Kroll Cyber Risk’s Post

Kroll's threat intelligence from the Quarterly Threat Landscape report was featured in IT Brew. Laurie Iacono shares her view on why the construction industry is being targeted so heavily by Business Email Compromise: http://ms.spr.ly/6049lDtYX

Are you prepared for the Digital Operational Resilience Act (DORA)? The deadline for this new regulation is January 17th. Learn more about the core aspects of the regulation, key recommendations and steps to take now: http://ms.spr.ly/6043lDto7

With more and more innovation and connected products, the manufacturing sector is an attractive target to threat actors. In this exclusive briefing Kroll cyber risk experts will assess the manufacturing sector’s threat landscape. Security and risk leaders in or working with manufacturing businesses won’t want to miss this opportunity to get insight into what threats are facing the manufacturing industry. Register now: https://bit.ly/3L6ygqB Key Takeaways: • The limiting factors to achieving cyber resilience in manufacturing • Most pressing threats facing manufacturing, and which controls have proven the most effective against them • Current threat analysis of the manufacturing sector • Key cybersecurity investments to prioritize

Each week our cyber threat intelligence team reports on the latest trends they observe from the trenches. This week we covered: 🚚 Progress MOVEit Transfer Vulnerability 🔗 Polyfill Supply Chain Campaign 🐀 Malware Spotlight: PARCELRAT 🎣 ONNX Store: Phishing Kits with 2FA Bypass ⚙ Ransomware Roundup Watch the full briefing here: http://ms.spr.ly/6049l8mll

Kroll and VotingWorks partnered in penetration testing its flagship tool, Arlo. Read more here: http://ms.spr.ly/6041YhRnH #electionsecurity

In an article from VICE Media, Kroll managing director, Laurie Iacono notes: “Scammers conduct diligent reconnaissance on their victims. [They study] social media accounts, review open-source information such as professional bios and news articles, and they study their contact lists to understand their friends and acquaintances. Social media users should always be wary of engaging with, adding, or linking to an individual whom they do not know in real life.” More from "The Not-So-Secret Language Of Financial Scammers" ⬇️ http://ms.spr.ly/6041YhZW5

Dé jà vu? New vulnerability has been discovered in Progress MOVEit Transfer (SFTP module). This vulnerability is being tracked as CVE-2024-5806 and could allow an attacker to bypass authentication if exploited. Our team has done extensive research on the MOVEit vulnerabilities and explains why they're a high priority target for threat actors. Read more about our findings: http://ms.spr.ly/6045YhrBx

Our threat intelligence team recently discovered a campaign with a complex infection chain to deliver IDATLOADER. It included some novel tricks for obfuscation, including HTA files and BPL side-loading. Read more on our findings: http://ms.spr.ly/6045YCrJU

As Microsoft security solutions constantly evolve, monitoring various configurations and settings can be a big challenge and mistakes can leave your organization exposed. We've brought together a set of practical assessments focused on M365, Azure, and Active Directory to help protect your organization and your Microsoft investments. Talk to an MSFT expert today: http://ms.spr.ly/6040YfF9M