Annie - RH-ISAC - Page 4 of 21 Blog

Summary The cybercriminal group known UNC6040 is conducting sophisticated attacks by socially engineering employees into installing maliciously modified versions of Salesforce’s Data Loader tool, facilitating extensive data theft, according to new intelligence from Google Cloud. Exploiting phone-based social engineering (“vishing”), these attackers pose as IT support to trick victims into granting unauthorized Salesforce app access,…

Summary Sophos Managed Detection and Response (MDR) recently intervened in a targeted cyberattack against an unnamed Managed Service Provider (MSP), where threat actors leveraged vulnerabilities in the SimpleHelp remote monitoring and management (RMM) platform to deploy DragonForce ransomware across multiple endpoints. Attackers exploited vulnerabilities CVE-2024-57727, CVE-2024-57728, and CVE-2024-57726, initially disclosed in January 2025, to achieve remote execution, arbitrary file…

Context EclecticIQ has identified active exploitation of two critical vulnerabilities (CVE-2025-4427 and CVE-2025-4428) in Ivanti Endpoint Manager Mobile (EPMM) version 12.5.0.0 and earlier, allowing for unauthenticated remote code execution. This activity, attributed with high confidence to the China-nexus espionage group UNC5221, began on May 15, 2025, and targets critical sectors globally, including healthcare, telecommunications, and government. The threat actors…

As the summer travel season approaches, travelers worldwide are busy booking their holidays, entrusting the hospitality industry with some of their most sensitive personal and financial information. Unfortunately, this makes the sector a prime target for threat actors looking to exploit and steal this data. In the 2025 Trustwave Risk Radar Report: Hospitality Sector report,…

Context Public reporting has emerged that claims ransomware group Scattered Spider gained initial access to Marks & Spencer’s (M&S) systems by compromising the login credentials of two employees from their third-party partner, Tata Consultancy Services (TCS). Cyber News reports that a source reportedly told news agencies “that at least two Tata Consultancy Services employees’ M&S logins were used…

You log in to your loyalty account to cash in a year’s worth of points—only to find them wiped clean. No redemptions in your history, no trace of your perks. This isn’t a UX glitch—it’s account takeover (ATO), and it’s not personal. The cybercrime ecosystem isn’t just a place where criminals discuss how to profit…

VIENNA, VA (April 14, 2025) – The Retail & Hospitality Information Sharing and Analysis Center (RH-ISAC) announced its 2025 award winners during the annual membership meeting held on 9 April in St. Louis, Missouri. The awards recognize outstanding companies and individuals who have displayed extraordinary dedication to RH-ISAC’s mission to build a collaborative sharing community…

Context Ivanti has disclosed a critical vulnerability, CVE-2025-22457 (CVSS 9.0), affecting multiple product lines including Connect Secure, Policy Secure, and ZTA Gateways. The flaw, a stack-based buffer overflow, allows unauthenticated remote attackers to execute arbitrary code, and has been actively exploited in the wild. Google’s Mandiant team identified threat activity tied to UNC5221, a China-nexus group, which…

The retail and hospitality industries are facing a surge in cyber threats, with ransomware, phishing campaigns, and impersonation scams among the most pressing risks. In 2024 alone, ransomware accounted for 30% of all reported incidents in these sectors, while phishing attacks targeting customer data increased by 22% year-over-year. These threats not only disrupt operations but…

Context Sekoia researchers have released updates on ClearFake, a malicious JavaScript framework that infects compromised websites to deliver malware through drive-by downloads and social engineering tactics. Initially observed in July 2023, ClearFake utilized fake browser update prompts to trick users into downloading malware. The latest 2025 variant introduces new lures, including fake reCAPTCHA and Cloudflare Turnstile verifications,…