Annie - RH-ISAC - Page 10 of 22 Blog

Researchers from BitSight Technologies’ TRACE team have uncovered several critical zero-day vulnerabilities in six Automatic Tank Gauge (ATG) systems from five different vendors. If these vulnerabilities are weaponized, malicious actors could exploit industrial control systems (ICS) used in critical infrastructure sectors, including retail and hospitality, potentially causing harm, including physical destruction, environmental risks, and financial losses….

Yubico and Microsoft deliver strong identity, endpoint and access controls to Hyatt’s global operations Hyatt Hotels Corporation is one of the world’s most well-recognized and respected hospitality brands with approximately 1,500 hotel and all-inclusive properties spanning across 70 countries. With so many properties and employees spread out across the globe, it is a daunting task…

Vienna, VA (September 25, 2024) – The Retail & Hospitality Information Sharing and Analysis Center (RH-ISAC) announced its 2024 award winners during the annual membership meeting held on 24 September in Minneapolis, Minnesota. The awards recognize outstanding companies and individuals who have displayed extraordinary dedication to RH-ISAC’s mission to build a collaborative sharing community that…

Modern Authentication is the Word on the Street A few months ago, I attended the RH-ISAC Spring Summit 2024 to discuss all things Identity and Access Management (IAM) with practitioners at companies of all sizes. The best part of these interactions was the pure joy and pride these experts had while talking about their identity…

Increasingly, retail and hospitality applications are under attack by malicious threat actors exploiting web vulnerabilities. Thankfully, there’s a huge community of talented andtenacious ethical hackers who specialize in the retail and hospitality industries and can bring to your organization’s security. Thousands of the world’s most influential brands — including Hyatt, Beiersdorf, A.S. Watson, Delivery Hero,…

In today’s digital retail landscape, PCI DSS compliance is not just a regulatory requirement—it’s a critical business imperative. As a seasoned QSA and security consultant with over two and half decades of experience, I’ve witnessed firsthand the devastating impact of data breaches on businesses. Did you know that 60% of small businesses close within six…

Summary On 27 August 2024, Cybersecurity researchers from Netskope released a new report calling attention to a new QR code phishing, also known as quishing, campaign that leverages Microsoft Sway infrastructure to host fake pages, highlighting the abuse of legitimate cloud offerings for malicious purposes. In July 2024, Netskope Threat Labs tracked a 2,000-fold increase in traffic to…

For eCommerce companies targeting the increasing number of parents shopping for back-to-school supplies, having strong online security measures is essential. With the continued rise of online shopping, the sophistication of cyber threats is also increasing. Hackers and malicious bots can exploit vulnerabilities in eCommerce platforms, leading to data breaches that compromise sensitive customer information, including…

Summary Team Cymru, Silent Push, and Stark Industries Solutions have released a report detailing a collaborative investigation between all three entities targeting the financial threat group, FIN7. Despite past disruptions, FIN7 remains active, employing a range of tactics to evade detection. Silent Push’s research identified a significant number of domains linked to FIN7, a portion of…

Summary Several security vulnerabilities in the industrial remote access solution Ewon Cosy+ can be abused to gain root privileges to the devices and stage follow-on attacks, according to new data unveiled at DEF CON 32. The elevated access could then be weaponized to decrypt encrypted firmware files and encrypted data such as passwords in configuration files, and even get…