Daily Briefing-Cyberwire
"CDK Global attack disrupts auto dealership sales."
Views expressed in this cybersecurity, cyber crime update are those of the reporters and correspondents. Accessed on 21 June 2024, 1456 UTC.
Content and Source: https://thecyberwire.com/newsletters/daily-briefing/13/119
Please scroll down to read your selections. Thanks for joining us today.
Russ Roberts (https://www.hawaiicybersecurityjournal.net).
Daily Briefing for 06.20.24
ANNOUNCEMENT
2024 N2K CyberWire Audience Survey.
We're always looking for ways to improve the N2K CyberWire network to give you an intelligence-driven news experience. Please take a few minutes to tell us about your network experience and share your feedback by completing our 2024 Audience Survey, and you will have a chance to win a $100 Amazon gift card. Take the survey.
SUMMARY
We're always looking for ways to improve the N2K CyberWire network to give you an intelligence-driven news experience. Please take a few minutes to tell us about your network experience and share your feedback by completing our 2024 Audience Survey, and you will have a chance to win a $100 Amazon gift card. Take the survey.
At a glance.
- CDK Global attack disrupts auto dealership sales.
- T-Mobile denies breach claims.
- BlackSuit ransomware gang publishes alleged Kansas City, Kansas, Police Department data.
- Radiology practice breached.
- CDK Global attack disrupts auto dealership sales.
- T-Mobile denies breach claims.
- BlackSuit ransomware gang publishes alleged Kansas City, Kansas, Police Department data.
- Radiology practice breached.
CDK Global attack disrupts auto dealership sales.
CDK Global, a company that provides sales management software to nearly 15,000 car dealerships across the US, has sustained a major cyberattack that forced the company to take most of its systems offline, CBS News reports. The company sustained an initial attack Tuesday evening, followed by a second incident late Wednesday night. The company told its customers last night, "Out of continued caution and to protect our customers, we are once again proactively shutting down most of our systems. We are currently assessing the overall impact and consulting with external 3rd party experts. At this time, we do not have an estimated time frame for resolution and therefore our dealers’ systems will not be available at a minimum on Thursday, June 20th."
The nature of the attack is unclear, but BleepingComputer cites rumors that ransomware was involved.
Cloud Investigations in 5 Min! Exploring the Pitfalls of EDR for CloudAn attack can execute in the cloud in as little as 10 minutes. Security teams must accelerate cloud investigation to combat these fast-moving threats. But how? On June 25, hear from cloud security experts - firsthand - as they discuss the industry’s ONLY cloud security benchmark (/555) and why it’s critical to achieve this milestone for cloud detection and response. Further, learn methods to streamline investigations and reduce manual effort for your SecOps team! Secure your spot!
CDK Global, a company that provides sales management software to nearly 15,000 car dealerships across the US, has sustained a major cyberattack that forced the company to take most of its systems offline, CBS News reports. The company sustained an initial attack Tuesday evening, followed by a second incident late Wednesday night. The company told its customers last night, "Out of continued caution and to protect our customers, we are once again proactively shutting down most of our systems. We are currently assessing the overall impact and consulting with external 3rd party experts. At this time, we do not have an estimated time frame for resolution and therefore our dealers’ systems will not be available at a minimum on Thursday, June 20th."
The nature of the attack is unclear, but BleepingComputer cites rumors that ransomware was involved.
An attack can execute in the cloud in as little as 10 minutes. Security teams must accelerate cloud investigation to combat these fast-moving threats. But how? On June 25, hear from cloud security experts - firsthand - as they discuss the industry’s ONLY cloud security benchmark (/555) and why it’s critical to achieve this milestone for cloud detection and response. Further, learn methods to streamline investigations and reduce manual effort for your SecOps team! Secure your spot!
T-Mobile denies breach claims.
T-Mobile has denied being breached following claims by the IntelBroker threat actor to have stolen source code from the telecommunications giant, BleepingComputer reports. The company stated, "We are actively investigating a claim of an issue at a third-party service provider. We have no indication that T-Mobile customer data or source code was included and can confirm that the bad actor's claim that T-Mobile's infrastructure was accessed is false."
BleepingComputer cites a source as saying that the screenshots posted as proof by IntelBroker are "actually older screenshots of T-Mobile's infrastructure posted to a third-party vendor's servers, where it was stolen."
Attention all security professionals! Want real-time IP intelligence at your fingertips?Sign up for Scout Insight's free trial today! Get immediate insights into threats, search any IP with no training required, and enjoy intuitive graphical results. Whether you need to identify compromised hosts or enrich Splunk queries, Scout Insight has you covered. Don’t wait – accelerate your threat response now. Visit team-cymru.com/cyberwire to start your free trial!
T-Mobile has denied being breached following claims by the IntelBroker threat actor to have stolen source code from the telecommunications giant, BleepingComputer reports. The company stated, "We are actively investigating a claim of an issue at a third-party service provider. We have no indication that T-Mobile customer data or source code was included and can confirm that the bad actor's claim that T-Mobile's infrastructure was accessed is false."
