Ransomware Attack on Blue Yonder Hits Starbucks, Supermarkets | Fancy Bear's Nearest Neighbor Uses Nearby Wi-Fi Network

The incident is typical of the heightened threats organizations face during the holidays, when most companies reduce their security operations staff by around 50%.

Follow Dark Reading:

November 27, 2024

LATEST SECURITY NEWS & COMMENTARY Ransomware Attack on Blue Yonder Hits Starbucks, Supermarkets The incident is typical of the heightened threats organizations face during the holidays, when most companies reduce their security operations staff by around 50%. Fancy Bear 'Nearest Neighbor' Attack Uses Nearby Wi-Fi Network In a "new class of attack," the Russian APT breached a target in Washington, DC, by credential-stuffing wireless networks in close proximity to it and daisy-chaining a vector together in a resourceful and creative way, according to researchers. Sneaky Skimmer Malware Targets Magento Sites Ahead of Black Friday A stealthy JavaScript injection attack steals data from the checkout page of sites, either by creating a fake credit card form or extracting data directly from payment fields. Faux ChatGPT, Claude API Packages Deliver JarkaStealer Attackers are betting that the hype around generative AI (GenAI) is attracting less technical, less cautious developers who might be more inclined to download an open source Python code package for free access, without vetting it or thinking twice. Chinese APT Gelsemium Deploys 'Wolfsbane' Linux Variant In a sign of the times, a backdoor malware whose ancestors date back to 2005 has morphed to target Linux systems. Salt Typhoon Builds Out Malware Arsenal With GhostSpider The APT, aka Earth Estries, is one of China's most effective threat actors, performing espionage for sometimes years on end against telcos, ISPs, and governments before being detected. BlackBasta Ransomware Brand Picks Up Where Conti Left Off New analysis says law enforcement efforts against Russian-language ransomware-as-a-service (RaaS) infrastructure helped consolidate influence behind BlackBasta, but some experts aren't so sure the brand means that much. Cybersecurity Is Critical, but Breaches Don't Have to Be Disasters The future of cybersecurity isn't about preventing every breach — it's about learning and growing stronger with each attack. My Car Knows My Secrets, and I'm (Mostly) OK With That Imagine your car gossiping to insurance companies about your lead foot, or data brokers peddling your daily coffee run. Welcome to the world of connected cars, where convenience and privacy are locked in a head-on collision. MORE NEWS / MORE COMMENTARY HOT TOPICS How Learning to Fly Made Me a Better Cybersecurity CEO The lessons I've learned soaring through the skies have extended far beyond the runway. Closing the Cybersecurity Career Diversity Gap Diversity isn't just an issue of fairness — it's about operational excellence and ensuring we have the best possible teams defending our national security. Going Beyond Secure by Demand Secure by Demand offers a starting point for third-party risk management teams, but they need to take the essential step of using a mature software supply chain security solution to ensure they're not blindly trusting a provider's software. Name That Toon: Meeting of Minds Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 gift card. MORE PRODUCTS & RELEASES CyberRatings.org Announces Test Results for Cloud Service Provider Native Firewalls CyCognito Report Highlights Rising Cybersecurity Risks in Holiday E-Commerce MORE PRODUCTS & RELEASES EDITORS' CHOICE 'RomCom' APT Mounts Zero-Day, Zero-Click Browser Escapes in Firefox, Tor The innocuously named Russian-sponsored cyber threat actor has combined critical and serious vulnerabilities in Windows and Firefox products in a zero-click code execution exploit. LATEST FROM THE EDGE Phishing Prevention Framework Reduces Incidents by Half The anti-fraud plan calls for companies to create a pipeline for compiling attack information, along with formal processes to disseminate that intelligence across business groups. LATEST FROM DR TECHNOLOGY 8 Tips for Hiring and Training Neurodivergent Talent Neurodivergent talent can add so much to a cybersecurity team. How can companies ensure they have the right hiring and onboarding practices in place to ensure their success? LATEST FROM DR GLOBAL Israel Defies VC Downturn With More Cybersecurity Investments With a focus on creating technologies for other markets, Israel continues to be a valued destination for venture capital in cybersecurity outside the US and Europe. WEBINARS Social Engineering: New Tricks, New Threats, New Defenses 10 Emerging Vulnerabilities Every Enterprise Should Know View More Dark Reading Webinars >> WHITE PAPERS The Future of Cybersecurity is Passwordless and Keyless 6 Key Requirements of Multicloud Security Insider Risk Programs: 3 Truths and a Lie Product Review: Trend Vision One Cloud Security IDC White Paper: The Peril and Promise of Generative AI in Application Security Solution Brief: Introducing the runZero Platform Purple AI Datasheet View More White Papers >> FEATURED REPORTS Managing Third-Party Risk Through Situational Awareness 2024 InformationWeek US IT Salary Report View More Dark Reading Reports >>

Dark Reading Weekly -- Published By Dark Reading Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Weekly Newsletter emails, please respond here. Thoughts about this newsletter? Give us feedback. Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our Privacy Statement.

© 2024 | Informa Tech | Privacy Statement | Terms & Conditions | Contact Us