» Blog

Summary Adobe Commerce and Magento online stores are being targeted in CosmicSting attacks at an increasingly scaling rate, with threat actors hacking approximately 5% of all Adobe Commerce and Magento stores. The CosmicSting vulnerability, designated CVE-2024-34102, is a critical severity information disclosure flaw; when chained with CVE-2024-2961, a security issue in glibc’s iconv function, an attacker can achieve…

Researchers from BitSight Technologies’ TRACE team have uncovered several critical zero-day vulnerabilities in six Automatic Tank Gauge (ATG) systems from five different vendors. If these vulnerabilities are weaponized, malicious actors could exploit industrial control systems (ICS) used in critical infrastructure sectors, including retail and hospitality, potentially causing harm, including physical destruction, environmental risks, and financial losses….

Yubico and Microsoft deliver strong identity, endpoint and access controls to Hyatt’s global operations Hyatt Hotels Corporation is one of the world’s most well-recognized and respected hospitality brands with approximately 1,500 hotel and all-inclusive properties spanning across 70 countries. With so many properties and employees spread out across the globe, it is a daunting task…

Modern Authentication is the Word on the Street A few months ago, I attended the RH-ISAC Spring Summit 2024 to discuss all things Identity and Access Management (IAM) with practitioners at companies of all sizes. The best part of these interactions was the pure joy and pride these experts had while talking about their identity…

Increasingly, retail and hospitality applications are under attack by malicious threat actors exploiting web vulnerabilities. Thankfully, there’s a huge community of talented andtenacious ethical hackers who specialize in the retail and hospitality industries and can bring to your organization’s security. Thousands of the world’s most influential brands — including Hyatt, Beiersdorf, A.S. Watson, Delivery Hero,…