Blog

The latest news and developments

Explore a blend of security news, industry developments, and in-depth technical analysis of our services on Secora Consulting's blog. Bookmark this page to stay informed.

Latest Blogs and News

Secora Consulting’s blog is a mixture of news and developments in the security world and technical breakdowns of our services. Bookmark this page to stay informed.

Vulnerability

Critical Vulnerabilities in Red Hat OpenShift Container Platform 4

Red Hat has recently disclosed two critical vulnerabilities in OpenShift Container Platform 4 that require urgent attention from affected organisations. The vulnerabilities, identified as CVE-2024-45496 and CVE-2024-7387, both have critical CVSS3.0 scores, highlighting their severity. CVE-2024-45496: Privilege Misuse in Build Process This flaw, with a CVSS score of 9.9, occurs due to the misuse of elevated privileges during the build process of OpenShift Container Platform. Specifically, the git-clone container is run with a privileged security context, granting unrestricted access to the node.

News

This Week in Cybersecurity: Looking Back at Week 37

Cyber Attack Hits German Air Traffic Control Agency The German air traffic control agency, Deutsche Flugsicherung (DFS), has confirmed a recent cyber attack that disrupted its office communications, though air traffic operations remained unaffected. The attack, suspected to be the work of the notorious hacker group APT28 (Fancy Bear), targeted the company’s IT infrastructure. APT28, closely linked to Russia’s military intelligence service GRU, has a long history of cyber attacks on critical infrastructure, government agencies, and political organisations across Europe and North America.

Cybersecurity Alert

Critical RCE Vulnerabilities in Veeam Backup and Replication and Veeam ONE Agent

Veeam has disclosed two critical vulnerabilities that pose significant risks to users of its Backup and Replication software and ONE Agent. These flaws, tracked as CVE-2024-40711 and CVE-2024-42024, could allow unauthenticated attackers to execute arbitrary code remotely, putting affected systems at risk. CVE-2024-40711 – Veeam Backup and Replication (CVSS: 9.8) This critical vulnerability, present in Veeam Backup and Replication versions 12.1.2.172 and earlier, allows remote code execution (RCE) via a deserialisation of untrusted data.

News

This Week in Cybersecurity: Looking Back at Week 36

Transport for London (TfL) Faces Ongoing Cyberattack, No Service Disruptions Transport for London (TfL), the agency overseeing Greater London’s transportation network, is grappling with a cyberattack that has primarily affected its internal IT systems. While TfL assured that no customer data has been compromised and public transport services remain unaffected, it has engaged the UK government, including the National Crime Agency and National Cyber Security Centre, for support. Employees have been advised to work from home as the investigation continues.

News

Critical Security Vulnerability in Google Chrome

Google Chrome users are being urged to update their browsers immediately due to a critical security vulnerability identified as CVE-2024-7971 . This vulnerability, known as a type confusion flaw, affects the V8 JavaScript and WebAssembly engine within Google Chromium versions prior to 128.0.6613.84. The flaw allows a remote attacker to exploit heap corruption through a specially crafted HTML page, making it a significant threat with a CVSS score of 8.8 (High).

News

This Week in Cybersecurity: Looking Back at Week 35

Fota Wildlife Park in Cork hit by cyberattack Fota Wildlife Park in Cork recently experienced a cyberattack that may have compromised the financial information of customers who made transactions on its website between May 12, 2024, and August 27, 2024. In an email to customers, the park advised those affected to cancel any credit or debit cards used during that period and to review their bank and credit card statements for any suspicious activity.