Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

June 2022

CVE-2021-43702 from Discovery to Patch: ASUS Modem/Router Device Takeover Vulnerability

While studying for my master's degree in cyber security, I co-authored a paper regarding the rollout of IoT devices and the security considerations that businesses need to address to ensure these devices are secure. The paper underscored how a large majority of IoT devices used vulnerable components and did not follow basic secure programming principles.

I Get Paid to Hack Your Company and These Are the Controls I Hate the Most!

Carlos García and Jeff Macko, two leading security experts from Kroll, provide a unique perspective on hacking and how to address it in this insightful webinar, I Get Paid to Hack Your Company and These Are the Controls I Hate the Most! The session outlines the most effective security controls to prevent and mitigate common types of cyberattacks and emphasizes potential quick wins that can be achieved without the need for significant investment, and how to harness the technology already used by most organizations.

Optimism, Underestimation and Invincibility: Bridging the Gap Between Reality and Perception in Cyber Security

Earlier this month, the United Nations (U.N.) released its latest Global Assessment Report on Disaster Risk Reduction (GAR2022). For those of us who assess risk for a living, it is a sobering read.

Bumblebee Loader Linked to Conti and Used In Quantum Locker Attacks

Kroll has recently observed a new malware strain called “Bumblebee” operating as a loader, delivered via phishing email, in order to deploy additional payloads for use in ransomware operations. The malware takes its name from the unique user-agent (since changed), which it used to connect to command and control (C2) servers. It was first reported by Google's Threat Analysis Group (TAG) in March 2022, with the first sample submitted to VirusTotal on March 1.

ModPipe POS Malware: New Hooking Targets Extract Card Data

Kroll’s incident responders have seen threat actor groups becoming increasingly sophisticated and elusive in the tactics, techniques and procedures they employ to steal payment card data. One common method is to “scrape” the Track 1 or Track 2 data stored on the card’s magnetic stripe, which provides the cardholder account and personal information criminals need to make fraudulent “card-not-present” (CNP) transactions.