Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest Posts

How Can You Identify Your Internet-Facing Applications?

In today's digital landscape, organizations are increasingly reliant on internet-facing applications to conduct business and engage with customers. However, many organizations are unaware of the full extent of their internet exposure. Can you secure your organization if you do not know which internet-facing applications you own? Not effectively.

AI Risk and Governance: Foundations of a Documented, Defensible Program

Given the many laws, frameworks and industry best practices surrounding artificial intelligence (AI), it’s not surprising that lawyers, compliance professionals and others charged with AI governance and compliance are seeking a starting point for AI guidelines. A solid foundation is vital to building a program that satisfies the growing matrix of requirements while allowing companies to simplify and execute their programs amid growing complexity and change. The U.S.

How Threat Actors Use Enterprise Applications in Microsoft 365 to Exfiltrate Data

Microsoft 365 (M365) has become the industry standard for business email platforms, allowing users access to a variety of interconnected productivity and communication applications. With data readily available across multiple applications within M365, threat actors are using a specific technique to exfiltrate data within a user’s M365 email account.

Securing Microsoft 365: Avoiding Multi-factor Authentication Bypass Vulnerabilities

Microsoft 365 is the standard in modern enterprise environments, offering a robust suite of productivity and collaboration tools. With millions of users accessing sensitive data from various devices and locations, security vulnerabilities can arise, making it highly attractive for cybercriminals seeking to exploit and steal valuable data.

CARBANAK (aka ANUNAK) Distributed via IDATLOADER (aka HIJACKLOADER)

IDATLOADER (aka HIJACKLOADER, GHOSTPULSE) has become prevalent in 2024, using advanced and new techniques such as BPL Sideloading, which Kroll reported on in June. Kroll observes IDATLOADER distributing malware such as ASYNCRAT, PURESTEALER, REMCOS, STEALC and what some might describe as a recent epidemic in LUMMASTEALER infections.

LLM Risks: Chaining Prompt Injection with Excessive Agency

Alongside an explosion in the popularity of large language models (LLMs) across many industries, there has also been an increase in the level of trust granted to these models. Whereas LLMs were once perceived as simple, friendly chatbots that could respond to basic questions or pull useful resources from the web based on user input, many have now been granted the ability to perform actions, anywhere from sending an email to deploying code. This is referred to as agency.

LUMMASTEALER Delivered Via PowerShell Social Engineering

The Kroll Security Operations Center (SOC) has recently detected and remediated a trend of incidents that involved socially engineering a victim into pasting a PowerShell script into the “Run” command window to begin a compromise. These incidents have typically begun with the victim user attempting to find “YouTube to mp3” converters, or similar, then being redirected to the malicious webpages.

DORA vs. NIS2 vs. PSD2: Navigating the Evolving Regulatory Landscape

The legal and regulatory landscape is constantly evolving, continually intensifying the demands placed on organizations. As well as meeting the requirements of existing regulations such as the Payment Services Directive 2 (PSD2), companies must contend with the upcoming introduction of the Network and Information Security Directive or NIS2 (Directive (EU) 2022/2555) and the Digital Operational Resilience Act (DORA).

Magecart Attacks: Prevention Tips and Security Best Practices

Kroll has investigated many different tactics that threat actors use to steal consumer data on e-commerce sites. These types of attacks can be especially damaging for organizations that are responsible for storing customers’ personal and financial information that is collected during transactions.