- Home
- Cybercrime and Ransomware
- Emerging Tech
- Threat Intelligence
- Expert Insights
- Careers and Learning
- Compliance
Subscribe to Updates
Subscribe to our newsletter and never miss our latest news
Subscribe my Newsletter for New Posts & tips Let's stay updated!
Author: Staff Writer
John Marcelli is a staff writer for the CISO Brief, with a passion for exploring and writing about the ever-evolving world of technology. From emerging trends to in-depth reviews of the latest gadgets, John stays at the forefront of innovation, delivering engaging content that informs and inspires readers. When he's not writing, he enjoys experimenting with new tech tools and diving into the digital landscape.
Top Highlights Attackers can hijack Google Cloud Vertex AI models by creating predictable storage buckets and replacing uploaded models with malicious ones before they’re loaded, exploiting default SDK behaviors. Loaded malicious models can run arbitrary code inside Google’s infrastructure, enabling theft of OAuth tokens and access to sensitive data across tenant projects. The vulnerability’s fix involves verifying bucket ownership and randomizing bucket names, emphasizing the importance of explicitly setting secure configurations and updating SDKs to prevent exploitation. Threat Overview, Attack Techniques, and Targets The flaw in Google Cloud Vertex AI SDK for Python allows attackers to hijack model uploads. An…
Top Highlights A new Android banking Trojan, Rokarolla, combines credential theft with advanced device surveillance, remote control, and persistence tactics, making it highly malicious. It can take full control of infected devices, harvest sensitive data, block calls, disable security protections, and operate stealthily using over 137 commands. Rokarolla deploys fraudulent overlays mimicking lock screens to achieve complete device takeover, even when the device is locked, to capture user credentials. Detection strategies include avoiding untrusted sources, deploying behavioral threat detection, enforcing strict app installation policies, and reducing reliance on SMS-based verification. Rokarolla Trojan Gains Full Control of Devices Recently, a new…
Fast Facts Shared Backdoor and Code: Interlock and Rhysida ransomware groups both use the Supper backdoor, sharing similar malware code and command structures, indicating a close development link or trusted collaboration. Operational Similarities and Origins: Both groups rely on trojanized software installers with fraudulent certificates, employ a variety of malware tools like NodeSnake and InterlockRAT, and most victims are in the US within sectors like healthcare, education, and government. Indicators and Techniques: They utilize traffic distribution, fake update prompts, and custom policies to disable defenses, with code analysis revealing structural similarities suggesting they were built by the same or closely…
Fast Facts The memorandum emphasizes the need for continuous visibility and behavioral understanding to detect and respond to evolving nation-state cyber threats targeting the most sensitive U.S. security systems. It highlights risks associated with fragmented governance and outdated compliance standards, which can hinder rapid response to sophisticated attacks such as malware infiltration, espionage, or supply chain compromises. Enforcement of strict cybersecurity protections across agencies and contractors aims to mitigate threats like unauthorized access, data exfiltration, and system disruption by establishing clear, accountable, and resilient security principles. Threats, Attack Techniques, and Targets The signing of the national security memo emphasizes protecting…
Fast Facts Hackers are increasingly exploiting trusted cloud services, such as Microsoft Teams, by using its infrastructure to disguise malicious command-and-control (C2) traffic, making detection more difficult. A new Go-based Remote Access Trojan (Backdoor.TURN) leverages Microsoft Teams’ TURN relay servers for stealthy C2 communication by authenticating via a Microsoft token and routing traffic through legitimate domains. The campaign, linked to the DragonForce ransomware group, involved sophisticated techniques including DLL sideloading, kernel-level driver exploitation, and modifying system configurations for long-term persistence. Symantec emphasizes that blending malicious activity with legitimate cloud services significantly hampers detection, underscoring the urgent need for enhanced behavioral…
Quick Takeaways The competition simulated hacking scenarios at airports involving compromised ticketing kiosks, airline servers, and air traffic control, highlighting diverse vulnerabilities in aviation infrastructure. Participants employed cybersecurity skills such as password cracking, log analysis, and ethical hacking to defend against simulated hijackings, emphasizing the importance of technical resilience. Engagement with industry professionals underscored the evolving threat landscape in aviation cybersecurity, fostering knowledge transfer and potential career pathways in defending critical transportation systems. Threat, Attack Techniques, and Targets The scenario at the Aviation Cybersecurity Summit involved “hacktivists” attacking airport systems. The attack compromised multiple parts of airport infrastructure. These included…
Summary Points India’s Ministry of Electronics and Information Technology (MeitY) has temporarily banned Telegram nationwide until June 22, 2026, to combat exam fraud related to NEET UG 2026. The ban includes restricting platform access and disabling Telegram’s message-editing feature until June 30, 2026, addressing vulnerabilities exploited for fake paper leaks. Authorities uncovered extensive fraud schemes involving Telegram channels offering paid fake exam papers, leading to arrests and a CBI investigation. The measures aim to prevent pre-exam leaks and false evidence, while acknowledging they cause inconvenience to legitimate users, with ongoing efforts to combat cyber-enabled exam fraud. The Core Issue India’s…
Fast Facts Malicious LNK files disguised as resumes deliver backdoor malware by exploiting legitimate decoys and DLL side-loading, bypassing user suspicion. Attackers establish persistence via scheduled tasks mimicking legitimate services and download encrypted malicious components for stealthy execution. Threat actors leverage file disguises and scheduled tasks to embed backdoors like Xctdoor, enabling persistent remote command and control communications. Threat Overview, Attack Techniques, and Targets The threat involves malicious shortcut files disguised as resumes. Threat actors name these files to resemble real resumes, including company names and job titles. When a user opens the file, the attack begins. A legitimate-looking document…
Fast Facts Threat actors utilize deceptive LNK shortcut files with obfuscated PowerShell scripts to stealthily download and execute malicious code in memory, evading detection. Malicious scripts modify external files, establish persistence via scheduled tasks, and employ decoy documents, making infection hard to identify. The malware conducts information theft and establishes backdoors, enabling ongoing access and further malicious activities on infected systems. Threat, Attack Techniques, and Targets Recent evidence shows that malicious files disguised as “Consent Forms for the Collection and Use of Personal Information” are circulating. These files are actually shortcut files (.LNK files). When a user runs them, they…
Fast Facts SoftBank and OpenAI are launching an AI-driven cybersecurity service targeting Japan’s top 3,000 critical infrastructure companies. The service diagnoses vulnerabilities and provides tailored patches to defend against increasingly complex cyberattacks. CEO Masayoshi Son describes Japan’s cyber threat as a crisis, emphasizing the urgent need for AI-enhanced defenses. Participants can access a free initial security diagnosis, with SoftBank aiming to bolster national cybersecurity resilience. [gptA technology journalist, write a short news story divided in two subheadings, at 12th grade reading level about ‘SoftBank and OpenAI team up to shield Japan from cyberattacks’in short sentences using transition words, in an…