The fallout from a cyberattack targeting CDK Global, a software provider for more than 15,000 car dealers across North America, is spreading as more customers disclose potential material impacts. At least five publicly traded car dealerships filed disclosures with the Securities and Exchange Commission since Friday. Sonic Automotive and Penske Automotive Group warned investors of potential impacts on Friday. Autonation, Group 1 Automotive and Lithia Motors filed with the SEC Monday. READ MORE...
High-end department store Neiman Marcus on Monday disclosed a data breach, shortly before a hacker offered to sell information belonging to millions of the company's customers. The Dallas-based luxury retailer has started informing customers that a database platform storing personal information was compromised between April and May 2024. The data breach was detected in May. An investigation showed that the hacker had gained access to information such as name, contact data, date of birth, etc. READ MORE...
Medical device manufacturer LivaNova USA is sending notifications to 130,000 individuals warning that their personal information was compromised in an October 2023 data breach. The incident, according to a notification letter to the impacted individuals, was identified on November 19, roughly one month after hackers breached its network. LivaNova says it took certain systems offline in response to the incident, without sharing further details on the nature of attack. READ MORE...
The nationwide impact of a cyberattack on CDK Global last week has focused attention on the need for organizations to have robust contingency plans when they rely heavily on SaaS providers for critical business functions. The attack disrupted operations at some 15,000 automotive dealers around the country, forcing many to go back to using paper forms and manual processes for their daily operations. READ MORE...
CISA is warning that its Chemical Security Assessment Tool (CSAT) environment was breached in January after hackers deployed a webshell on its Ivanti device, potentially exposing sensitive security assessments and plans. CSAT is an online portal that is used by facilities to report their possession of chemicals that could be used for terrorism to determine if they are considered a high-risk facility. READ MORE...
P2PInfect, originally a dormant peer-to-peer malware botnet with unclear motives, has finally come alive to deploy a ransomware module and a cryptominer in attacks on Redis servers. According to Cado Security, which has been tracking P2PInfect for some time now, there is evidence the malware operates as a "botnet for hire," although conflicting information prevents the researchers from drawing safe conclusions at this time. READ MORE...
Universal Music Group, Sony Music, and Warner Records have sued AI music-synthesis companies Udio and Suno for allegedly committing mass copyright infringement by using recordings owned by the labels to train music-generating AI models, reports Reuters. Udio and Suno can generate novel song recordings based on text-based descriptions of music. The lawsuits claim that the AI companies' use of copyrighted material to train their systems potentially devalues the work of human artists. READ MORE...
A now-patched vulnerability in Ollama - a popular open source project for running LLMs - can lead to remote code execution, according to flaw finders who warned that upwards of 1,000 vulnerable instances remain exposed to the internet. Wiz Research disclosed the flaw, tracked as CVE-2024-37032 and dubbed Probllama, on May 5 and its maintainers fixed the issue in version 0.1.34 that was released via GitHub a day later. READ MORE...