AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 6/25/2024

CDK suffered another data breach as it was attempting to recover

Car dealer software provider CDK has allegedly suffered a second cyberattack – as it was trying to recuperate from the first one. As a result of this follow-up attack, the company was forced to turn most of its services back offline and now says it doesn’t know how long it will take for it to restore the system. In the meantime, many major car dealerships in the United States have been paralyzed, not being able to sell or service vehicles properly. They are operating manually, with pen and paper, and are only able to work on basic things. 



The Lockbit ransomware group announced that it had breached the systems of Federal Reserve of the United States and exfiltrated 33 TB of sensitive data, including “Americans’ banking secrets.” The Lockbit ransomware group added the Federal Reserve to the list of victims on its Tor data leak site and threatened to leak the stolen data on 25 June, 2024 20:27:10 UTC. The group hasn’t published any sample of the stolen data. “Federal banking is the term for the way the Federal Reserve of the United States distributes its money. The Reserve operates twelve banking districts around the country which oversee money distribution within their respective districts. The twelve cities which are home to the Reserve Banks are Boston, New York City, Philadelphia, Richmond, Atlanta, Dallas, Saint Louis, Cleveland, Chicago, Minneapolis, Kansas City, and San Francisco.” reads the announcement published by the group on its leak site.


A House committee is scrutinizing LiDAR and IoT cyber risks from China

A House of Representatives panel focused on national security issues between the U.S. and Beijing is putting Chinese-made light sensing modules and internet of things components in its crosshairs amid concerns the equipment is laying groundwork for enhanced intelligence-gathering and cyberattacks on critical infrastructure. The Select Committee on the Chinese Communist Party is seeing growing Chinese market dominance in light detection and ranging technologies — known as LiDAR — and has assessed that the dynamic poses security risks to several U.S. critical infrastructure sectors, according to a committee aide with direct knowledge of the matter.


Music industry giants allege mass copyright violation by AI firms

Universal Music Group, Sony Music, and Warner Records have sued AI music-synthesis companies Udio and Suno for allegedly committing mass copyright infringement by using recordings owned by the labels to train music-generating AI models, reports Reuters. Udio and Suno can generate novel song recordings based on text-based descriptions of music (i.e., “a dubstep song about Linus Torvalds”). The lawsuits, filed in federal courts in New York and Massachusetts, claim that the AI companies’ use of copyrighted material to train their systems could lead to AI-generated music that directly competes with and potentially devalues the work of human artists.


New security loophole allows spying on internet users visiting websites and watching videos

Internet users leave many traces on websites and online services. Measures such as firewalls, VPN connections and browser privacy modes are in place to ensure a certain level of data protection. However, a newly discovered security loophole allows bypassing all of these protective measures. Computer scientists from the Institute of Applied Information Processing and Communication Technology (IAIK) at Graz University of Technology (TU Graz) were able to track users’ online activities in detail simply by monitoring fluctuations in the speed of their internet connection. No malicious code is required to exploit this vulnerability, known as “SnailLoad,” and the data traffic does not need to be intercepted. All types of end devices and internet connections are affected.


Related Posts