Summit 2024
Press Release

Keynote Speakers and Agenda Confirmed for 2024 Retail and Hospitality ISAC Cyber Intelligence Summit

Posted on March 14, 2024

By Annie Chambliss, RH-ISAC Director of Marketing and Communications

VIENNA, VA (March 14, 2024) – The Retail and Hospitality Information Sharing and Analysis Center (RH-ISAC)  announced that Rich Agostino, senior vice president and CISO at Target, Jayson E. Street, renowned social engineering expert, and Andy Greenberg, senior writer for WIRED, will be keynote speakers at the 2024 RH-ISAC Cyber Intelligence Summit. The annual event…

Read More
cellphone with calendar
Threat Intelligence

Multiple RATs Distributed in Phishing Campaign Leveraging Fake Meeting Invitations

Posted on March 6, 2024

By Lee Clark, RH-ISAC Cyber Threat Intel Analyst & Writer

On March 5, 2023, Zscaler researchers reported details of a sophisticated phishing campaign they attribute to a single threat actor, leveraging fake meeting invitations for popular video conference tools to spread remote access trojans (RATs). Community Impact The RH-ISAC intelligence team assesses that this and similar campaigns constitute a moderate threat to the RH-ISAC community….

Read More
black cat
Ransomware

BlackCat/ALPHV Claims Responsibility for Change Healthcare Ransom

Posted on February 28, 2024

By Bradford Regeski, Cyber Threat Intelligence Analyst

Executive Summary The BlackCat/ALPHV ransomware gang has officially claimed responsibility for a cyberattack on Optum, a subsidiary of UnitedHealth Group (UHG), which led to an ongoing outage affecting the Change Healthcare platform, the largest pharmacy payment exchange platform. This declaration of responsibility, which has since been removed on the BlackCat/ALPHV’s facing site, come as the United States…

Read More
lockbit
Threat Intelligence

LockBit Ransomware Operations Significantly Disrupted by Recent Law Enforcement Operations; Descriptor Tool Updated

Posted on February 20, 2024

By Bradford Regeski, Cyber Threat Intelligence Analyst

An international law enforcement operation led by Britain’s National Crime Agency and the United States Federal Bureau of Investigations has arrested and indicted two members of the LockBit ransomware gang and seized significant portions of its internal infrastructure. Several components of LockBit services are still operational, including its data sharing component, which publishes data of victims who fail to pay. Community…

Read More
Exchange server logo
Threat Intelligence

Microsoft Warns of Critical Exchange Server Flaw Under Active Exploitation

Posted on February 15, 2024

By Bradford Regeski, Cyber Threat Intelligence Analyst

Context On February 13, 2024, Microsoft acknowledged an actively exploited critical security flaw in Exchange Server, identified as CVE-2024-21410 with a CVSS score of 9.8. The vulnerability involves privilege escalation impacting Exchange Server, allowing attackers to further exploit NT (New Technology) LAN Manager (NTLM) credentials-leaking vulnerabilities in Outlook. The leaked credentials can be relayed against the Exchange server to gain higher privileges and…

Read More