Secora Consulting's blog. Bookmark this page to stay informed.

Latest Blogs and News

Secora Consulting’s blog is a mixture of news and developments in the security world and technical breakdowns of our services. Bookmark this page to stay informed.

Cybersecurity News

This Week in Cybersecurity: Looking Back at Week 2

E.U. Commission Fined for Transferring User Data to Meta in Violation of Privacy Laws Hackers Breach Argentina’s Airport Security Police Payroll System Mirai Botnet Variant Exploits Four-Faith Router Vulnerability for DDoS Attacks Russian-Speaking Hackers Target Ethereum Developers with Malicious npm Packages Critical RCE Flaw in GFI KerioControl Exploited in Active Attacks SonicWall Urges Immediate Patching of Critical SonicOS Vulnerability Critical Vulnerabilities Identified in Ivanti Products E.U. Commission Fined for Transferring User Data to Meta in Violation of Privacy Laws The European General Court has fined the European Commission €400 for violating the bloc’s data privacy regulations.

Cybersecurity News

This Week in Cybersecurity: Looking Back at Week 1

Cyberhaven Chrome Extension Breach Part of Expanding Supply Chain Attack Cyberhaven, a data detection and response platform, suffered a compromise of its Chrome extension on December 24, 2024, after a phishing attack gave threat actors access to the company’s Chrome Web Store account. The attackers published a malicious version of the extension designed to steal Facebook access tokens and user information. Although Cyberhaven detected and removed the malicious extension within approximately 24 hours, this incident is part of a broader campaign that has compromised at least 29 Chrome extensions over the past 18 months, potentially affecting over 2.

News

Critical Vulnerabilities in Hewlett Packard Enterprise (HPE) Insight Remote Support

Hewlett Packard Enterprise (HPE) has disclosed multiple critical vulnerabilities in its Insight Remote Support software, with the most severe carrying a CVSS v3.0 score of 9.8. These vulnerabilities pose significant security risks, including remote directory traversal, information disclosure, and potential code execution. Overview of the Vulnerabilities The vulnerabilities impact versions of HPE Insight Remote Support prior to v7.14.0.629. A breakdown of the CVEs, their descriptions, and potential impacts is provided below:

SME Cybersecurity

Black Friday & Cyber Monday Cybersecurity Tips

Black Friday and Cyber Monday are two of the most anticipated shopping days, with millions of customers flocking online and in-store for deals. These high-traffic days offer significant sales opportunities, but they also attract cybercriminals aiming to exploit the increase in online activity. Cyber threats spike around these shopping events, and if your business isn’t prepared, you could be at risk for data breaches, phishing scams, and financial loss. To help you stay secure, we’ve put together essential cybersecurity tips to protect your business from Black Friday through Cyber Monday.

Cybersecurity Alert

Palo Alto Networks Expedition Vulnerability Puts Admin Accounts at Risk

In July 2024, a critical vulnerability, CVE-2024-5910, was identified in Palo Alto Networks’ Expedition tool. This vulnerability, which scores a 9.3 on the CVSS 3.0 scale, exposes Expedition to a significant risk of admin account takeover by unauthorised parties with network access to the tool. As organisations increasingly rely on automation tools like Expedition for configuration migration, tuning, and enrichment, this security flaw is one that affected users cannot afford to overlook.

Cyber Advisory

The Importance of Third-Party Cybersecurity Assessments

Cybersecurity risks don’t just come from within your organisation; they often arise from third-party vendors who manage essential services like cloud hosting, software development, and data storage. A single vulnerability in a vendor’s system can open the door for cybercriminals to access your sensitive data, potentially jeopardising your entire business. These risks make third-party cybersecurity assessments critical for safeguarding your operations and ensuring that your vendors meet the required security standards.