BleepingComputer cites a source as saying that the screenshots posted as proof by IntelBroker are "actually older screenshots of T-Mobile's infrastructure posted to a third-party vendor's servers, where it was stolen."
Sign up for Scout Insight's free trial today! Get immediate insights into threats, search any IP with no training required, and enjoy intuitive graphical results. Whether you need to identify compromised hosts or enrich Splunk queries, Scout Insight has you covered. Don’t wait – accelerate your threat response now. Visit team-cymru.com/cyberwire to start your free trial!
BlackSuit ransomware gang publishes alleged Kansas City, Kansas, Police Department data.
The BlackSuit ransomware gang has published files allegedly stolen from the Kansas City, Kansas, Police Department after the agency refused to pay a ransom, StateScoop reports. The KCKPD hasn't commented on the alleged breach, but StateScoop notes that BlackSuit's screenshots show folder names including "Drone Pics," "Evidence Room," and "Finance."
The BlackSuit ransomware gang has published files allegedly stolen from the Kansas City, Kansas, Police Department after the agency refused to pay a ransom, StateScoop reports. The KCKPD hasn't commented on the alleged breach, but StateScoop notes that BlackSuit's screenshots show folder names including "Drone Pics," "Evidence Room," and "Finance."
Radiology practice breached.
Minnesota-based radiology practice Consulting Radiologists is notifying nearly 512,000 patients that their data was breached during a February 2024 cyberattack, the HIPAA Journal reports. The breach affected "names, addresses, dates of birth, medical information, and health insurance information." A small number of patients "also had their Social Security numbers, driver’s license numbers, and/or face sheets and imaging reports exposed."
Establish your brand as a thought leader in cybersecurity.Launching a new product or service? Looking for alternative ways to recruit cyber talent? Want your company or leadership team members to be seen as an industry thought leader? Be heard by over 350,000 subscribers on the N2K CyberWire network. Whether through sponsored advertising, executive events, or exclusive interviews, we offer off-the-shelf and bespoke packages to help you reach your goals. Let’s work together.
Minnesota-based radiology practice Consulting Radiologists is notifying nearly 512,000 patients that their data was breached during a February 2024 cyberattack, the HIPAA Journal reports. The breach affected "names, addresses, dates of birth, medical information, and health insurance information." A small number of patients "also had their Social Security numbers, driver’s license numbers, and/or face sheets and imaging reports exposed."
Launching a new product or service? Looking for alternative ways to recruit cyber talent? Want your company or leadership team members to be seen as an industry thought leader? Be heard by over 350,000 subscribers on the N2K CyberWire network. Whether through sponsored advertising, executive events, or exclusive interviews, we offer off-the-shelf and bespoke packages to help you reach your goals. Let’s work together.
Notes.
Today's issue includes events affecting Belgium, the European Union, and the United States.
SPONSORED EVENTSUplevel your cloud security posture with CSPM (Virtual, Jun 19 - Jul 11, 2024) Is cloud security posture management (CSPM) right for your organization? Watch the webinar to learn about the four generations of CSPMs and building versus buying CSPM tools as well as use cases and real-world CSPM examples. Register today!SELECTED READING
Today's issue includes events affecting Belgium, the European Union, and the United States.
Attacks, Threats, and Vulnerabilities
Threat actor claims to have breached Apple, allegedly stealing source code of several internal tools (9to5Mac) Notorious threat actor IntelBroker, who previously claimed responsibility for other high-profile data breaches, including those of U.S. government systems in...
Crown Equipment confirms a cyberattack disrupted manufacturing (BleepingComputer) Forklift manufacturer Crown Equipment confirmed today that it suffered a cyberattack earlier this month that disrupted manufacturing at its plants.
Hacker Leaks Data of 33,000 Accenture Employees in Third-Party Breach (Hackread) Follow us on Twitter @Hackread - Facebook @ /Hackread
Threat actor claims to have breached Apple, allegedly stealing source code of several internal tools (9to5Mac) Notorious threat actor IntelBroker, who previously claimed responsibility for other high-profile data breaches, including those of U.S. government systems in...
Crown Equipment confirms a cyberattack disrupted manufacturing (BleepingComputer) Forklift manufacturer Crown Equipment confirmed today that it suffered a cyberattack earlier this month that disrupted manufacturing at its plants.
Hacker Leaks Data of 33,000 Accenture Employees in Third-Party Breach (Hackread) Follow us on Twitter @Hackread - Facebook @ /Hackread
Legislation, Policy, and Regulation
EU Council has withdrawn the vote on Chat Control (Stack Diary) The EU Council and its participants have decided to withdraw the vote on the contentious Chat Control plan proposed by Belgium, the current EU President.
EU Council has withdrawn the vote on Chat Control (Stack Diary) The EU Council and its participants have decided to withdraw the vote on the contentious Chat Control plan proposed by Belgium, the current EU President.
