RH-ISAC Blog

Context On October 4, 2022, DCSO CyTec security researchers reported the technical details of a new backdoor malware targeting Microsoft SQL servers they dubbed “Maggie.” According to researchers, the Maggie backdoor can bruteforce logins to other MSSQL servers and add a new hardcoded backdoor user after bruteforcing administrator logins. Researchers did not investigate if and…

The annual RH-ISAC Cyber Intelligence Summit was held in Plano, Texas on September 20-21, 2022. Summit is the premier event for cybersecurity practitioners in the retail, hospitality, and travel industries. This year’s event had nearly 400 attendees for two days full of presentations and networking. The post-conference report is now available to download. It includes details about…

Since 2004, October has been recognized as Cybersecurity Awareness Month by organizations like the Cybersecurity and Infrastructure Security Agency (CISA) and the National Cybersecurity Alliance (NCA), which are dedicated to helping individuals better protect themselves against online threats. This year CISA and NCA are focusing on the human element of security, with the 2022 Cybersecurity…

Context On September 29, 2022, security researchers at GTSC reported the technical details of two zero-day vulnerabilities they had observed being exploited by threat actors since August 2022. Microsoft confirmed the vulnerabilities and provided details of both: CVE-2022-41040 is a Server-Side Request Forgery (SSRF) vulnerability that can enable an authenticated attacker to remotely trigger the…

RH-ISAC: What is your background in cybersecurity? Where did you get your training and education? Christy: My background is not originally in cybersecurity. I have only been working in cybersecurity for a little over a year. My background is actually in business. After earning my MBA, I began working at Hannaford, another company in the…