Blog

The latest news and developments

Explore a blend of security news, industry developments, and in-depth technical analysis of our services on Secora Consulting's blog. Bookmark this page to stay informed.

Latest Blogs and News

Secora Consulting’s blog is a mixture of news and developments in the security world and technical breakdowns of our services. Bookmark this page to stay informed.

Cybersecurity News

This Week in Cybersecurity: Looking Back at Week 1

Cyberhaven Chrome Extension Breach Part of Expanding Supply Chain Attack Cyberhaven, a data detection and response platform, suffered a compromise of its Chrome extension on December 24, 2024, after a phishing attack gave threat actors access to the company’s Chrome Web Store account. The attackers published a malicious version of the extension designed to steal Facebook access tokens and user information. Although Cyberhaven detected and removed the malicious extension within approximately 24 hours, this incident is part of a broader campaign that has compromised at least 29 Chrome extensions over the past 18 months, potentially affecting over 2.

News

Critical Vulnerabilities in Hewlett Packard Enterprise (HPE) Insight Remote Support

Hewlett Packard Enterprise (HPE) has disclosed multiple critical vulnerabilities in its Insight Remote Support software, with the most severe carrying a CVSS v3.0 score of 9.8. These vulnerabilities pose significant security risks, including remote directory traversal, information disclosure, and potential code execution. Overview of the Vulnerabilities The vulnerabilities impact versions of HPE Insight Remote Support prior to v7.14.0.629. A breakdown of the CVEs, their descriptions, and potential impacts is provided below:

SME Cybersecurity

Black Friday & Cyber Monday Cybersecurity Tips

Black Friday and Cyber Monday are two of the most anticipated shopping days, with millions of customers flocking online and in-store for deals. These high-traffic days offer significant sales opportunities, but they also attract cybercriminals aiming to exploit the increase in online activity. Cyber threats spike around these shopping events, and if your business isn’t prepared, you could be at risk for data breaches, phishing scams, and financial loss. To help you stay secure, we’ve put together essential cybersecurity tips to protect your business from Black Friday through Cyber Monday.

Cybersecurity Alert

Palo Alto Networks Expedition Vulnerability Puts Admin Accounts at Risk

In July 2024, a critical vulnerability, CVE-2024-5910, was identified in Palo Alto Networks’ Expedition tool. This vulnerability, which scores a 9.3 on the CVSS 3.0 scale, exposes Expedition to a significant risk of admin account takeover by unauthorised parties with network access to the tool. As organisations increasingly rely on automation tools like Expedition for configuration migration, tuning, and enrichment, this security flaw is one that affected users cannot afford to overlook.

Cyber Advisory

The Importance of Third-Party Cybersecurity Assessments

Cybersecurity risks don’t just come from within your organisation; they often arise from third-party vendors who manage essential services like cloud hosting, software development, and data storage. A single vulnerability in a vendor’s system can open the door for cybercriminals to access your sensitive data, potentially jeopardising your entire business. These risks make third-party cybersecurity assessments critical for safeguarding your operations and ensuring that your vendors meet the required security standards.

News

Strengthen Your Business with the Enterprise Ireland Cyber Security Review Grant

As cyberattacks grow more frequent and sophisticated, malicious actors target organisations across the spectrum—from fledgling startups to established SMEs and large corporations. Recognising the pressing need for organisations to protect sensitive information and mitigate the risk of cyber-attacks, Enterprise Ireland has launched the Cyber Security Review Grant. This offers Irish organisations a practical and cost-effective solution to bolster their defences against cyber threats and ensure regulatory compliance. If you’re an Irish organisation and Enterprise Ireland client, you now have access to substantial support from Enterprise Ireland to evaluate your current cybersecurity posture and identify potential vulnerabilities.