Bolstering Your Modern Authentication Strategy to Align with PCI DSS 4.0.1

As a retail, hospitality, and travel organization, people turn to you for joy and to create a lifetime of happy memories through the services and experiences you provide. To build the relationship with customers and ensure you can deliver the highest level of service, collecting and storing sensitive information such as payment card data (PCI),…

Read More

Threat Actor Abuses Cloudflare Trial Tunnels to Deliver RATs

Summary Researchers from Proofpoint have released a report warning of threat actors increasingly abusing the Cloudflare Tunnel service in malware campaigns that usually deliver remote access trojans (RATs). First observed in February 2024, the cluster increased activity in May through July, with most campaigns leading to Xworm, a remote access trojan (RAT), in recent months. Community Impact…

Read More

Ransomware Operators Exploit Novel ESXi Vulnerability for Attacks

Summary Microsoft researchers have uncovered a vulnerability in VMware ESXi hypervisors being exploited by several ransomware operators to obtain full administrative permissions on affected systems. Ransomware groups like Storm-0506, Storm-1175, Octo Tempest, and Manatee Tempest have exploited this flaw, designated CVE-2024-37085, deploying ransomware such as Akira and Black Basta. The issue was disclosed to VMware, which released a security update. RH-ISAC Members who utilize VMware products in…

Read More

FrostyGoop Leverages Modbus TCP to Exploit Sensitive OT Systems

Summary Security researchers have unveiled a new malware strain designated FrostyGoop, which is directly targeting industrial control systems (ICS) on targeted systems. Discovered by Dragos in April 2024, FrostyGoop can directly interact with ICS devices via Modbus, a widely used industrial protocol. The malware was linked to a cyber-attack on a district energy company in Lviv,…

Read More

RH-ISAC Joins National Task Force for Fraud & Scam Prevention

Washington, D.C. (July 18, 2024)  – Today, the Aspen Institute Financial Security Program (Aspen FSP) is announcing the formation of a National Task Force for Fraud & Scam Prevention, an initiative that will bring together leading stakeholders from government, law enforcement, private industry, and civil society to develop a nation-wide strategy aimed at helping prevent…

Read More