- Home
- Cybercrime and Ransomware
- Emerging Tech
- Threat Intelligence
- Expert Insights
- Careers and Learning
- Compliance
Subscribe to Updates
Subscribe to our newsletter and never miss our latest news
Subscribe my Newsletter for New Posts & tips Let's stay updated!
Author: Staff Writer
John Marcelli is a staff writer for the CISO Brief, with a passion for exploring and writing about the ever-evolving world of technology. From emerging trends to in-depth reviews of the latest gadgets, John stays at the forefront of innovation, delivering engaging content that informs and inspires readers. When he's not writing, he enjoys experimenting with new tech tools and diving into the digital landscape.
Fast Facts Microsoft has extended its Windows 10 Extended Security Updates (ESU) program, allowing critical patches through October 12, 2027—one year beyond the initial October 2026 deadline, to support users lingering on Windows 10 version 22H2. The ESU program provides essential security updates but does not include feature upgrades or technical support, targeting Windows 10, version 22H2, for specific editions like Home, Pro, and Workstations. Enrollment options include free via PC Settings Sync or a one-time $30 fee, with licenses covering up to 10 devices under one Microsoft account, simplifying multiple device management for households. This extension is a temporary…
Quick Takeaways Cybercriminals are employing increasingly sophisticated methods that transcend geographical boundaries, threatening government data and citizen services. Rapid digitalization heightens vulnerabilities in critical information infrastructure, necessitating stronger incident response mechanisms. Evolving cyber threats demand continuous adoption of emerging technologies and best practices to safeguard digital infrastructure and public data. Threat, Attack Techniques, and Targets The workshop highlighted that Delhi faces a rapidly evolving cyber threat landscape. Cybercriminals are using increasingly sophisticated methods. These methods often go beyond geographic boundaries. The targets include government data, critical information infrastructure, and citizen services. Attack techniques are not specified but likely involve advanced…
Quick Takeaways Chinese-speaking threat group CL-STA-1062 has been targeting Southeast Asian government and critical energy infrastructure since 2022, utilizing web shells, open-source tools, and custom malware like TinyRCT for sustained infiltration. The attackers employ sophisticated TTPs including AppDomainManager injection via malicious .NET config files, web shell exploitation, tunneling tools for C2 communication, and layered data exfiltration with password-protected archives. The new TinyRCT backdoor enables remote command execution, file exfiltration, screen capture, and self-destruct, maintaining persistent, encrypted C2 communication, and posing a significant ongoing espionage and sabotage threat in the region. Threat, Attack Techniques, and Targets The activity tracked as CL-STA-1062…
Essential Insights The Russian cyber espionage group Gamaredon has significantly upgraded its tactics, developing new malware and methods to enhance its cyberattack effectiveness, especially in Ukraine. Gamaredon conceals its command-and-control infrastructure using legitimate cloud services, tunneling techniques, and dead drops, making detection and blocking more challenging. The group has intensified its operations by executing larger, more frequent attacks, often collaborating with other Russian APTs like Turla to maximize impact. To defend against Gamaredon’s evolving threats, organizations should implement strategic safeguards such as restricting PowerShell use, monitoring network behavior, and understanding application communication patterns. Gamaredon Upgrades Its Tactics and Tools Recently,…
Quick Takeaways Russian authorities used Cellebrite’s UFED to extract data from opposition politician Andrey Pivovarov’s iPhone in June 2021, despite Cellebrite’s public declaration of ceasing sales to Russia in March 2021. Forensic and official documents confirm Cellebrite’s tools were employed to access communications on messaging apps and search for political keywords, indicating continued use post-contract termination. The use of Cellebrite’s technology may have facilitated targeted harassment and espionage, with subsequent phishing campaigns linked to Russia’s FSB targeting individuals associated with Pivovarov. Investigations highlight the need for Cellebrite to establish effective “kill switches” and human rights safeguards, as their tools continue…
Russia Uses Cellebrite to Hack Human Rights Activist’s Phone Despite Contract Cancellation
Essential Insights Russian authorities used Cellebrite’s phone-cracking technology to access a prominent human rights activist’s device despite the company’s contract termination with Russia. The Citizen Lab’s analysis confirmed that Russian authorities accessed Andrey Pivovarov’s phone around June 2021, possibly using extracted data to surveil other dissidents. Cellebrite’s forensic systems have ongoing functionality due to their architecture, making it difficult to prevent misuse even after contract cancellations. Cellebrite claims its legacy hardware is now incompatible and ineffective in Russia, asserting that any post-March 2021 usage is unauthorized and unsupported. Underlying Problem In 2021, Russian authorities accessed the phone of prominent human…
Fast Facts A 21-year-old Minnesota man, “Snoopy,” was sentenced to 18 months in federal prison for a 2022 credential stuffing attack compromising around 60,000 DraftKings accounts, stealing approximately $600,000. Austad operated a cybercrime marketplace and received about $465,000 in cryptocurrency, with stolen funds sold and transferred across accounts. He and co-conspirators acknowledged federal investigation during the scheme, with messages revealing awareness of legal risks while continuing their activities. The attack led to disclosures of over $300,000 stolen initially, with DraftKings later confirming nearly 68,000 accounts compromised, and Austad being the third individual sentenced in this case. What’s the Problem? Nathan…
Quick Takeaways Frontier AI accelerates vulnerability discovery and chaining, outpacing existing security standards and increasing the risk of rapid exploitation. Faster vulnerability identification demands preemptive action focused on exploitability and context-aware risk mitigation, not just detection. Continuous, real-time compliance challenges and AI-driven security operations heighten the threat of unaddressed risks due to disjointed monitoring and response systems. The Threat, Attack Techniques, and Targets The use of AI in cybersecurity accelerates how quickly vulnerabilities can be found and exploited. Attackers can now leverage models to identify and chain weaknesses faster than traditional methods. This technology challenges existing security standards, which were…
Quick Takeaways CEOs prioritize AI adoption, pushing CIOs to deliver measurable ROI quickly while managing risks and legal compliance without stifling innovation. AI introduces complex, indeterminate risks, requiring new governance models that balance speed with security, and organizations should avoid unchecked adoption. Effective organizational design, including dedicated compliance and legal oversight, is critical for balancing AI innovation with risk mitigation. Maturity in AI management involves evolving from role-based platforms to zero-touch application creation, aiming to streamline AI development while maintaining security and performance. The Core Issue The story highlights a significant shift in how organizations approach AI adoption, driven by…
Essential Insights A critical vulnerability (CVE-2026-50751) in Check Point VPN, exploitable via an authentication bypass, was exploited by ransomware within six weeks before official patching; this highlights a dangerous delay in addressing active threats. The flaw stems from a logic error in certificate validation when IKEv1 is enabled, allowing attackers to establish legitimate-seeming VPN sessions without credentials, effectively turning security devices into attack vectors. Standard response measures—patching, log review, detection—are insufficient once attackers have gained trust; they do not prevent post-compromise actions and cannot detect long-undetected intrusions. Effective defense requires shifting security to the endpoint, employing techniques that disrupt malicious…