Welcome to another episode of the CyberHub Podcast, where we bring you the latest in cybersecurity news and analysis. This episode is packed with updates on data breaches, vulnerabilities, and geopolitical cyber activities.
Sponsored Message from Nudge Security
Nudge Security offers solutions to track SaaS app usage within organizations, ensuring immediate action during breaches by providing comprehensive SaaS account inventories and automated user notifications.
https://www.nudgesecurity.com/cyberhub
CDK Global Cyber Attack
CDK Global, a software provider for auto dealerships, suffered a cyber attack, impacting 15,000 dealerships across the U.S. Major clients like General Motors and Group One Automotive experienced disruptions. CDK is working to restore core systems.
Action Items:
Ensure incident management plans prioritize mission-critical systems.
Regularly test backups and restoration processes.
Crown Equipment Cyber Attack
Crown Equipment, a leading forklift manufacturer, reported a cyber attack disrupting operations in its plants. Employees were instructed to avoid MFA requests and phishing emails. Internal communication has been criticized for lack of transparency.
Action Items:
Emphasize communication protocols during cyber incidents.
Conduct regular tabletop exercises to train staff on incident response.
Advanced Auto Parts Data Breach
Advanced Auto Parts reported unauthorized activity in their database, linked to the breach of a Snowflake account. Personal data of customers and employees were potentially exposed, with a $3 million estimated damage.
Action Items:
Implement robust security measures for cloud storage.
Offer credit monitoring services to affected individuals.
T-Mobile Source Code Leak
T-Mobile denied a breach after a threat actor claimed to have stolen source code and other data. Potential exposure of telecom network blueprints, critical for national security.
Action Items:
Strengthen third-party security assessments.
Monitor and mitigate threats from insider activities.
Kraken Exchange Extortion Attempt
Security researchers attempted to extort Kraken after discovering a vulnerability. Law enforcement involvement following refusal to return exploited funds.
Phishing-as-a-Service Targeting Microsoft 365
Financial firms were targeted through phishing campaigns using QR codes and advanced evasion techniques. Compromised Microsoft 365 accounts facilitated business email compromise attacks.
Action Items:
Implement anti-phishing training and awareness programs.
Utilize advanced threat detection tools for email security.
Atlassian Vulnerability Updates
Atlassian released updates for high-severity vulnerabilities in Confluence, Crucible, and Jira. Potential unauthorized access due to broken access control and server-side request forgery vulnerabilities.
Action Items:
Apply software updates and patches promptly.
Conduct regular security assessments of critical software.
Euro 2024 DDoS Attack on Polish TVP
TVP in Poland experienced a DDoS attack disrupting the broadcast of a Euro 2024 game, attributed to Russian actors. Viewers were unable to stream the match online.
French Government's Bid for Atos Cybersecurity Division
France aims to acquire Atos' cybersecurity division for $750 million to safeguard national security interests. Ensures critical cybersecurity capabilities remain under national control, especially with upcoming Olympic Games.
Conclusion
Stay tuned for more updates on cybersecurity news. Subscribe to our podcast and follow us on social media to stay informed and cyber safe.
👀 SHOW Supporters:
Today’s Episode is supported by our friends at Nudge Security free 14-day trial to all CyberHub Podcast community members at https://www.nudgesecurity.com/cyberhub
✅ Story Links:
https://thecyberexpress.com/cdk-global-cyberattack/
https://thecyberexpress.com/advance-auto-parts-sec-filing/
https://www.infosecurity-magazine.com/news/crypto-firm-kraken-cops/
https://www.darkreading.com/remote-workforce/onnx-microsoft-365-accounts-mfa-bypass
https://therecord.media/poland-blames-russia-ddos-euro-2024-online-broadcast
https://www.darkreading.com/cyber-risk/france-national-interests-bid-atos-cybersec
✅ Important Links to Follow:
👉Website: https://www.cyberhubpodcast.com
👉Substack:
👉Listen here: https://linktr.ee/cyberhubpodcast
✅ Stay Connected With Us.
👉Rumble: https://rumble.com/c/c-1353861
👉Facebook: https://www.facebook.com/CyberHubpodcast/
👉LinkedIn: https://www.linkedin.com/company/cyberhubpodcast/
👉Twitter (X): https://twitter.com/cyberhubpodcast
👉Instagram: https://www.instagram.com/cyberhubpodcast
✅ For Business Inquiries: info@cyberhubpodcast.com
=============================
✅ About The CyberHub Podcast.
The Hub of the Infosec Community.
Our mission is to provide substantive and quality content that’s more than headlines or sales pitches. We want to be a valuable source to assist those cybersecurity practitioners in their mission to keep their organizations secure.
Cyber-attacks haunt CDK, Advance Auto Parts, Crown Equipment, Kraken Blackmail attempt, Euro 2024 News