Software company plans to pay millions in ransom to hackers
CDK Global faces a ransomware attack, disrupting operations at 15,000 car dealerships in North America. The company plans to pay hackers millions. The incident exposes the automotive industry's vulnerability to cyber threats.
Read original article
CDK Global, a software provider for car dealerships in North America, is set to pay hackers tens of millions of dollars in ransom after a cyberattack that disrupted operations at around 15,000 car dealerships. The hackers, believed to be based in eastern Europe, targeted CDK's dealership management system, causing chaos in sales, repairs, and deliveries within the industry. CDK briefly restored some services but had to deactivate them following a second cyberattack. The disruption is affecting dealerships' day-to-day functions, with some resorting to workaround solutions. The parent company, Brookfield Business Partners LP, experienced a decline in trading, as did other dealer groups like AutoNation Inc. and Sonic Automotive Inc. The attack highlights the vulnerability of the automotive industry to cyber threats and the critical reliance of dealerships on software services for their operations. CDK warned customers about potential scammers posing as company affiliates amid the ongoing confusion. The situation underscores the growing trend of ransomware attacks targeting critical infrastructure and the significant financial impacts they can have on businesses.
Related
KrebsOnSecurity Threatened with Defamation Lawsuit over Fake Radaris CEO
KrebsOnSecurity faced a defamation lawsuit threat for exposing Radaris' true owners, the Lubarsky brothers, linked to questionable practices. Despite demands, KrebsOnSecurity stood by its reporting, revealing a complex web of interconnected businesses.
Simple ways to find exposed sensitive information
Various methods to find exposed sensitive information are discussed, including search engine dorking, Github searches, and PublicWWW for hardcoded API keys. Risks of misconfigured AWS S3 buckets are highlighted, stressing data confidentiality.
Redbox missed a multimillion-dollar payment it couldn't afford to miss
Redbox misses $16.7 million payment to NBCUniversal, facing financial distress and potential bankruptcy. Parent company, Chicken Soup for the Soul Entertainment, struggles with debt, legal issues, and unpaid bills, leading to job terminations and business closure. CEO fires board amidst turmoil.
Vulnerability in Popular PC and Server Firmware
Eclypsium found a critical vulnerability (CVE-2024-0762) in Intel Core processors' Phoenix SecureCore UEFI firmware, potentially enabling privilege escalation and persistent attacks. Lenovo issued BIOS updates, emphasizing the significance of supply chain security.
EU Accuses Apple App Store Steering Rules of Violating DMA, Opens Investigation
The European Commission accuses Apple of Digital Markets Act violations related to App Store policies, anti-steering rules, and excessive fees. Apple claims compliance with the law. Investigation ongoing, potential fines pending.
2 commentsCDK cyber attack shuts down auto dealerships across the U.S. (4 points, 4 days ago) https://news.ycombinator.com/item?id=40732035
Related
KrebsOnSecurity Threatened with Defamation Lawsuit over Fake Radaris CEO
KrebsOnSecurity faced a defamation lawsuit threat for exposing Radaris' true owners, the Lubarsky brothers, linked to questionable practices. Despite demands, KrebsOnSecurity stood by its reporting, revealing a complex web of interconnected businesses.
Simple ways to find exposed sensitive information
Various methods to find exposed sensitive information are discussed, including search engine dorking, Github searches, and PublicWWW for hardcoded API keys. Risks of misconfigured AWS S3 buckets are highlighted, stressing data confidentiality.
Redbox missed a multimillion-dollar payment it couldn't afford to miss
Redbox misses $16.7 million payment to NBCUniversal, facing financial distress and potential bankruptcy. Parent company, Chicken Soup for the Soul Entertainment, struggles with debt, legal issues, and unpaid bills, leading to job terminations and business closure. CEO fires board amidst turmoil.
Vulnerability in Popular PC and Server Firmware
Eclypsium found a critical vulnerability (CVE-2024-0762) in Intel Core processors' Phoenix SecureCore UEFI firmware, potentially enabling privilege escalation and persistent attacks. Lenovo issued BIOS updates, emphasizing the significance of supply chain security.
EU Accuses Apple App Store Steering Rules of Violating DMA, Opens Investigation
The European Commission accuses Apple of Digital Markets Act violations related to App Store policies, anti-steering rules, and excessive fees. Apple claims compliance with the law. Investigation ongoing, potential fines pending.