Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Kroll

February 03 2025 Cyber Threat Intelligence Briefing

This week’s briefing covers: KTA080 (CL0P) Update Around January 28, 2025, KTA080 (CL0P) updated its data leak site with a new victim list of approximately 49 organizations. The organizations are likely from the previous redacted list that was reported on listings and are possibly associated with the Cleo zero-day vulnerability, but cannot be confirmed since the group does not indicate it in their post.

January 27, 2025 Cyber Threat Intelligence Briefing

This week’s briefing covers: CL0P Update The group’s post reads as follows, "DEAR COMPANIES THIS IS THE NEXT LIST WHICH WE HAVE CLOSED FOR THE TIME BEING AND DO NOT SHOW THE NAMES IN FULL IF YOU DO NOT GET IN TOUCH ASAP THE LIST WILL BE OPEN” and continues with the listed victim organizations and ways for the companies to contact the group.

Fortinet Discloses Active Exploitation of Critical Zero-Day Vulnerability: CVE-2024-55591

Note: These vulnerabilities remain under active exploitation and Kroll experts are investigating. If further details are uncovered by our team, updates will be made to the Kroll Cyber Risk blog. A critical authentication bypass vulnerability (CWE-288) affecting FortiOS and FortiProxy (FG-IR-24-535) allows remote attackers to obtain super admin privileges via Node.js WebSocket traffic.

A Guide to Domain Monitoring for Businesses

For many organizations, their online presence is not only critical to their commercial success but a key element of how they manage public perception. Yet from typosquatting to domain hijacking, authentic business websites are at significant risk of exploitation, with serious potential consequences. Domain monitoring enables organizations to defend against these types of threats by identifying potential issues early and taking effective action to mitigate the risks.

Ivanti Discloses Active Exploitation of Zero-Day Vulnerability

Ivanti has disclosed vulnerabilities affecting Ivanti Connect Secure (ICS), Ivanti Policy Secure (IPS) and Ivanti Neurons for Zero Trust Access (ZTA) Gateways. According to Ivanti, CVE-2025-0282 has been exploited on a limited number of ICS appliances. There are no confirmed reports of exploitation for Ivanti Policy Secure or ZTA Gateways. There is no indication that CVE-2025-0283 is actively exploited or chained.

What Is Cloud Penetration Testing and Why Do You Need It?

Chances are, your business is already operating in the cloud. The rewards of moving into the cloud are undeniable - organizations can build and launch new services and add computing capacity more easily than on premises in a more cost-effective manner. The cloud is indispensable for growing at the speed of the market.