Retail & Hospitality ISAC Threat Researchers Confirm Validity of Spring Framework RCE Vulnerability

Vienna, VA (March 30, 2022) – Retail & Hospitality Information Sharing and Analysis Center (RH-ISAC) threat researchers investigated a proof-of-concept (POC) for the RCE vulnerability in the Spring framework that was reported on March 29, 2022. The RH-ISAC researchers were able to obtain a copy of the code repository that contained the POC and test…

Read More

Alleged RCE Vulnerability Discovered in Spring Framework

Updates: April 5, 2022, 12 p.m. ET The “Spring4Shell” RCE (CVE-2022-22965) has been added to CISA’s list of known exploited vulnerabilities. Due to the conditions required to exploit the vulnerability, security researchers are beginning to form a consensus that, while serious, Spring4Shell is not as critical or dangerous as the Log4Shell vulnerability. The conditions for…

Read More

Okta Breach Update and Analysis

Details continue to emerge regarding the Lapsus$ breach of Okta systems and the impact of the incident on Okta customers and the broader security community. On March 21, 2022, the Lapsus$ cyber threat group posted screenshots on their Telegram channel demonstrating that the group had gained superuser access to Okta systems and access to Okta…

Read More

Retail & Hospitality ISAC Issues Analysis Related to Russian-Ukraine Cyber Threats

Vienna, VA (February 23, 2022) – The Retail & Hospitality Information Sharing and Analysis Center (RH-ISAC) today released analysis and guidance regarding cyber threats related to the Russia-Ukraine conflict. The analysis indicates that direct, severe cyberattacks on the retail, hospitality, and travel sectors are not likely, but that organizations should be aware of potential ramifications…

Read More