Dark Reading Daily -- December 12, 2024

A critical flaw in the company's rate limit for failed sign-in attempts allowed unauthorized access to a user account, including Outlook emails, OneDrive files, Teams chats, Azure Cloud, and more.

LATEST SECURITY NEWS & COMMENTARY

Researchers Crack Microsoft Azure MFA in an Hour

A critical flaw in the company's rate limit for failed sign-in attempts allowed unauthorized access to a user account, including Outlook emails, OneDrive files, Teams chats, Azure Cloud, and more.

Krispy Kreme Doughnut Delivery Gets Cooked in Cyberattack

Threat actors punch holes in the company's online ordering systems, tripping up doughnut deliveries across the US after a late November breach.

Chinese Hacker Pwns 81K Sophos Devices With Zero-Day Bug

The US State Department has offered a $10 million reward for Guan Tianfeng, who has been accused of developing and testing a critical SQL injection flaw with a CVSS score of 9.8 used in Sophos attacks.

Symmetrical Cryptography Pioneer Targets the Post-Quantum Era

Researchers at Cavero have created a correlating numbers mechanism, adding a layer of privacy that even threat actors can't gain enough information to breach.

Tips for Preventing Breaches in 2025

Hackers are constantly evolving, and so too should our security protocols.

(Sponsored Article) We Need CI/CD for Data Security

To handle the modern data environment, we need an approach to data security that integrates continuous visibility and control.

MORE NEWS / MORE COMMENTARY


HOT TOPICS
'Termite' Ransomware Likely Behind Cleo Zero-Day Attacks The threat actor group recently took credit for a similar attack on Blue Yonder that affected multiple organizations, including Starbucks. Lessons From the Largest Software Supply Chain Incidents The software supply chain is a growing target, and organizations need to take special care to safeguard it. Cybercrime Gangs Abscond With Thousands of Orgs' AWS Credentials The Nemesis and ShinyHunters attackers scanned millions of IP addresses to find exploitable cloud-based flaws, though their operation ironically was discovered due to a cloud misconfiguration of their own doing. Large-Scale Incidents & the Art of Vulnerability Prioritization We can anticipate a growing number of emerging vulnerabilities in the near future, emphasizing the need for an effective prioritization strategy. MORE

PRODUCTS & RELEASES

Compromised Software Code Poses New Systemic Risk to U.S. Critical Infrastructure

Genetec Physical Security Report Shows Accelerating Hybrid Cloud Adoption

Onapsis Expands Code Security Capabilities to Accelerate and De-Risk SAP BTP Development Projects

KnowBe4 Releases the Latest Phishing Trends in Q3 2024 Phishing Report

MORE PRODUCTS & RELEASES

EDITORS' CHOICE

Actively Exploited Zero-Day, Critical RCEs Lead Microsoft Patch Tuesday

The zero-day (CVE-2024-49138), plus a worryingly critical unauthenticated RCE security vulnerability (CVE-2024-49112), are unwanted gifts for security admins this season.

LATEST FROM THE EDGE

Cybersecurity Lessons From 3 Public Breaches

High-profile security incidents provide examples of how common vulnerabilities can be exploited. If you pay attention, you can learn from others' mistakes.

LATEST FROM DR TECHNOLOGY

Snowflake Rolls Out Mandatory MFA Plan

As part of the commitment to CISA's Secure by Design pledge, Snowflake will begin blocking sign-ins using single-factor authentication next year.

LATEST FROM DR GLOBAL

Governments, Telcos Ward Off China's Hacking Typhoons

Infiltrating other nations' telecom networks is a cornerstone of China's geopolitical strategy, and it's having the unintended consequence of driving the uptake of encrypted communications.

WEBINARS

View More Dark Reading Webinars >>

WHITE PAPERS

View More White Papers >>

FEATURED REPORTS

View More Dark Reading Reports >>