Blog

The latest news and developments

Explore a blend of security news, industry developments, and in-depth technical analysis of our services on Secora Consulting's blog. Bookmark this page to stay informed.

Latest Blogs and News

Secora Consulting’s blog is a mixture of news and developments in the security world and technical breakdowns of our services. Bookmark this page to stay informed.

News

This Week in Cybersecurity: Looking Back at Week 34

Massive Data Leak Allegedly Exposes 3 Billion Records from National Public Data A proposed class action lawsuit has been filed against National Public Data (NPD), accusing the company of being the source of a massive data breach affecting up to 3 billion individuals. The data, reportedly leaked and offered for sale on the dark web by the hacker group USDoD for $3.5 million, includes sensitive information such as Social Security numbers and personal details.

News

Critical Vulnerability in Palo Alto Networks Cortex XSOAR CommonScripts

A critical command injection vulnerability (CVE-2024-5914) has been identified in Palo Alto Networks’ Cortex XSOAR CommonScripts Pack . The identified vulnerability affects all versions of Palo Alto Networks’ Cortex XSOAR CommonScripts Pack prior to version 1.12.33. It allows unauthenticated attackers to execute arbitrary commands within the context of an integration container—essentially providing the attacker with control over part of the system. This type of attack is classified as a command injection vulnerability, a serious threat that could lead to extensive damage if exploited.

News

This Week in Cybersecurity: Looking Back at Week 33

Critical Windows Vulnerabilities Expose Systems to Downgrade Attacks Microsoft is addressing two critical vulnerabilities in its Windows update architecture, CVE-2024-38202 and CVE-2024-21302. These flaws, with CVSS scores of 7.3 and 6.7 respectively, could allow attackers to perform downgrade attacks, replacing current OS files with older versions. CVE-2024-38202 affects the Windows Backup component, potentially reintroducing mitigated vulnerabilities or circumventing Virtualization Based Security (VBS) features. CVE-2024-21302 enables privilege escalation in VBS-supported Windows systems.

News

This Week in Cybersecurity: Looking Back at Week 32

Ireland Unveils National Cyber Emergency Plan to Strengthen Response to Cyber Threats This week, Ireland published its National Cyber Emergency Plan (NCEP), developed through extensive public and private sector engagement and lessons from recent cyber exercises and the 2021 HSE ransomware attack. The NCEP details the process for declaring and managing a National Cyber Emergency, outlining clear roles and responsibilities. It incorporates flexible response strategies for diverse cyber incidents through three cooperation modes:

Vulnerability

Zero Day Exploit: Critical Vulnerability in Apache OFBiz

A zero-day pre-authentication remote code execution vulnerability , identified as CVE-2024-38856, has been discovered in the Apache OFBiz open-source enterprise resource planning (ERP) system. This critical flaw could allow threat actors to execute remote code on affected instances, posing significant risks to businesses relying on this software. Vulnerability Overview Vulnerability Type: Zero-day pre-authentication remote code execution CVSS Score: 9.8/10 Affected Versions: Apache OFBiz versions prior to 18.12.15 The vulnerability stems from a flaw in the authentication mechanism of Apache OFBiz.

News

This Week in Cybersecurity: Looking Back at Week 31

Average cost of a data breach rises to €4.5m According to IBM’s annual ‘Cost of a Data Breach Report,’ the average cost of data breaches globally has risen to €4.49 million this year, marking a significant 10% increase year-over-year — the largest since the pandemic began. The report reveals that 70% of breached organisations experienced significant disruptions, with lost business and post-breach customer and third-party response costs contributing heavily to the financial impact.