Between customer requirements, regulatory or legislative mandates and executive orders, incorporating strong security controls throughout the Software Development Lifecycle (SDLC) has become a central focus for development groups, leadership teams and governing bodies. However, regardless of external motivators, maintaining a secure SDLC also provides the developer tangible benefits regarding the health of the software by ensuring a meticulous focus on architecture and solid software-building practices.

The State of Cyber Defense: Manufacturing Cyber Resilience highlights the unique challenges the manufacturing industry faces and the key ways the industry can become more cyber resilient.

As cloud technologies continue to advance and more organizations shift toward cloud-based solutions, the need for stringent security measures has become increasingly vital. Effective cloud security not only protects sensitive data from unauthorized access and potential breaches, but also ensures the smooth functioning of cloud-based services.

CLEARFAKE is the term used to describe the malicious in-browser JavaScript framework deployed on compromised webpages as part of drive-by compromise campaigns to deliver information stealers. It has the potential to impact all sectors. Although the CLEARFAKE fake browser update campaign (which was initially identified in Q2 2023) originally targeted Windows users, it expanded to macOS users in Q4 2023.

The Digital Operational Resilience Act (DORA) comes into full effect on January 17, 2025, and aims to prevent and mitigate cyber threats by establishing a comprehensive ICT risk management framework for the EU financial industry. The new EU regulation seeks to ensure that financial institutions and critical ICT providers advance their cybersecurity and operational processes to safeguard their key systems, enhancing the industry’s operational resilience.

Note: Exploitation of this vulnerability remains highly likely, and Kroll experts are investigating. If further details are uncovered by our team, updates will be made to the Kroll Cyber Risk blog.

Kroll’s Managed Detection and Response (MDR) team responded to an incident in which suspected malware was exhibiting strange download behavior. After successfully containing and resolving the incident, Kroll’s Cyber Threat Intelligence (CTI) team investigated further.

Automated penetration testing, or automated pen testing, is a type of security assessment that uses specialist tools to uncover vulnerabilities. Although it can serve as part of a cohesive security strategy, it also presents some challenges. In this article, we outline the pros and cons of automated pen testing and compare it with manual pen testing.

By 2026, more than 80% of enterprises will have used generative artificial intelligence (“GenAI”) APIs, models and/or deployed GenAI-enabled application in production environments. With this fast pace of adoption, it is no wonder that artificial intelligence (AI) application security tools are already in use by 34% of organizations, a number that will no doubt increase.

Businesses are increasingly recognizing the advantages of adopting a more flexible approach to safeguarding their data, systems and reputation in order to move beyond the limitations of traditional security solutions. In this article, we will discuss how these advantages are delivered by security as a service (SECaaS), its benefits compared with in-house solutions, and what to look for in a potential SECaas provider.