Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

kroll

Threat-Led Pen Testing and Its Role in DORA Compliance

Feb 25, 2025 By Kroll In Kroll
Threat-led penetration testing brings together specialist offensive (red team) security skills and threat intelligence to enable businesses to proactively test and identify any weaknesses, deficiencies or gaps in their controls and counteractive measures that could be exploited by threat actors. In this article, we set out what threat-led pen testing is, how it relates to the Digital Operational Resilience Act (DORA) and the testing requirements included as part of the new EU regulation.
Read Post
kroll

Key Steps to Achieving XDR Maturity with Microsoft (+ Free Self-Assessment Tool)

Feb 24, 2025 By Kroll In Kroll
Organizations are under constant pressure to ensure that their security defenses adapt effectively to evolving threat actor methodologies. Extended detection and response (XDR) has the potential to significantly advance these efforts thanks to its ability to accelerate and streamline investigation, threat hunting and response. However, successfully adopting XDR to achieve comprehensive visibility demands some important considerations.
Read Post

February 24, 2025 Cyber Threat Intelligence Briefing

Feb 24, 2025 By Kroll In Kroll
February 24, 2025 Cyber Threat Intelligence Briefing This week’s briefing covers: KTA080 (CL0P) Update CL0P has again updated their data leak site with a new list of redacted victim organizations possibly linked to the Cleo vulnerability. The list contains company names beginning with the letters E-H. This follows the current pattern the group has established with releasing redacted names to then later slowly start releasing the actual entity and published data associated with it if the victim organization has not reached out to CL0P.
View Video
kroll

NIS2: A Roadmap to Compliance

Feb 18, 2025 By Kroll In Kroll
The deadline for European Union member states to pass the new EU NIS2 regulation into national law was October 17, 2024, yet only a few countries have transposed it into law, leaving others lagging behind, with regulations in draft or public consultation phases, or not at all. In the absence of certainty for firms (or what NIS2 calls entities), confusion is understandable, but steps can be currently taken considering what we already know.
Read Post
kroll

Data Breach Outlook: Healthcare Most Breached Industry in 2024

Feb 18, 2025 By Kroll In Kroll
When it comes to security, 2024 was unfortunately a standout year for the healthcare sector. Kroll found that the healthcare industry was the most breached, had fairly immature incident response practices, and unfortunately suffered numerous cyberattacks culminating in a year that left healthcare boards thinking deeply of the overall risk to their businesses.
Read Post

February 18, 2025 Cyber Threat Intelligence Briefing

Feb 18, 2025 By Kroll In Kroll
February 18, 2025 Cyber Threat Intelligence Briefing This week’s briefing covers: CL0P Update CL0P updated their data leak site with a new victim list of approximately 43 organizations. The organizations are likely from the previous redacted list containing company names from C-E and are possibly associated with the Cleo zero-day vulnerability.
View Video
kroll

A Phased Approach: Thoughts on EU AI Act Readiness

Feb 11, 2025 By Kroll In Kroll
The European Union’s (EU) AI Act (the Act) represents landmark artificial intelligence (AI) regulation from the EU designed to promote trustworthy AI by focusing on the impacts on people through required mitigation of potential risks to health, safety and fundamental rights. The Act introduces a comprehensive and often complex framework for the development, deployment and use of AI systems, impacting a wide range of businesses across the globe.
Read Post

February 03 2025 Cyber Threat Intelligence Briefing

Feb 3, 2025 By Kroll In Kroll
This week’s briefing covers: KTA080 (CL0P) Update Around January 28, 2025, KTA080 (CL0P) updated its data leak site with a new victim list of approximately 49 organizations. The organizations are likely from the previous redacted list that was reported on listings and are possibly associated with the Cleo zero-day vulnerability, but cannot be confirmed since the group does not indicate it in their post.
View Video

January 27, 2025 Cyber Threat Intelligence Briefing

Jan 27, 2025 By Kroll In Kroll
This week’s briefing covers: CL0P Update The group’s post reads as follows, "DEAR COMPANIES THIS IS THE NEXT LIST WHICH WE HAVE CLOSED FOR THE TIME BEING AND DO NOT SHOW THE NAMES IN FULL IF YOU DO NOT GET IN TOUCH ASAP THE LIST WILL BE OPEN” and continues with the listed victim organizations and ways for the companies to contact the group.
View Video

Copyright © 2026 OpsMatters™. All rights reserved.