July 28, 2025 Cyber Threat Intelligence Briefing
This week’s briefing covers: Dive deeper: Playlist of Kroll's Weekly Cyber Threat Intelligence Briefings: Cyber Threat Intelligence Briefings.
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
July 21, 2025 Cyber Threat Intelligence Briefing
This week’s briefing covers: Dive deeper: Playlist of Kroll's Weekly Cyber Threat Intelligence Briefings: Cyber Threat Intelligence Briefings.
How CleanINTERNET DNS Stops DNS Tunneling Before It Starts
Modern cyber threats are increasingly stealthy. A favorite tactic? DNS tunneling—a method used to bypass traditional network security controls by hiding malicious traffic inside DNS queries and responses. This can be done by embedding or encoding command and control instructions or data within subdomains or DNS record fields like TXT, CNAME or other rarely used record types.
Outdated Systems and Modern Attacks: Ireland's Cyber Reckoning Has Arrived
Cybercriminals don’t need to be sophisticated. They just need the opportunity—and in Ireland, there’s still too much low-hanging fruit. Many of the vulnerabilities being exploited across Irish networks today aren’t new. They’re years old. Attackers are taking advantage of outdated systems that haven’t been patched, relying on free, off-the-shelf tools to scan for weaknesses—and finding them far too easily. This isn’t a theoretical risk.
What's Really Putting SMBs at Risk? These 8 Cybersecurity Myths
If you’ve done everything you can think of to stay protected — patched systems, trained employees, upgraded tools — but the number of threats still keep increasing, you’re not alone. You’re not behind. You’re not unprepared. But you may be operating on outdated assumptions. For small and midsize businesses, the real danger isn’t just what attackers are doing—it’s the cybersecurity myths you’ve been told to believe. The ones that seem logical.
Critical Unauthenticated RCE Vulnerabilities in Cisco ISE and ISE-PIC
On June 25, 2025, Cisco disclosed two critical vulnerabilities affecting Cisco Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC). Tracked as CVE-2025-20281 and CVE-2025-20282, these flaws enable unauthenticated remote attackers to execute arbitrary commands as the root user via exposed HTTPS APIs. CVE-2025-20281 arises from insufficient validation of user-supplied input in a public API, allowing crafted requests to trigger remote code execution.
Prevent Social Engineering Attacks: A Practical Guide Using Contextual Threat Intelligence
According to Zoho Workplace, organizations struggle to protect themselves as spam makes up 45% of all emails. These sophisticated threats deliberately exploit human psychology. Attackers convince people to bypass security measures, which leads to unauthorized access to the system. Standard defense mechanisms alone cannot curb these evolving threats. This blog explores how organizations can prevent social engineering using contextual threat intelligence and real-time behavioral analysis.
July 14, 2025 Cyber Threat Intelligence Briefing
This week’s briefing covers: Dive deeper: Playlist of Kroll's Weekly Cyber Threat Intelligence Briefings: Cyber Threat Intelligence Briefings.
The Evolution of Cybersecurity: From Firewalls to Intelligence-Driven Defense
The cybersecurity landscape has undergone dramatic transformation since the early days of the Internet. What began as a revolutionary communication platform has evolved into a complex battleground where defenders struggle to keep pace with increasingly sophisticated threats. Understanding this evolution is crucial for organizations seeking to regain the defender’s advantage in an era of exponential digital growth.
July 7, 2025 Cyber Threat Intelligence Briefing
This week’s briefing covers: Critical Sudo Vulnerability Allows Priv Esc to Root The flaw arises from unsafe handling of the --chroot (-R) option, where sudo processes user-provided configurations (including nsswitch.conf) from within the chroot environment before validating user privileges. This allows a local attacker to construct a malicious chroot with crafted NSS configuration that forces sudo to load attacker-controlled shared libraries as root, effectively bypassing authentication.