Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

March 10, 2025 Cyber Threat Intelligence Briefing

Mar 10, 2025 By Kroll In Kroll
March 10, 2025 Cyber Threat Intelligence Briefing This week’s briefing covers: BLACK BASTA Affiliates Linked to CACTUS Ransomware Researchers have linked CACTUS ransomware tactics to former affiliates of BLACKBASTA, noting the use of similar tools and techniques. CACTUS employs the BackConnect (BC) module for persistent control over infected systems, allowing for data theft and remote command execution.
View Video

March 03, 2025 Cyber Threat Intelligence Briefing

Mar 3, 2025 By Kroll In Kroll
This week’s briefing covers: KTA080 (CL0P) Update KTA080 has released the names of the previously redacted victim organizations ranging from E-H. Additionally, KTA080 has identified 183 victims’ organization names broadly covering H-W. KTA374 (Salt Typhoon) Telecoms Targeting Update Cisco Talos has released further information on the targeting of telecoms organizations identified in late 2024. This information includes the high level of living-off-the-land techniques used by the threat actor.
View Video
kroll

macOS Security: Understanding Threats and Building Defenses

Feb 27, 2025 By Kroll In Kroll
As macOS becomes more prevalent in businesses, ensuring an application does not expose a user to vulnerabilities or your organization to business risk, is an important part of managing an organization’s risk. These apps often handle sensitive data, manage authentication and access system resources, making them attractive targets for cyber criminals to exploit. MacOS has unique security features that allow developers to build secure applications, but they must be correctly leveraged.
Read Post
kroll

Q4 2024 Cyber Threat Landscape: Gone Phishing. Evolving Techniques Keep Organizations on the Hook

Feb 26, 2025 By Kroll In Kroll
Trends observed by Kroll in Q4 confirm that 2024 was a year of fragmentation and fast-moving evolution for cyber threats, and they suggest that 2025 is likely to be similar. A key trend was the ongoing development of phishing techniques and approaches, as phishing’s continuation as a dominant method for initial access in 2024 illustrated. Aligning with trends from last year and previous years, professional services stands out as 2024’s most targeted sector.
Read Post
kroll

Threat-Led Pen Testing and Its Role in DORA Compliance

Feb 25, 2025 By Kroll In Kroll
Threat-led penetration testing brings together specialist offensive (red team) security skills and threat intelligence to enable businesses to proactively test and identify any weaknesses, deficiencies or gaps in their controls and counteractive measures that could be exploited by threat actors. In this article, we set out what threat-led pen testing is, how it relates to the Digital Operational Resilience Act (DORA) and the testing requirements included as part of the new EU regulation.
Read Post
kroll

Key Steps to Achieving XDR Maturity with Microsoft (+ Free Self-Assessment Tool)

Feb 24, 2025 By Kroll In Kroll
Organizations are under constant pressure to ensure that their security defenses adapt effectively to evolving threat actor methodologies. Extended detection and response (XDR) has the potential to significantly advance these efforts thanks to its ability to accelerate and streamline investigation, threat hunting and response. However, successfully adopting XDR to achieve comprehensive visibility demands some important considerations.
Read Post

February 24, 2025 Cyber Threat Intelligence Briefing

Feb 24, 2025 By Kroll In Kroll
February 24, 2025 Cyber Threat Intelligence Briefing This week’s briefing covers: KTA080 (CL0P) Update CL0P has again updated their data leak site with a new list of redacted victim organizations possibly linked to the Cleo vulnerability. The list contains company names beginning with the letters E-H. This follows the current pattern the group has established with releasing redacted names to then later slowly start releasing the actual entity and published data associated with it if the victim organization has not reached out to CL0P.
View Video
kroll

NIS2: A Roadmap to Compliance

Feb 18, 2025 By Kroll In Kroll
The deadline for European Union member states to pass the new EU NIS2 regulation into national law was October 17, 2024, yet only a few countries have transposed it into law, leaving others lagging behind, with regulations in draft or public consultation phases, or not at all. In the absence of certainty for firms (or what NIS2 calls entities), confusion is understandable, but steps can be currently taken considering what we already know.
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.