|
By Kroll
Note: These vulnerabilities remain under active exploitation and Kroll experts are investigating. If further details are uncovered by our team, updates will be made to the Kroll Cyber Risk blog. A critical authentication bypass vulnerability (CWE-288) affecting FortiOS and FortiProxy (FG-IR-24-535) allows remote attackers to obtain super admin privileges via Node.js WebSocket traffic.
|
By Kroll
For many organizations, their online presence is not only critical to their commercial success but a key element of how they manage public perception. Yet from typosquatting to domain hijacking, authentic business websites are at significant risk of exploitation, with serious potential consequences. Domain monitoring enables organizations to defend against these types of threats by identifying potential issues early and taking effective action to mitigate the risks.
|
By Kroll
Ivanti has disclosed vulnerabilities affecting Ivanti Connect Secure (ICS), Ivanti Policy Secure (IPS) and Ivanti Neurons for Zero Trust Access (ZTA) Gateways. According to Ivanti, CVE-2025-0282 has been exploited on a limited number of ICS appliances. There are no confirmed reports of exploitation for Ivanti Policy Secure or ZTA Gateways. There is no indication that CVE-2025-0283 is actively exploited or chained.
|
By Kroll
Chances are, your business is already operating in the cloud. The rewards of moving into the cloud are undeniable - organizations can build and launch new services and add computing capacity more easily than on premises in a more cost-effective manner. The cloud is indispensable for growing at the speed of the market.
|
By Kroll
As cloud computing technologies are quickly have become mainstream due to the multitude of benefits that have transformed how we store, manage, and access data, the enterprise landscape is rapidly changing how they interact with data and applications. However, one of the overlooked and most misunderstood activities that must be performed to successfully leverage cloud computing technologies is the creation of a cloud computing security architecture.
|
By Kroll
In today's digital landscape, organizations are increasingly reliant on internet-facing applications to conduct business and engage with customers. However, many organizations are unaware of the full extent of their internet exposure. Can you secure your organization if you do not know which internet-facing applications you own? Not effectively.
|
By Kroll
Given the many laws, frameworks and industry best practices surrounding artificial intelligence (AI), it’s not surprising that lawyers, compliance professionals and others charged with AI governance and compliance are seeking a starting point for AI guidelines. A solid foundation is vital to building a program that satisfies the growing matrix of requirements while allowing companies to simplify and execute their programs amid growing complexity and change. The U.S.
|
By Kroll
Microsoft 365 (M365) has become the industry standard for business email platforms, allowing users access to a variety of interconnected productivity and communication applications. With data readily available across multiple applications within M365, threat actors are using a specific technique to exfiltrate data within a user’s M365 email account.
|
By Kroll
Microsoft 365 is the standard in modern enterprise environments, offering a robust suite of productivity and collaboration tools. With millions of users accessing sensitive data from various devices and locations, security vulnerabilities can arise, making it highly attractive for cybercriminals seeking to exploit and steal valuable data.
|
By Kroll
January 13, 2025 Cyber Threat Intelligence Briefing This week’s briefing covers: MORPHEUS Ransomware emerged around the beginning of 2025 with the discovery of its data leak site and initial victim postings.
|
By Kroll
This week’s briefing covers: IntelBroker Claims to Leak South Korean Ministry of Environment Source Code.
|
By Kroll
November 25 2024 Cyber Threat Intelligence Briefing This week’s briefing covers: Dive deeper: Playlist of Kroll's Weekly Cyber Threat Intelligence Briefings: Cyber Threat Intelligence Briefings.
|
By Kroll
Join Recruiter Insights APAC with Jason! In this video, Jason, a Kroll recruiter from APAC, shares essential tips for students on building a professional online presence. Learn how to make your LinkedIn profile shine, showcase your skills, and grow a network to start your career on the right foot. Explore career opportunities and start building your future at careers.kroll.com.
|
By Kroll
Cyber Threat Intelligence Briefings Social: Each week our cyber threat intelligence team reports on the latest trends they observe from the trenches.
|
By Kroll
The European Union’s (EU) new Digital Operational Resilience Act (DORA) is set to reshape how financial institutions handle their cybersecurity and operational risks. With enforcement from January 2025, DORA will impose a range of new standards and requirements. While there is an awareness of DORA in the marketplace, some firms do not fully understand its risks and consequences due to its broad scope. Similar to the introduction of the EU GDPR, many businesses might underestimate the effort needed to achieve compliance.
|
By Kroll
As per data published by the Office of the Australian Information Commissioner, the healthcare industry in Australia accounted for 22% of notifiable data breaches between January to June 2020, which was more than any other industry. Cybercriminals continue to target this industry due to the vast amounts of highly sensitive personal information (such as Medicare numbers, credit card information and medical insurance numbers) that is stored by healthcare providers.
- January 2025 (5)
- December 2024 (5)
- November 2024 (11)
- October 2024 (10)
- September 2024 (7)
- August 2024 (12)
- July 2024 (10)
- June 2024 (15)
- May 2024 (11)
- April 2024 (16)
- March 2024 (13)
- February 2024 (6)
- January 2024 (12)
- December 2023 (2)
- November 2023 (8)
- October 2023 (5)
- September 2023 (1)
- August 2023 (4)
- July 2023 (3)
- June 2023 (5)
- May 2023 (4)
- April 2023 (3)
- March 2023 (5)
- February 2023 (6)
- January 2023 (4)
- December 2022 (4)
- November 2022 (7)
- October 2022 (3)
- September 2022 (4)
- August 2022 (5)
- July 2022 (4)
- June 2022 (6)
- May 2022 (5)
- April 2022 (2)
- March 2022 (3)
- February 2022 (4)
- January 2022 (4)
- December 2021 (6)
- November 2021 (3)
- October 2021 (5)
- September 2021 (10)
- August 2021 (4)
- July 2021 (5)
- June 2021 (7)
- May 2021 (4)
- April 2021 (10)
- March 2021 (11)
- February 2021 (8)
- January 2021 (2)
Kroll is the world’s premier provider of services and digital products related to governance, risk and transparency. We work with clients across diverse sectors in the areas of valuation, expert services, investigations, cyber security, corporate finance, restructuring, legal and business solutions, data analytics and regulatory compliance. Our firm has nearly 5,000 professionals in 30 countries and territories around the world.
Kroll experts provide rapid response to more than 2,000 cyber incidents of all types annually. We help countless more clients with eDiscovery and litigation support (including expert witness services); managed detection and response services for both active threats and as an integral part of network security; notification solutions, including multilingual call center support; and proactive services, including general and threat-focused risk assessments, response planning, tabletop exercises and more.
Our experts are able to deliver best-in-class endpoint security through our managed detection and response solution, Kroll Responder. Responder handles every step, with 24x7 managed detection and response services fueled by threat hunting and superior incident response.