Annie - RH-ISAC - Page 14 of 21 Blog

Context On January 11, 2023, GitLab released security updates to remedy two critical vulnerabilities in GitLab software. All RH-ISAC organizations are urged to immediately update to versions 16.5.6, 16.6.4, and 16.7.2, or to a version where the fix was backported (16.1.6, 16.2.9, 16.3.7, and 16.4.5). According to the security update, the flaws affected the following…

Thousands of public GitHub repositories are vulnerable to a newly discovered malicious code injection via self-hosted GitHub Actions runners, which could lead to high-impact attacks, leading to potential disruption to large-scale organizations, according to a recently released news report. Furthermore, threat actors have specifically targeted GitHub repositories recently, demonstrating clear intent and capability, while the…

Context On January 10, 2024, the security researcher known as Mr Bruh published a report outlining a misconfiguration in the popular AI-based hiring vendor Chatter.ai that exposes sensitive user data. According to the report, attackers can use Chatter.ai’s registration feature to create new user profiles with full read/write privileges by abusing a vulnerability or a…

On December 14, 2023, a security researcher published a proof of concept (POC) for the recent vulnerability on Github. Context Throughout the second half of December 2023, details have publicly emerged surrounding CVE-2023-50164, a vulnerability in Apache Struts with a 9.8 severity rating. According to the disclosure: “An attacker can manipulate file upload params to…

Context On December 13, 2023, the United States Federal Bureau of Investigation, Cybersecurity & Infrastructure Security Agency, National Security Agency, Polish Military Counterintelligence Service, Community Emergency Response Team Polska, and the United Kingdom’s National Cyber Security Centre released a report that assessed that cyber actors associated with the Russian Foreign Intelligence Service (SVR), also known…

The Path Taken In the 10 or so years since artificial intelligence (AI)-dependent tools have become an integral part of the business ecosystem, retail organizations have been among their most enthusiastic adopters. The industry has led the development and deployment of innovative, productivity- and profit-enhancing solutions for issues that have plagued the field for ages,…

In North America and Europe, Black Friday and Cyber Monday have become an annual tradition for retailers — and consumers — to kick off the holiday shopping season. As a result of promotions and seasonal specials, items for sale during Cyber Week may be in limited supply and attract the attention of bot operators looking…

On December 5, 2023, industrial and operational technology security vendor TXOne Networks disclosed details of 10 unpatched vulnerabilities in building automation products made by Austrian company Loytec. Context According to reports, TXOne researchers discovered the vulnerabilities over two years ago. According to reports, “The vulnerabilities are related to usernames and passwords being transmitted or stored…

The holiday shopping season is teed up for its annual explosion of spending. Retailers know this, consumers know this, and, unfortunately, cybercriminals know this. They are already taking advantage of any weak link they find to steal vital consumer and business data. Unlike gift buyers heading to stores or shopping online on Black Friday and…

Vienna, VA (November 21, 2023) – The Retail & Hospitality Information Sharing and Analysis Center (RH-ISAC) announced the results of the 2023 Board of Directors elections today. Diane Brown, vice president of IT risk management at Ulta Beauty, and Jason Stead, CISO for Choice Hotels International, were both re-elected for three-year terms on the board. Ngozi Eze, Global CISO…