top of page
Untitled design.png

Weekly INK

Each week we compile an advisory on the latest threats, trends and newsworthy topics from the cyber security industry affecting small and medium enterprises. Join our subscribers below and help us prevent cybersecurity breaches.

watermark4.png

Issue #127 - December 9, 2024

Krispy Kreme Discovers Cybersecurity Hole

Source: Data Breach Today

Fried dough lovers beware: doughnut juggernaut Krispy Kreme told U.S. federal regulators Wednesday it will have ongoing operational difficulties due to a cybersecurity incident. In a filing, Krispy Kreme said its shops are open and consumers can place orders in person. Online ordering in some parts of the United States is down. 




Attackers Can Use QR Codes to Bypass Browser Isolation

Source: Dark Reading

Attackers are leveraging QR codes to bypass browser isolation, a common security mechanism. By embedding malicious links in QR codes, they trick users into scanning them with less secure mobile devices. This circumvents protections in place for corporate networks and exploits users' trust in QR-based interactions. The tactic highlights the growing risk of "quishing" (QR phishing) in undermining browser isolation and targeting mobile vulnerabilities.




Hackers Exploit AWS Misconfigurations in Massive Data Breach

Source: Infosecurity Magazine

A cyber operation linked to the Nemesis and ShinyHunters groups exploited misconfigured public websites, compromising over 2 TB of sensitive data from AWS endpoints. Attackers used tools like Shodan to find vulnerable targets, accessing credentials, API keys, and other secrets. The stolen data, including access to platforms like GitHub and Twilio, was later sold on Telegram. AWS urged customers to secure credentials and use best practices to prevent such breaches.




US sanctions Chinese firm for hacking firewalls in ransomware attacks

Source: Bleeping Computer

The U.S. Treasury sanctioned Chinese cybersecurity firm Sichuan Silence and an employee for exploiting a zero-day vulnerability in Sophos XG firewalls during Ragnarok ransomware attacks in 2020. These attacks compromised over 81,000 firewalls globally, including U.S. critical infrastructure, and aimed to steal data and deploy ransomware. The Department of Justice indicted the employee, Guan Tianfeng, offering a $10 million reward for information. This enforcement underscores the U.S.'s efforts to disrupt cyber threats tied to Chinese entities.




FDA Urges Blood Suppliers to Beef Up Cyber

Source: Info Risk Today

The FDA has issued a warning urging blood suppliers to enhance their cybersecurity measures, following an increase in cyberattacks targeting critical healthcare infrastructure. The advisory highlights the risks of cyber incidents compromising blood supply systems and emphasizes the need for robust protections, such as regular updates, monitoring, and incident response planning. The agency emphasizes that these organizations must safeguard data, systems, and the integrity of the blood supply chain.



114 views

Help us Prevent Breaches.

We will never share or sell your information. Unsubscribe at any time.

Email: *

Received.

bottom of page