Kroll

New York, NY, USA
1932
  |  By Kroll
As cloud technologies continue to advance and more organizations shift toward cloud-based solutions, the need for stringent security measures has become increasingly vital. Effective cloud security not only protects sensitive data from unauthorized access and potential breaches, but also ensures the smooth functioning of cloud-based services.
  |  By Kroll
CLEARFAKE is the term used to describe the malicious in-browser JavaScript framework deployed on compromised webpages as part of drive-by compromise campaigns to deliver information stealers. It has the potential to impact all sectors. Although the CLEARFAKE fake browser update campaign (which was initially identified in Q2 2023) originally targeted Windows users, it expanded to macOS users in Q4 2023.
  |  By Kroll
The Digital Operational Resilience Act (DORA) comes into full effect on January 17, 2025, and aims to prevent and mitigate cyber threats by establishing a comprehensive ICT risk management framework for the EU financial industry. The new EU regulation seeks to ensure that financial institutions and critical ICT providers advance their cybersecurity and operational processes to safeguard their key systems, enhancing the industry’s operational resilience.
  |  By Kroll
Note: Exploitation of this vulnerability remains highly likely, and Kroll experts are investigating. If further details are uncovered by our team, updates will be made to the Kroll Cyber Risk blog.
  |  By Kroll
Kroll’s Managed Detection and Response (MDR) team responded to an incident in which suspected malware was exhibiting strange download behavior. After successfully containing and resolving the incident, Kroll’s Cyber Threat Intelligence (CTI) team investigated further.
  |  By Kroll
Automated penetration testing, or automated pen testing, is a type of security assessment that uses specialist tools to uncover vulnerabilities. Although it can serve as part of a cohesive security strategy, it also presents some challenges. In this article, we outline the pros and cons of automated pen testing and compare it with manual pen testing.
  |  By Kroll
By 2026, more than 80% of enterprises will have used generative artificial intelligence (“GenAI”) APIs, models and/or deployed GenAI-enabled application in production environments. With this fast pace of adoption, it is no wonder that artificial intelligence (AI) application security tools are already in use by 34% of organizations, a number that will no doubt increase.
  |  By Kroll
Businesses are increasingly recognizing the advantages of adopting a more flexible approach to safeguarding their data, systems and reputation in order to move beyond the limitations of traditional security solutions. In this article, we will discuss how these advantages are delivered by security as a service (SECaaS), its benefits compared with in-house solutions, and what to look for in a potential SECaas provider.
  |  By Kroll
In November 2023, the Cybersecurity & Infrastructure Security Agency (CISA) published guidance for addressing vulnerability CVE-2023-4966, affecting Citrix NetScaler ADC and NetScaler Gateway. This vulnerability is also known as Citrix Bleed.
  |  By Kroll
With cyber threats constantly evolving, organizations must ensure that their approach to identifying and mitigating vulnerabilities is always up to date. Purple teaming can play a vital role in helping them to achieve this. Purple teaming involves red and blue teams collaborating on an ongoing basis to maximize their impact. Read on to discover how purple teaming enables businesses to enhance and accelerate their approach to identifying and mitigating security vulnerabilities.
  |  By Kroll
Managing Director Haydn Jones sat down with BlueFlame AI’s Henry Lindemann and MEMCO's Ashley Roche to uncover why financial institutions are increasingly turning to AI to combat financial crime and what they need to know about adopting AI in the workplace.
  |  By Kroll
Hear from Kroll’s Head of Threat Intelligence in EMEA, George Glass, on how Kimsuky weaponized the ScreenConnect vulnerability using new malware strain TODDLERSHARK.
  |  By Kroll
This weeks' briefing covers: Dive deeper.
  |  By Kroll
This weeks' briefing covers: Dive deeper: Playlist of Kroll's Weekly Cyber Threat Intelligence Briefings: Cyber Threat Intelligence Briefings.
  |  By Kroll
This weeks' briefing covers: Dive deeper: Playlist of Kroll's Weekly Cyber Threat Intelligence Briefings: Cyber Threat Intelligence Briefings.
  |  By Kroll
This weeks' briefing covers.
  |  By Kroll
Stop cyberattacks now with Kroll Responder. In this video, learn how Kroll Responder Managed Detection and Response (MDR) provides extended security monitoring around-the-clock, earlier insight into targeted threats, and complete response to contain and eradicate threats across your digital estate. Discover how our turnkey MDR service can fill gaps in your security resources by combining seasoned security expertise, frontline intelligence and unrivaled response capabilities.
  |  By Kroll
This weeks' briefing covers: Dive deeper: Playlist of Kroll's Weekly Cyber Threat Intelligence Briefings: Cyber Threat Intelligence Briefings.
  |  By Kroll
Merging findings from the global survey we conducted with 1,000 security and risk leaders for the 2023 State of Cyber Defense: The False-Positive of Trust report with frontline threat intelligence collected from 3,000+ incident response cases, 700,000+ endpoints under monitoring and 100,000+ hours of offensive security engagements, this webinar provides a holistic view of cyber risk for the healthcare sector.
  |  By Kroll
This weeks' briefing covers: Dive deeper: Playlist of Kroll's Weekly Cyber Threat Intelligence Briefings: Cyber Threat Intelligence Briefings.
  |  By Kroll
As per data published by the Office of the Australian Information Commissioner, the healthcare industry in Australia accounted for 22% of notifiable data breaches between January to June 2020, which was more than any other industry. Cybercriminals continue to target this industry due to the vast amounts of highly sensitive personal information (such as Medicare numbers, credit card information and medical insurance numbers) that is stored by healthcare providers.

Kroll is the world’s premier provider of services and digital products related to governance, risk and transparency. We work with clients across diverse sectors in the areas of valuation, expert services, investigations, cyber security, corporate finance, restructuring, legal and business solutions, data analytics and regulatory compliance. Our firm has nearly 5,000 professionals in 30 countries and territories around the world.

Kroll experts provide rapid response to more than 2,000 cyber incidents of all types annually. We help countless more clients with eDiscovery and litigation support (including expert witness services); managed detection and response services for both active threats and as an integral part of network security; notification solutions, including multilingual call center support; and proactive services, including general and threat-focused risk assessments, response planning, tabletop exercises and more.

Our experts are able to deliver best-in-class endpoint security through our managed detection and response solution, Kroll Responder. Responder handles every step, with 24x7 managed detection and response services fueled by threat hunting and superior incident response.