Annie - RH-ISAC - Page 8 of 22 Blog

Summary Ivanti has disclosed a critical authentication bypass vulnerability, designated CVE-2024-11639, in its Cloud Services Appliance (CSA) solution, which could allow remote attackers to gain administrative privileges without authentication. The flaw affects CSA version 5.0.2 and earlier, with Ivanti advising immediate upgrades to version 5.0.3. While there is no evidence of exploitation in the wild, this…

In today’s digital-first retail landscape, maintaining PCI compliance across multiple sales channels isn’t just a regulatory box to tick – it’s a critical safeguard for your business. Consider this: 60% of small businesses close their doors within six months of a data breach. That’s a wake-up call for retailers everywhere! From e-commerce platforms to mobile…

Summary Researchers from SecureList from Kaspersky revealed new details regarding the Horns&Hooves cyber campaign, active since March 2023, which targeted over a thousand users and businesses in Russia (including retailers), using malicious JScript (JS) scripts disguised as legitimate email attachments. These scripts deploy the legitimate remote administration tool, NetSupport, for malicious purposes, granting attackers remote access…

On 3 December 2024, the RH-ISAC intel team was informed about a possible digital skimmer that may be present on an unnamed e-commerce website. JJ Josing, Principal Threat Researcher at the RH-ISAC, started his initial investigation into this incident. Our investigation discovered a script block containing heavily obfuscated JavaScript in the HTML of the checkout…

Summary A ransomware attack on Blue Yonder, a supply chain software provider for major supermarkets and fast-moving consumer goods (FMCG) suppliers, has severely disrupted operations. Blue Yonder confirmed the attack impacted its private cloud services, which support demand forecasting, automated ordering, and warehouse and supply management. A task force, alongside with third-party cybersecurity firms, is…

VIENNA, VA (November 19, 2024) – The Retail & Hospitality Information Sharing and Analysis Center (RH-ISAC) released its annual Holiday Season Cyber Threat Trends report, revealing that fraud and ransomware are expected to plague the threat landscape facing retailers, hospitality, and travel businesses during their busiest season. The report predicts that social engineering, ransomware, and…

Summary In early October 2024, EclecticIQ analysts discovered a large-scale phishing campaign targeting e-commerce shoppers in Europe and the USA. This campaign, which capitalized on the heightened online shopping activity around Black Friday, is believed to have been orchestrated by a Chinese financially motivated threat actor, referred to as SilkSpecter. The campaign enticed victims with fake discounted…

The battle between humans and bots is heating up, with Black Friday and Cyber Monday standing as prime targets. Some “Black Friday” holiday shopping events have already begun. Based on Kasada’s 2023 findings, the trends observed last year offer valuable insights and preparation strategies for 2024. With threat actors more sophisticated than ever, retailers must…

Executive Summary Researchers from ClearSky Cyber Security has uncovered a new cyber espionage campaign attributed to TA455, a subgroup of the Iranian cyber threat actor known as Charming Kitten (also known as APT35). The cyber espionage campaign, which has been active since at least September 2023, has targeted critical industry sector entities in the aerospace, aviation, and…

As the holiday shopping season approaches, the 2024  Trustwave Risk Radar Report: Retail Sector highlights a growing threat to the retail sector. Cybercriminals have refined their tactics, preparing to launch ransomware and phishing attacks that exploit well-known online brands. These attacks aim to defraud retailers and consumers, with the skills gained being used to infiltrate…