Annie - RH-ISAC - Page 7 of 22 Blog

Executive Summary A recent investigation by Sucuri uncovered a sophisticated credit card skimmer on a Magento-based eCommerce website, leveraging Google Tag Manager (GTM) to inject malicious JavaScript and steal payment details. The malware was hidden within the cms_block.content database table, allowing attackers to discreetly intercept checkout page transactions. Further analysis by Sucuri revealed a backdoor in the…

VIENNA, VA (February 12, 2025) – The Retail & Hospitality Information Sharing and Analysis Center (RH-ISAC) has released the full agenda for its upcoming annual Cyber Intelligence Summit, the premier event for cybersecurity professionals working in retail, hospitality, and other consumer-facing industries. Scheduled to take place on 7-9 April in St. Louis, Missouri, the conference…

VIENNA, VA (January 21, 2025) – The Retail & Hospitality Information Sharing and Analysis Center (RH-ISAC) is thrilled to announce that Rachel Tobac, renowned cybersecurity expert and CEO of SocialProof Security , will deliver the keynote address at the 2025 RH-ISAC Cyber Intelligence Summit, taking place 7–9 April, 2025, in St. Louis, Missouri. In her…

Executive Summary In early December 2024, Arctic Wolf Labs identified a sophisticated cyberattack campaign targeting Fortinet FortiGate firewall devices. Unidentified threat actors exploited a suspected zero-day vulnerability to gain unauthorized access to the devices’ management interfaces, allowing them to alter firewall configurations and extract credentials using DCSync. Community Impact A successful compromise of FortiGate firewalls in this…

Executive Summary A sophisticated credit card skimmer malware has been discovered targeting WordPress websites, stealthily injecting malicious JavaScript into the site’s database to steal sensitive payment information. This skimmer, designated malware.magento_shoplift.273 by Securi, specifically activates on checkout pages, either by hijacking legitimate payment fields or injecting fake credit card forms. The stolen data, including credit card…

Cyberattacks are relentless, with thousands occurring every day. Yet despite billions spent on defense, breaches persist, leaving organizations reeling from financial and reputational damage. The harsh reality? Many cybersecurity tools fail because they aren’t built for today’s dynamic threat landscape. I founded Stairwell to challenge that status quo—not by adding to the noise but by…

Executive Summary Black Basta, according to a new report from SOCRadar, has advanced its tactics by combining new social engineering tactics, malware such as Zbot and DarkGate, and custom tools to infiltrate and compromise targeted networks. With global impact across multiple critical sectors, the group’s innovative methods emphasize the critical need for layered security measures and…

Executive Summary Cyberhaven has announced that their Cyberhaven Chrome extension was compromised on December 25, 2024, after a phishing attack on an administrator account allowed attackers to upload a malicious update (v24.10.4) to the Chrome Web Store. The compromised extension exfiltrated cookies, session tokens, and sensitive user data to an attacker-controlled domain, potentially enabling account…

Executive Summary Fortinet has recently addressed a critical vulnerability, designated CVE-2023-34990 in its Wireless LAN Manager (FortiWLM) software, which could allow remote, unauthenticated attackers to access sensitive files and potentially gain admin privileges. Exploited via a lack of input validation in log-reading functionality, this vulnerability exposes session IDs that attackers can use to hijack authenticated sessions. CVE-2023-34990, which affects…

Summary Four major Chinese state-sponsored Advanced Persistent Threat (APT) groups, Volt Typhoon, Salt Typhoon, Flax Typhoon, and Brass Typhoon, are targeting global critical infrastructure and network devices as part of coordinated cyber espionage campaigns. These groups exploit vulnerabilities in network appliances, IoT devices, and software supply chains to maintain persistent access and exfiltrate sensitive data. Their tactics include living-off-the-land…