In April 2023, the Office of the Superintendent of Financial Institutions (OSFI), Canada’s agency responsible for regulating financial institutions, released their Intelligence-led Cyber Resilience Testing Framework (I-CRT)1. Canada’s I-CRT framework is based on similar intelligence-led frameworks which have been used in other countries, such as the Bank of England’s CBEST framework2 and the European Union’s TIBER-EU3.

Application security is vital for ensuring the resilience of organizations, as it encompasses measures and practices that safeguard applications against potential threats and vulnerabilities. It plays a critical role in safeguarding sensitive data, preventing unauthorized access, and maintaining the integrity and availability of applications.

Learn about careers with us and search open job opportunities here. Penetration testing as a service (PTaaS) plays a vital role in enabling organizations to mitigate enhance their cyber posture. As a hybrid security solution, it combines automation and human assessments in order to test for vulnerabilities that could be missed by legacy scanning tools.

PCI DSS version 4.0 recently took effect on March 31, 2024, and includes no less than 63 new requirements. This is the first update of the information security standard designed to defend against payment and credit card fraud since the release of PCI DSS v3.2 eight years ago.

Despite being a globally accepted security measure, passwords have associated issues that have led to countless breaches and compromised systems over many years of not-so-secure authentication technology. Yet passwords remain the dominant form of authentication because more secure options have not been accessible to all users. Passwords have evolved into the security risk they are today because, as the security requirements for passwords have increased, usability has decreased.

A command injection vulnerability, being tracked as CVE-2024-3400, was recently discovered in the GlobalProtect feature of Palo Alto Networks PAN-OS software. This vulnerability has a CVSS score of 10 (Critical) and is actively being exploited in the wild. It impacts versions PAN-OS 120.2, PAN-OS 11.0 and PAN-OS 11.1. If exploited on vulnerable PAN-OS versions and distinct feature configurations, an unauthenticated attacker could execute arbitrary code with root privileges on the firewall.

Learn about careers with us and search open job opportunities here. In Q4 2023, Kroll identified an uptick in engagements involving Akira ransomware, a trend that has continued into 2024. Kroll observed that in the majority of cases, initial activity could be tracked back to a Cisco ASA VPN service.

Learn about careers with us and search open job opportunities here. As one of the largest housing associations in the UK, Southern Housing was concerned about being targeted due to a sharp increase in cyberattacks on its industry. The organization also needed to broaden its defenses in response to the shift to remote and hybrid working.

In cybersecurity, current approaches don’t stay current for long. Organizations that fail to adapt accordingly often discover this fact at the cost of their secure network. This is particularly true in the face of complex and increasingly unpatchable attack surfaces and a corresponding reduction in the impact of automated remediation practices. Traditional security approaches are unable to fully address these challenges.

Kroll observed the use of SPARKRAT in conjunction with a previously undocumented loader written in Golang. The loader assists in the initial infection and deployment of the malicious payload, enabling SPARKRAT to execute on a system. This process allows the payload to reach the target system undetected and unquarantined. The loader achieves its goal by decoding and decrypting a secondary payload binary, then injecting it into a notepad.exe instance.