Annie - RH-ISAC - Page 8 of 21 Blog

Summary APT41, also known as Brass Typhoon, Wicked Panda, and Winnti, a Chinese state-sponsored threat actor, has been linked to a sophisticated cyber campaign targeting the gambling and gaming industry, according to a new report from security company Security Joes. Over at least six months, APT41 shifted from traditional espionage to financially motivated attacks, using techniques like…

VIENNA, VA (October 22, 2024) – The Retail and Hospitality Information Sharing and Analysis Center (RH-ISAC) announced the launch of LinkSECURE, a new program to help mature the cybersecurity capabilities of vendors and address the growing concern of supply chain cybersecurity vulnerabilities. The program aims to reduce third-party risk for RH-ISAC member companies by strengthening…

Summary The threat actor known as Intel Broker has allegedly claimed responsibility for a major data breach at technology firm Cisco, stealing sensitive information, including source codes, credentials, and confidential documents. The breach allegedly occurred on October 6 or June 10, 2024, depending on date format, with Intel Broker announcing the theft on Breach Forums on October…

Summary Adobe Commerce and Magento online stores are being targeted in CosmicSting attacks at an increasingly scaling rate, with threat actors hacking approximately 5% of all Adobe Commerce and Magento stores. The CosmicSting vulnerability, designated CVE-2024-34102, is a critical severity information disclosure flaw; when chained with CVE-2024-2961, a security issue in glibc’s iconv function, an attacker can achieve…

Vienna, VA (October 1, 2024) – The Retail & Hospitality Information Sharing and Analysis Center today announced that Pam Lindemoen will join the organization as Chief Security Officer & VP of Strategy. In this role, she will oversee the organization’s security operations, including cybersecurity and information security, while also leading strategic planning and partner engagement….

Researchers from BitSight Technologies’ TRACE team have uncovered several critical zero-day vulnerabilities in six Automatic Tank Gauge (ATG) systems from five different vendors. If these vulnerabilities are weaponized, malicious actors could exploit industrial control systems (ICS) used in critical infrastructure sectors, including retail and hospitality, potentially causing harm, including physical destruction, environmental risks, and financial losses….

Yubico and Microsoft deliver strong identity, endpoint and access controls to Hyatt’s global operations Hyatt Hotels Corporation is one of the world’s most well-recognized and respected hospitality brands with approximately 1,500 hotel and all-inclusive properties spanning across 70 countries. With so many properties and employees spread out across the globe, it is a daunting task…

Vienna, VA (September 25, 2024) – The Retail & Hospitality Information Sharing and Analysis Center (RH-ISAC) announced its 2024 award winners during the annual membership meeting held on 24 September in Minneapolis, Minnesota. The awards recognize outstanding companies and individuals who have displayed extraordinary dedication to RH-ISAC’s mission to build a collaborative sharing community that…

Modern Authentication is the Word on the Street A few months ago, I attended the RH-ISAC Spring Summit 2024 to discuss all things Identity and Access Management (IAM) with practitioners at companies of all sizes. The best part of these interactions was the pure joy and pride these experts had while talking about their identity…

Increasingly, retail and hospitality applications are under attack by malicious threat actors exploiting web vulnerabilities. Thankfully, there’s a huge community of talented andtenacious ethical hackers who specialize in the retail and hospitality industries and can bring to your organization’s security. Thousands of the world’s most influential brands — including Hyatt, Beiersdorf, A.S. Watson, Delivery Hero,…