Blog

The latest news and developments

Explore a blend of security news, industry developments, and in-depth technical analysis of our services on Secora Consulting's blog. Bookmark this page to stay informed.

Latest Blogs and News

Secora Consulting’s blog is a mixture of news and developments in the security world and technical breakdowns of our services. Bookmark this page to stay informed.

Cybersecurity Alert

Palo Alto Networks Expedition Vulnerability Puts Admin Accounts at Risk

In July 2024, a critical vulnerability, CVE-2024-5910, was identified in Palo Alto Networks’ Expedition tool. This vulnerability, which scores a 9.3 on the CVSS 3.0 scale, exposes Expedition to a significant risk of admin account takeover by unauthorised parties with network access to the tool. As organisations increasingly rely on automation tools like Expedition for configuration migration, tuning, and enrichment, this security flaw is one that affected users cannot afford to overlook.

Cyber Advisory

The Importance of Third-Party Cybersecurity Assessments

Cybersecurity risks don’t just come from within your organisation; they often arise from third-party vendors who manage essential services like cloud hosting, software development, and data storage. A single vulnerability in a vendor’s system can open the door for cybercriminals to access your sensitive data, potentially jeopardising your entire business. These risks make third-party cybersecurity assessments critical for safeguarding your operations and ensuring that your vendors meet the required security standards.

News

Strengthen Your Business with the Enterprise Ireland Cyber Security Review Grant

As cyberattacks grow more frequent and sophisticated, malicious actors target organisations across the spectrum—from fledgling startups to established SMEs and large corporations. Recognising the pressing need for organisations to protect sensitive information and mitigate the risk of cyber-attacks, Enterprise Ireland has launched the Cyber Security Review Grant. This offers Irish organisations a practical and cost-effective solution to bolster their defences against cyber threats and ensure regulatory compliance. If you’re an Irish organisation and Enterprise Ireland client, you now have access to substantial support from Enterprise Ireland to evaluate your current cybersecurity posture and identify potential vulnerabilities.

SME Cybersecurity

Cybersecurity Awareness Month - Strengthening Your Businesss Defences

Cybersecurity Awareness Month serves as an important reminder for businesses of all sizes to stay vigilant against the cyber threats that target our data and systems. Whether you’re an experienced IT professional or just starting to learn the basics of cybersecurity, this month provides the perfect opportunity to evaluate and enhance your security practices. Malicious actors don’t discriminate based on the size of your business or your level of technical knowledge.

News

EU’s Cyber Resilience Act: Strengthening Security for Digital Products

On October 10, 2024, the European Council formally adopted the Cyber Resilience Act (CRA) —a landmark regulation aimed at ensuring that digital products sold within the European Union (EU) meet stringent cybersecurity requirements. This new law represents a significant step toward improving cybersecurity across the digital ecosystem, making Europe’s digital infrastructure more secure and resilient. But what exactly does this act entail, and what does it mean for businesses, consumers, and manufacturers of digital products?

News

Critical Vulnerability identified in SAP BusinessObjects

A critical security vulnerability, identified as CVE-2024-41730 has been disclosed in SAP’s BusinessObjects Business Intelligence (BI) Platform. This vulnerability allows attackers to bypass authentication when Single Sign-On (SSO) is enabled for Enterprise authentication, enabling unauthorised access to the platform through a REST endpoint. With a CVSS score of 9.8, this vulnerability is rated as critical, posing a significant threat to affected organisations due to its potential to compromise the confidentiality, integrity, and availability of their systems.