Blog

The latest news and developments

Explore a blend of security news, industry developments, and in-depth technical analysis of our services on Secora Consulting's blog. Bookmark this page to stay informed.

Latest Blogs and News

Secora Consulting’s blog is a mixture of news and developments in the security world and technical breakdowns of our services. Bookmark this page to stay informed.

News

EU’s Cyber Resilience Act: Strengthening Security for Digital Products

On October 10, 2024, the European Council formally adopted the Cyber Resilience Act (CRA) —a landmark regulation aimed at ensuring that digital products sold within the European Union (EU) meet stringent cybersecurity requirements. This new law represents a significant step toward improving cybersecurity across the digital ecosystem, making Europe’s digital infrastructure more secure and resilient. But what exactly does this act entail, and what does it mean for businesses, consumers, and manufacturers of digital products?

News

Critical Vulnerability identified in SAP BusinessObjects

A critical security vulnerability, identified as CVE-2024-41730 has been disclosed in SAP’s BusinessObjects Business Intelligence (BI) Platform. This vulnerability allows attackers to bypass authentication when Single Sign-On (SSO) is enabled for Enterprise authentication, enabling unauthorised access to the platform through a REST endpoint. With a CVSS score of 9.8, this vulnerability is rated as critical, posing a significant threat to affected organisations due to its potential to compromise the confidentiality, integrity, and availability of their systems.

Cyber Advisory

NIS2 Compliance: Key Steps to Ensure Readiness

As the European Union’s NIS2 Directive comes into force, businesses across critical sectors are under increasing pressure to bolster their cybersecurity defenses. This directive isn’t just another compliance box to tick—it’s a comprehensive framework that raises the stakes for network and information security across the board. In this blog, we provide essential steps to help ensure your organization is not only compliant but also resilient against evolving cyber threats. From governance and accountability to incident reporting and supply chain security, these steps will guide you through the process of protecting your business.

Cybersecurity Alert

MORE_EGGS Backdoor: A Growing Threat to Recruiters

A recent report by Trend Micro , highlights that attackers are leveraging the “MORE_EGGS” backdoor in a phishing campaign, primarily targeting recruitment platforms. These attackers compromise websites commonly used by recruiters to infect their devices, aiming to achieve financial gain. Overview The Trend Micro report details the technical aspects of the MORE_EGGS which is a JScript backdoor a part of Golden Chickens Malware-as-a-Service (MaaS) toolkit which is mainly used by threat actors such as FIN6 and the Cobalt Group.

Cyber Advisory

NIS2 Explained: How It Builds on NIS and What You Need to Know

The Network and Information Systems (NIS) Directive, introduced by the European Union in 2016, represented a major milestone in creating a unified cybersecurity framework across member states. However, with the rapid evolution of cyber threats and advancements in technology, the need for an update became clear. Enter NIS2 , the enhanced directive that comes into effect on 17th October 2024. In this blog post, we’ll delve into the key differences between NIS and NIS2, their implications for organisations, and the advantages of transitioning to the new directive.

Cybersecurity Alert

Red Hat Discloses Critical OpenPrinting CUPS Vulnerabilities Affecting RHEL

Red Hat has recently disclosed several critical vulnerabilities within OpenPrinting CUPS , an open-source printing system widely used across modern Linux distributions, including Red Hat Enterprise Linux (RHEL). These vulnerabilities (CVE-2024-47076, CVE-2024-47175, CVE-2024-47176, and CVE-2024-47177) pose a significant security risk, particularly if exploited in combination. Understanding the Vulnerabilities OpenPrinting CUPS is essential for managing, discovering, and sharing printers across Linux systems. However, if these vulnerabilities are exploited together, attackers could potentially achieve remote code execution, leading to the theft of sensitive data or damage to critical production systems.