Annie - RH-ISAC - Page 15 of 23 Blog

VIENNA, VA (March 14, 2024) – The Retail and Hospitality Information Sharing and Analysis Center (RH-ISAC)  announced that Rich Agostino, senior vice president and CISO at Target, Jayson E. Street, renowned social engineering expert, and Andy Greenberg, senior writer for WIRED, will be keynote speakers at the 2024 RH-ISAC Cyber Intelligence Summit. The annual event…

On March 5, 2023, Zscaler researchers reported details of a sophisticated phishing campaign they attribute to a single threat actor, leveraging fake meeting invitations for popular video conference tools to spread remote access trojans (RATs). Community Impact The RH-ISAC intelligence team assesses that this and similar campaigns constitute a moderate threat to the RH-ISAC community….

Executive Summary The BlackCat/ALPHV ransomware gang has officially claimed responsibility for a cyberattack on Optum, a subsidiary of UnitedHealth Group (UHG), which led to an ongoing outage affecting the Change Healthcare platform, the largest pharmacy payment exchange platform. This declaration of responsibility, which has since been removed on the BlackCat/ALPHV’s facing site, come as the United States…

An international law enforcement operation led by Britain’s National Crime Agency and the United States Federal Bureau of Investigations has arrested and indicted two members of the LockBit ransomware gang and seized significant portions of its internal infrastructure. Several components of LockBit services are still operational, including its data sharing component, which publishes data of victims who fail to pay. Community…

Context On February 13, 2024, Microsoft acknowledged an actively exploited critical security flaw in Exchange Server, identified as CVE-2024-21410 with a CVSS score of 9.8. The vulnerability involves privilege escalation impacting Exchange Server, allowing attackers to further exploit NT (New Technology) LAN Manager (NTLM) credentials-leaking vulnerabilities in Outlook. The leaked credentials can be relayed against the Exchange server to gain higher privileges and…

Context Security Researchers from Check Point have released a public report, Raspberry Robin Keeps Riding the Wave of Endless 1-Days, detailing new intelligence and technical analysis of the threat actor known as Raspberry Robin. Key findings from the report include the usage of two new 1-day Local Privilege Escalation (LPE) exploits by Raspberry Robin before public…

Context Fortinet has disclosed a critical security flaw, CVE-2024-21762, in its FortiOS Secure Sockets Layer (SSL) VPN, with a CVSS score of 9.6, indicating a high severity flaw. The vulnerability allows remote unauthenticated attackers to execute arbitrary code or commands through specially crafted HTTP requests. Fortinet acknowledges that the flaw is likely being exploited in the wild, although specific details…

Context Ivanti has disclosed the discovery of two new high-severity flaws in its Connect Secure and Policy Secure products, one of which is said to have come under targeted exploitation in the wild. This comes after the recent publication of CISA Alert: Ivanti Releases Security Update for Connect Secure and Policy Secure Gateways. Community Threat Assessment Due to the confirmed…

Context Representatives from GitHub Security has announced the rotation of private keys potentially exposed by a newly discovered vulnerability, which was previously patched in December of 2023, that could let attackers access credentials within private production containers via environment variables. The rotated keys include the GitHub commit signing key as well as GitHub Actions, GitHub Codespaces, and…

Context On January 11, 2023, GitLab released security updates to remedy two critical vulnerabilities in GitLab software. All RH-ISAC organizations are urged to immediately update to versions 16.5.6, 16.6.4, and 16.7.2, or to a version where the fix was backported (16.1.6, 16.2.9, 16.3.7, and 16.4.5). According to the security update, the flaws affected the following…