Litigation, Investigation, and Law Enforcement
Federal contractors pay multimillion-dollar settlements over cybersecurity lapses (The Record) The two federal contractors admitted they failed to properly test the cybersecurity of a system for providing financial assistance to low-income people in New York during the COVID-19 pandemic.
INDUSTRY EVENTSFor a complete running list of events, please visit the Event Tracker.
Federal contractors pay multimillion-dollar settlements over cybersecurity lapses (The Record) The two federal contractors admitted they failed to properly test the cybersecurity of a system for providing financial assistance to low-income people in New York during the COVID-19 pandemic.
For a complete running list of events, please visit the Event Tracker.
Events
SANS Rocky Mountain Summer 2024 (Denver (and virtual), Colorado, USA, Jun 17 - 22, 2024) At SANS Rocky Mountain Summer 2024, choose from 48 interactive courses with hands-on labs. Practice your skills and compete against your peers during NetWars Tournaments, and network with your instructor and industry colleagues in real-time. Each course includes electronic and printed books, and several courses align with GIAC certifications!
Initial Compromise Insights: VPN and Phishing Attacks Exposed (Virtual, Jun 20, 2024) Join us for an exclusive deep dive into initial compromise risks, focusing on threats posed by VPN vulnerabilities and sophisticated phishing attacks, and share insights from recent research and reports by Zscaler ThreatLabz group. Register now.
Insider Threat Program Development, Management & Optimization Live Web Based Training Course (Virtual, Jun 24 - 25, 2024) This highly sought after and very comprehensive training course, will ensure that the Insider Threat Program (ITP) Manager and other key stakeholders that support the ITP (Insider Threat Analyst, FSO, CSO, CISO, Human Resources, CIO - IT, Network Security, Counterintelligence Investigators, Behavioral Science Professionals, Legal Etc.), have the Core / Advanced Knowledge, Blueprint, Resources needed for developing, managing or optimizing an ITP. Students will be provided with an ITP Management Toolkit that provides an abundance of educational resources, templates and checklists for ITP development, management and optimization. All materials will be provided to the student in electronic format (Via Download) before the training. Our student satisfaction levels are in the exceptional range. Over 1000+ individuals have attended this training course and received ITP Manager Certificates. The Insider Threat Defense Group is so confident about our training courses that they come with a money back training guarantee.
SANSFIRE Washington, DC 2024 (Washington (or virtual), DC, USA, Jul 15 - 20, 2024) At SANSFIRE Washington, DC 2024, choose from 48 interactive courses with hands-on labs. Practice your skills and compete against your peers during NetWars Tournaments, and network with your instructor and industry colleagues in real-time. Each course includes electronic and printed books, and several courses align with GIAC certifications!
SPONSOR & SUPPORTGrow your brand, generate leads, and fill your funnel.With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listeners all over the world, companies trust the CyberWire to get the message out. Learn more.
SANS Rocky Mountain Summer 2024 (Denver (and virtual), Colorado, USA, Jun 17 - 22, 2024) At SANS Rocky Mountain Summer 2024, choose from 48 interactive courses with hands-on labs. Practice your skills and compete against your peers during NetWars Tournaments, and network with your instructor and industry colleagues in real-time. Each course includes electronic and printed books, and several courses align with GIAC certifications!
Initial Compromise Insights: VPN and Phishing Attacks Exposed (Virtual, Jun 20, 2024) Join us for an exclusive deep dive into initial compromise risks, focusing on threats posed by VPN vulnerabilities and sophisticated phishing attacks, and share insights from recent research and reports by Zscaler ThreatLabz group. Register now.
Insider Threat Program Development, Management & Optimization Live Web Based Training Course (Virtual, Jun 24 - 25, 2024) This highly sought after and very comprehensive training course, will ensure that the Insider Threat Program (ITP) Manager and other key stakeholders that support the ITP (Insider Threat Analyst, FSO, CSO, CISO, Human Resources, CIO - IT, Network Security, Counterintelligence Investigators, Behavioral Science Professionals, Legal Etc.), have the Core / Advanced Knowledge, Blueprint, Resources needed for developing, managing or optimizing an ITP. Students will be provided with an ITP Management Toolkit that provides an abundance of educational resources, templates and checklists for ITP development, management and optimization. All materials will be provided to the student in electronic format (Via Download) before the training. Our student satisfaction levels are in the exceptional range. Over 1000+ individuals have attended this training course and received ITP Manager Certificates. The Insider Threat Defense Group is so confident about our training courses that they come with a money back training guarantee.
SANSFIRE Washington, DC 2024 (Washington (or virtual), DC, USA, Jul 15 - 20, 2024) At SANSFIRE Washington, DC 2024, choose from 48 interactive courses with hands-on labs. Practice your skills and compete against your peers during NetWars Tournaments, and network with your instructor and industry colleagues in real-time. Each course includes electronic and printed books, and several courses align with GIAC certifications!
Comments
Post a Comment
Please leave a comment about our recent post.