Author: Staff Writer
Staff Writer
John Marcelli is a staff writer for the CISO Brief, with a passion for exploring and writing about the ever-evolving world of technology. From emerging trends to in-depth reviews of the latest gadgets, John stays at the forefront of innovation, delivering engaging content that informs and inspires readers. When he's not writing, he enjoys experimenting with new tech tools and diving into the digital landscape.
Fast Facts Play Ransomware Threat: The FBI and CISA warn that the Play ransomware gang is actively targeting U.S. critical infrastructure, having breached around 900 organizations globally since launching in June 2022. Exploiting Vulnerabilities: Recent attacks revolve around vulnerabilities in the remote support tool SimpleHelp, including a severe path traversal flaw (CVE-2024-57727) that allows unauthorized file access. Security Updates Needed: SimpleHelp has issued critical security updates to address identified vulnerabilities, emphasizing the importance for organizations to apply these fixes immediately. Healthcare Sector Impact: While only nine attacks affected healthcare, experts urge all sectors to heed the advisory and bolster defenses…
Fast Facts Victim Count: The Play ransomware gang, active since June 2022, has affected approximately 900 victims over three years, with a surge in attacks noted in 2024. Double-Extortion Tactics: Known for double-extortion methods, Play not only encrypts victims’ data but also exfiltrates it for additional leverage in extortion. Exploited Vulnerabilities: Initial access brokers associated with Play leverage multiple vulnerabilities (CVE-2024-57727, CVE-2024-57728, and CVE-2024-57726) in SimpleHelp RMM software to gain unauthorized access. Unique Communication Methods: Victims receive targeted communication via specific email domains and phone calls, where threat actors press for ransom payments while threatening to expose sensitive information. The…
BlueVoyant, the leader in integrated cybersecurity, launched its Software Bill of Materials (SBOM) management offering, which helps organizations reduce risk related to software by automating the ingestion, analysis, and tracking of software component information from third-party software vendors. The latest advancements enhance Supply Chain Defense, BlueVoyant’s next-generation third-party cyber risk management solution that continuously monitors suppliers, vendors, and other third parties, and then works with them to quickly remediate threats. BlueVoyant’s SBOM solution is powered through a partnership with Manifest, a cybersecurity company that specializes in securing software supply chains for corporate and government entities. More than 85% of applications…
Fast Facts Cybercriminals Vulnerable: Even cybercriminals face risks of malware infection when using unverified open source repositories, particularly seen in Sophos’s research on backdoored GitHub projects aimed at less experienced threat actors. Diverse Backdoors Discovered: The investigation revealed four types of backdoors—PreBuild, Python, screensaver, and JavaScript—embedded in the Sakura RAT malware project, demonstrating a sophisticated chain of infection. Widespread Malicious Operations: This campaign appears linked to a larger distribution-as-a-service (DaaS) operation, with significant overlaps in tactics and numerous instances of similar malicious repositories targeting game cheaters and inexperienced cybercriminals. Prolific Threat Actor: The creator behind the backdoored repositories, possibly using…
RSA, the security-first identity leader, announced new Identity Security Posture Management (ISPM) and enhancements to the industry’s only complete, enterprise-grade passwordless identity platform at Infosecurity Europe 2025. These innovations will help enterprises proactively find and resolve security risks across hybrid and cloud environments and simplify users’ log-in processes with advanced, phishing-resistant security capabilities. “For identity teams overwhelmed by data, the new AI-powered dashboards from RSA provide the proactive information they need to prioritize actions and enhance their security,” said RSA Chief Product and Technology Officer Jim Taylor. RSA Announces New RSA Governance & Lifecycle ISPM Capabilities Built into the RSA Governance &…
Fast Facts Two members of the cybercriminal group ViLE were sentenced for hacking a federal law enforcement portal in an extortion scheme, using personal data for harassment and threats, referred to as "doxing." The defendants obtained sensitive information through various illegal methods, including impersonating law enforcement and accessing government databases, demonstrating a sophisticated and calculated approach to cybercrime. Sagar Steven Singh and Nicholas Ceraolo were sentenced to 27 and 25 months, respectively, for aggravated identity theft and conspiracy to commit computer intrusion, following their guilty pleas for stealing and extorting individuals. The hacked portal, identified by reports as a DEA…
Quick Takeaways Growing Security Demands: Security teams are under increased pressure to justify large budgets, with executives seeking clarity on financial exposure and risk instead of traditional metrics like vulnerability counts. Business Value Assessment (BVA): A BVA connects security exposures to potential costs, emphasizing cost avoidance, reduction, and efficiency gains, enabling security leaders to demonstrate tangible value and align with business objectives. Risk of Inaction: Delays in addressing security vulnerabilities can significantly inflate breach costs—sometimes exceeding $500,000 monthly—highlighting the importance of proactive strategy and risk management. Alignment Across Teams: A BVA fosters collaboration between security, IT, and finance by providing…
Essential Insights Sentencing Outcome: Sagar Steven Singh (27 months) and Nicholas Ceraolo (25 months) were sentenced for conspiracy to commit computer intrusion and aggravated identity theft after pleading guilty in 2022. Doxing Scheme: The duo was part of a cybercrime group named ‘Vile’, which operated a doxing website that leaked sensitive information and extorted victims for money to have it removed, sometimes threatening them with physical harm. Criminal Methods: They accessed a law enforcement database, reportedly linked to the DEA, using stolen credentials from a law enforcement officer, significantly aiding their doxing activities. Victims and Tactics: Vile targeted victims using…
Quick Takeaways The U.S. Department of Justice seized around 145 domains and cryptocurrency linked to the BidenCash illicit marketplace, which simplified purchasing stolen credit card information and generated over $17 million in revenue since its launch in March 2022. BidenCash facilitated the trafficking of over 15 million payment card numbers and personally identifiable information, with approximately 3.3 million stolen credit cards offered for free to attract users between October 2022 and February 2023. The platform primarily targeted U.S. victims, with half of the 2.1 million compromised cards released in February 2023 belonging to American individuals or entities, while also branching…
Top Highlights Data Breach Revelation: Lee Enterprises confirmed a cyberattack earlier this year led to a data breach affecting nearly 40,000 individuals, involving personal information like names and Social Security numbers. Attack Details: The Qilin ransomware gang claimed responsibility for the incident, encrypting critical applications and stealing approximately 350 GB of files, including sensitive documents and identification scans. Response and Support: Affected individuals are being offered 12 months of free credit monitoring and identity protection services following the breach. Current Status: Lee Enterprises found no evidence of misuse of the compromised information, and the Qilin gang no longer lists Lee…