Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

February 18, 2025 Cyber Threat Intelligence Briefing

February 18, 2025 Cyber Threat Intelligence Briefing This week’s briefing covers: CL0P Update CL0P updated their data leak site with a new victim list of approximately 43 organizations. The organizations are likely from the previous redacted list containing company names from C-E and are possibly associated with the Cleo zero-day vulnerability.

NIS2: A Roadmap to Compliance

The deadline for European Union member states to pass the new EU NIS2 regulation into national law was October 17, 2024, yet only a few countries have transposed it into law, leaving others lagging behind, with regulations in draft or public consultation phases, or not at all. In the absence of certainty for firms (or what NIS2 calls entities), confusion is understandable, but steps can be currently taken considering what we already know.

A Phased Approach: Thoughts on EU AI Act Readiness

The European Union’s (EU) AI Act (the Act) represents landmark artificial intelligence (AI) regulation from the EU designed to promote trustworthy AI by focusing on the impacts on people through required mitigation of potential risks to health, safety and fundamental rights. The Act introduces a comprehensive and often complex framework for the development, deployment and use of AI systems, impacting a wide range of businesses across the globe.

February 03 2025 Cyber Threat Intelligence Briefing

This week’s briefing covers: KTA080 (CL0P) Update Around January 28, 2025, KTA080 (CL0P) updated its data leak site with a new victim list of approximately 49 organizations. The organizations are likely from the previous redacted list that was reported on listings and are possibly associated with the Cleo zero-day vulnerability, but cannot be confirmed since the group does not indicate it in their post.

January 27, 2025 Cyber Threat Intelligence Briefing

This week’s briefing covers: CL0P Update The group’s post reads as follows, "DEAR COMPANIES THIS IS THE NEXT LIST WHICH WE HAVE CLOSED FOR THE TIME BEING AND DO NOT SHOW THE NAMES IN FULL IF YOU DO NOT GET IN TOUCH ASAP THE LIST WILL BE OPEN” and continues with the listed victim organizations and ways for the companies to contact the group.

Fortinet Discloses Active Exploitation of Critical Zero-Day Vulnerability: CVE-2024-55591

Note: These vulnerabilities remain under active exploitation and Kroll experts are investigating. If further details are uncovered by our team, updates will be made to the Kroll Cyber Risk blog. A critical authentication bypass vulnerability (CWE-288) affecting FortiOS and FortiProxy (FG-IR-24-535) allows remote attackers to obtain super admin privileges via Node.js WebSocket traffic.

A Guide to Domain Monitoring for Businesses

For many organizations, their online presence is not only critical to their commercial success but a key element of how they manage public perception. Yet from typosquatting to domain hijacking, authentic business websites are at significant risk of exploitation, with serious potential consequences. Domain monitoring enables organizations to defend against these types of threats by identifying potential issues early and taking effective action to mitigate the risks.