Krispy Kreme Discovers Cybersecurity Hole
Source: Data Breach Today
Fried dough lovers beware: doughnut juggernaut Krispy Kreme told U.S. federal regulators Wednesday it will have ongoing operational difficulties due to a cybersecurity incident. In a filing, Krispy Kreme said its shops are open and consumers can place orders in person. Online ordering in some parts of the United States is down.
Attackers Can Use QR Codes to Bypass Browser Isolation
Source: Dark Reading
Attackers are leveraging QR codes to bypass browser isolation, a common security mechanism. By embedding malicious links in QR codes, they trick users into scanning them with less secure mobile devices. This circumvents protections in place for corporate networks and exploits users' trust in QR-based interactions. The tactic highlights the growing risk of "quishing" (QR phishing) in undermining browser isolation and targeting mobile vulnerabilities.
Hackers Exploit AWS Misconfigurations in Massive Data Breach
Source: Infosecurity Magazine
A cyber operation linked to the Nemesis and ShinyHunters groups exploited misconfigured public websites, compromising over 2 TB of sensitive data from AWS endpoints. Attackers used tools like Shodan to find vulnerable targets, accessing credentials, API keys, and other secrets. The stolen data, including access to platforms like GitHub and Twilio, was later sold on Telegram. AWS urged customers to secure credentials and use best practices to prevent such breaches.
US sanctions Chinese firm for hacking firewalls in ransomware attacks
Source: Bleeping Computer
The U.S. Treasury sanctioned Chinese cybersecurity firm Sichuan Silence and an employee for exploiting a zero-day vulnerability in Sophos XG firewalls during Ragnarok ransomware attacks in 2020. These attacks compromised over 81,000 firewalls globally, including U.S. critical infrastructure, and aimed to steal data and deploy ransomware. The Department of Justice indicted the employee, Guan Tianfeng, offering a $10 million reward for information. This enforcement underscores the U.S.'s efforts to disrupt cyber threats tied to Chinese entities.
FDA Urges Blood Suppliers to Beef Up Cyber
Source: Info Risk Today
The FDA has issued a warning urging blood suppliers to enhance their cybersecurity measures, following an increase in cyberattacks targeting critical healthcare infrastructure. The advisory highlights the risks of cyber incidents compromising blood supply systems and emphasizes the need for robust protections, such as regular updates, monitoring, and incident response planning. The agency emphasizes that these organizations must safeguard data, systems, and the integrity of the blood supply chain.