» Marisa Blog

Charles Fedorko is the director of IT security at Sage Hospitality Group. We were able to sit down with Charles to talk about his role, journey leading to his career in cybersecurity, the current cybersecurity landscape surrounding the hospitality industry, and the upcoming RH-ISAC Summit in October. Tell us about yourself and your background. How…

On August 14, 2023, the threat actor managing Raccoon Stealer announced the return of the tool after a six-month break, as well as an updated version 2.3.0 with updates based on “feedback and analysis of customer requirements and market trends.” Context On August 15, 2023, researchers at Cyberint reported technical details of a resurgent campaign…

Context On August 9, 2023, Akamai researchers reported a campaign they dubbed “Xurum,” which leverages the “patched critical security flaw (CVE-2022-24086, CVSS score: 9.8) in Adobe Commerce and Magento Open Source that, if successfully exploited, could lead to arbitrary code execution.” Technical Details Key takeaways from the Akamai report include: “We have observed activity in…

On August 9, 2023, researchers at Proofpoint reported the technical details of a campaign between March and June 2023 leveraging the EvilProxy Phishing as a Service (PaaS) tool to target executives at over 100 global firms with a combination of attacker in the middle (AiTM) and account takeover (ATO) tactics. Context Key takeaways from the…

Context On July 27, 2023, The Australian Signals Directorate’s Australian Cyber Security Centre (ACSC), U.S. Cybersecurity and Infrastructure Security Agency (CISA), and U.S. National Security Agency (NSA) released an advisory “to warn vendors, designers, and developers of web applications and organizations using web applications about insecure direct object reference (IDOR) vulnerabilities.” The advisory primarily consists…