Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Known vs. Unknown Risks: The Role of the Enterprise Risk Retainer in Preparing for the Future

Preparing for risk is critical to ensuring organizational resilience, but what about the risks that can’t be planned for? Businesses frequently fall into the trap of strategizing only for known risks—those that are easily anticipated—while failing to recognize their blind spots in relation to unknown risk events.

PDFast But Luckily Not So Furious

Beginning in early April 2025, Kroll has observed a large wave of malicious activity surrounding "PDFast" software. Initial access for the campaign appeared to begin either through a new install of the application, through drive-by compromise on the site pdf-fastcom, or via pre-installed versions of the application that have since been updated with a malicious version.

The Rapid Evolution of CLEARFAKE Delivery

Kroll continues to observe widespread attempted initial access through CLEARFAKE via fake CAPTCHA pop-ups across a wide range of industry sectors. As detailed in previous Kroll reporting, CLEARFAKE is a malicious in-browser JavaScript framework deployed on compromised webpages as part of drive-by compromise campaigns. Although CLEARFAKE continues to show the same themes surrounding its use alongside fake CAPTCHA pop-ups, there are also a wide range of nuances that have appeared in the past few months.

Convergence of Cyber and Physical Security: Geolocation Data Hacks and Executive Protection Threat Implications

In today’s interconnected world, the convergence of cyber and physical security has become increasingly critical, particularly for high-profile individuals. The recent breach of Gravy Analytics’ geolocation data highlights the emerging threat of geolocation vulnerability and its potential impact on physical security.

macOS Security: Understanding Threats and Building Defenses

As macOS becomes more prevalent in businesses, ensuring an application does not expose a user to vulnerabilities or your organization to business risk, is an important part of managing an organization’s risk. These apps often handle sensitive data, manage authentication and access system resources, making them attractive targets for cyber criminals to exploit. MacOS has unique security features that allow developers to build secure applications, but they must be correctly leveraged.

Q4 2024 Cyber Threat Landscape: Gone Phishing. Evolving Techniques Keep Organizations on the Hook

Trends observed by Kroll in Q4 confirm that 2024 was a year of fragmentation and fast-moving evolution for cyber threats, and they suggest that 2025 is likely to be similar. A key trend was the ongoing development of phishing techniques and approaches, as phishing’s continuation as a dominant method for initial access in 2024 illustrated. Aligning with trends from last year and previous years, professional services stands out as 2024’s most targeted sector.

Threat-Led Pen Testing and Its Role in DORA Compliance

Threat-led penetration testing brings together specialist offensive (red team) security skills and threat intelligence to enable businesses to proactively test and identify any weaknesses, deficiencies or gaps in their controls and counteractive measures that could be exploited by threat actors. In this article, we set out what threat-led pen testing is, how it relates to the Digital Operational Resilience Act (DORA) and the testing requirements included as part of the new EU regulation.