Our Blog

Building web applications at any scale is a difficult task. There are often a myriad of moving parts to enable the simplest functionality, and the need for new features and fixes often outpaces our ability to fix them. This creates the perfect breeding ground for new vulnerabilities to arise, and in this report, we will discuss some of those more frequently encountered by Secora Consulting…

While the pandemic accelerated the move to eCommerce for many businesses, the rush to sell online has also meant huge numbers of businesses have cybersecurity gaps. And while cybersecurity can be an overlooked part of maintaining an online business, cyberattacks can be catastrophic. Not only could your business lose, online revenue, data and customers, but its reputation could also incur…

Following on from ‘Password Security: It’s Time for A Password Overhaul’, we dive into our recommendations on how you can strengthen and protect your passwords and discuss the future of the static password. Create Complex Passwords Passwords should be at least 12 characters in length and have a balance between their length and your ability to remember them. There is no point in creating a 3…

World Password Day served as a reminder of the need for secure and robust passwords to protect your personal data and your business's systems, networks and devices. Passwords are a consistent part of our personal and professional lives. In today's digital culture, passwords are used to access everything from devices to online banking, your IT assets, and more. No matter what you or your business…

Vendor Vulnerabilities are a common cybersecurity challenge businesses face when introducing third-party products and services to their network. Whether it’s a security flaw located in a network, server or application, businesses relying on third party vendors are often the ones left to resolve the issues. To support you in resolving known vulnerabilities as quickly as possible, we have outlined…

This month sees Microsoft patch 145 vulnerabilities, including 3 rated critical at 9.8 and seven at 7.7 and above. One vulnerability that immediately caught the eye of our penetration testers was CVE-2022-26809. What is CVE-2022-26809? CVE-2022-26809 is an RPC Code Execution Vulnerability that allows remote attackers to execute code with high privileges on an affected system with no user…

Nordex Group, one of the world's largest manufacturers of wind turbines, has recently fallen victim to a cyber attack forcing them to take down multiple IT systems. The organisation, headquartered in Hamburg, Germany, discovered the cyber attack in the early stages and immediately deployed measures in line with its incident response protocols. Nordex Reporting on the Cyber Security Incident…

Over the past number of years, phishing and ransomware campaigns are responsible for the majority of the value of claims analysed across all industry sectors. As a financial institution, Credit Unions arguably hold more personally identifiable information than many other types of organisations. Examples may include sensitive customer information, credit card details and information on property…

Over the past year, 43% of cyberattacks have specifically targeted Small to Medium Enterprises (SMEs). Worryingly 83% of SMEs aren’t equipped to recover from a cybersecurity incident or breach. Given the increasing number of threats that could impact your business on a day-to-day basis, a structured approach to implementing mitigating security controls can help to reduce the likelihood and impact…