Our Blog

Interested in the latest developments in the security world, or just want to get a better understanding of our service lines then this is the place for you.
Secora Consulting’s blog is a mixture of news and developments in the security world and technical breakdowns of our services.
Bookmark this page to stay informed.

More Zero-Day Vulnerabilities Discovered in Google Chrome

In a recent blog post we discussed that Google had discovered a zero-day vulnerability in their Chrome browser which led to an update being issued for all users. Since then, Google has discovered and patched two more zero-day flaws discovered in the Chrome browser for desktop. These are the fourth and fifth actively exploited vulnerabilities addressed by the search giant in recent weeks. Unlike…

Common Web Application Vulnerabilities - Part 2

In a previous blog, we discussed two severe but very common issues that we frequently encounter when performing web application penetration tests. In this blog, we are going to be continuing this series by examining two further vulnerabilities that could negatively affect your web applications and discuss how you can easily remediate these issues.   Commonly referred to in its acronym form, CSRF…

New Way to Slip Past Firewalls Disclosed

This week, privacy and security researcher Samy Kamkar has disclosed a new hacking technique which allows an attacker to trick Network Address Translation (NAT) devices such as routers / firewalls to provide remote access to services on victim machines not normally accessible via the internet.   Network Address Translation (NAT) is the process where a network device, such as a firewall, remaps an…

Why Credit Union's Should Secure Their Web Application's

If your Credit Union offers an online or mobile banking service, you may find your clients are using this service more frequently. With many customers embracing this new way of banking with their Credit Union, it is important to recognise the risks associated with operating an online banking service.   Throughout COVID-19, with people restricting their movements they have turned to the internet to…

New Zero-Day Vulnerability Exposes Google Chrome Browser

On the 21/10/2020, Google released a stable channel update of Google Chrome desktop to patch several high-risk security issues which have been uncovered. Included in the patch release was a zero-day vulnerability which could be exploited by an attacker to hijack targeted computers. Designation Threat Level Description CVE-2020-15999 High Heap buffer overflow in FreeType CVE-2020-16000 High…

Common Web Application Vulnerabilities -Part 1

With the advent of COVID-19, many businesses have had to hurriedly take their businesses online. According to the IE Domain Registry, registrations of .ie domains have jumped by 56% in Q2. With so many businesses embracing this new way of working, it is important to recognise the risks associated with operating your business online. Throughout October, given it is European Cyber Security Month…

Cyber Hygiene Basics

Last month, we published a blog post on the four main reasons to secure your website. This month, given it is European Cyber Security Month (ECSM) we’d like to focus on four simple tips that can help you improve your cyber hygiene. Cyber hygiene is a term that refers to improving your practices and technologies to stay safer online. With businesses growing their online presence, cyber hygiene is…

Ransomware Attack Leads to Fatality

A ransomware attack on the University Hospital of Dusseldorf (UKD) was reported to have a fatal outcome last week. German authorities revealed that the ransomware attack caused a failure of the hospital's IT systems, which resulted in a woman who needed urgent care tragically passing away while being transferred to another hospital 20 miles away for treatment. It is believed the attack exploited a…

Key Steps for SMEs to Securely Live with COVID-19

With Ireland’s new 5 level plan for living with COVID-19 now in effect, it has become apparent people are being advised to work from home where possible for at least the next 6 months. The entire country is currently on Level 2 which states in relation to work that you are advised to only attend work for essential on-site meetings, inductions and training. In all other instances, you should work…

Secure your success.

Use a trusted security partner with experienced consultants, who want to ensure your long term success