Blog

As the holiday shopping season approaches, the 2024  Trustwave Risk Radar Report: Retail Sector highlights a growing threat to the retail sector. Cybercriminals have refined their tactics, preparing to launch ransomware and phishing attacks that exploit well-known online brands. These attacks aim to defraud retailers and consumers, with the skills gained being used to infiltrate…

The standards and best practices document provide a high-level overview of the twenty most critical cybersecurity controls hoteliers, online travel agencies (OTAs), and connectivity providers should focus on, particularly highlighting identity and access management (IAM) best practices, which can act as critical barriers for many prevalent fraud operations. Download the document here. The standards and…

Summary Since October 22, 2024, Microsoft Threat Intelligence has observed recorded activity of the Russian threat actor known as Midnight Blizzard conducting a sophisticated spear-phishing campaign aimed at individuals in various sectors, including government, academia, defense, and non-governmental organizations. This ongoing activity involves sending highly targeted emails, which include a signed Remote Desktop Protocol (RDP) configuration file…

In today’s digital landscape, hotels face increasing cybersecurity risks that can jeopardize guest data and damage brand reputation. Regular penetration testing has become an essential practice for hotels to identify vulnerabilities, ensure compliance, and maintain a strong security posture. This article explores the importance of penetration testing for hotels and guides on implementing an effective…

Summary A significant data breach involving Hot Topic, Torrid, and Box Lunch, advertised by the threat actor Satanic, has reportedly exposed the personal data of 350 million customers, including names, emails, addresses, phone numbers, and birthdates, billions of payment details and loyalty points, including the last 4 digits of customers’ credit cards, card types, hashed…

Summary APT41, also known as Brass Typhoon, Wicked Panda, and Winnti, a Chinese state-sponsored threat actor, has been linked to a sophisticated cyber campaign targeting the gambling and gaming industry, according to a new report from security company Security Joes. Over at least six months, APT41 shifted from traditional espionage to financially motivated attacks, using techniques like…

Summary The threat actor known as Intel Broker has allegedly claimed responsibility for a major data breach at technology firm Cisco, stealing sensitive information, including source codes, credentials, and confidential documents. The breach allegedly occurred on October 6 or June 10, 2024, depending on date format, with Intel Broker announcing the theft on Breach Forums on October…

Summary Adobe Commerce and Magento online stores are being targeted in CosmicSting attacks at an increasingly scaling rate, with threat actors hacking approximately 5% of all Adobe Commerce and Magento stores. The CosmicSting vulnerability, designated CVE-2024-34102, is a critical severity information disclosure flaw; when chained with CVE-2024-2961, a security issue in glibc’s iconv function, an attacker can achieve…

Researchers from BitSight Technologies’ TRACE team have uncovered several critical zero-day vulnerabilities in six Automatic Tank Gauge (ATG) systems from five different vendors. If these vulnerabilities are weaponized, malicious actors could exploit industrial control systems (ICS) used in critical infrastructure sectors, including retail and hospitality, potentially causing harm, including physical destruction, environmental risks, and financial losses….

Yubico and Microsoft deliver strong identity, endpoint and access controls to Hyatt’s global operations Hyatt Hotels Corporation is one of the world’s most well-recognized and respected hospitality brands with approximately 1,500 hotel and all-inclusive properties spanning across 70 countries. With so many properties and employees spread out across the globe, it is a daunting task…