Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest Posts

Internxt Becomes The First Cloud Storage With Post-Quantum Cryptography

Internxt is proud to be one of the first cloud storage companies to protect business and individual data with the world’s most advanced encryption, post-quantum cryptography. Our post-quantum encryption protects your files and data from the potential threats of quantum computers that hold the power to break current encryption protocols due to their superior ability to solve complex algorithms in minutes or even seconds.

Fortinet Discloses Active Exploitation of Critical Zero-Day Vulnerability: CVE-2024-55591

Note: These vulnerabilities remain under active exploitation and Kroll experts are investigating. If further details are uncovered by our team, updates will be made to the Kroll Cyber Risk blog. A critical authentication bypass vulnerability (CWE-288) affecting FortiOS and FortiProxy (FG-IR-24-535) allows remote attackers to obtain super admin privileges via Node.js WebSocket traffic.

Effective Security Awareness Training Really Does Reduce Data Breaches

Social engineering and phishing are involved in 70% - 90% of data breaches. No other root cause of malicious hacking (e.g., unpatched software and firmware, eavesdropping, cryptography attacks, physical theft, etc.) comes close. In fact, if you add up all other causes for successful cyberattacks together, they do not come close to equaling the damage done by social engineering and phishing alone.

Ransomware Gangs Claimed More Than 5,000 Attacks in 2024

Ransomware groups claimed responsibility for 5,461 attacks in 2024, with 1,204 of these attacks being publicly confirmed by victim organizations, according to Comparitech’s latest Ransomware Roundup report. The average ransom demand was more than $3.5 million, and the average ransom paid was $9.5 million. Many of these attacks involved data theft extortion, leading to the breach of nearly 200 million records.

AI in Cybersecurity: 20 years of innovation

From predictive systems to the recent proliferation of generative AI-based virtual assistants such as ChatGPT, artificial intelligence has become a key driver in many sectors, and cybersecurity is no exception. The disruptive impact of GenAI has popularized AI use recently but this technology has actually been deployed for over 20 years in the security sector, serving as an additional and critical tool for proactive threat management that enhances operational efficiency.

The 2025 DORA Deadline is Here: Simplify Compliance with Teleport

The Digital Operational Resilience Act (DORA) comes into full effect on January 17, 2025. This deadline marks a monumental shift in how financial institutions and their technology providers prioritize and maintain operational resilience and cybersecurity standards – and sets in stone real business and regulatory consequences to ensure resilience is achieved. And like any sweeping security regulation, organizations must embark on an uphill journey to earn full compliance.

The Anatomy of Akira Ransomware: Is Your Organization Safe? Learn Threats, Exploits, and Safeguards

Akira ransomware is a destructive malware that has ravaged industries since its discovery in March 2023. The operations have mostly targeted businesses in North America, the UK, and Australia. Akira ransomware’s darkweb site Akira employs a double-extortion tactic; it does not only encrypt the victim's data but also exfiltrates the data, and subsequently threatens to leak it on the internet unless the ransom demand is met.

Microsoft Corporation Latest Security Update on Actively Exploited Zero-Day Flaws for Safer Digital Operations

Organizations need to be watchful and vigilant with their cyber space because cyber threats keep on evolving. And, in fact, urgency is provided by the security update of January 2025 from Microsoft, which patches at least 161 vulnerabilities, including three zero-day flaws actively exploited in the wild.

Cryptocurrency Mining Attack Exploiting PHP Vulnerabilities: An Emerging Threat

A new and growing threat has emerged, targeting vulnerable PHP servers with a sophisticated cryptocurrency mining attack. This exploit takes advantage of misconfigured or unpatched PHP servers, allowing malicious actors to gain unauthorized access and deploy mining malware. The campaign focuses on exploiting vulnerabilities in PHP, particularly CVE-2024-4577, which has already been linked to several exploit attempts and continues to affect systems worldwide.