Updates: April 5, 2022, 12 p.m. ET The “Spring4Shell” RCE (CVE-2022-22965) has been added to CISA’s list of known exploited vulnerabilities. Due to the conditions required to exploit the vulnerability, security researchers are beginning to form a consensus that, while serious, Spring4Shell is not as critical or dangerous as the Log4Shell vulnerability. The conditions for…
Read More
Details continue to emerge regarding the Lapsus$ breach of Okta systems and the impact of the incident on Okta customers and the broader security community. On March 21, 2022, the Lapsus$ cyber threat group posted screenshots on their Telegram channel demonstrating that the group had gained superuser access to Okta systems and access to Okta…
Read More
As the Russia-Ukraine conflict continues to evolve, RH-ISAC is releasing regular threat intelligence and analysis as it relates to cybersecurity risks.
Read More
Vienna, VA (February 23, 2022) – The Retail & Hospitality Information Sharing and Analysis Center (RH-ISAC) today released analysis and guidance regarding cyber threats related to the Russia-Ukraine conflict. The analysis indicates that direct, severe cyberattacks on the retail, hospitality, and travel sectors are not likely, but that organizations should be aware of potential ramifications…
Read More
Vienna, VA (January 27, 2022) – The Retail & Hospitality Information Sharing and Analysis Center (RH-ISAC) today released the CISO Benchmark Report, which includes data about budgets, personnel, and organizational priorities from cybersecurity leaders across consumer-facing industries. The report reveals that 70% of survey respondents expect the 2022 budget for information security to be higher…
Read More
