Krispy Kreme Doughnut Delivery Gets Cooked in Cyberattack| Governments, Telcos Ward Off China's Hacking Typhoons

Threat actors punch holes in the company's online ordering systems, tripping up doughnut deliveries across the US after a late November breach.

Follow Dark Reading:

December 12, 2024

LATEST SECURITY NEWS & COMMENTARY Krispy Kreme Doughnut Delivery Gets Cooked in Cyberattack Threat actors punch holes in the company's online ordering systems, tripping up doughnut deliveries across the US after a late November breach. Governments, Telcos Ward Off China's Hacking Typhoons Infiltrating other nations' telecom networks is a cornerstone of China's geopolitical strategy, and it's having the unintended consequence of driving the uptake of encrypted communications. Researchers Crack Microsoft Azure MFA in an Hour A critical flaw in the company's rate limit for failed sign-in attempts allowed unauthorized access to a user account, including Outlook emails, OneDrive files, Teams chats, Azure Cloud, and more. Actively Exploited Zero-Day, Critical RCEs Lead Microsoft Patch Tuesday The zero-day (CVE-2024-49138), plus a worryingly critical unauthenticated RCE security vulnerability (CVE-2024-49112), are unwanted gifts for security admins this season. Texas Teen Arrested for Scattered Spider Telecom Hacks An FBI operation nabbed a member of the infamous cybercrime group, who is spilling the tea on "key Scattered Spider members" and their tactics. Russia's 'BlueAlpha' APT Hides in Cloudflare Tunnels Cloudflare Tunnels is just the latest legitimate cloud service that cybercriminals and state-sponsored threat actors are abusing to hide their tracks. Cybercrime Gangs Abscond With Thousands of Orgs' AWS Credentials The Nemesis and ShinyHunters attackers scanned millions of IP addresses to find exploitable cloud-based flaws, though their operation ironically was discovered due to a cloud misconfiguration of their own doing. Why SOC Roles Need to Evolve to Attract a New Generation The cybersecurity industry faces a growing crisis in attracting and retaining SOC analysts. Large-Scale Incidents & the Art of Vulnerability Prioritization We can anticipate a growing number of emerging vulnerabilities in the near future, emphasizing the need for an effective prioritization strategy. MORE NEWS / MORE COMMENTARY HOT TOPICS Tips for Preventing Breaches in 2025 Hackers are constantly evolving, and so too should our security protocols. Lessons From the Largest Software Supply Chain Incidents The software supply chain is a growing target, and organizations need to take special care to safeguard it. Vulnerability Management Challenges in IoT & OT Environments By understanding the unique challenges of protecting IoT and OT devices, organizations can safeguard these critical assets against evolving cyber threats. MORE PRODUCTS & RELEASES Genetec Physical Security Report Shows Accelerating Hybrid Cloud Adoption Compromised Software Code Poses New Systemic Risk to U.S. Critical Infrastructure Onapsis Expands Code Security Capabilities to Accelerate and De-Risk SAP BTP Development Projects Wyden and Schmitt Call for Investigation of Pentagon's Phone Systems MORE PRODUCTS & RELEASES EDITORS' CHOICE Microsoft NTLM Zero-Day to Remain Unpatched Until April The second zero-day vulnerability found in Windows NTLM in the past two months paves the way for relay attacks and credential theft. Microsoft has no patch, but released updated NTLM cyberattack mitigation advice. LATEST FROM THE EDGE Cybersecurity Lessons From 3 Public Breaches High-profile security incidents provide examples of how common vulnerabilities can be exploited. If you pay attention, you can learn from others' mistakes. LATEST FROM DR TECHNOLOGY Open Source Security Priorities Get a Reshuffle The "Census of Free and Open Source Software" report, which identifies the most critical software projects, sees more cloud infrastructure and Python software designated as critical software components. LATEST FROM DR GLOBAL African Law Enforcement Nabs 1,000+ Cybercrime Suspects Authorities across 19 African countries also dismantled their infrastructure and networks, thanks to cooperation between global law enforcement and private firms. WEBINARS The Current State of AI Adoption in Cybersecurity, Including its Opportunities 10 Emerging Vulnerabilities Every Enterprise Should Know View More Dark Reading Webinars >> WHITE PAPERS Enhancing Cybersecurity: The Critical Role Of Software Security Training The State of Asset Security: Uncovering Alarming Gaps & Unexpected Exposures Enterprise Key Management Buyer's Guide Frost Radar: Cloud Security Posture Management, 2024 The State of Vulnerability Management in the Enterprise Generative AI Gifts 5 Essential Insights into Generative AI for Security Leaders View More White Papers >> FEATURED REPORTS IDC Analyst Brief: Enhancing Incident Response with Automated Investigation Workflows Managing Third-Party Risk Through Situational Awareness 2024 InformationWeek US IT Salary Report View More Dark Reading Reports >>

Dark Reading Weekly -- Published By Dark Reading Operated by TechTarget, Inc. and its subsidiaries, 275 Grove Street, Newton, Massachusetts, 02466 US To opt-out of any future Dark Reading Weekly Newsletter emails, please respond here. Thoughts about this newsletter? Give us feedback. Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our Privacy Statement.

© 2024 | TechTarget, Inc. | Privacy Statement | Terms & Conditions | Contact Us