Blog - RH-ISAC

Context On August 22, 2023, researchers at ESET released the technical details of the Spacecolon toolset, which they observed being leveraged in multiple campaigns to deploy the Scarab ransomware against multiple industries. According to the report, the campaigns are not specifically targeted, but are opportunistic in nature. Known targets include “a hospital and a tourist…

Charles Fedorko is the director of IT security at Sage Hospitality Group. We were able to sit down with Charles to talk about his role, journey leading to his career in cybersecurity, the current cybersecurity landscape surrounding the hospitality industry, and the upcoming RH-ISAC Summit in October. Tell us about yourself and your background. How…

In July of 2023, the U.S. Securities and Exchange Commission, commonly known as the SEC, adopted new rules necessitating the disclosure of material cybersecurity incidents and related risk management, strategy, and governance. One of the most notable requirements of the new regulations is that companies must report a cybersecurity incident within four business days after…

On August 14, 2023, the threat actor managing Raccoon Stealer announced the return of the tool after a six-month break, as well as an updated version 2.3.0 with updates based on “feedback and analysis of customer requirements and market trends.” Context On August 15, 2023, researchers at Cyberint reported technical details of a resurgent campaign…

Context On August 9, 2023, Akamai researchers reported a campaign they dubbed “Xurum,” which leverages the “patched critical security flaw (CVE-2022-24086, CVSS score: 9.8) in Adobe Commerce and Magento Open Source that, if successfully exploited, could lead to arbitrary code execution.” Technical Details Key takeaways from the Akamai report include: “We have observed activity in…