RH-ISAC Blog

As a retailer or hospitality professional, we know that it is important to you to ensure that you are securing payment data effectively for your customers and for your business. It is also important for you to have a voice when it comes to the future of securing payment data through the ongoing development of…

Context On May 4, 2023, VulnCheck researchers released a proof-of-concept (POC) exploit for CVE-2023-27350. According to the report, the exploit bypasses current detection options for attacks leveraging the vulnerability. Technical Details According to NIST, CVE-2023-27350 “allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Build 63914). Authentication is not required to…

On April 26, 2023, BitDefender Labs researchers reported the technical details of a new custom malware named BellaCiao they attribute to the Iranian Charming Kitten advanced persistent threat (APT). Context According to the report, “This malware is tailored to suit individual targets and exhibits a higher level of complexity, evidenced by a unique communication approach…

Context On April 25, 2023, BlackBerry threat intelligence researchers released their Global Threat Report for the December 2022-February 2023 period. According to the report, BlackBerry researchers observed up to 12 attacks per minute, new malware sample increases of 50% in prevalence. Key Takeaways Key findings from the report for the retail, hospitality, and travel communities…

This month’s member spotlight is Christopher (Chris) De La Rosa, senior threat intelligence analyst at DICK’S Sporting Goods. During our conversation with Chris, he expanded upon his unconventional path leading to his career in threat intelligence and his day-to-day duties. Keep an eye out for Chris at the upcoming RH-ISAC Summit as he is hoping…