Author: Staff Writer
Staff Writer
John Marcelli is a staff writer for the CISO Brief, with a passion for exploring and writing about the ever-evolving world of technology. From emerging trends to in-depth reviews of the latest gadgets, John stays at the forefront of innovation, delivering engaging content that informs and inspires readers. When he's not writing, he enjoys experimenting with new tech tools and diving into the digital landscape.
Essential Insights The Sixth Circuit Court upheld the FCC’s authority to mandate telecoms notify customers of data breaches involving personally identifiable information (PII), affirming the agency’s legal power under existing laws. The 2024 FCC regulation expanded reporting requirements to include customer PII, beyond previously covered network information, amid challenges from telecom trade groups claiming overreach. The court ruled that Congress intentionally authorized the FCC to regulate telecom data privacy, and recent legal shifts do not hinder the agency’s cybersecurity enforcement. The decision signals strong judicial support for FCC’s role in cybersecurity, though future rules may face increased legal scrutiny, especially…
Mission Critical Partners has introduced its Governance, Risk, and Compliance (GRC) framework, designed to help public-sector organizations strengthen cybersecurity, improve operational maturity, and navigate evolving regulations. This proactive, policy-driven approach integrates governance, risk management, and compliance into a unified framework, enabling organizations to move from reactive to strategic operations. The GRC framework is customizable, tool-agnostic, and results-oriented, offering services like assessments, policy development, and ongoing monitoring to optimize resources and improve audit outcomes. Early adopters have reported enhanced cybersecurity maturity, reduced risks, and greater confidence in meeting regulatory standards like CJIS, NIST, and HIPAA. Mission Critical Partners (MCP) launched its Governance,…
Essential Insights The Crypto24 ransomware group has evolved to use a sophisticated blend of legitimate tools (like PSExec, AnyDesk, keyloggers) and custom malware to target high-value organizations across multiple sectors globally, with strategic timing during off-peak hours to minimize detection. They demonstrate advanced technical expertise by deploying customized tools (e.g., RealBlindingEDR) that neutralize modern security defenses, potentially exploiting vulnerabilities at the kernel level to disable endpoint detection systems. Crypto24 employs living off the land tactics, exploiting legitimate Windows utilities such as gpscript.exe and net.exe, creating multiple administrative accounts, and deploying persistent keyloggers like WinMainSvc.dll to stealthily maintain access and capture…
Quick Takeaways A ransomware attack on Ganong Bros., Canada’s oldest family-owned chocolate company, abruptly disabled their digital systems, halting production and locking critical data. The attack was stealthy, spreading through the network before detection, resulting in encrypted servers, frozen equipment, and no access to orders or emails. Despite mechanical functioning, digital controls and production schedules became inaccessible, plunging the historic factory into a digital blackout. The incident underscores how even longstanding, traditional manufacturing companies remain vulnerable to modern cyber threats, with significant operational impacts. The Issue On February 22, 2025, Ganong Bros., a venerable Canadian chocolate manufacturer established in 1873,…
Summary Points Cisco disclosed a critical vulnerability (CVE-2025-20265) in its Secure Firewall Management Center Software that allows unauthenticated attackers to inject commands and gain high privileges, with a CVSS score of 10. The flaw affects versions 7.0.7 and 7.7.0 when RADIUS authentication is enabled, and there are no workarounds; Cisco has released a patch to address it. Experts warn this type of remote command injection is highly dangerous, particularly as edge devices like firewalls are frequently targeted and sit at critical network boundaries. Cisco urges affected users to update immediately and run the Cisco Software Checker to assess vulnerability exposure,…
LayerX, the pioneer in browser-native security and AI usage control, announced its recognition as a Sample Vendor in both the Secure Enterprise Browser (SEB) and AI Usage Control (AUC) categories. LayerX appears across five 2025 Gartner Hype Cycle reports, reinforcing its position as the leading solution for securing AI-powered, browser-based work. LayerX was profiled in the following Hype Cycle reports released in July and August, 2025: Hype Cycle for Data Security Technologies, 2025 (July, 2025) – Recognized in the Secure Enterprise Browser category Hype Cycle for Digital Workplace Infrastructure and IT Operations, 2025 (August, 2025) – Recognized in the Secure Enterprise Browser category Hype Cycle for Workload and Network Security,…
Top Highlights Rising Intrusions: Nearly 98% of firms experienced breaches due to vulnerable code in 2023, a significant increase from 90% the previous year, highlighting a critical security issue. Strategy Over Oversight: 80% of companies admitted to sometimes releasing software with known vulnerabilities, indicating a strategic choice rather than mere oversight. Worsening Breach Frequency: The percentage of organizations facing four or more breaches annually nearly doubled to 27%, suggesting deepening systemic issues in software security practices. Inadequate Security Maturity: Only 31% of security leaders view their programs as highly mature, with significant gaps identified, indicating a pressing need for improvement…
Lido Advisors, a fast-growing national wealth advisory firm with more than $30 billion in RAUM, announced the appointment of Elena Ro as Chief Compliance Officer and Special Counsel. Lido Advisors is reshaping the modern wealth advisory experience through a holistic, client-focused model that integrates investment management with proactive tax and estate planning. With a growing national presence and an expanding executive team, the firm continues to emphasize transparency, governance, and regulatory excellence. Cyber Technology Insights : CrowdStrike Introduces Falcon Next-Gen Identity Security to Safeguard Every Identity Across Hybrid Environments “Elena is a strategic and thoughtful leader with deep regulatory expertise and rare operational insight,” said Jason Lee,…
Cyber A.I. Group, Inc., an emerging growth Cybersecurity, Artificial Intelligence and IT services company engaged in the development of next-generation market disruptive AI-driven Cybersecurity technology, announced the appointment of NASA astronaut Charles J. Camarda, Ph.D. as Strategic Innovation Advisor. Dr. Camarda, a veteran of NASA’s 2005 STS-114 “Return to Flight” mission, brings world-class expertise in aerospace engineering, systems innovation and advanced problem-solving to CyberAI’s global technology initiatives. Dr. Camarda will collaborate with CyberAI’s executive leadership to accelerate the Company’s innovation strategy, leveraging his experience in high-stakes engineering and breakthrough methodologies to guide the evolution of CyberAI Sentinel 2.0™. His appointment…
Quick Takeaways High-Severity Flaw: CISA and Microsoft have updated guidance for CVE-2025-53786, a significant vulnerability in Exchange Server allowing privilege escalation for attackers with admin access. No Active Exploits: As of the latest update, CISA reports no evidence of active exploitation of the flaw, but urges organizations to assess their Exchange Servers and use the Microsoft Exchange Health Checker. Escalation Risks: Attackers could potentially escalate privileges from on-premises Exchange servers to cloud environments without leaving detectable traces, stressing the importance of mitigation measures. Urgent Fixes: Microsoft advises users to install the April 2025 hotfix updates and disconnect end-of-life Exchange or…