Proof of Concept Exploit Released for New Critical Apache Struts Vulnerability

On December 14, 2023, a security researcher published a proof of concept (POC) for the recent vulnerability on Github. Context Throughout the second half of December 2023, details have publicly emerged surrounding CVE-2023-50164, a vulnerability in Apache Struts with a 9.8 severity rating. According to the disclosure: “An attacker can manipulate file upload params to…

Read More

Russian Foreign Intelligence Service (SVR) Cyber Actors Use JetBrains TeamCity CVE in Global Targeting

Context On December 13, 2023, the United States Federal Bureau of Investigation, Cybersecurity & Infrastructure Security Agency, National Security Agency, Polish Military Counterintelligence Service, Community Emergency Response Team Polska, and the United Kingdom’s National Cyber Security Centre released a report that assessed that cyber actors associated with the Russian Foreign Intelligence Service (SVR), also known…

Read More

The Challenges of and Solutions for Enterprise-Wide Adoption of Generative AI Models

The Path Taken In the 10 or so years since artificial intelligence (AI)-dependent tools have become an integral part of the business ecosystem, retail organizations have been among their most enthusiastic adopters. The industry has led the development and deployment of innovative, productivity- and profit-enhancing solutions for issues that have plagued the field for ages,…

Read More

Cyber Week 2023: The Impact of Scalper Bots

In North America and Europe, Black Friday and Cyber Monday have become an annual tradition for retailers — and consumers — to kick off the holiday shopping season. As a result of promotions and seasonal specials, items for sale during Cyber Week may be in limited supply and attract the attention of bot operators looking…

Read More

10 Unpatched Vulnerabilities Disclosed in Loytec Building Automation Solutions

On December 5, 2023, industrial and operational technology security vendor TXOne Networks disclosed details of 10 unpatched vulnerabilities in building automation products made by Austrian company Loytec. Context According to reports, TXOne researchers discovered the vulnerabilities over two years ago. According to reports, “The vulnerabilities are related to usernames and passwords being transmitted or stored…

Read More

Retail & Hospitality ISAC Announced New Board of Directors

Vienna, VA (November 21, 2023) – The Retail & Hospitality Information Sharing and Analysis Center (RH-ISAC) announced the results of the 2023 Board of Directors elections today. Diane Brown, vice president of IT risk management at Ulta Beauty, and Jason Stead, CISO for Choice Hotels International, were both re-elected for three-year terms on the board. Ngozi Eze, Global CISO…

Read More

DarkGate and PikaBot Leveraging QakBot TTPs in Phishing Campaign

On November 20, 2023, Cofense researchers published a report on a phishing campaign spreading DarkGate and Pikabot that is leveraging tactics previously used to deploy QakBot. Context Cofense researchers stated, “This campaign disseminates a high volume of emails to a wide range of industries, and due to the loader capabilities of the malware delivered, targets…

Read More

Member Spotlight: Tyler Compton

Tyler Compton, lead information security engineer at Aaron’s, discusses how he began his journey in cybersecurity, what he enjoys about cybersecurity, and the value of the RH-ISAC community. Tell us about yourself and your background. I grew up outside of a little big city in North Georgia called Rome. There are not a ton of…

Read More

Andy Greenberg, Senior Writer for WIRED, to Keynote the 2024 Retail & Hospitality ISAC Cyber Intelligence Summit

Vienna, VA (November 15, 2023) – The Retail & Hospitality Information Sharing and Analysis Center (RH-ISAC) today announced that Andy Greenberg, senior writer for WIRED, will be a keynote speaker for the 2024 RH-ISAC Cyber Intelligence Summit. The event, scheduled for April 9 -11 in Denver, will bring together industry leaders, cybersecurity experts, and professionals…

Read More