Annie - RH-ISAC - Page 12 of 23 Blog

Summary Microsoft researchers have uncovered a vulnerability in VMware ESXi hypervisors being exploited by several ransomware operators to obtain full administrative permissions on affected systems. Ransomware groups like Storm-0506, Storm-1175, Octo Tempest, and Manatee Tempest have exploited this flaw, designated CVE-2024-37085, deploying ransomware such as Akira and Black Basta. The issue was disclosed to VMware, which released a security update. RH-ISAC Members who utilize VMware products in…

Summary Security researchers have unveiled a new malware strain designated FrostyGoop, which is directly targeting industrial control systems (ICS) on targeted systems. Discovered by Dragos in April 2024, FrostyGoop can directly interact with ICS devices via Modbus, a widely used industrial protocol. The malware was linked to a cyber-attack on a district energy company in Lviv,…

Washington, D.C. (July 18, 2024)  – Today, the Aspen Institute Financial Security Program (Aspen FSP) is announcing the formation of a National Task Force for Fraud & Scam Prevention, an initiative that will bring together leading stakeholders from government, law enforcement, private industry, and civil society to develop a nation-wide strategy aimed at helping prevent…

Summary A critical vulnerability is affecting certain versions of GitLab Community and Enterprise Edition products, which could be exploited to run pipelines as any user. The vulnerability, tracked as CVE-2024-5655, impacts all GitLab CE/EE versions from 15.8 through 16.11.4, 17.0.0 to 17.0.2, and 17.1.0 to 17.1.0. GitLab has addressed the vulnerability by releasing versions 17.1.1, 17.0.3, and 16.11.5, and…

Context  A recently patched high-severity flaw, tracked as CVE-2024-28995, impacting SolarWinds Serv-U file transfer software is being actively exploited by malicious actors in the wild. A patch is available for affected SolarWinds customers. Community Impact  Successful exploitation of this vulnerability could be a potential steppingstone for attackers. By gaining access to sensitive information like credentials…

Context Car dealership software-as-a-service provider (SaaS) CDK Global has been impacted by a large-scale cyberattack, causing the company to shut down a portion of its systems and leaving clients unable to operate their businesses normally. Community Impact The outage and restoration of CDK Global services impacts a portion of the RH-ISAC Core Membership and is notable due to…

Vienna, VA (June 20, 2024) – The Retail & Hospitality Information Sharing and Analysis Center (RH-ISAC) announces their new critical provider program in partnership with Google Cloud Security, Microsoft, Palo Alto Networks, and Akamai as tier three associate members. These companies will be supporting RH-ISAC, its board of directors, and Core Membership as strategic partners dedicated…

Context A new PHP for Windows remote code execution (RCE) vulnerability has been disclosed, impacting all releases since version 5.x, potentially impacting a massive number of servers worldwide. The new RCE flaw, tracked as CVE-2024-4577, was discovered by Devcore Principal Security Researchers on 7 May 2024, who reported it to the PHP developers. PHP project maintainers released a…

Context Ariane Systems self-check-in systems installed at thousands of hotels worldwide are vulnerable to a kiosk mode bypass flaw that could allow access to guests’ personal information and the keys for other rooms, according to a new report form Pentagrid. Community Impact According to Ariane Systems, its self-checkout solutions are currently used by 3,000 hotels in 25 countries,…

Effective online security in ecommerce is crucial not just for protecting against data breaches, but also for building and maintaining trust between businesses and consumers. When customers feel confident that their personal information is safe and secure, they are more likely to engage and establish long-term relationships with brands. On the other hand, a single…