Blog - RH-ISAC

On January 4, 2023, Ahn Lab Security Response Center (ASEC) researchers reported the technical details of a new Linux malware written using Shc delivering a cryptocurrency miner. ASEC researchers assess that the campaign is primarily targeting unspecified systems in South Korea. According to ASEC researchers, the malware authenticates through a dictionary attack on Linux SSH…

The Retail and Hospitality Information Sharing and Analysis Center (RH-ISAC) today announced its adoption of the FIRST Standard Definitions and Usage Guidance — Traffic Light Protocol (TLP) Version 2.0 for sharing information within the organization. As of January 4, 2023, all RH-ISAC intelligence reports, community calls, workshops, and briefings will follow TLP 2.0 standards. The intelligence team will discuss…

From the onset, access control is the most dynamic pillar in the ZTA implementation process. New accounts need to be created for legitimate business use, accounts likely need varying degrees of access, and account revocation for individual accounts and a mass list is always a concern. Identity and Access Management (IAM) Basics The quest towards…

Now that we have it defined, how do we practically approach the path to zero-trust architecture (ZTA) and why does it matter? Suppose we start the ZTA discussion by agreeing on a standard definition in its simplest form, i.e., limiting the impact of any unauthorized events by design. Many current industry definitions summarize the key…

Context APT37 is a known, sophisticated North Korean state-backed actor that has historically leveraged Internet Explorer zero-days to target North Korean defectors, government officials, journalists, and activists in South Korea. Technical Details CVE-2022-41128 was patched by Microsoft on November 8, 2022. According to Microsoft, “this vulnerability requires that a user with an affected version of…