Annie - RH-ISAC - Page 23 of 24 Blog

Recent research from Detectify found a 25% increase in vulnerabilities detected in its customers’ subdomain assets in 2021 than in 2020. Additionally, the study found a 100% increase in the median number of vulnerabilities per domain in 2021 than in 2020. Detectify researchers said that the subdomain attack surface continues to grow, and DNS is…

SaaS Security: A Changing Model of Cybersecurity Businesses today commonly employ hundreds of individual SaaS applications for a variety of specific functions, but the majority of sensitive data is typically entrusted to a small set of foundational enterprise applications. Security leaders are well aware that the transition to SaaS has prompted increased targeting by bad…

Vienna, VA (March 31, 2022) – The Retail & Hospitality Information Sharing and Analysis Center (RH-ISAC) today announced that four new cybersecurity solutions providers have joined the organization as Associate Members. These companies will help to support the cybersecurity needs of the consumer-facing sector by providing thought leadership and expert guidance to RH-ISAC Core Members,…

Vienna, VA (March 30, 2022) – Retail & Hospitality Information Sharing and Analysis Center (RH-ISAC) threat researchers investigated a proof-of-concept (POC) for the RCE vulnerability in the Spring framework that was reported on March 29, 2022. The RH-ISAC researchers were able to obtain a copy of the code repository that contained the POC and test…

Updates: April 5, 2022, 12 p.m. ET The “Spring4Shell” RCE (CVE-2022-22965) has been added to CISA’s list of known exploited vulnerabilities. Due to the conditions required to exploit the vulnerability, security researchers are beginning to form a consensus that, while serious, Spring4Shell is not as critical or dangerous as the Log4Shell vulnerability. The conditions for…

Details continue to emerge regarding the Lapsus$ breach of Okta systems and the impact of the incident on Okta customers and the broader security community. On March 21, 2022, the Lapsus$ cyber threat group posted screenshots on their Telegram channel demonstrating that the group had gained superuser access to Okta systems and access to Okta…

As the Russia-Ukraine conflict continues to evolve, RH-ISAC is releasing regular threat intelligence and analysis as it relates to cybersecurity risks.

Vienna, VA (February 23, 2022) – The Retail & Hospitality Information Sharing and Analysis Center (RH-ISAC) today released analysis and guidance regarding cyber threats related to the Russia-Ukraine conflict. The analysis indicates that direct, severe cyberattacks on the retail, hospitality, and travel sectors are not likely, but that organizations should be aware of potential ramifications…

Vienna, VA (January 27, 2022) – The Retail & Hospitality Information Sharing and Analysis Center (RH-ISAC) today released the CISO Benchmark Report, which includes data about budgets, personnel, and organizational priorities from cybersecurity leaders across consumer-facing industries. The report reveals that 70% of survey respondents expect the 2022 budget for information security to be higher…

Vienna, VA (November 15, 2021) – The Retail & Hospitality Information Sharing and Analysis Center (RH-ISAC) announced the election of two new directors to its Board of Directors: Marnie Wilking, global head of security and IT risk management at Wayfair, and Benjamin Vaughn, senior vice president and chief information security officer at Hyatt. Additionally, Jim Cameli, vice president and global chief information…