IT Security Newsletter

IT Security Newsletter - 6/20/2024

Written by Cadre | Thu, Jun 20, 2024

CDK Global cyberattack cripples 15,000 US auto dealerships

CDK Global, a software-as-a-service (SaaS) provider for car dealers and auto equipment manufacturers, has suffered a cyberattack that has temporarily disrupted its customers' operations. CDK's platform is used by 15,000+ car dealerships across North America to manage their sales, customer relationships, financing, inventory, customer support, and other aspects of their day-to-day operations. READ MORE...

Advance Auto Parts confirms data breach exposed employee information

Advance Auto Parts has confirmed it suffered a data breach after a threat actor attempted to sell stolen data on a hacking forum earlier this month. Advance operates 4,777 stores and 320 Worldpac branches and serves 1,152 independently owned Carquest stores in the United States, Canada, Puerto Rico, the U.S. Virgin Islands, Mexico, and various Caribbean islands. Earlier this month, we reported that a threat actor began selling data claimed stolen during the recent Snowflake attacks. READ MORE...

Hacktivism is evolving - and that could be bad news for organizations everywhere

Hacktivism surged back into mainstream consciousness with Russia's invasion of Ukraine in February 2022. Less than two years later, politically-motivated groups and individuals were out in force again, this time ostensibly to make their point amid the Israel-Hamas conflict. Worryingly, hacktivists have been spotted using increasingly sophisticated and aggressive tactics to bring their agendas to public attention. READ MORE...

T-Mobile denies it was hacked, links leaked data to vendor breach

T-Mobile has denied it was breached or that source code was stolen after a threat actor claimed to be selling stolen data from the telecommunications company. "T-Mobile systems have not been compromised. We are actively investigating a claim of an issue at a third-party service provider," T-Mobile shared in a statement. "We have no indication that T-Mobile customer data or source code was included and can confirm that the bad actor's claim that [our] infrastructure was accessed is false." READ MORE...

Atlassian Patches High-Severity Vulnerabilities in Confluence, Crucible, Jira

Atlassian this week announced the release of software updates that resolve multiple high-severity vulnerabilities in Confluence, Crucible, and Jira. The Confluence Data Center and Server update resolves a total of six security defects in various dependencies, all of which were disclosed this year. Tracked as CVE-2024-22257, the most severe of these flaws is a broken access control issue in the Spring Framework that could allow unauthenticated attackers to expose assets. READ MORE...

Hundreds of PC, Server Models Possibly Affected by Serious Phoenix UEFI Vulnerability

Hundreds of PC and server models that use Intel processors could be affected by a high-severity vulnerability found recently in Phoenix Technologies' SecureCore UEFI firmware solution. The vulnerability, tracked as CVE-2024-0762 and dubbed UEFIcanhazbufferoverflow, was discovered by an automated analysis system developed by enterprise firmware and hardware security firm Eclypsium. The security hole can be exploited by a local attacker to escalate privileges and execute arbitrary code. READ MORE...

  • ...in 1782, Congress adopts the Great Seal of the United States.
  • ...in 1863, West Virginia becomes the 35th state.
  • ...in 1963, the United States and the Soviet Union agree to establish a "hot line" in light of the Cuban Missile Crisis.
  • ...in 1975, Steven Spielberg's shark-attack thriller "Jaws" is released, which goes on to become the first modern "blockbuster" film.