Blog

The latest news and developments

Explore a blend of security news, industry developments, and in-depth technical analysis of our services on Secora Consulting's blog. Bookmark this page to stay informed.

Latest Blogs and News

Secora Consulting’s blog is a mixture of news and developments in the security world and technical breakdowns of our services. Bookmark this page to stay informed.

News

This Week in Cybersecurity: Looking Back at Week 36

Transport for London (TfL) Faces Ongoing Cyberattack, No Service Disruptions Transport for London (TfL), the agency overseeing Greater London’s transportation network, is grappling with a cyberattack that has primarily affected its internal IT systems. While TfL assured that no customer data has been compromised and public transport services remain unaffected, it has engaged the UK government, including the National Crime Agency and National Cyber Security Centre, for support. Employees have been advised to work from home as the investigation continues.

News

Critical Security Vulnerability in Google Chrome

Google Chrome users are being urged to update their browsers immediately due to a critical security vulnerability identified as CVE-2024-7971 . This vulnerability, known as a type confusion flaw, affects the V8 JavaScript and WebAssembly engine within Google Chromium versions prior to 128.0.6613.84. The flaw allows a remote attacker to exploit heap corruption through a specially crafted HTML page, making it a significant threat with a CVSS score of 8.8 (High).

News

This Week in Cybersecurity: Looking Back at Week 35

Fota Wildlife Park in Cork hit by cyberattack Fota Wildlife Park in Cork recently experienced a cyberattack that may have compromised the financial information of customers who made transactions on its website between May 12, 2024, and August 27, 2024. In an email to customers, the park advised those affected to cancel any credit or debit cards used during that period and to review their bank and credit card statements for any suspicious activity.

News

This Week in Cybersecurity: Looking Back at Week 34

Massive Data Leak Allegedly Exposes 3 Billion Records from National Public Data A proposed class action lawsuit has been filed against National Public Data (NPD), accusing the company of being the source of a massive data breach affecting up to 3 billion individuals. The data, reportedly leaked and offered for sale on the dark web by the hacker group USDoD for $3.5 million, includes sensitive information such as Social Security numbers and personal details.

News

Critical Vulnerability in Palo Alto Networks Cortex XSOAR CommonScripts

A critical command injection vulnerability (CVE-2024-5914) has been identified in Palo Alto Networks’ Cortex XSOAR CommonScripts Pack . The identified vulnerability affects all versions of Palo Alto Networks’ Cortex XSOAR CommonScripts Pack prior to version 1.12.33. It allows unauthenticated attackers to execute arbitrary commands within the context of an integration container—essentially providing the attacker with control over part of the system. This type of attack is classified as a command injection vulnerability, a serious threat that could lead to extensive damage if exploited.

News

This Week in Cybersecurity: Looking Back at Week 33

Critical Windows Vulnerabilities Expose Systems to Downgrade Attacks Microsoft is addressing two critical vulnerabilities in its Windows update architecture, CVE-2024-38202 and CVE-2024-21302. These flaws, with CVSS scores of 7.3 and 6.7 respectively, could allow attackers to perform downgrade attacks, replacing current OS files with older versions. CVE-2024-38202 affects the Windows Backup component, potentially reintroducing mitigated vulnerabilities or circumventing Virtualization Based Security (VBS) features. CVE-2024-21302 enables privilege escalation in VBS-supported Windows systems.